Google is suing scammers who are trying to use the hype around generative AI to trick people into downloading malware, the company has announced. From a report: In a lawsuit filed today in California, the company says individuals believed to be based in Vietnam are setting up social media pages and running ads encouraging users to “download” its generative AI service Bard. The download actually delivers malware to the victims, which steals social media credentials for the scammers to use. “Defendants are three individuals whose identities are unknown who claim to provide, among other things, ‘the latest version’ of Google Bard for download,” the lawsuit reads.

“Defendants are not affiliated with Google in any way, though they pretend to be. They have used Google trademarks, including Google, Google AI, and Bard to lure unsuspecting victims into downloading malware onto their computers.” The lawsuit notes that scammers have specifically used promoted Facebook posts in an attempt to distribute malware. Similar to crypto scams, the lawsuit highlights how interest in an emerging technology can be weaponized against people who may not fully understanding how it operates.

Read more of this story at Slashdot.

Source: Slashdot – Google Fights Scammers Using Bard Hype To Spread Malware

Netflix’s annual virtual event “Geeked Week” pre-announces its biggest upcoming shows. This year Netflix released a trailer for its upcoming adaptation of The Three-Body Problem, and for its new live-action Avatar: The Last Airbender series. (And there’s also going to be some kind of live-action Stranger Things stage show opening in London in December.)

Variety noted the “explosive” new trailer for Zach Snyder’s new “action-packed space opera” Rebel Moon. The film — which will also have a one-week theatrical run in December — takes place in the same universe as Snyder’s Army of the Dead. But instead of being set in Las Vegas, “The story centers on a young woman living on the outskirts of a galaxy who must find a group of warriors to save the galaxy from an invasion from a tyrant.”

The Verge pulled together a good rundown of all the other announcements — one of which involves Neil Gaiman:
Following last year’s The Sandman, Netflix is bringing even more beloved Neil Gaiman characters to the small screen. This time it’s Dead Boy Detectives — which was originally slated to stream on Max — based on a crime-solving duo who made their debut in a Sandman comic in the ’90s. The news was paired with the first trailer for the series, which shows off a pretty fun-looking supernatural whodunit…
Netflix says the new eight-episode series is part of its growing “Sandman universe”… with Gaiman serving as one of the executive producers. [Coming sometime in 2024]
They’re also launching several animated series. Netflix released a short teaser for Terminator: the Anime Series.
An animated new take on Ultraman.
An animated He-Man reboot, Masters of the Universe: Revolution (with Mark Hamill providing the voice of Skeletor).
An adult animated comedy series based on the card game Exploding Kittens. (The Verge writes that its trailer “features god in the body of a cat and a very confounding garage door” — and that there will also be an accompanying mobile game.)
Netflix also has a new Chicken Run movie coming in December with its own tie-in game called Eggstraction.

Read more of this story at Slashdot.

Source: Slashdot – Netflix Announces Neil Gaiman Series, Zach Snyder Movie, Anime ‘Terminator’ and ‘Exploding Kittens’

There’s already a powerful immunotherapy that “involves engineering a patient’s T cells so they recognize and attack cancer cells,” writes one of America’s top cancer hospitals. The Memorial Sloan Kettering Cancer Center notes that CAR T cell therapy has already begun to revolutionize cancer treatment,” with these “chimeric” T cells “multiplied in a lab and given back to the patient to be a continual fighting force against the cancer.”
But now “New research from the lab of physician-scientist Michel Sadelain, MD, PhD, shows that disrupting a single gene in the CAR T cells can make them more potent and able to fight tumors longer.”
In a paper published in Cancer Discovery, the team demonstrated that disrupting the gene SUV39H1 causes a ripple effect: It restores the expression of multiple genes that help sustain the T cells’ longevity. The researchers showed that this approach improved CAR T cell effectiveness against multiple cancers in mice…

The researchers used the gene-editing tool CRISPR/Cas9 to alter SUV39H1 in human CAR T cells. They placed these modified CAR T cells into mice that had been implanted with either human leukemia cells or prostate cancer cells. For both cancers, the CAR T cells were able to sustain their function without becoming exhausted, leading to tumor elimination. By contrast, mice with unedited CAR T cells did not survive the cancer. “The edited CAR T cells can maintain their anti-cancer effects, even when we challenged them repeatedly by exposing them to new tumors over time,” Dr. Zhao says. “These results suggest that SUV39H1-edited CAR T cells may reduce tumor relapse in patients.”

There did not appear to be serious side effects in the mice, although researchers will need to confirm the safety of this approach in humans. The biotechnology company Mnemo Therapeutics is exploring the possibility of conducting clinical trials based on this research.

Read more of this story at Slashdot.

Source: Slashdot – Cancer Researchers Show CRISPR-Edited CAR T Cells Could Improve Immunotherapy

Cells have a protein receptor that will cause that cell to die — in theory. Unfortunately, “Previous efforts to target this receptor have been unsuccessful,” says Jogender Tushir-Singh, an associate professor in the Department of Medical Microbiology and Immunology at the University of California, Davis.

