news aggregator

Boffins outsmart smart contracts with evil automation

Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.…

Amazon's Prime Day sales plunged 41% on the first day compared to last year's kickoff, with experts attributing the drop to shoppers delaying purchases in anticipation of better deals during the extended four-day event. From a report: Momentum Commerce reported that figure for Tuesday (July 8), with Momentum's Founder and CEO John Shea saying that the sales numbers for this year's longer event could still surpass those of last year's shorter one, Bloomberg reported Wednesday (July 9). Shea attributed the drop in first-day sales to consumers putting items in their shopping carts but holding off on completing the purchase in case better deals come along, according to the report. Last year's shorter event encouraged shoppers to head to checkout to ensure they wouldn't miss out on the discounts, Shea said, per the report. Amazon Prime Vice President Jamil Ghani remains optimistic, telling Bloomberg Television the company was "pleased by the engagement" with shoppers during the event and that it is "very early." He said the company extended the duration of Prime Day because shoppers wanted more time to discover the deals. According to numbers provided by Adobe, Prime Day's kickoff surpassed Thanksgiving 2024's $6.1 billion in eCommerce spend. The software company also found that 50.2% of sales came through a mobile device and that buy now, pay later orders for Amazon's Prime Day were up 13.6% year over year.

Read more of this story at Slashdot.

Source code and weights coming later this summer with an Apache 2.0 bow on top

Supercomputers are usually associated with scientific exploration, research, and development, and ensuring our nuclear stockpiles actually work. …

New Zealand’s Giant Moa stood over three meters tall but were easy prey

Researchers from New Zealand will try to revive extinct birds, with help from Colossal Biosciences and film-maker Sir Peter Jackson.…

Deaf professor who worked on one product says developers won’t listen to feedback – about their products or their tech bro ways

China’s efforts to employ AI as a means of improving access to media for its deaf population aren’t going well, according to a professor at Beijing Normal University’s Faculty of Education.…

An anonymous reader quotes a report from Reuters: America's largest power grid is under strain as data centers and AI chatbots consume power faster than new plants can be built. Electricity bills are projected to surge by more than 20% this summer in some parts of PJM Interconnection's territory, which covers 13 states -- from Illinois to Tennessee, Virginia to New Jersey -- serving 67 million customers in a region with the most data centers in the world. The governor of Pennsylvania is threatening to abandon the grid, the CEO has announced his departure and the chair of PJM's board of managers and another board member were voted out. The upheaval at PJM started a year ago with a more than 800% jump in prices at its annual capacity auction. Rising prices out of the auction trickle down to everyday people's power bills. Now PJM is barreling towards its next capacity auction on Wednesday, when prices may rise even further. The auction aims to avoid blackouts by establishing a rate at which generators agree to pump out electricity during the most extreme periods of stress on the grid, usually the hottest and coldest days of the year. High prices out of the auction should spur new power plant construction, but that hasn't happened quickly enough in PJM's region as aging power plants continue to retire and data center demand explodes. PJM has made the situation worse by delaying auctions and pausing the application process for new plants, according to more than a dozen power developers, regulators, energy attorneys and other experts interviewed by Reuters. PJM says the supply and demand crunch has been caused largely by factors outside of its control, including state energy policies that closed fossil-fuel fired power plants prematurely and data center growth in "Data Center Alley" in Northern Virginia and other burgeoning hubs in the Mid-Atlantic. "Prices will remain high as long as demand growth is outstripping supply -- this is a basic economic policy," said PJM spokesman Jeffrey Shields. "Right now, we need every megawatt we can get." New projects totaling about 46 gigawatts -- enough capacity to power 40 million homes -- have been cleared in recent years, "but are not getting built because of local opposition, supply chain backups or financing issues that have nothing to do with PJM," Shields said. PJM has lost more than 5.6 net gigawatts in the last decade as power plants shut faster than new ones enter service, according to a PJM presentation filed with regulators this year. PJM added about 5 gigawatts of power-generating capacity in 2024, fewer than smaller grids in California and Texas. Meanwhile, data center demand is surging. By 2030, PJM expects 32 gigawatts of increased demand on its system, with all but two of those gigawatts coming from data centers.

Read more of this story at Slashdot.

