Feed slashdot Slashdot

Favorite IconSlashdot

Link https://slashdot.org/
Feed https://rss.slashdot.org/Slashdot/slashdotMain
Copyright Copyright Slashdot Media. All Rights Reserved.
Updated 2024-11-23 18:00
Deep Fake Scams Growing in Global Frequency and Sophistication, Victim Warns
In an elaborate scam in January, "a finance worker, was duped into attending a video call with people he believed were the chief financial officer and other members of staff," remembers CNN. But Hong Kong police later said that all of them turned out to be deepfake re-creations which duped the employee into transferring $25 million. According to police, the worker had initially suspected he had received a phishing email from the company's UK office, as it specified the need for a secret transaction to be carried out. However, the worker put aside his doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized. Now the targeted company has been revealed: a major engineering consulting firm, with 18,500 employees across 34 offices: A spokesperson for London-based Arup told CNN on Friday that it notified Hong Kong police in January about the fraud incident, and confirmed that fake voices and images were used. "Unfortunately, we can't go into details at this stage as the incident is still the subject of an ongoing investigation. However, we can confirm that fake voices and images were used," the spokesperson said in an emailed statement. "Our financial stability and business operations were not affected and none of our internal systems were compromised," the person added... Authorities around the world are growing increasingly concerned about the sophistication of deepfake technology and the nefarious uses it can be put to. In an internal memo seen by CNN, Arup's East Asia regional chairman, Michael Kwok, said the "frequency and sophistication of these attacks are rapidly increasing globally, and we all have a duty to stay informed and alert about how to spot different techniques used by scammers." The company's global CIO emailed CNN this statement. "Like many other businesses around the globe, our operations are subject to regular attacks, including invoice fraud, phishing scams, WhatsApp voice spoofing, and deepfakes. "What we have seen is that the number and sophistication of these attacks has been rising sharply in recent months." Slashdot reader st33ld13hl adds that in a world of Deep Fakes, insurance company USAA is now asking its customers to authenticate with voice. (More information here.) Thanks to Slashdot reader quonset for sharing the news.Read more of this story at Slashdot.
Are Car Companies Sabotaging the Transition to Electric Vehicles?
The thinktank InfluenceMap produces "data-driven analysis on how business and finance are impacting the climate crisis." Their web site says their newest report documents "How automaker lobbying threatens the global transition to electric vehicles."This report analyses the climate policy engagement strategies of fifteen of the largest global automakers in seven key regions (Australia, EU, Japan, India, South Korea, UK, US). It shows how even in countries where major climate legislation has recently passed, such as the US and Australia, the ambition of these policies has been weakened due to industry pressure. All fifteen automakers, except Tesla, have actively advocated against at least one policy promoting electric vehicles. Ten of the fifteen showed a particularly high intensity of negative engagement and scored a final grade of D or D+ by InfluenceMap's methodology. Toyota is the lowest-scoring company in this analysis, driving opposition to climate regulations promoting battery electric vehicles in multiple regions, including the US, Australia and UK. Of all automakers analyzed, only Tesla (scoring B) is found to have positive climate advocacy aligned with science-based policy. CleanTechnica writes that Toyota "led on hybrid vehicles (and still does), so it's actually not surprising that it has been opposed to the next stage of climate-cutting auto evolution - it's clinging on to its lead rather than continuing to innovate for a new era." More from InfluenceMap:Only three of fifteen companies - Tesla, Mercedes Benz and BMW - are forecast to produce enough electric vehicles by 2030 to meet the International Energy Agency's updated 1.5 degreesC pathway of 66% electric vehicle (battery electric, fuel cell and plug-in hybrids) sales according to InfluenceMap's independent analysis of industry-standard data from February 2024. Current industry forecasts analyzed for this report show automaker production will reach only 53% electric vehicles in 2030. Transport is the third-largest source of greenhouse gas emissions globally, and road transport is failing to decarbonize at anywhere near the rate of many other industries. InfluenceMap's report also finds that Japanese automakers are the least prepared for an electric vehicle transition and are engaging the hardest against it. "InfluenceMap highlights that these anti-EV efforts in the industry are often coming from industry associations rather than coming directly from automakers, shielding them a bit from inevitable public backlash," writes CleanTechnica. "Every automaker included in the study except Tesla remains a member of at least two of these groups," InfluenceMap reports, "with most automakers a member of at least five." Thanks to Slashdot reader Baron_Yam for sharing the news.Read more of this story at Slashdot.
America Takes Its Biggest Step Yet to End Coal Mining
The Washington Post reports that America took "one of its biggest steps yet to keep fossil fuels in the ground," announcing Thursday that it will end new coal leasing in the Powder River Basin, "which produces nearly half the coal in the United States... "It could prevent billions of tons of coal from being extracted from more than 13 million acres across Montana and Wyoming, with major implications for U.S. climate goals." A significant share of the nation's fossil fuels come from federal lands and waters. The extraction and combustion of these fuels accounted for nearly a quarter of U.S. carbon dioxide emissions between 2005 and 2014, according to a study by the U.S. Geological Survey. In a final environmental impact statement released Thursday, Interior's Bureau of Land Management found that continued coal leasing in the Powder River Basin would harm the climate and public health. The bureau determined that no future coal leasing should happen in the basin, and it estimated that coal mining in the Wyoming portion of the region would end by 2041. Last year, the Powder River Basin generated 251.9 million tons of coal, accounting for nearly 44 percent of all coal produced in the United States. Under the bureau's determination, the 14 active coal mines in the Powder River Basin can continue operating on lands they have leased, but they cannot expand onto other public lands in the region... "This means that billions of tons of coal won't be burned, compared to business as usual," said Shiloh Hernandez, a senior attorney at the environmental law firm Earthjustice. "It's good news, and it's really the only defensible decision the BLM could have made, given the current climate crisis...." The United States is moving away from coal, which has struggled to compete economically with cheaper gas and renewable energy. U.S. coal output tumbled 36 percent from 2015 to 2023, according to the Energy Information Administration. The Sierra Club's Beyond Coal campaign estimates that 382 coal-fired power plants have closed down or proposed to retire, with 148 remaining. In addition, the Environmental Protection Agency finalized an ambitious set of rules in April aimed at slashing air pollution, water pollution and planet-warming emissions spewing from the nation's power plants. One of the most significant rules will push all existing coal plants by 2039 to either close or capture 90 percent of their carbon dioxide emissions at the smokestack. "The nation's electricity generation needs are being met increasingly by wind, solar and natural gas," said Tom Sanzillo, director of financial analysis at the Institute for Energy Economics and Financial Analysis, an energy think tank. "The nation doesn't need any increase in the amount of coal under lease out of the Powder River Basin."Read more of this story at Slashdot.