But he’s now led a team of researchers at the university’s Comprehensive Cancer Center that’s identified a receptor-activating protein section. And more importantly, “now that we’ve identified this epitope, there could be a therapeutic path forward” for targeting that receptor… in tumors.

The findings were published Oct. 14 in the Nature journal Cell Death & Differentiation… Death receptors do precisely what their name implies — when targeted, they trigger programmed cell death of tumor cells. They offer a potential workaround that could simultaneously kill tumor cells and pave the way for more effective immunotherapies and CAR T-cell therapy…
Tushir-Singh and his colleagues knew they might be able to target cancer cells selectively if they found the right epitope. Having identified this specific epitope, he and other researchers can now design a new class of antibodies to selectively bind to and activate Fas to potentially destroy tumor cells specifically.
Singh says their research “sets the stage” to develop antibodies that selectively kill tumor cells.

Read more of this story at Slashdot.

Source: Slashdot – Researchers Identify a ‘Switch’ That Might Someday Kill Tumor Cells

Around 40% of goods entering and leaving Australia are managed by a single ports operator. But from Friday to Monday morning, they were suffering from a cyberattack that had “crippled” their facilities in Melbourne, Sydney, Brisbane and Perth, reports the BBC:
The outage has not affected the supply of goods to major Australian supermarkets, the BBC understands. DP World Australia, a unit of the Dubai state-owned DP World, said its ports resumed operations at 9am local time “following successful tests of key systems overnight”. It added “The company expects that approximately 5,000 containers will move out of the four Australian terminals today….”

DP World said it halted internet connectivity at its ports on Friday to prevent “any ongoing unauthorised access” to its network. Going offline meant trucks had been unable to transport containers in and out of the affected sites. The resumption of service on Monday is the first step towards tackling the attack on its network. DP World said it was still in the process of investigating the disruption and guarding its systems against cyber attacks.

Read more of this story at Slashdot.

Source: Slashdot – Australia Ports Operator Recovers From Two-Day ‘Crippling’ After Cyber-Attack

MacRumors writes that the second beta of iOS 17.2 “adds a new feature that allows an iPhone 15 Pro or âOEiPhone 15 ProâOE Max to record Spatial Video” — that is, in the immersive 3D format for the yet-to-be-released Apple Vision Pro (where it can be viewed in the “Photos” app):

Spatial Video recording can be enabled by going to the Settings app, tapping into the Camera section, selecting Formats, and toggling on “Spatial Video for âOEApple Vision ProâOE…” Spatial Videos taken with an âOEiPhone 15 ProâOE can be viewed on the âOEiPhoneâOE as well, but the video appears to be a normal video and not a Spatial Video.
Tech blogger John Gruber got to test the technology, watching the videos on a (still yet-to-be-released) Vision Pro headset. “I’m blown away once again,” he wrote, calling the experience “astonishing.”

“Before my demo, I provided Apple with my eyeglasses prescription, and the Vision Pro headset I used had appropriate corrective lenses in place. As with my demo back in June, everything I saw through the headset looked incredibly sharp…”
The Vision Pro experience is highly dependent upon foveated rendering, which Wikipedia succinctly describes as “a rendering technique which uses an eye tracker integrated with a virtual reality headset to reduce the rendering workload by greatly reducing the image quality in the peripheral vision (outside of the zone gazed by the fovea)…” It’s just incredible, though, how detailed and high resolution the overall effect is…

Plain old still photos look amazing. You can resize the virtual window in which you’re viewing photos to as large as you can practically desire. It’s not merely like having a 20-foot displayâ — âa size far more akin to that of a movie theater screen than a television. It’s like having a 20-foot display with retina quality resolution, and the best brightness and clarity of any display you’ve ever used… And then there are panoramic photos… Panoramic photos viewed using Vision Pro are breathtaking. There is no optical distortion at all, no fish-eye look. It just looks like you’re standing at the place where the panoramic photo was takenâ — âand the wider the panoramic view at capture, the more compelling the playback experience is. It’s incredible…

As a basic rule, going forward, I plan to capture spatial videos of people, especially my family and dearest friends, and panoramic photos of places I visit. It’s like teleportation… When you watch regular (non-spatial) videos using Vision Pro, or view regular still photography, the image appears in a crisply defined window in front of you. Spatial videos don’t appear like that at all. I can’t describe it any better today than I did in June: it’s like watchingâ — âand listening toâ — âa dream, through a hazy-bordered portal opened into another world…

Nothing you’ve ever viewed on a screen, however, can prepare you for the experience of watching these spatial videos, especially the ones you will have shot yourself, of your own family and friends. They truly are more like memories than videos… [T]he ones I shot myself were more compelling, and took my breath away… Prepare to be moved, emotionally, when you experience this.

Read more of this story at Slashdot.