Cites ‘aggressive licensing changes’ from rivals, but like Broadcom only sells bundles

Citrix has decided to return to the market for mainstream hypervisors with a version of its XenServer product which it currently claims isn’t ready for the job.…

"Max" has officially reverted back to "HBO Max," two years after Warner Bros. Discovery dropped the HBO branding. Variety reports: The switch had been anticipated to take place sometime this summer, but Warner Bros. Discovery hadn't revealed an exact day for the reversal until now. The timing is key: Execs wanted to restore the "HBO Max" name prior to next week's Emmy nominations announcement on July 15. The decision to turn "Max" back into "HBO Max" was first announced in May, timed to Warner Bros. Discovery's upfronts presentation. At the time, WBD said in a press release that "returning the HBO brand into HBO Max will further drive the service forward and amplify the uniqueness that subscribers can expect from the offering. It is also a testament to WBD's willingness to keep boldly iterating its strategy and approach -- leaning heavily on consumer data and insights -- to best position itself for success." The streamer launched as HBO Max in 2020, but then WBD opted to excise HBO from the streamer's name in 2023, changing it to just "Max." (HBO and Max continued to compete under one "HBO/Max" label for industry awards; for next week's Emmy noms, they can once again just be called "HBO Max.") The streaming giant put out a marketing spot announcing that the change was done.

Read more of this story at Slashdot.

Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports: Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies. Tuckner said in an email Wednesday that the most recent status of the affected extensions is: - Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library. - Of 129 Edge extensions incorporating the library, eight are now inactive. - Of 71 affected Firefox extensions, two are now inactive. Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.

Read more of this story at Slashdot.

After discovering that ChatGPT was falsely telling users that Soundslice could convert ASCII tablature into playable music, founder Adrian Holovaty decided to actually build the feature -- even though the app was never designed to support that format. TechCrunch reports: Soundslice is an app for teaching music, used by students and teachers. It's known for its video player synchronized to the music notations that guide users on how the notes should be played. It also offers a feature called "sheet music scanner" that allows users to upload an image of paper sheet music and, using AI, will automatically turn that into an interactive sheet, complete with notations. [Adrian Holovaty, founder of music-teaching platform Soundslice] carefully watches this feature's error logs to see what problems occur, where to add improvements, he said. That's where he started seeing the uploaded ChatGPT sessions. They were creating a bunch of error logs. Instead of images of sheet music, these were images of words and a box of symbols known as ASCII tablature. That's a basic text-based system used for guitar notations that uses a regular keyboard. (There's no treble key, for instance, on your standard QWERTY keyboard.) The volume of these ChatGPT session images was not so onerous that it was costing his company money to store them and crushing his app's bandwidth, Holovaty said. He was baffled, he wrote in a blog post about the situation. "Our scanning system wasn't intended to support this style of notation. Why, then, were we being bombarded with so many ASCII tab ChatGPT screenshots? I was mystified for weeks -- until I messed around with ChatGPT myself." That's how he saw ChatGPT telling people they could hear this music by opening a Soundslice account and uploading the image of the chat session. Only, they couldn't. Uploading those images wouldn't translate the ASCII tab into audio notes. He was struck with a new problem. "The main cost was reputational: New Soundslice users were going in with a false expectation. They'd been confidently told we would do something that we don't actually do," he described to TechCrunch. He and his team discussed their options: Slap disclaimers all over the site about it -- "No, we can't turn a ChatGPT session into hearable music" -- or build that feature into the scanner, even though he had never before considered supporting that offbeat musical notation system. He opted to build the feature. "My feelings on this are conflicted. I'm happy to add a tool that helps people. But I feel like our hand was forced in a weird way. Should we really be developing features in response to misinformation?" he wrote.

Read more of this story at Slashdot.