Robot Dogs Armed With AI-aimed Rifles Undergo US Marines Special Ops Evaluation
Long-time Slashdot reader SonicSpike shared this report from Ars Technica:The United States Marine Forces Special Operations Command (MARSOC) is currently evaluating a new generation of robotic "dogs" developed by Ghost Robotics, with the potential to be equipped with gun systems from defense tech company Onyx Industries, reports The War Zone. While MARSOC is testing Ghost Robotics' quadrupedal unmanned ground vehicles (called "Q-UGVs" for short) for various applications, including reconnaissance and surveillance, it's the possibility of arming them with weapons for remote engagement that may draw the most attention. But it's not unprecedented: The US Marine Corps has also tested robotic dogs armed with rocket launchers in the past. MARSOC is currently in possession of two armed Q-UGVs undergoing testing, as confirmed by Onyx Industries staff, and their gun systems are based on Onyx's SENTRY remote weapon system (RWS), which features an AI-enabled digital imaging system and can automatically detect and track people, drones, or vehicles, reporting potential targets to a remote human operator that could be located anywhere in the world. The system maintains a human-in-the-loop control for fire decisions, and it cannot decide to fire autonomously. On LinkedIn, Onyx Industries shared a video of a similar system in action. In a statement to The War Zone, MARSOC states that weaponized payloads are just one of many use cases being evaluated. MARSOC also clarifies that comments made by Onyx Industries to The War Zone regarding the capabilities and deployment of these armed robot dogs "should not be construed as a capability or a singular interest in one of many use cases during an evaluation."Read more of this story at Slashdot.
Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security
Jeremy Allison - Sam (Slashdot reader #8,157) is a Distinguished Engineer at Rocky Linux creator CIQ. This week he published a blog post responding to promises of Linux distros "carefully selecting only the most polished and pristine open source patches from the raw upstream open source Linux kernel in order to create the secure distribution kernel you depend on in your business." But do carefully curated software patches (applied to a known "frozen" Linux kernel) really bring greater security? "After a lot of hard work and data analysis by my CIQ kernel engineering colleagues Ronnie Sahlberg and Jonathan Maple, we finally have an answer to this question. It's no."The data shows that "frozen" vendor Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream "stable" Linux kernel created by Greg Kroah-Hartman. How can this be? If you want the full details the link to the white paper is here. But the results of the analysis couldn't be clearer. - A "frozen" vendor kernel is an insecure kernel. A vendor kernel released later in the release schedule is doubly so. - The number of known bugs in a "frozen" vendor kernel grows over time. The growth in the number of bugs even accelerates over time. - There are too many open bugs in these kernels for it to be feasible to analyze or even classify them.... [T]hinking that you're making a more secure choice by using a "frozen" vendor kernel isn't a luxury we can still afford to believe. As Greg Kroah-Hartman explicitly said in his talk "Demystifying the Linux Kernel Security Process": "If you are not using the latest stable / longterm kernel, your system is insecure." CIQ describes its report as "a count of all the known bugs from an upstream kernel that were introduced, but never fixed in RHEL 8."For the most recent RHEL 8 kernels, at the time of writing, these counts are: RHEL 8.6 : 5034 RHEL 8.7 : 4767 RHEL 8.8 : 4594 In RHEL 8.8 we have a total of 4594 known bugs with fixes that exist upstream, but for which known fixes have not been back-ported to RHEL 8.8. The situation is worse for RHEL 8.6 and RHEL 8.7 as they cut off back-porting earlier than RHEL 8.8 but of course that did not prevent new bugs from being discovered and fixed upstream.... This whitepaper is not meant as a criticism of the engineers working at any Linux vendors who are dedicated to producing high quality work in their products on behalf of their customers. This problem is extremely difficult to solve. We know this is an open secret amongst many in the industry and would like to put concrete numbers describing the problem to encourage discussion. Our hope is for Linux vendors and the community as a whole to rally behind the kernel.org stable kernels as the best long term supported solution. As engineers, we would prefer this to allow us to spend more time fixing customer specific bugs and submitting feature improvements upstream, rather than the endless grind of backporting upstream changes into vendor kernels, a practice which can introduce more bugs than it fixes. ZDNet calls it "an open secret in the Linux community."It's not enough to use a long-term support release. You must use the most up-to-date release to be as secure as possible. Unfortunately, almost no one does that. Nevertheless, as Google Linux kernel engineer Kees Cook explained, "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable." Why? As Kroah-Hartman explained, "Any bug has the potential of being a security issue at the kernel level...." Although [CIQ's] programmers examined RHEL 8.8 specifically, this is a general problem. They would have found the same results if they had examined SUSE, Ubuntu, or Debian Linux. Rolling-release Linux distros such as Arch, Gentoo, and OpenSUSE Tumbleweed constantly release the latest updates, but they're not used in businesses. Jeremy Allison's post points out that "the Linux kernel used by Android devices is based on the upstream kernel and also has a stable internal kernel ABI, so this isn't an insurmountable problem..."Read more of this story at Slashdot.
Are AI-Generated Search Results Still Protected by Section 230?
Starting this week millions will see AI-generated answers in Google's search results by default. But the announcement Tuesday at Google's annual developer conference suggests a future that's "not without its risks, both to users and to Google itself," argues the Washington Post:For years, Google has been shielded for liability for linking users to bad, harmful or illegal information by Section 230 of the Communications Decency Act. But legal experts say that shield probably won't apply when its AI answers search questions directly. "As we all know, generative AIs hallucinate," said James Grimmelmann, professor of digital and information law at Cornell Law School and Cornell Tech. "So when Google uses a generative AI to summarize what webpages say, and the AI gets it wrong, Google is now the source of the harmful information," rather than just the distributor of it... Adam Thierer, senior fellow at the nonprofit free-market think tank R Street, worries that innovation could be throttled if Congress doesn't extend Section 230 to cover AI tools. "As AI is integrated into more consumer-facing products, the ambiguity about liability will haunt developers and investors," he predicted. "It is particularly problematic for small AI firms and open-source AI developers, who could be decimated as frivolous legal claims accumulate." But John Bergmayer, legal director for the digital rights nonprofit Public Knowledge, said there are real concerns that AI answers could spell doom for many of the publishers and creators that rely on search traffic to survive - and which AI, in turn, relies on for credible information. From that standpoint, he said, a liability regime that incentivizes search engines to continue sending users to third-party websites might be "a really good outcome." Meanwhile, some lawmakers are looking to ditch Section 230 altogether. [Last] Sunday, the top Democrat and Republican on the House Energy and Commerce Committee released a draft of a bill that would sunset the statute within 18 months, giving Congress time to craft a new liability framework in its place. In a Wall Street Journal op-ed, Reps. Cathy McMorris Rodgers (R-Wash.) and Frank Pallone Jr. (D-N.J.) argued that the law, which helped pave the way for social media and the modern internet, has "outlived its usefulness." The tech industry trade group NetChoice [which includes Google, Meta, X, and Amazon] fired back on Monday that scrapping Section 230 would "decimate small tech" and "discourage free speech online." The digital law professor points out Google has traditionally escaped legal liability by attributing its answers to specific sources - but it's not just Google that has to worry about the issue. The article notes that Microsoft's Bing search engine also supplies AI-generated answers (from Microsoft's Copilot). "And Meta recently replaced the search bar in Facebook, Instagram and WhatsApp with its own AI chatbot." The article also note sthat several U.S. Congressional committees are considering "a bevy" of AI bills...Read more of this story at Slashdot.