Source: Slashdot – iOS Beta Adds ‘Spatial Video’ Recording. Blogger Calls Them ‘Astonishing’, ‘Breathtaking’, ‘Compelling’

“In an open-air warehouse in California’s Central Valley, 40-foot-tall racks hold hundreds of trays filled with a white powder that turns crusty as it absorbs carbon dioxide from the sky,” reports the New York Times.

“The start-up that built the facility, Heirloom Carbon Technologies, calls it the first commercial plant in the United States to use direct air capture, which involves vacuuming greenhouse gases from the atmosphere.”

Another plant is operating in Iceland, and some scientists say the technique could be crucial for fighting climate change. Heirloom will take the carbon dioxide it pulls from the air and have the gas sealed permanently in concrete, where it can’t heat the planet. To earn revenue, the company is selling carbon removal credits to companies paying a premium to offset their own emissions. Microsoft has already signed a deal with Heirloom to remove 315,000 tons of carbon dioxide from the atmosphere.

The company’s first facility in Tracy, California, which opens Thursday, is fairly small. The plant can absorb a maximum of 1,000 tons of carbon dioxide per year, equal to the exhaust from about 200 cars. But Heirloom hopes to expand quickly. “We want to get to millions of tons per year,” said Shashank Samala, the company’s chief executive. “That means copying and pasting this basic design over and over.”

Heirloom’s technology hinges on a simple bit of chemistry: Limestone, one of the most abundant rocks on the planet, forms when calcium oxide binds with carbon dioxide. In nature, that process takes years. Heirloom speeds it up. At the California plant, workers heat limestone to 1,650 degrees Fahrenheit in a kiln powered by renewable electricity. Carbon dioxide is released from the limestone and pumped into a storage tank. The leftover calcium oxide, which looks like flour, is then doused with water and spread onto large trays, which are carried by robots onto tower-high racks and exposed to open air. Over three days, the white powder absorbs carbon dioxide and turns into limestone again. Then it’s back to the kiln and the cycle repeats. “That’s the beauty of this, it’s just rocks on trays,” Mr. Samala, who co-founded Heirloom in 2020, said.

The hard part, he added, was years of tweaking variables like particle size, tray spacing and moisture to speed up absorption… In future projects, Heirloom also plans to pump carbon dioxide into underground storage wells, burying it.
The company received funding from Microsoft’s Climate Innovation Fund and Bill Gates’ Breakthrough Energy Ventures, according to Bloomberg, which adds that Heirloom’s technology will later “be deployed at a major hub in Louisiana the government expects will remove 1 million tons of CO2 a year by the end of the decade.”

The New York Times notes there was also federal funding, something that’s been fueling the ambitions of hundreds of carbon-capture startups. “The science is clear,” says America’s Energy Secretary. “Cutting back carbon emissions through renewable energy alone won’t stop the damage from climate change. Direct air capture technology is a game-changing tool that gives us a shot at removing the carbon pollution that has been building in the atmosphere since the Industrial Revolution.”

Read more of this story at Slashdot.

Source: Slashdot – America’s First Commercial Carbon-Sucking Facility Opens in California

Greek economist/politician Yanis Varoufakis “was briefly Greek finance minister in 2015,” remembers the Conversation. Now his new book asks the question, “What killed capitalism,” with the title’s first word providing an answer.
“Techno-feudalism.”

Varoufakis argues that we no longer live in a capitalist society… “Today, capitalist relations remain intact, but techno-feudalist relations have begun to overtake them,” writes Varoufakis. Traditional capitalists, he proposes, have become “vassal capitalists”. They are subordinate and dependent on a new breed of “lords” — the Big Tech companies — who generate enormous wealth via new digital platforms. A new form of algorithmic capital has evolved — what Varoufakis calls “cloud capital” — and it has displaced “capitalism’s two pillars: markets and profits”.

Markets have been “replaced by digital trading platforms which look like, but are not, markets”. The moment you enter amazon.com “you exit capitalism” and enter something that resembles a “feudal fief”: a digital world belonging to one man and his algorithm, which determines what products you will see and what products you won’t see. If you are a seller, the platform will determine how you can sell and which customers you can approach. The terms in which you interact, share information and trade are dictated by an “algo” that “works for [Jeff Bezos’] bottom line”…

Access to the “digital fief” comes at the cost of exorbitant rents. Varoufakis notes that many third-party developers on the Apple store, for example, pay 30% “on all their revenues”, while Amazon charges its sellers “35% of revenues”. This, he argues, is like a medieval feudal lord sending round the sheriff to collect a large chunk of his serfs’ produce because he owns the estate and everything within it.
There is “no disinterested invisible hand of the market” here. The Big Tech platforms are exempted from free-market competition.

