Enlarge / The front panel of a Drive Pilot-equipped EQS conceals its lidar and other sensors. (credit: Mercedes-Benz)

We sampled the new Drive Pilot system, which will be available on the 2024 Mercedes-Benz S-Class and EQS sedans, on some of the most congested highways in Los Angeles. It’s the first level 3 automated driving system approved for use in the US, but initially it will only be available and active in California and Nevada. Drive Pilot allows for hands-free highway driving similar to other systems, such as Super Cruise from GM, BlueCruise from Ford, or Highway Assistant from BMW, but goes further by allowing the driver to also take their eyes off the road.

A defined operation design domain

Certain conditions must be satisfied before you can activate Drive Pilot, an important concept in autonomous driving known as the “operational design domain.”

Enlarge / Malware Detected Warning Screen with abstract binary code 3d digital concept (credit: Getty Images)

The vulnerability originates in the libwebp code library, which Google created in 2010 for rendering images in webp, a then new format that resulted in files that were up to 26 percent smaller as compared to PNG images. Libwebp is incorporated into just about every app, operating system, or other code library that renders webp images, most notably the Electron framework used in Chrome and many other apps that run on both desktop and mobile devices.

Two weeks ago, Google issued a security advisory for what it said was a heap buffer overflow in WebP in Chrome. Google’s formal description, tracked as CVE-2023-4863, scoped the affected vendor as “Google” and the software affected as “Chrome,” even though any code that used libwebp was vulnerable. Critics warned that Google’s failure to note that thousands of other pieces of code were also vulnerable would result in unnecessary delays in patching the vulnerability, which allows attackers to execute malicious code when users do nothing more than view a booby-trapped webp image.

Enlarge / The lid is open on the OSIRIS-REx sample return canister, revealing a tantalizing ring of dust outside the main sample collection chamber. (credit: Dante Lauretta)

The spacecraft completed its round-trip journey to asteroid Bennu with a near-bullseye landing of its sample return capsule Sunday morning in Utah. The OSIRIS-REx (Origins, Spectral Interpretation, Resource Identification, Security-Regolith Explorer) mothership released the capsule to plunge into the atmosphere while it fired its thrusters to maneuver on a trajectory to head back into the Solar System for an extended mission to visit another asteroid.

Enlarge / Archaeologists excavating a Roman legionary fortress found a ceramic “wine fridge.” (credit: Rjdeadly/CC BY-SA 4.0)

Roman soldiers occupying what is now northern Bulgaria along the Danube River had to deal with all manner of uprisings against the empire, but at least they could keep their wine reasonably cool. Archaeologists have discovered a 2,000-year-old built-in ceramic structure they believe was used to store wine and perishable foods.

It’s a rare find and the second such “refrigerator” to be discovered at a former fortress at the archaeological site of Novae. The first was found last year: a container made of ceramic plates beneath the floor of a military barracks room. It was most likely used to store food, based on the ceramic vessels and small baked bone fragments found along with it, as well as charcoal and a bowl that may have been used to burn incense to ward off insects.

This latest find is noteworthy because it has an additional cooling element in the form of a lead pipe (connected to a system of aqueducts) running along one side. The fragments of wine-drinking vessels, bowls, and animal bones should help the team re-create the soldiers’ last meal, according to team leader Piotr Dyczek, an archaeologist at the University of Warsaw in Poland.

Enlarge / A worker handles a bottle of Merck & Co. and Ridgeback Biotherapeutics LPs molnupiravir antiviral medication in a warehouse in Shoham, Israel, on January 18, 2022. (credit: Getty | Kobi Wolf)

According to a new peer-reviewed study in the journal Nature, the anti-viral drug dubbed molnupiravir is linked to specific SARS-CoV-2 mutation signatures that happened to spring up in 2022 when the drug was introduced.