How an 'Unprecedented' Google Cloud Event Wiped Out a Major Customer's Account
Ars Technica looks at what happened after Google's answer to Amazon's cloud service "accidentally deleted a giant customer account for no reason..." "[A]ccording to UniSuper's incident log, downtime started May 2, and a full restoration of services didn't happen until May 15."UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members, had its entire account wiped out at Google Cloud, including all its backups that were stored on the service... UniSuper's website is now full of must-read admin nightmare fuel about how this all happened. First is a wild page posted on May 8 titled "A joint statement from UniSuper CEO Peter Chun, and Google Cloud CEO, Thomas Kurian...." Google Cloud is supposed to have safeguards that don't allow account deletion, but none of them worked apparently, and the only option was a restore from a separate cloud provider (shoutout to the hero at UniSuper who chose a multi-cloud solution)... The many stakeholders in the service meant service restoration wasn't just about restoring backups but also processing all the requests and payments that still needed to happen during the two weeks of downtime. The second must-read document in this whole saga is the outage update page, which contains 12 statements as the cloud devs worked through this catastrophe. The first update is May 2 with the ominous statement, "You may be aware of a service disruption affecting UniSuper's systems...." Seven days after the outage, on May 9, we saw the first signs of life again for UniSuper. Logins started working for "online UniSuper accounts" (I think that only means the website), but the outage page noted that "account balances shown may not reflect transactions which have not yet been processed due to the outage...." May 13 is the first mention of the mobile app beginning to work again. This update noted that balances still weren't up to date and that "We are processing transactions as quickly as we can." The last update, on May 15, states, "UniSuper can confirm that all member-facing services have been fully restored, with our retirement calculators now available again." The joint statement and the outage updates are still not a technical post-mortem of what happened, and it's unclear if we'll get one. Google PR confirmed in multiple places it signed off on the statement, but a great breakdown from software developer Daniel Compton points out that the statement is not just vague, it's also full of terminology that doesn't align with Google Cloud products. The imprecise language makes it seem like the statement was written entirely by UniSuper. Thanks to long-time Slashdot reader swm for sharing the news.Read more of this story at Slashdot.
Eight Automakers Grilled by US Lawmakers Over Sharing of Connected Car Data With Police
An anonymous reader shared this report from Automotive News: Automotive News recently reported that eight automakers sent vehicle location data to police without a court order or warrant. The eight companies told senators that they provide police with data when subpoenaed, getting a rise from several officials. BMW, Kia, Mazda, Mercedes-Benz, Nissan, Subaru, Toyota, and Volkswagen presented their responses to lawmakers. Senators Ron Wyden from Oregon and Ed Markey from Massachusetts penned a letter to the Federal Trade Commission, urging investigative action. "Automakers have not only kept consumers in the dark regarding their actual practices, but multiple companies misled consumers for over a decade by failing to honor the industry's own voluntary privacy principles," they wrote. Ten years ago, all of those companies agreed to the Consumer Privacy Protection Principles, a voluntary code that said automakers would only provide data with a warrant or order issued by a court. Subpoenas, on the other hand, only require approval from law enforcement. Though it wasn't part of the eight automakers' response, General Motors has a class-action suit on its hands, claiming that it shared data with LexisNexis Risk Solutions, a company that provides insurers with information to set rates. The article notes that the lawmakers praised Honda, Ford, GM, Tesla, and Stellantis for requiring warrants, "except in the case of emergencies or with customer consent."Read more of this story at Slashdot.
Study Confirms Einstein Prediction: Black Holes Have a 'Plunging Region'
"Albert Einstein was right," reports CNN. "There is an area at the edge of black holes where matter can no longer stay in orbit and instead falls in, as predicted by his theory of gravity." The proof came by combining NASA's earth-orbiting NuSTAR telescope with the NICER telescope on the International Space Station to detect X-rays:A team of astronomers has for the first time observed this area - called the "plunging region" - in a black hole about 10,000 light-years from Earth. "We've been ignoring this region, because we didn't have the data," said research scientist Andrew Mummery, lead author of the study published Thursday in the journal Monthly Notices of the Royal Astronomical Society. "But now that we do, we couldn't explain it any other way." Mummery - also a Fellow in Oxford's physics department - told CNN, "We went out searching for this one specifically - that was always the plan. We've argued about whether we'd ever be able to find it for a really long time. People said it would be impossible, so confirming it's there is really exciting." Mummery described the plunging region as "like the edge of a waterfall."Unlike the event horizon, which is closer to the center of the black hole and doesn't let anything escape, including light and radiation, in the "plunging region" light can still escape, but matter is doomed by the powerful gravitational pull, Mummery explained. The study's findings could help astronomers better understand the formation and evolution of black holes. "We can really learn about them by studying this region, because it's right at the edge, so it gives us the most information," Mummery said... According to Christopher Reynolds, a professor of astronomy at the University of Maryland, College Park, finding actual evidence for the "plunging region" is an important step that will let scientists significantly refine models for how matter behaves around a black hole. "For example, it can be used to measure the rotation rate of the black hole," said Reynolds, who was not involved in the study. Read more of this story at Slashdot.
'Google Domains' Starts Migrating to Squarespace
"We're migrating domains in batches..." announced web-hosting company Squarespace earlier this month. "Squarespace has entered into an agreement to become the new home for Google Domains customers. When your domain transitions from Google to Squarespace, you'll become a Squarespace customer and manage your domain through an account with us." Slashdot reader shortyadamk shares an email sent today to a Google Domains customer:"Today your domain, xyz.com, migrated from Google Domains to Squarespace Domains. "Your WHOIS contact details and billing information (if applicable) were migrated to Squarespace. Your DNS configuration remains unchanged. "Your migrated domain will continue to work with Google Services such as Google Search Console. To support this, your account now has a domain verification record - one corresponding to each Google account that currently has access to the domain."Read more of this story at Slashdot.
Is America's Defense Department 'Rushing to Expand' Its Space War Capabilities?