And in the meantime, users are unknowingly training their algorithms for them — so “In this interaction, we are all high-tech ‘cloud serfs’… [T]he ‘cloud capital’ we are generating for them all the time increases their capacity to generate yet more wealth, and thus increases their power — something we have only begun to realise.”
Approximately 80% of the income of traditional capitalist conglomerates go to salaries and wages, according to Varoufakis, while Big Tech’s workers, in contrast, collect “less than 1% of their firms’ revenues”… For Varoufakis, we are not just living through a tech revolution, but a tech-driven economic revolution. He challenges us to come to terms with just what has happened to our economies — and our societies — in the era of Big Tech and Big Finance.

Thanks to Slashdot reader ZipNada for sharing the article.

Read more of this story at Slashdot.

Source: Slashdot – Is Capitalism Dead? Yanis Varoufakis Argues Capitalists are Now Vassals to ‘Techno-Feudalists’

Images and information from social media (and other online sources) are being used by AI to create “create convincing and personalized scam calls, texts and emails,” writes the Palm Beach Post, citing a warning from Florida’s consumer watchdog agency.

In an older version of the scam, a caller would greet “Grandma” or “Grandpa” before saying, “It’s me — I know I sound funny because I have a cold,” and then make an urgent plea for money to get out of a scrap… Using audio and video clips found online, the con artist can clone the voice of a family member to make the call more compelling…

Listen for clues to a con like incorrect or mispronounced names or unfamiliar terms of endearment. The pressure to act quickly and to keep the call a secret are all timeless hallmarks of a scam, the agency notes. Detailed instructions on how to deliver funds in a form that is hard to recover — wired funds, a gift card or pay app — are also indications of a ripoff in the making.
The consumer watchdog agency suggests this precaution. “Encourage family members to set their social media pages to private.”
Thanks to long-time Slashdot reader SonicSpike for sharing the article.

Read more of this story at Slashdot.

Source: Slashdot – AI-Generated Voice Deepfakes are Being Used in Scams

Despite a six-episode Ms. Marvel miniseries on Disney+, audiences aren’t turning out now to see the 16-year-old superhero’s team-up with Captain Marvel on the big screen.
The Marvels earned $47 million in its opening weekend, reports Deadline, “the lowest ever for Disney’s Marvel Cinematic Universe,” and $110 million worldwide, “which is also a bottom rung for the MCU and below the $140M we were forecasting.”

In regards to U.S. admissions, The Marvels came in per EntTelligence at 3.3M compared to other superhero bombs, The Flash’s 3.9M and Eternals’ 5.5M. By all accounts and by all sources, it’s a disastrous result for a $200 million Marvel Studios movie… Months ago, who would have thought that Universal/Blumhouse’s Five Nights at Freddys two weeks ago in a day-and-date debut on Peacock would post a higher opening at the box office ($80M) than The Marvels…?

The Marvels meltdown isn’t about superhero fatigue. It’s about Disney’s overexposure of the Marvel Cinematic Universe brand on Disney+, and those moth holes are beginning to show: Keep what’s meant for the cinema in cinemas, and keep what’s meant for in-homes in the home. Meaning, this whole crossover streaming-into-film master plan isn’t working, nor is it really connected in a jaw-dropping way.. The Marvels — with its crossover streaming series blah-blah — looks like it was built to be seen in homes, not to get audiences off the couch.

Read more of this story at Slashdot.

Source: Slashdot – Despite Lead-in On Disney+, ‘The Marvels’ Bombs at Box Office

SysAid’s system management software has “a vulnerability actively being exploited to deploy Clop ransomware,” according to SiliconAngle:

The warning came from Microsoft Corp.’s Threat Intelligence team, which wrote on X that it had discovered the exploitation of a zero-day vulnerability in SysAid’s IT support software that’s being exploited by the Lace Tempest ransomware gang.

Lace Tempest first emerged earlier this year from its attacks involving the MOVEit Transfer and GoAnywhere MFT. This group has been characterized by its sophisticated attack methods, often exploiting zero-day vulnerabilities to infiltrate organizations’ systems to deploy ransomware and exfiltrate sensitive data…
In a blog post, SysAid said that the vulnerability, tracked as CVE-2023-47246, was first discovered on Novembers 2 and is a path traversal vulnerability leading to code execution within the SysAid on-prem software… “Given the scale and impact of the MOVEit breach, which was considered one of the largest in recent history, the potential for the SysAid vulnerability to reach similar levels of disruption is not inconceivable, though several factors would influence this outcome,” Craig Jones, vice president of security operations at managed detection and response provider Ontinue Inc., told SiliconANGLE. “The MOVEit breach, exploited by the Clop ransomware group, impacted over 1,000 organizations and more than 60 million individuals,” Jones explained. “Comparatively, SysAid claims more than 5,000 customers across various industries globally. The potential damage from the SysAid vulnerability would depend on factors such as how widespread the exploitation is, how quickly the patch is applied and the sensitivity of the accessed data.”