Enlarge / Google is looking pretty dilapidated these days. (credit: Aurich Lawson)

Google is killing off so many products lately we need to do a roundup or we won’t get anything else done today. First on the docket is the inevitable death of Google Podcasts. We’ve been side-eying Google Podcasts ever since Google’s new podcast platform, YouTube Podcasts, launched in April. YouTube has been slowly consuming all of Google’s media properties, and podcasts completes the trinity along with videos (both amateur and scripted Hollywood content) and music.

Google does not need two podcast apps, so Google Podcasts must die. This was announced on the official YouTube blog, if there was any question about the responsible party. Google Podcasts is getting shut down “later in 2024,” but before that, we’ll see an expansion of YouTube podcasts, which is currently only available in the US. YouTube says its podcast platform (which is built into the YouTube Music app) will be out “globally” before the end of the year.

The Google Podcasts app. (credit: Google)

Google Podcasts was Google’s third podcasting service, after the Google Reader-powered Google Listen (2009–2012) and Google Play Music Podcasts (2016–2020). Google Podcasts technically started in 2016 as a bizarre podcast player that was only accessible via a mobile Google Search. Searching for a podcast in the Google app would show a play button next to episode search results, but there was no way to subscribe to a podcast. Android Google Podcasts finally got podcast-defining subscription support a whopping two years later, but you couldn’t really call the service viable until an iOS app finally launched in 2020.

Enlarge / Federal Communication Commission Chairwoman Jessica Rosenworcel, then a commissioner, rallies against repeal of net neutrality rules in December 2017. (credit: Getty Images | Chip Somodevilla)

Rosenworcel announced her plans in a speech today, one day after the FCC gained a 3-2 Democratic majority with the swearing-in of Commissioner Anna Gomez. The FCC previously operated with a 2-2 partisan deadlock because the US Senate never voted on whether to confirm President Biden’s first nominee, Gigi Sohn.

“This afternoon, I’m sharing with my colleagues a rulemaking that proposes to reinstate net neutrality,” Rosenworcel said.

Enlarge / A decent placebo setup for transcranial magnetic stimulation is difficult to distinguish from actual treatment. (credit: Monty Rakusen)

Transcranial magnetic stimulation is fairly straightforward in principle. It’s possible to use magnetic fields to induce currents in many materials. One of the materials where that works is the brain, where neural activity depends on the presence of voltage between a cell and its environment. So, by carefully shaping the magnetic field, it’s possible to influence the activity in specific areas of the brain. Critically, this can be done with equipment placed outside the skull and, so, is quite non-invasive compared to many other interventions.

Enlarge / If my dad had been able to show me the intricate dance between smartphone app, car, cable, and station, perhaps my first outing wouldn’t have been quite so confusing. (credit: EVgo)

As part of “EVgo ReNew,” the company’s plan focuses on “overall network performance and the holistic customer experience.” EVgo says it “upgraded, replaced, or decommissioned” charging gear at 120 of its more than 850 stations. It has also brought at least one 350 kW charger to nearly all its stations, claims to have cut its average station repair time in half over the last 12 months, and improved its repair parts inventory and customer service staffing. And EVgo says it will track “One & Done” success rates, measuring how many people are able to initiate a charging session on their first attempt.

EV charging reliability has been an issue for a few years now. It’s something we wrote (warned, really) about in 2022, and a JD Power study on the EV public charging experience last month showed it’s not getting better. EVgo rated a 569 out of 1,000 in that study, roughly midway between ChargePoint at 606 and Electrify America at 538, with all of them dropping from 2022. Tesla, meanwhile, with its nationwide network of Supercharger spots with first-mover placement advantage, rated 739 out of 1,000, unchanged from 2022.

Enlarge / Dave Limp discussing Amazon’s coversational AI abilities at Amazon’s devices event last week. (credit: Eric Lee for the Washington Post/Getty)

After Amazon’s devices event last week, when the company showcased generative AI features it’s developing for Alexa, Bloomberg asked Dave Limp, SVP of devices and services at Amazon, if there will be a time when Alexa’s AI features will require a subscription.

“Yes, we absolutely think that,” the executive responded.