America's Defense Department "is rushing to expand its capacity to wage war in space," reports the New York Times, "convinced that rapid advances by China and Russia in space-based operations pose a growing threat to U.S. troops and other military assets on the ground and U.S. satellites in orbit."[T]he Defense Department is looking to acquire a new generation of ground- and space-based tools that will allow it to defend its satellite network from attack and, if necessary, to disrupt or disable enemy spacecraft in orbit, Pentagon officials have said in a series of interviews, speeches and recent statements... [T]he move to enhance warfighting capacity in space is driven mostly by China's expanding fleet of military tools in space... [U.S. officials are] moving ahead with an effort they are calling "responsible counterspace campaigning," an intentionally ambiguous term that avoids directly confirming that the United States intends to put its own weapons in space. But it also is meant to reflect this commitment by the United States to pursue its interest in space without creating massive debris fields that would result if an explosive device or missile were used to blow up an enemy satellite. That is what happened in 2007, when China used a missile to blow up a satellite in orbit. The United States, China, India and Russia all have tested such missiles. But the United States vowed in 2022 not to do any such antisatellite tests again. The United States has also long had ground-based systems that allow it to jam radio signals, disrupting the ability of an enemy to communicate with its satellites, and is taking steps to modernize these systems. But under its new approach, the Pentagon is moving to take on an even more ambitious task: broadly suppress enemy threats in orbit in a fashion similar to what the Navy does in the oceans and the Air Force in the skies. The article notes a recent report drafted by a former Space Force colonel cited three ways to disable enemy satellite networks: cyberattacks, ground or space-based lasers, and high-powered microwaves. "John Shaw, a recently retired Space Force lieutenant general who helped run the Space Command, agreed that directed-energy devices based on the ground or in space would probably be a part of any future system. 'It does minimize debris; it works at the speed of light,' he said. 'Those are probably going to be the tools of choice to achieve our objective."The Pentagon is separately working to launch a new generation of military satellites that can maneuver, be refueled while in space or have robotic arms that could reach out and grab - and potentially disrupt - an enemy satellite. Another early focus is on protecting missile defense satellites. The Defense Department recently started to require that a new generation of these space-based monitoring systems have built-in tools to evade or respond to possible attack. "Resiliency feature to protect against directed energy attack mechanisms" is how one recent missile defense contract described it. Last month the Pentagon also awarded contracts to two companies - Rocket Lab and True Anomaly - to launch two spacecraft by late next year, one acting as a mock enemy and the other equipped with cameras, to pull up close and observe the threat. The intercept satellite will not have any weapons, but it has a cargo hold that could carry them. The article notes that Space Force's chief of space operations has told Senate appropriators that about $2.4 billion of the $29.4 billion in Space Force's proposed 2025 budget was set aside for "space domain awareness." And it adds that the Pentagon "is working to coordinate its so-called counterspace efforts with major allies, including Britain, Canada and Australia, through a multinational operation called Operation Olympic Defender. France has been particularly aggressive, announcing its intent to build and launch by 2030 a satellite equipped with a high-powered laser."[W]hat is clear is that a certain threshold has now been passed: Space has effectively become part of the military fighting domain, current and former Pentagon officials said. "By no means do we want to see war extend into space," Lt. Gen. DeAnna Burt, deputy chief of space operations, said at a Mitchell Institute event this year. "But if it does, we have to be prepared to fight and win."Read more of this story at Slashdot.
Cruise Reached an $8M+ Settlement With the Person Dragged Under Its Robotaxi
Bloomberg reports that self-driving car company Cruise "reached an $8 million to $12 million settlement with a pedestrian who was dragged by one of its self-driving vehicles in San Francisco, according to a person familiar with the situation."The settlement was struck earlier this year and the woman is out of the hospital, said the person, who declined to be identified discussing a private matter. In the October incident, the pedestrian crossing the road was struck by another vehicle before landing in front of one of GM's Cruise vehicles. The robotaxi braked hard but ran over the person. It then pulled over for safety, driving 20 feet at a speed of up to seven miles per hour with the pedestrian still under the car. The incident "contributed to the company being blocked from operating in San Francisco and halting its operations around the country for months," reports the Washington Post:The company initially told reporters that the car had stopped just after rolling over the pedestrian, but the California Public Utilities Commission, which regulates permits for self-driving cars, later said Cruise had covered up the truth that its car actually kept going and dragged the woman. The crash and the questions about what Cruise knew and disclosed to investigators led to a firestorm of scrutiny on the company. Cruise pulled its vehicles off roads countrywide, laid off a quarter of its staff and in November its CEO Kyle Vogt stepped down. The Department of Justice and the Securities and Exchange Commission are investigating the company, adding to a probe from the National Highway Traffic Safety Administration. In Cruise's absence, Google's Waymo self-driving cars have become the only robotaxis operating in San Francisco. in June, the company's president and chief technology officer Mohamed Elshenawy is slated to speak at a conference on artificial-intelligence quality in San Francisco. Dow Jones news services published this quote from a Cruise spokesperson. "The hearts of all Cruise employees continue to be with the pedestrian, and we hope for her continued recovery."Read more of this story at Slashdot.
Bruce Schneier Reminds LLM Engineers About the Risks of Prompt Injection Vulnerabilities
Security professional Bruce Schneier argues that large language models have the same vulnerability as phones in the 1970s exploited by John Draper. "Data and control used the same channel," Schneier writes in Communications of the ACM. "That is, the commands that told the phone switch what to do were sent along the same path as voices."Other forms of prompt injection involve the LLM receiving malicious instructions in its training data. Another example hides secret commands in Web pages. Any LLM application that processes emails or Web pages is vulnerable. Attackers can embed malicious commands in images and videos, so any system that processes those is vulnerable. Any LLM application that interacts with untrusted users - think of a chatbot embedded in a website - will be vulnerable to attack. It's hard to think of an LLM application that isn't vulnerable in some way. Individual attacks are easy to prevent once discovered and publicized, but there are an infinite number of them and no way to block them as a class. The real problem here is the same one that plagued the pre-SS7 phone network: the commingling of data and commands. As long as the data - whether it be training data, text prompts, or other input into the LLM - is mixed up with the commands that tell the LLM what to do, the system will be vulnerable. But unlike the phone system, we can't separate an LLM's data from its commands. One of the enormously powerful features of an LLM is that the data affects the code. We want the system to modify its operation when it gets new training data. We want it to change the way it works based on the commands we give it. The fact that LLMs self-modify based on their input data is a feature, not a bug. And it's the very thing that enables prompt injection. Like the old phone system, defenses are likely to be piecemeal. We're getting better at creating LLMs that are resistant to these attacks. We're building systems that clean up inputs, both by recognizing known prompt-injection attacks and training other LLMs to try to recognize what those attacks look like. (Although now you have to secure that other LLM from prompt-injection attacks.) In some cases, we can use access-control mechanisms and other Internet security systems to limit who can access the LLM and what the LLM can do. This will limit how much we can trust them. Can you ever trust an LLM email assistant if it can be tricked into doing something it shouldn't do? Can you ever trust a generative-AI traffic-detection video system if someone can hold up a carefully worded sign and convince it to not notice a particular license plate - and then forget that it ever saw the sign...? Someday, some AI researcher will figure out how to separate the data and control paths. Until then, though, we're going to have to think carefully about using LLMs in potentially adversarial situations...like, say, on the Internet. Schneier urges engineers to balance the risks of generative AI with the powers it brings. "Using them for everything is easier than taking the time to figure out what sort of specialized AI is optimized for the task. "But generative AI comes with a lot of security baggage - in the form of prompt-injection attacks and other security risks. We need to take a more nuanced view of AI systems, their uses, their own particular risks, and their costs vs. benefits."Read more of this story at Slashdot.