SysAid’s blog post confirms the zero-day vulnerability, and says they’ve begun “proactively communicating with our on-premise customers to ensure they could implement a mitigation solution we had identified…”

“We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conduct a comprehensive compromise assessment of your network…”
The attacker uploaded a WAR archive containing a WebShell and other payloads into the webroot of the SysAid Tomcat web service [which] provided the attacker with unauthorized access and control over the affected system.Subsequently, the attacker utilized a PowerShell script, deployed through the WebShell, to execute a malware loader named user.exe on the compromised host, which was used to load the GraceWire trojan…
After this initial access and the deployment of the malware, the attacker utilized a second PowerShell script to erase evidence associated with the attacker’s actions from the disk and the SysAid on-prem server web logs… Given the severity of the threat posed, we strongly recommend taking immediate steps according to your incident response playbook and install any patches as they become available.

Read more of this story at Slashdot.

Source: Slashdot – A SysAid Vulnerability Is Being Used To Deploy Clop Ransomware, Warns Microsoft

Wednesday nearly half of Australia was left without internet or phone service after the country’s second largest telecommunications company experienced a service outage affecting 10 million people.

But that’s not Optus’s only problem, according to this report from the Guardian:

Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco’s legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack.

Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public…

It came as the embattled CEO faces pressure over the company’s handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.

Read more of this story at Slashdot.

Source: Slashdot – Optus Loses Court Bid To Keep Report Into Cause of 2022 Cyber-Attack a Secret

This week the Council of the European Union made an announcement. “With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID).”

The proposed new framework would also require member states “to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification.”

“With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity,” said Nadia Calviño, acting Spanish first vice-president and minister for economy and digitalisation.
From the announcement:

The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication. Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.

The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared…

The revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
“When finalised, the text will be submitted to the member statesâ(TM) representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EUâ(TM)s Official Journal and enter into force.”

Read more of this story at Slashdot.

Source: Slashdot – ‘Provisional Agreement’ Reached on eID, a ‘Digital Identity for All Europeans’

Started in 2013, “Hour of Code” is an annual tradition started by the education non-profit Code.org (which provides free coding lessons to schools). Its FAQ describes the December event for K-12 students as “a worldwide effort to celebrate computer science, starting with 1-hour coding activities,” and over 100 million schoolkids have participated over the years.

This year’s theme will be “Creativity With AI,” and the “computer vision” lesson includes a short video (less than 7 minutes) featuring a Tesla Autopilot product manager from its computer vision team. “I build self-driving cars,” they say in the video. “Any place where there can be resources used more efficiently I think is a place where technology can play a role. But of course one of the best, impactful ways of AI, I hope, is through self-driving cars.” (The video then goes on to explain how lots of training data ultimately generates a statistical model, “which is just a fancy way of saying, a guessing machine.”)

The 7-minute video is part of a larger lesson plan (with a total estimated time of 45 minutes) in which students tackle a fun story problem. If a sports arena’s scoreboard is showing digital numbers, what series of patterns would a machine-vision system have to recognize to identify each digit. (Students are asked to collaborate in groups.) And it’s just one of seven 45-minute lessons, each one accompanied by a short video. (The longest video is 7 minutes and 28 seconds, and all seven videos, if watched back-to-back, would run for about 31 minutes.)

Not all the lessons involve actual coding, but the goal seems to be familiarizing students (starting at the 6th grade level) with artificial intelligence of today, and the issues it raises. The second-to-last lesson is titled “Algorithmic Bias” — with a video including interviews with an ethicist at Open AI and professor focused on AI from both MIT and Stanford. And the last lesson — “Our AI Code of Ethics” — challenges students to assemble documents and videos on AI-related “ethical pitfalls,” and then pool their discoveries into an educational resource “for AI creators and legislators everywhere.”

This year’s installment is being billed as “the largest learning event in history.” And it’s scheduled for the week of December 4 so it coincides with “Computer Science Education Week” (a CS-education event launched in 2009 by the Association for Computing Machinery, with help from partners including Intel, Microsoft, Google, and the National Science Foundation).

Read more of this story at Slashdot.

Source: Slashdot – How ‘Hour of Code’ Will Teach Students About Issues with AI

The senior security editor at Ars Technica writes:

Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.

Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name “pyobfgood.” Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developerâ(TM)s machine. Capabilities include:

– Exfiltrate detailed host information
– Steal passwords from the Chrome web browser
– Set up a keylogger
– Download files from the victim’s system
– Capture screenshots and record both screen and audio
– Render the computer inoperative by ramping up CPU usage, inserting a batch script in the startup directory to shut down the PC, or forcing a BSOD error with a Python script
– Encrypt files, potentially for ransom
– Deactivate Windows Defender and Task Manager
– Execute any command on the compromised host

In all, pyobfgood and the previous seven tools were installed 2,348 times. They targeted developers using the Python programming language… Downloads of the package came primarily from the US (62%), followed by China (12%) and Russia (6%)

Ars Technica concludes that “The never-ending stream of attacks should serve as a cautionary tale underscoring the importance of carefully scrutinizing a package before allowing it to run.”

Read more of this story at Slashdot.