An anonymous reader quotes a report from VentureBeat: Hugging Face, the $4.5 billion artificial intelligence platform that has become the GitHub of machine learning, announced Tuesday the launch of Reachy Mini, a $299 desktop robot designed to bring AI-powered robotics to millions of developers worldwide. The 11-inch humanoid companion represents the company's boldest move yet to democratize robotics development and challenge the industry's traditional closed-source, high-cost model. The announcement comes as Hugging Face crosses a significant milestone of 10 million AI builders using its platform, with CEO Clement Delangue revealing in an exclusive interview that "more and more of them are building in relation to robotics." The compact robot, which can sit on any desk next to a laptop, addresses what Delangue calls a fundamental barrier in robotics development: accessibility. "One of the challenges with robotics is that you know you can't just build on your laptop. You need to have some sort of robotics partner to help in your building, and most people won't be able to buy $70,000 robots," Delangue explained, referring to traditional industrial robotics systems and even newer humanoid robots like Tesla's Optimus, which is expected to cost $20,000-$30,000. Reachy Mini emerges from Hugging Face's April acquisition of French robotics startup Pollen Robotics, marking the company's most significant hardware expansion since its founding. The robot represents the first consumer product to integrate natively with the Hugging Face Hub, allowing developers to access thousands of pre-built AI models and share robotics applications through the platform's "Spaces" feature. [...] Reachy Mini packs sophisticated capabilities into its compact form factor. The robot features six degrees of freedom in its moving head, full body rotation, animated antennas, a wide-angle camera, multiple microphones, and a 5-watt speaker. The wireless version includes a Raspberry Pi 5 computer and battery, making it fully autonomous. The robot ships as a DIY kit and can be programmed in Python, with JavaScript and Scratch support planned. Pre-installed demonstration applications include face and hand tracking, smart companion features, and dancing moves. Developers can create and share new applications through Hugging Face's Spaces platform, potentially creating what Delangue envisions as "thousands, tens of thousands, millions of apps." Reachy Mini's $299 price point could significantly transform robotics education and research. "Universities, coding bootcamps, and individual learners could use the platform to explore robotics concepts without requiring expensive laboratory equipment," reports VentureBeat. "The open-source nature enables educational institutions to modify hardware and software to suit specific curricula. Students could progress from basic programming exercises to sophisticated AI applications using the same platform, potentially accelerating robotics education and workforce development." "... For the first time, a major AI platform is betting that the future of robotics belongs not in corporate research labs, but in the hands of millions of individual developers armed with affordable, open-source tools."

Read more of this story at Slashdot.

'The Things We’ll Never Know' show highlights what we'll be missing

President Trump's budget slashes funding for science and led to the cancellation or reduction of thousands of research programs, so scientists have staged a series of presentations to show legislators innovations that America will miss out on in the future.…

IKEA is relaunching its smart home line with over 20 new Matter-over-Thread devices that will work across ecosystems such as Apple Home and Amazon Alexa, with or without IKEA's own hub. This marks a major shift toward openness, affordability, and interoperability, and positions IKEA as one of the first major retailers to bring Matter to the mainstream while maintaining backward compatibility with Zigbee products. The Verge reports: We don't have a lot of details on the over 20 new devices coming next year, but [David Granath of IKEA of Sweden] confirmed that they are replacing existing functions. So, new smart bulbs, plugs, sensors, remotes, buttons, and air-quality devices, including temperature and humidity monitors. They will also come with a new design. Although "not necessarily what's been leaked," says Granath, referring to images of the Bilresa Dual Button that appeared earlier this year. He did confirm that some new product categories will arrive in January, with more to follow in April and beyond, including potentially Matter-over-Wi-Fi products. Pricing will be comparable to or lower than that of previous products, which start under $10. "Affordability remains a key priority for us." "The premium to make a product smart is not that high anymore, so you can expect new product types and form factors coming," he says. "Matter unlocks interoperability, ease of use, and affordability for us. The standardization process means more companies are sharing the workload of developing for this." Despite the move away from Zigbee, IKEA is keeping Zigbee's Touchlink functionality. This point-to-point protocol allows devices to be paired directly to each other and work together out of the box, without an app or hub -- such as the bulb and remote bundles IKEA sells. This means older Zigbee remotes can control the newer Thread bulbs and vice versa, retaining backward compatibility with its Tradfri line. "Touchlink and Matter will coexist in new products," says Granath. "It's still very important for IKEA -- not everyone wants an app or hub." Interestingly, IKEA's new Matter-over-Thread products will also work without the IKEA hub or app, as they can be set up directly in any compatible Matter smart home ecosystem, such as Apple Home, Amazon Alexa, Google Home, Samsung SmartThings, Home Assistant, and others.

Read more of this story at Slashdot.

The UK has transformed its broadband infrastructure in five years -- with full-fiber coverage jumping from 12% of properties in January 2020 to more than 78% by 2025, according to communications regulator Ofcom and ThinkBroadband data. Northern Ireland leads with 96% of premises in postcodes served with full-fiber connections. The rollout accelerated after Ofcom's May 2021 regulatory framework gave other providers access to BT's Openreach ducts and poles while promising the company regulatory certainty through a "fair bet" approach that avoided price caps. The framework sparked investment from alternative networks, or "altnets," which increased homes passed from 8.2 million in 2022 to 16.4 million by 2025.

Read more of this story at Slashdot.