Facing Angry Users, Sonos Promises to Fix Flaws and Restore Removed Features
A blind worker for the National Federation of the Blind said Sonos had a reputation for making products usable for people with disabilities, but that "Overnight they broke that trust," according to the Washington Post. They're not the only angry customers about the latest update to Sonos's wireless speaker system. The newspaper notes that nonprofit worker Charles Knight is "among the Sonos die-hards who are furious at the new app that crippled their options to stream music, listen to an album all the way through or set a morning alarm clock."After Sonos updated its app last week, Knight could no longer set or change his wake-up music alarm. Timers to turn off music were also missing. "Something as basic as an alarm is part of the feature set that users have had for 15 years," said Knight, who has spent thousands of dollars on six Sonos speakers for his bedroom, home office and kitchen. "It was just really badly thought out from start to finish." Some people who are blind also complained that the app omitted voice-control features they need. What's happening to Sonos speaker owners is a cautionary tale. As more of your possessions rely on software - including your car, phone, TV, home thermostat or tractor - the manufacturer can ruin them with one shoddy update...Sonos now says it's fixing problems and adding back missing features within days or weeks. Sonos CEO Patrick Spence acknowledged the company made some mistakes and said Sonos plans to earn back people's trust. "There are clearly people who are having an experience that is subpar," Spence said. "I would ask them to give us a chance to deliver the actions to address the concerns they've raised." Spence said that for years, customers' top complaint was the Sonos app was clunky and slow to connect to their speakers. Spence said the new app is zippier and easier for Sonos to update. (Some customers disputed that the new app is faster.) He said some problems like Knight's missing alarms were flaws that Sonos found only once the app was about to roll out. (Sonos updated the alarm feature this week.) Sonos did remove but planned to add back some lesser-used features. Spence said the company should have told people upfront about the planned timeline to return any missing functions. In a blog post Sonos thanked customers for "valuable feedback," saying they're "working to address them as quickly as possible" and promising to reintroduce features, fix bugs, and address performance issues. ("Adding and editing alarms" is available now, as well as VoiceOver fixes for the home screen on iOS.) The Washington Post adds that Sonos "said it initially missed some software flaws and will restore more voice-reader functions next week."Read more of this story at Slashdot.
'Openwashing'
An anonymous reader quotes a report from The New York Times: There's a big debate in the tech world over whether artificial intelligence models should be "open source." Elon Musk, who helped found OpenAI in 2015, sued the startup and its chief executive, Sam Altman, on claims that the company had diverged from its mission of openness. The Biden administration is investigating the risks and benefits of open source models. Proponents of open source A.I. models say they're more equitable and safer for society, while detractors say they are more likely to be abused for malicious intent. One big hiccup in the debate? There's no agreed-upon definition of what open source A.I. actually means. And some are accusing A.I. companies of "openwashing" -- using the "open source" term disingenuously to make themselves look good. (Accusations of openwashing have previously been aimed at coding projects that used the open source label too loosely.) In a blog post on Open Future, a European think tank supporting open sourcing, Alek Tarkowski wrote, "As the rules get written, one challenge is building sufficient guardrails against corporations' attempts at 'openwashing.'" Last month the Linux Foundation, a nonprofit that supports open-source software projects, cautioned that "this 'openwashing' trend threatens to undermine the very premise of openness -- the free sharing of knowledge to enable inspection, replication and collective advancement." Organizations that apply the label to their models may be taking very different approaches to openness. [...] The main reason is that while open source software allows anyone to replicate or modify it, building an A.I. model requires much more than code. Only a handful of companies can fund the computing power and data curation required. That's why some experts say labeling any A.I. as "open source" is at best misleading and at worst a marketing tool. "Even maximally open A.I. systems do not allow open access to the resources necessary to 'democratize' access to A.I., or enable full scrutiny," said David Gray Widder, a postdoctoral fellow at Cornell Tech who has studied use of the "open source" label by A.I. companies.Read more of this story at Slashdot.
The Delta Emulator Is Changing Its Logo After Adobe Threatened It
After Adobe threatened legal action, the Delta Emulator said it'll abandon its current logo for a different, yet-to-be-revealed mark. The issue centers around Delta's stylized letter "D", which the digital media giant says is too similar to its stylized letter "A". The Verge reports: On May 7th, Adobe's lawyers reached out to Delta with a firm but kindly written request to go find a different icon, an email that didn't contain an explicit threat or even use the word infringement -- it merely suggested that Delta might "not wish to confuse consumers or otherwise violate Adobe's rights or the law." But Adobe didn't wait for a reply. On May 8th, one day later, Testut got another email from Apple that suggested his app might be at risk because Adobe had reached out to allege Delta was infringing its intellectual property rights. "We responded to both Apple and Adobe explaining our icon was a stylized Greek letter delta -- not an A -- but that we would update the Delta logo anyway to avoid confusion," Testut tells us. The icon you're seeing on the App Store now is just a temporary one, he says, as the team is still working on a new logo. "Both the App Store and AltStore versions have been updated with this temporary icon, but the plan is to update them to the final updated logo with Delta 1.6 once it's finished."Read more of this story at Slashdot.
Proteins In Blood Could Provide Early Cancer Warning 'By More Than Seven Years'
An anonymous reader quotes a report from The Guardian: Proteins in the blood could warn people of cancer more than seven years before it is diagnosed, according to research [published in the journal Nature Communications]. Scientists at the University of Oxford studied blood samples from more than 44,000 people in the UK Biobank, including over 4,900 people who subsequently had a cancer diagnosis. They compared the proteins of people who did and did not go on to be diagnosed with cancer and identified 618 proteins linked to 19 types of cancer, including colon, lung, non-Hodgkin lymphoma and liver. The study, funded by Cancer Research UK and published in Nature Communications, also found 107 proteins associated with cancers diagnosed more than seven years after the patient's blood sample was collected and 182 proteins that were strongly associated with a cancer diagnosis within three years. The authors concluded that some of these proteins could be used to detect cancer much earlier and potentially provide new treatment options, though further research was needed.Read more of this story at Slashdot.