Source: Slashdot – Highly Invasive Backdoors Hidden in Python Obfuscation Packages, Downloaded by 2,348 Developers

This week the Verge’s podcast Decoder interviewed former U.S. president Barack Obama for a discussion on “AI, free speech, and the future of the internet.”
Obama warns that future copyright questions are just part of a larger issue. “If AI turns out to be as pervasive and as powerful as it’s proponents expect — and I have to say the more I look into it, I think it is going to be that disruptive — we are going to have to think about not just intellectual property; we are going to have to think about jobs and the economy differently.”

Specific issues may include the length of the work week and the fact that health insurance coverage is currently tied to employment — but it goes far beyond that:

The broader question is going to be what happens when 10% of existing jobs now definitively can be done by some large language model or other variant of AI? And are we going to have to reexamine how we educate our kids and what jobs are going to be available…?

The truth of the matter is that during my presidency, there was I think a little bit of naivete, where people would say, you know, “The answer to lifting people out of poverty and making sure they have high enough wages is we’re going to retrain them and we’re going to educate them, and they should all become coders, because that’s the future.” Well, if AI’s coding better than all but the very best coders? If ChatGPT can generate a research memo better than the third-, fourth-year associate — maybe not the partner, who’s got a particular expertise or judgment? — now what are you telling young people coming up?

While Obama believes in the transformative potential of AI, “we have to be maybe a little more intentional about how our democracies interact with what is primarily being generated out of the private sector. What rules of the road are we setting up, and how can we make sure that we maximize the good and maybe minimize some of the bad?”

AI’s impact will be a global problem, Obama believes, which may require “cross-border frameworks and standards and norms”. (He expressed a hope that governments can educate the public on the idea that AI is “a tool, not a buddy”.) During the 44-minute interview Obama predicted AI will ultimately force a “much more robust” public conversation about rules needed for social media — and that at least some of that pressure could come from how consumers interact with companies. (Obama also argues there will still be a market for products that don’t just show you what you want to see.)

“One of Obama’s worries is that the government needs insight and expertise to properly regulate AI,” writes the Verge’s editor-in-chief in an article about the interview, “and you’ll hear him make a pitch for why people with that expertise should take a tour of duty in the government to make sure we get these things right.”

You’ll hear me get excited about a case called Red Lion Broadcasting v. FCC, a 1969 Supreme Court decision that said the government could impose something called the Fairness Doctrine on radio and television broadcasters because the public owns the airwaves and can thus impose requirements on how they’re used. There’s no similar framework for cable TV or the internet, which don’t use public airwaves, and that makes them much harder, if not impossible, to regulate. Obama says he disagrees with the idea that social networks are something called “common carriers” that have to distribute all information equally.
Obama also applauded last month’s newly-issued Executive Order from the White House, a hundred-page document which Obama calls important as “the beginning of building out a framework.”

We don’t know all the problems that are going to arise out of this. We don’t know all the promising potential of AI, but we’re starting to put together the foundations for what we hope will be a smart framework for dealing with it… In talking to the companies themselves, they will acknowledge that their safety protocols and their testing regimens may not be where they need to be yet. I think it’s entirely appropriate for us to plant a flag and say, “All right, frontier companies, you need to disclose what your safety protocols are to make sure that we don’t have rogue programs going off and hacking into our financial system,” for example. Tell us what tests you’re using. Make sure that we have some independent verification that right now this stuff is working.

But that framework can’t be a fixed framework. These models are developing so quickly that oversight and any regulatory framework is going to have to be flexible, and it’s going to have to be nimble.

Read more of this story at Slashdot.

Source: Slashdot – Former President Obama Warns ‘Disruptive’ AI May Require Rethinking Jobs and the Economy

An anonymous reader shared this report from security research Brian Krebs:
In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account…

The homepage said I needed to provide a Social Security number and mobile phone number, and that I’d soon receive a link that I should click to verify myself. The site claims that the phone number you provide will be used to help validate your identity. But it appears you could supply any phone number in the United States at this stage in the process, and Experian’s website would not balk.
One user said they recreated their account this week — even though the phone number they’d input was a random number. “The only difference: it asked me FIVE questions about my personal history (last time it only asked three) before proclaiming, ‘Welcome back, Pete!,’ and granting full access,” @PeteMayo wrote. “I feel silly saving my password for Experian; may as well just make a new account every time.”
And Krebs points out that “Regardless, users can simply skip this step by selecting the option to ‘Continue another way.'”
Experian then asks for your full name, address, date of birth, Social Security number, email address and chosen password. After that, they require you to successfully answer between three to five multiple-choice security questions whose answers are very often based on public records. When I recreated my account this week, only two of the five questions pertained to my real information, and both of those questions concerned street addresses we’ve previously lived at — information that is just a Google search away…

Experian will send a message to the old email address tied to the account, saying certain aspects of the user profile have changed. But this message isn’t a request seeking verification: It’s just a notification from Experian that the account’s user data has changed, and the original user is offered zero recourse here other than to a click a link to log in at Experian.com. And of course, a user who receives one of these notices will find that the credentials to their Experian account no longer work. Nor do their PIN or account recovery question, because those have been changed also. Your only option at this point is recreate your account at Experian and steal it back from the ID thieves!
Experian’s security measures “are constantly evolving,” insisted Experian spokesperson Scott Anderson — though Krebs remains unsatisfied.