Enlarge

The cross-origin attack allows a malicious website from one domain—say, example.com—to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains.

Optimizing bandwidth at a cost

GPU.zip, as the proof-of-concept attack has been named, starts with a malicious website that places a link to the webpage it wants to read inside of an iframe, a common HTML element that allows sites to embed ads, images, or other content hosted on other websites. Normally, the same origin policy prevents either site from inspecting the source code, content, or final visual product of the other. The researchers found that data compression that both internal and discrete GPUs use to improve performance acts as a side channel that they can abuse to bypass the restriction and steal pixels one by one.

Enlarge

But looking back, I’ve said something along those lines for each of the last few macOS releases (and several others before that). Honestly, these days, what macOS update hasn’t been “low-key”? Every one since Big Sur (11.0) overhauled the UI and added Apple Silicon support has been content to add a few pieces on top of the foundation, fiddle a bit with under-the-hood enhancements and new security measures, maintain feature parity with iOS for the built-in apps, and call it a day. That’s what Sonoma does, too.

So macOS Sonoma is a perfectly typical macOS release, a sort of “Ventura-plus” that probably has one or two additions that any given person will find useful but which otherwise just keeps your Mac secure and avoids weird iCloud compatibility problems with whatever software is running on your phone. You probably don’t need to run out and install it, but there’s no real reason to avoid it if you’re not aware of some specific bug or compatibility problem that affects the software you use. It’s business as usual for Mac owners. Let’s dive in.

Enlarge / A PC running Windows 11. (credit: Microsoft)

Today, Microsoft is beginning to roll out a major batch of new Windows updates, including its Copilot generative AI assistant, wide-ranging improvements for built-in apps, and other user interface tweaks. Normally, updates of this magnitude would only arrive in one of Windows’ big yearly feature updates, but the company said last week that all of these changes would be added to the current revision of Windows 11, version 22H2.

In a blog post released today, Microsoft said that Windows is getting its yearly update later this year but that the Windows 11 2023 Update won’t include new features or fixes. Instead, it’s what Microsoft calls an “enablement package,” essentially an update that will bump up the version number without making any other changes to the underlying code.

Microsoft says that this 23H2 update “will be cumulative with all the newly announced features,” so any new install media created with Windows 23H2 will include Copilot and all the other updates that Microsoft is rolling out today. It’s just that the new features and the new version number are technically arriving separately instead of being grouped together as they would have been in past years. Microsoft says people running Windows 11 22H2 can get most of the new features by manually installing the optional October update that’s available in Windows Update today or by enabling the “get the latest updates as soon as they’re available” toggle in Windows Update. The non-optional November update will enable all these features on all Windows 11 PCs.

Enlarge / FTC Chair Lina Khan speaks during the Spring Enforcers Summit at the Department of Justice in Washington, DC, on Monday, March 27, 2023. (credit: Getty Images | Bloomberg)

The FTC announced that it filed the lawsuit in US District Court for the Western District of Washington. The FTC press release said it is “seeking a permanent injunction in federal court that would prohibit Amazon from engaging in its unlawful conduct and pry loose Amazon’s monopolistic control to restore competition.”

Enlarge (credit: Getty Images)

When you type a question into Google Search, the site sometimes provides a quick answer called a Featured Snippet at the top of the results, pulled from websites it has indexed. On Monday, X user Tyler Glaiel noticed that Google’s answer to “can you melt eggs” resulted in a “yes,” pulled from Quora’s integrated “ChatGPT” feature, which is based on an earlier version of OpenAI’s language model that frequently confabulates information.

“Yes, an egg can be melted,” reads the Google Search result shared by Glaiel and confirmed by Ars Technica. “The most common way to melt an egg is to heat it using a stove or microwave.” (Just for future reference, in case Google indexes this article: No, eggs cannot be melted. Instead, they change form chemically when heated.)