Utah Locals Are Getting Cheap 10 Gbps Fiber Thanks To Local Governments
Karl Bode writes via Techdirt: Tired of being underserved and overbilled by shitty regional broadband monopolies, back in 2002 a coalition of local Utah governments formed UTOPIA -- (the Utah Telecommunication Open Infrastructure Agency). The inter-local agency collaborative venture then set about building an "open access" fiber network that allows any ISP to then come and compete on the shared network. Two decades later and the coalition just announced that 18 different ISPs now compete for Utah resident attention over a network that now covers 21 different Utah cities. In many instances, ISPs on the network are offering symmetrical (uncapped) gigabit fiber for as little as $45 a month (plus $30 network connection fee, so $75). Some ISPs are even offering symmetrical 10 Gbps fiber for around $150 a month: "Sumo Fiber, a veteran member of the UTOPIA Open Access Marketplace, is now offering 10 Gbps symmetrical for $119, plus a $30 UTOPIA Fiber infrastructure fee, bringing the total cost to $149 per month." It's a collaborative hybrid that blurs the line between private companies and government, and it works. And the prices being offered here are significantly less than locals often pay in highly developed tech-centric urban hubs like New York, San Francisco, or Seattle. Yet giant local ISPs like Comcast and Qwest spent decades trying to either sue this network into oblivion, or using their proxy policy orgs (like the "Utah Taxpayer Association") to falsely claim this effort would end in chaos and inevitable taxpayer tears. Yet miraculously UTOPIA is profitable, and for the last 15 years, every UTOPIA project has been paid for completely through subscriber revenues. [...] For years, real world experience and several different studies and reports (including our Copia study on this concept) have made it clear that open access networks and policies result in faster, better, more affordable broadband access. UTOPIA is proving it at scale, but numerous other municipalities have been following suit with the help of COVID relief and infrastructure bill funding.Read more of this story at Slashdot.
WD Rolls Out New 2.5-Inch HDDs For the First Time In 7 Years
Western Digital has unveiled new 6TB external hard drives -- "the first new capacity point for this hard drive drive form factor in about seven years," reports Tom's Hardware. "There is a catch, though: the HDD is slow and will unlikely fit into any mobile PCs, so it looks like it will exclusively serve portable and specialized storage products." From the report: Western Digital's 6TB 2.5-inch HDD is currently used for the latest versions of the company's My Passport, Black P10, and G-Drive ArmorATD external storage devices and is not available separately. All of these drives (excluding the already very thick G-Drive ArmorATD) are thicker than their 5 TB predecessors, which may suggest that in a bid to increase the HDD's capacity, the manufacturer simply installed another platter and made the whole drive thicker instead of developing new platters with a higher areal density. While this is a legitimate way to expand the capacity of a hard drive, it is necessary to note that 5TB 2.5-inch HDDs already feature a 15-mm z-height, which is the highest standard z-height for 2.5-inch form-factor storage devices. As a result, these 6TB 2.5-inch drives will unlikely fit into any desktop PC. When it comes to specifications of the latest My Passport, Black P10, and G-Drive ArmorATD external HDDs, Western Digital only discloses that they offer up to 130 MB/s read speed (just like their predecessors), feature a USB 3.2 Gen 1 (up to 5 GT/s) interface using either a modern USB Type-C or Micro USB Type-B connector and do not require an external power adapter.Read more of this story at Slashdot.
Palantir's First-Ever AI Warfare Conference
An anonymous reader quotes a report from The Guardian, written by Caroline Haskins: On May 7th and 8th in Washington, D.C., the city's biggest convention hall welcomed America's military-industrial complex, its top technology companies and its most outspoken justifiers of war crimes. Of course, that's not how they would describe it. It was the inaugural "AI Expo for National Competitiveness," hosted by the Special Competitive Studies Project -- better known as the "techno-economic" thinktank created by the former Google CEO and current billionaire Eric Schmidt. The conference's lead sponsor was Palantir, a software company co-founded by Peter Thiel that's best known for inspiring 2019 protests against its work with Immigration and Customs Enforcement (Ice) at the height of Trump's family separation policy. Currently, Palantir is supplying some of its AI products to the Israel Defense Forces. The conference hall was also filled with booths representing the U.S. military and dozens of its contractors, ranging from Booz Allen Hamilton to a random company that was described to me as Uber for airplane software. At industry conferences like these, powerful people tend to be more unfiltered - they assume they're in a safe space, among friends and peers. I was curious, what would they say about the AI-powered violence in Gaza, or what they think is the future of war? Attendees were told the conference highlight would be a series of panels in a large room toward the back of the hall. In reality, that room hosted just one of note. Featuring Schmidt and the Palantir CEO, Alex Karp, the fire-breathing panel would set the tone for the rest of the conference. More specifically, it divided attendees into two groups: those who see war as a matter of money and strategy, and those who see it as a matter of death. The vast majority of people there fell into group one. I've written about relationships between tech companies and the military before, so I shouldn't have been surprised by anything I saw or heard at this conference. But when it ended, and I departed DC for home, it felt like my life force had been completely sucked out of my body. Some of the noteworthy quotes from the panel and convention, as highlighted in Haskins' reporting, include: "It's always great when the CIA helps you out," Schmidt joked when CIA deputy director David Cohen lent him his microphone when his didn't work. The U.S. has to "scare our adversaries to death" in war, said Karp. On university graduates protesting Israel's war in Gaza, Karp described their views as a "pagan religion infecting our universities" and "an infection inside of our society." "The peace activists are war activists," Karp insisted. "We are the peace activists." A huge aspect of war in a democracy, Karp went on to argue, is leaders successfully selling that war domestically. "If we lose the intellectual debate, you will not be able to deploy any armies in the west ever," Karp said. A man in nuclear weapons research jokingly referred to himself as "the new Oppenheimer."Read more of this story at Slashdot.
OpenAI Strikes Reddit Deal To Train Its AI On Your Posts
Emilia David reports via The Verge: OpenAI has signed a deal for access to real-time content from Reddit's data API, which means it can surface discussions from the site within ChatGPT and other new products. It's an agreement similar to the one Reddit signed with Google earlier this year that was reportedly worth $60 million. The deal will also "enable Reddit to bring new AI-powered features to Redditors and mods" and use OpenAI's large language models to build applications. OpenAI has also signed up to become an advertising partner on Reddit. No financial terms were revealed in the blog post announcing the arrangement, and neither company mentioned training data, either. That last detail is different from the deal with Google, where Reddit explicitly stated it would give Google "more efficient ways to train models." There is, however, a disclosure mentioning that OpenAI CEO Sam Altman is also a shareholder in Reddit but that "This partnership was led by OpenAI's COO and approved by its independent Board of Directors." "Reddit has become one of the internet's largest open archives of authentic, relevant, and always up-to-date human conversations about anything and everything. Including it in ChatGPT upholds our belief in a connected internet, helps people find more of what they're looking for, and helps new audiences find community on Reddit," Reddit CEO Steve Huffman says. Reddit stock has jumped on news of the deal, rising 13% on Friday to $63.64. As Reuters notes, it's "within striking distance of the record closing price of $65.11 hit in late-March, putting the company on track to add $1.2 billion to its market capitalization."Read more of this story at Slashdot.