Anderson said all consumers have the option to activate a multi-factor authentication method that’s requested each time they log in to their account. But what good is multi-factor authentication if someone can simply recreate your account with a new phone number and email address?

Read more of this story at Slashdot.

Source: Slashdot – It’s Still Too Easy for Anyone to ‘Become You’ at Experian

In Chrome, JavaScript (and WebAssembly) code are both executed by Google’s open source V8 engine — which already has garbage-collecting capabilities. “This means developers making use of, for example, PHP compiled to Wasm, end up shipping a garbage collector implementation of the ported language (PHP) to the browser that already has a garbage collector,” writes Google developer advocate Thomas Steiner, “which is as wasteful as it sounds.”

“This is where WasmGC comes in.”

WebAssembly Garbage Collection (or WasmGC) is a proposal of the WebAssembly Community Group [which] adds struct and array heap types, which means support for non-linear memory allocation… In simplified terms, this means that with WasmGC, porting a programming language to WebAssembly means the programming language’s garbage collector no longer needs to be part of the port, but instead the existing garbage collector can be used.
Sometime on Halloween, Steiner wrote that in Chrome, WebAssembly garbage collection is now enabled by default. But then he explored what this means for high-level programming languages (with their own built-in garbage collection) being compiled into WebAssembly:

To verify the real-world impact of this improvement, Chrome’s Wasm team has compiled versions of the Fannkuch benchmark (which allocates data structures as it works) from C, Rust, and Java. The C and Rust binaries could be anywhere from 6.1 K to 9.6 K depending on the various compiler flags, while the Java version is much smaller at only 2.3 K! C and Rust do not include a garbage collector, but they do still bundle malloc/free to manage memory, and the reason Java is smaller here is because it doesn’t need to bundle any memory management code at all. This is just one specific example, but it shows that WasmGC binaries have the potential of being very small, and this is even before any significant work on optimizing for size.

The blog post includes two examples of WasmGC-ported programming languages in action:

“One of the first programming languages that has been ported to Wasm thanks to WasmGC is Kotlin in the form of Kotlin/Wasm.”
“The Dart and Flutter teams at Google are also preparing support for WasmGC. The Dart-to-Wasm compilation work is almost complete, and the team is working on tooling support for delivering Flutter web applications compiled to WebAssembly.”

Read more of this story at Slashdot.

Source: Slashdot – Why Chrome Enabled WebAssembly Garbage Collection (WasmGC) By Default

This week GitHub announced the approaching general availability of the GPT-4-powered GitHub Copilot Chat in December “as part of your existing GitHub Copilot subscription” (and “available at no cost to verified teachers, students, and maintainers of popular open source projects.”)

And this “code-aware guidance and code generation” will also be integrated directly into github.com, “so developers can dig into code, pull requests, documentation, and general coding questions with Copilot Chat providing suggestions, summaries, analysis, and answers.”

With GitHub Copilot Chat we’re enabling the rise of natural language as the new universal programming language for every developer on the planet. Whether it’s finding an error, writing unit tests, or helping debug code, Copilot Chat is your AI companion through it all, allowing you to write and understand code using whatever language you speak…

Copilot Chat uses your code as context, and is able to explain complex concepts, suggest code based on your open files and windows, help detect security vulnerabilities, and help with finding and fixing errors in code, terminal, and debugger…
With the new inline Copilot Chat, developers can chat about specific lines of code, directly within the flow of their code and editor.

InfoWorld notes it will chat in “whatever language a developer speaks.” (And that Copilot Chat will also be available in GitHub’s mobile app.) But why wait until December? GitHub’s blog post says that Copilot Chat “will come to the JetBrains suite of IDEs, available in preview today.”

GitHub also plans to introduce “slash commands and context variables” for GitHub Copilot, “so fixing or improving code is as simple as entering /fix and generating tests now starts with /tests.”