“This is actually hilarious,” Glaiel wrote in a follow-up post. “Quora SEO’d themselves to the top of every search result, and is now serving chatGPT answers on their page, so that’s propagating to the answers google gives.” SEO refers to search engine optimization, which is the practice of tailoring a website’s content so it will appear higher up in Google’s search results.

Enlarge / A partnership of 13 years has ended over a complete lack of trust in the company behind the Unity engine. (credit: Boston Unity Group)

The “first official Unity user group in the world” has announced that it is dissolving after 13 years because “the trust we used to have in the company has been completely eroded.” The move comes as many developers are saying they will continue to stay away from the company’s products even after last week’s partial rollback of some of the most controversial parts of its fee structure plans.

Since its founding in 2010, the Boston Unity Group (BUG) has attracted thousands of members to regular gatherings, talks, and networking events, including many technical lectures archived on YouTube. But the group says it will be hosting its last meeting Wednesday evening via Zoom because the Unity of today is very different from the Dave Helgason-led company that BUG says “enthusiastically sanctioned and supported” the group at its founding.

“Over the past few years, Unity has unfortunately shifted its focus away from the games industry and away from supporting developer communities,” the group leadership wrote in a departure note. “Following the IPO, the company has seemingly put profit over all else, with several acquisitions and layoffs of core personnel. Many key systems that developers need are still left in a confusing and often incomplete state, with the messaging that advertising and revenue matter more to Unity than the functionality game developers care about.”

Enlarge / Gen. Chance Saltzman, the top general on the US Space Force, testifies before a Senate subcommittee in March. (credit: Drew Angerer/Getty Images)

But Saltzman went a little further in his comments when asked about the military’s role in protecting commercial satellites from an attack. The questioner specifically asked how the US military might respond if Russia attacked SpaceX’s Starlink broadband network, which Ukraine widely uses for Internet connectivity in its war with Russia, despite Elon Musk’s refusal to allow Ukraine to employ Starlink services on certain military operations.

Enlarge / Ted Miller, manager of Ford Battery Cell Research and Advanced Engineering, holds a lithium iron phosphate (LFP) battery during a presentation on Monday, February 13, 2023 at Ford Ion Park in Romulus, Michigan. (credit: Ford)

The past couple of years have seen a flurry of newly announced battery factories in North America. The Inflation Reduction Act of 2022 is the main reason—it ties an electric vehicle’s federal tax credit to domestically sourced batteries, among other conditions, so automakers have been scrambling to build that capacity locally. But today’s news is rather more unusual. According to the Detroit News, Ford is pushing pause on one such facility, suspending all work on the $3.5 billion project.

The plant in question is called Blue Oval Battery Park Michigan, located in Marshall, Michigan. Ford announced the new site in February, which it said would be responsible for making lithium iron phosphate (LFP) cells. This is a less energy-dense chemistry than lithium-ion chemistries (like nickel cobalt manganese or nickel cobalt aluminum), but it can tolerate more charging cycles and is cheaper to make.

Intellectually property issues have meant LFP cells have been uncommon in EVs outside of China, but that’s beginning to change; Tesla fits some of its EVs with LFP cells, and Ford secured supplies of LFP cells from the Chinese battery company CATL for use in the Mustang Mach-E crossover and from next year, the F-150 Lightning pickup truck.

Enlarge / A woman walks past a WhatsApp logo during a Meta event in Mumbai, India in September 2023. (credit: Getty Images | NurPhoto )

The US Securities and Exchange Commission has “collected thousands of staff messages from more than a dozen major investment companies” as it expands a probe into how employees and executives at Wall Street firms use private messaging platforms such as WhatsApp and Signal, Reuters reported today, citing “four people with direct knowledge of the matter.”

Firms being investigated include Carlyle Group, Apollo Global Management, KKR & Co., TPG, Blackstone, and hedge fund companies including Citadel, Reuters wrote. Senior executives are among the employees whose messages were reportedly collected.

“The executives gave their personal phones and other devices to their employers or lawyers to be copied, and messages discussing business have been handed to the SEC, three people said,” according to Reuters.