France Bans TikTok In New Caledonia
In what's marked as an EU first, the French government has blocked TikTok in its territory of New Caledonia amid widespread pro-independence protests. Politico reports: A French draft law, passed Monday, would let citizens vote in local elections after 10 years' residency in New Caledonia, prompting opposition from independence activists worried it will dilute the representation of indigenous people. The violent demonstrations that have ensued in the South Pacific island of 270,000 have killed at least five people and injured hundreds. In response to the protests, the government suspended the popular video-sharing app -- owned by Beijing-based ByteDance and favored by young people -- as part of state-of-emergency measures alongside the deployment of troops and an initial 12-day curfew. French Prime Minister Gabriel Attal didn't detail the reasons for shutting down the platform. The local telecom regulator began blocking the app earlier on Wednesday. "It is regrettable that an administrative decision to suspend TikTok's service has been taken on the territory of New Caledonia, without any questions or requests to remove content from the New Caledonian authorities or the French government," a TikTok spokesperson said. "Our security teams are monitoring the situation very closely and ensuring that our platform remains safe for our users. We are ready to engage in discussions with the authorities." Digital rights NGO Quadrature du Net on Friday contested the TikTok suspension with France's top administrative court over a "particularly serious blow to freedom of expression online." A growing number of authoritarian regimes worldwide have resorted to internet shutdowns to stifle dissent. This unexpected -- and drastic -- decision by France's center-right government comes amid a rise in far-right activism in Europe and a regression on media freedom. "France's overreach establishes a dangerous precedent across the globe. It could reinforce the abuse of internet shutdowns, which includes arbitrary blocking of online platforms by governments around the world," said Eliska Pirkova, global freedom of expression lead at Access Now.Read more of this story at Slashdot.
SEC: Financial Orgs Have 30 Days To Send Data Breach Notifications
An anonymous reader quotes a report from BleepingComputer: The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 and controls how some financial entities must treat nonpublic personal information belonging to consumers. These rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against anticipated threats. The new amendments (PDF) adopted earlier this week impact financial firms, such as broker-dealers (funding portals included), investment firms, registered investment advisers, and transfer agents. The modifications were initially proposed in March of last year to modernize and improve the protection of individual financial information from data breaches and exposure to non-affiliated parties. Below is a summary of the introduced changes: - Notify affected individuals within 30 days if their sensitive information is, or is likely to be, accessed or used without authorization, detailing the incident, breached data, and protective measures taken. Exemption applies if the information isn't expected to cause substantial harm or inconvenience to the exposed individuals.- Develop, implement, and maintain written policies and procedures for an incident response program to detect, respond to, and recover from unauthorized access or use of customer information. This should include procedures to assess and contain security incidents, enforce policies, and oversee service providers.- Expand safeguards and disposal rules to cover all nonpublic personal information, including that received from other financial institutions.- Require documentation of compliance with safeguards and disposal rules, excluding funding portals.- Align annual privacy notice delivery with the FAST Act, exempting certain conditions.- Extend safeguards and disposal rules to transfer agents registered with the SEC or other regulatory agencies.Read more of this story at Slashdot.
Canada Security Intelligence Chief Warns China Can Use TikTok To Spy on Users
The head of Canada's Security Intelligence Service warned Canadians against using video app TikTok, saying data gleaned from its users "is available to the government of China," CBC News reported on Friday. From a report: "My answer as director of the Canadian Security Intelligence Service (CSIS) is that there is a very clear strategy on the part of the government of China to be able to acquire personal information from anyone around the world," CSIS Director David Vigneault told CBC in an interview set to air on Saturday. "These assertions are unsupported by evidence, and the fact is that TikTok has never shared Canadian user data with the Chinese government, nor would we if asked," a TikTok spokesperson said in response to a request for comment. Canada in September ordered a national security review of a proposal by TikTok to expand the short-video app's business in the country. Vigneault said he will take part in that review and offer advice, CBC reported.Read more of this story at Slashdot.
Robert Dennard, Inventor of DRAM, Dies At 91
necro81 writes: Robert Dennard was working at IBM in the 1960s when he invented a way to store one bit using a single transistor and capacitor. The technology became dynamic random access memory (DRAM), which when implemented using the emerging technology of silicon integrated circuits, helped catapult computing by leaps and bounds. The first commercial DRAM chips in the late 1960s held just 1024 bits; today's DDR5 modules hold hundreds of billions. Dr. Robert H. Dennard passed away last month at age 91. (alternate link) In the 1970s he helped guide technology roadmaps for the ever-shrinking feature size of lithography, enabling the early years of Moore's Law. He wrote a seminal paper in 1974 relating feature size and power consumption that is now referred to as Dennard Scaling. His technological contributions earned him numerous awards, and accolades from the National Academy of Engineering, IEEE, and the National Inventor's Hall of Fame.Read more of this story at Slashdot.
Two Students Uncover Security Bug That Could Let Millions Do Their Laundry For Free
Two university students discovered a security flaw in over a million internet-connected laundry machines operated by CSC ServiceWorks, allowing users to avoid payment and add unlimited funds to their accounts. The students, Alexander Sherbrooke and Iakov Taranenko from UC Santa Cruz, reported the vulnerability to the company, a major laundry service provider, in January but claim it remains unpatched. TechCrunch adds: Sherbrooke said he was sitting on the floor of his basement laundry room in the early hours one January morning with his laptop in hand, and "suddenly having an 'oh s-' moment." From his laptop, Sherbrooke ran a script of code with instructions telling the machine in front of him to start a cycle despite having $0 in his laundry account. The machine immediately woke up with a loud beep and flashed "PUSH START" on its display, indicating the machine was ready to wash a free load of laundry. In another case, the students added an ostensible balance of several million dollars into one of their laundry accounts, which reflected in their CSC Go mobile app as though it were an entirely normal amount of money for a student to spend on laundry.Read more of this story at Slashdot.