“With Copilot in the code editor, in the CLI, and now Copilot Chat on github.com and in our mobile app, we are making Copilot ubiquitous throughout the software development lifecycle and always available in all of GitHub’s surface areas…”

CNBC adds that “Microsoft-owned GitHub” also plans to introduce “a more expensive Copilot assistant” in February “for developers inside companies that can explain and provide recommendations about internal source code.”
Wednesday’s blog post announcing these updates was written by GitHub’s CEO, who seemed to be predicting an evolutionary leap into a new future. “Just as GitHub was founded on Git, today we are re-founded on Copilot.” He promised they’d built on their vision of a future “where AI infuses every step of the developer lifecycle.”
Open source and Git have fundamentally transformed how we build software. It is now evident that AI is ushering in the same sweeping change, and at an exponential pace… We are certain this foundational transformation of the GitHub platform, and categorically new way of software development, is necessary in a world dependent on software. Every day, the world’s developers balance an unsustainable demand to both modernize the legacy code of yesterday and build our digital tomorrow. It is our guiding conviction to make it easier for developers to do it all, from the creative spark to the commit, pull request, code review, and deploy — and to do it all with GitHub Copilot deeply integrated into the developer experience.
And if you’re worried about the security of AI-generated code…

Today, GitHub Copilot applies an LLM-based vulnerability prevention system that blocks insecure coding patterns in real-time to make GitHub Copilot’s suggestions more secure. Our model targets the most common vulnerable coding patterns, including hardcoded credentials, SQL injections, and path injections. GitHub Copilot Chat can also help identify security vulnerabilities in the IDE, explain the mechanics of a vulnerability with its natural language capabilities, and suggest a specific fix for the highlighted code.
But for Enterprise accounts paying for GitHub Advanced Security, there’s also an upgrade coming: “new AI-powered application security testing features designed to detect and remediate vulnerabilities and secrets in your code.” (It’s already available in preview mode.)

GitHub even announced plans for a new AI assistant in 2024 that generates a step-by-step plan for responding to GitHub issues. (GitHub describes it as “like a pair programming session with a partner that knows about every inch of the project, and can follow your lead to make repository-wide changes from the issue to the pull request with the power of AI.”)

CNBC notes that AI-powered coding assistants “are still nascent, though, with less than 10% enterprise adoption, according to Gartner, a technology industry research firm.”

But last month Microsoft CEO Satya Nadella told analysts GitHub Copilot already had one million paying users…
And GitHub’s blog post concludes, “And we’re just getting started.”

Read more of this story at Slashdot.

Source: Slashdot – GitHub Announces Its ‘Refounding’ on Copilot, Including an AI-Powered ‘Copilot Chat’ Assistant

“Dealers don’t want to change the model. They want to be the gatekeepers.” That’s according to Daniel Crane, a law professor at the University of Michigan who studies the laws and economics of car dealerships. He’s quoted in a Washington Post article warning that “Electric vehicles are hitting a road block: Car dealers.”

Former Chevy salesman Buzz Smith tells the Post that it can take longer to sell electric cars (with multiple visits and questions about their technology and chargers) — in effect reducing what a salesman earns per hour. But more to the point, “he believes the pay structure of auto salespeople isn’t a good fit for the EV era.”
Electric cars have narrower profit margins, he said, which cuts into the commission a dealer can get. And if a customer returns to the dealership multiple times, salespeople may have to split the commission, again cutting into their take-home pay. At the same time, car dealerships make most of their overall profits from providing service for vehicles — not selling new cars. According to an analysis from the U.S. Bureau of Labor Statistics, just 16 percent of dealers’ gross profits came from new car sales, while 43 percent came from parts, labor and service. (The rest of the profits come from used car sales and financing and incentives…)

That could also discourage dealers from selling EVs. Gas cars have 100 times more moving parts than electric vehicles do, and studies show that EVs have lower maintenance costs. An average gas-powered car, for example, needs an oil change about every six months, or every 5,000 to 7,500 miles. But many electric cars don’t require a major service until around 150,000 miles.

“They’re all terrified of that loss of maintenance,” Smith said.
The Post reports one woman’s complain that after buying an electric car, her salesperson “offered her a plan for oil changes and an extended warranty for a gas-powered car.”
But is there something bigger going on? Since the 1950s dozens of states passed laws protecting auto dealerships, and many of those laws prevent manufacturers from selling directly to consumers. The Post notes that now “many automakers have to sell their vehicles through one of the country’s more than 16,000 franchised auto dealerships. And those salespeople often don’t have extensive training on how to sell an EV or even on the technology itself.”
Frustrated customers told The Washington Post that dealers tried to redirect their attention toward gas cars, or gave incorrect or unclear answers to questions about charging and day-to-day electric vehicle use… Then there is the maze of federal and state tax incentives that can help drivers afford a new or used EV — but only if the dealer and the consumer can understand how they work.

Some dealers, however, don’t seem to want to offer electric cars: According to a survey that the Sierra Club conducted at the end of 2022, 66 percent of dealerships did not have an EV available for sale. That was at the height of EV supply chain problems, but 45 percent of those dealers — or 30 percent of all dealers surveyed — said they wouldn’t offer an EV even if they could. Amid concern over an EV slowdown, electric cars are sitting longer on dealerships’ lots than gas-powered cars. According to data from Cox Automotive, dealerships started the year with a roughly 50 days’ supply of gas cars and electric cars. Now the supply of gas cars is around the same, but the supply of EVs has doubled.

Read more of this story at Slashdot.

Source: Slashdot – Are Car Dealers Slowing the Adoption of Electric Vehicles?