No, really, those are the magic words

A clever AI bug hunter found a way to trick ChatGPT into disclosing Windows product keys, including at least one owned by Wells Fargo bank, by inviting the AI model to play a guessing game.…

Samsung on Wednesday unveiled three new foldable smartphones at a time when the company is facing increased competition from Chinese rivals such as Honor and Oppo, reports CNBC. The company's share of the global foldable phone market slipped to 45% in 2024, down from 54% a year earlier. Today's new devices include the ultra-thin Galaxy Z Fold 7, the clamshell-style Galaxy Z Flip 7, and the more affordable Flip 7 FE. Here's a breakdown of each: The Galaxy Z Fold 7 is super thin at a thickness of 8.9 millimeters (0.35 inches) closed and only 4.2 millimeters open. It's also much lighter than its predecessor, weighing 215 grams (7.62 ounces). These stats put the phone on par with both Honor's Magic V5 and the Oppo Find N5. The new Fold device has a 6.5-inch cover screen and an 8-inch main display when opened, making it bigger than its predecessor. It's also decked out with premium new cameras, featuring a 200-megapixel main lens, as well as a 10-megapixel telephoto sensor, 12-megapixel ultra-wide and two 10-megapixel front cameras on both the cover screen and on the main display. Samsung's new Fold generation is, nevertheless, much more limited than other devices in the market when it comes to battery capacity. The Galaxy Z Fold 7 has a 4,400 milliampere-hour (mAh) battery -- far less than the 6,100 mAh power pack in Honor's Magic V5's or the Oppo Find N5's 5,600 mAh battery. Samsung says its device is capable of 24 hours of video playback. Samsung's Galaxy Z Flip 7 is also thinner than its predecessor, coming in at 6.5 millimeters when opened flat. By contrast, the Galaxy Z Flip 6 has a depth of 6.9 millimeters when unfolded. The new phone has a 4.1-inch cover screen and a 6.9-inch main display. It comes with a 50-megapixel main camera and 12-megapixel ultra-wide sensor on the back and a 10-megapixel lens on the main display. It also has a bigger 4,300 mAh battery, which Samsung says supports 31 hours of video playtime on a single charge. In addition to Flip 7, Samsung is also introducing a cheaper version of the phone, called the Galaxy Z Flip 7 FE, which is slightly smaller and thicker than its more premium counterpart. What about the AI features, you ask? They all include various AI-driven camera tools that can identify and suggest removal of unwanted people or objects in photos, and an audio eraser that filters out background noise in videos. The Galaxy Z Flip 7 also integrates Gemini Live, allowing users to overlay the AI assistant during live video recordings -- for instance, to receive real-time outfit suggestions. The Z Fold 7 starts at $1,999, and the Z Flip 7 starts at $1,099. Meanwhile, the Flip 7 FE is priced at $899.

Read more of this story at Slashdot.

Built on Chromium, ironically

Perplexity has released its own web browser called Comet, and it's clearly aimed at Google.…

An anonymous reader quotes a report from Wired: If you want a job at McDonald's today, there's a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead anAI chatbotthat screens applicants, asks for their contact information and resume, directs them to a personality test, and occasionally makes them "go insane" by repeatedly misunderstanding their most basic questions. Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants -- including all the personal information they shared in those conversations -- with tricks as straightforward as guessing the username and password "123456." On Wednesday, security researchers Ian Carroll and Sam Curryrevealedthat they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with along track record of independent security testing, discovered that simple web-based vulnerabilities -- including guessing one laughably weak password -- allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers. Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. "I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more," says Carroll. "So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years." Paradox.ai confirmed the security findings, acknowledging that only a small portion of the accessed records contained personal data. The company stated that the weak-password account ("123456") was only accessed by the researchers and no one else. To prevent future issues, Paradox is launching a bug bounty program. "We do not take this matter lightly, even though it was resolved swiftly and effectively," Paradox.ai's chief legal officer, Stephanie King, told WIRED in an interview. "We own this." In a statement to WIRED, McDonald's agreed that Paradox.ai was to blame. "We're disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us," the statement reads. "We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection."

Read more of this story at Slashdot.

Hey, teacher, leave those kids to AI

After committing more than $13 billion in strategic investments to OpenAI, Microsoft is splashing out billions more to get people using the technology.…

AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure. Register: Akin to Meltdown and Spectre, the Transient Scheduler Attack (TSA) comprises four vulnerabilities that AMD said it discovered while looking into a Microsoft report about microarchitectural leaks. The four bugs do not appear too venomous at face value -- two have medium-severity ratings while the other two are rated "low." However, the low-level nature of the exploit's impact has nonetheless led Trend Micro and CrowdStrike to assess the threat as "critical." The reasons for the low severity scores are the high degree of complexity involved in a successful attack -- AMD said it could only be carried out by an attacker able to run arbitrary code on a target machine. It affects AMD processors (desktop, mobile and datacenter models), including 3rd gen and 4th gen EPYC chips -- the full list is here.

Read more of this story at Slashdot.