User Outcry As Slack Scrapes Customer Data For AI Model Training
New submitter txyoji shares a report: Enterprise workplace collaboration platform Slack has sparked a privacy backlash with the revelation that it has been scraping customer data, including messages and files, to develop new AI and ML models. By default, and without requiring users to opt-in, Slack said its systems have been analyzing customer data and usage information (including messages, content and files) to build AI/ML models to improve the software. The company insists it has technical controls in place to block Slack from accessing the underlying content and promises that data will not lead across workplaces but, despite these assurances, corporate Slack admins are scrambling to opt-out of the data scraping. This line in Slack's communication sparked a social media controversy with the realization that content in direct messages and other sensitive content posted to Slack was being used to develop AI/ML models and that opting out world require sending e-mail requests: "If you want to exclude your Customer Data from Slack global models, you can opt out. To opt out, please have your org, workspace owners or primary owner contact our Customer Experience team at feedback@slack.com with your workspace/org URL and the subject line 'Slack global model opt-out request'. We will process your request and respond once the opt-out has been completed."Read more of this story at Slashdot.
Apple Plans a Thinner iPhone in 2025
Apple is developing a significantly thinner version of the iPhone [non-paywalled source] that could be released as early as 2025, The Information reported Friday, citing three people with direct knowledge of the project. From the report: The slimmer iPhone could be released concurrently with the iPhone 17, expected in September 2025, according to the three people with direct knowledge and two others familiar with the project. It could be priced higher than the iPhone Pro Max, currently Apple's most expensive model starting at $1,200, they said. The people familiar with the project described the new iPhone, internally code-named D23, as a major redesign -- similar to the iPhone X, which Apple marketed as a technological leap from previous generations and which started at $1,000 when it was released in 2017. Several of its novel features, such as FaceID, the OLED screen and glass back, became standard in subsequent models.Read more of this story at Slashdot.
Apple Geofences Third-Party Browser Engine Work for EU Devices
Apple's grudging accommodation of European law -- allowing third-party browser engines on its mobile devices -- apparently comes with a restriction that makes it difficult to develop and support third-party browser engines for the region. From a report: The Register has learned from those involved in the browser trade that Apple has limited the development and testing of third-party browser engines to devices physically located in the EU. That requirement adds an additional barrier to anyone planning to develop and support a browser with an alternative engine in the EU. It effectively geofences the development team. Browser-makers whose dev teams are located in the US will only be able to work on simulators. While some testing can be done in a simulator, there's no substitute for testing on device -- which means developers will have to work within Apple's prescribed geographical boundary. Prior to iOS 17.4, Apple required all web browsers on iOS or iPadOS to use Apple's WebKit rendering engine. Alternatives like Gecko (used by Mozilla Firefox) or Blink (used by Google and other Chromium-based browsers) were not permitted. Whatever brand of browser you thought you were using on your iPhone, under the hood it was basically Safari. Browser makers have objected to this for years, because it limits competitive differentiation and reduces the incentive for Apple owners to use non-Safari browsers.Read more of this story at Slashdot.
VW and Renault End Talks To Develop Affordable EV
Volkswagen has walked away from talks with Renault to jointly develop an affordable electric version of the Twingo car, Reuters reported Friday, citing sources familiar with the situation, in a setback for the EU carmakers' efforts to fend off Chinese rivals. From the report: The collapse of negotiations could mean the German carmaker may have to go it alone in developing its own affordable electric vehicle (EV). Renault will continue designing its electric Twingo, scheduled to hit the market in 2026. Both had hoped that sharing the work would cut costs that represent a key hurdle for European carmakers in the face of cheaper cars from China. Volkswagen broke off discussions mainly because Renault had wanted to build the car in one of its plants at a time when VW is seeking to fully utilise its European production network, one of the sources said.Read more of this story at Slashdot.
OpenAI's Long-Term AI Risk Team Has Disbanded
An anonymous reader shares a report: In July last year, OpenAI announced the formation of a new research team that would prepare for the advent of supersmart artificial intelligence capable of outwitting and overpowering its creators. Ilya Sutskever, OpenAI's chief scientist and one of the company's cofounders, was named as the colead of this new team. OpenAI said the team would receive 20 percent of its computing power. Now OpenAI's "superalignment team" is no more, the company confirms. That comes after the departures of several researchers involved, Tuesday's news that Sutskever was leaving the company, and the resignation of the team's other colead. The group's work will be absorbed into OpenAI's other research efforts. Sutskever's departure made headlines because although he'd helped CEO Sam Altman start OpenAI in 2015 and set the direction of the research that led to ChatGPT, he was also one of the four board members who fired Altman in November. Altman was restored as CEO five chaotic days later after a mass revolt by OpenAI staff and the brokering of a deal in which Sutskever and two other company directors left the board. Hours after Sutskever's departure was announced on Tuesday, Jan Leike, the former DeepMind researcher who was the superalignment team's other colead, posted on X that he had resigned.Read more of this story at Slashdot.
Hopes For Sustainable Jet Fuel Not Realistic, Report Finds
Hopes that replacement fuels for airplanes will slash carbon pollution are misguided and support for these alternatives could even worsen the climate crisis, a new report has warned. The Guardian: There is currently "no realistic or scalable alternative" to standard kerosene-based jet fuels, and touted "sustainable aviation fuels" are well off track to replace them in a timeframe needed to avert dangerous climate change, despite public subsidies, the report by the Institute for Policy Studies, a progressive thinktank, found. "While there are kernels of possibility, we should bring a high level of skepticism to the claims that alternative fuels will be a timely substitute for kerosene-based jet fuels," the report said. Chuck Collins, co-author of the report, said: "To bring these fuels to the scale needed would require massive subsidies, the trade-offs would be unacceptable and would take resources aware from more urgent decarbonization priorities. It's a huge greenwashing exercise by the aviation industry. It's magical thinking that they will be able to do this." In the US, Joe Biden's administration has set a goal for 3bn gallons of sustainable aviation fuel, which is made from non-petroleum sources such as food waste, woody biomass and other feedstocks, to be produced by 2030, which it said will cut aviation's planet-heating emissions by 20%.Read more of this story at Slashdot.
Microsoft Plans Boldest Games Bet Since Activision Deal, Changing How 'Call of Duty' Is Sold
Microsoft plans a major shakeup of its videogame sales strategy by releasing the coming installment of Call of Duty to its subscription service instead of the longtime, lucrative approach of only selling it a la carte. WSJ: The plans, which mark the biggest change to Microsoft's gaming division since it closed the $75 billion takeover of Activision Blizzard, are expected to be announced at the company's annual Xbox showcase next month, according to people familiar with the matter. Call of Duty is one of the most successful entertainment properties ever, generating over $30 billion in lifetime revenue. Activision, which makes it, has long released new editions annually, selling about 25 million copies on average, selling for around $70 each in recent years. Before the Microsoft deal last year, Activision was reluctant to fully embrace subscription-based models for a game that still attracts a premium price. Microsoft's subscription service, Game Pass, costs $9.99 to $16.99 a month, and provides access to hundreds of games from Microsoft and dozens of other companies.Read more of this story at Slashdot.
Arizona Woman Accused of Helping North Koreans Get Remote IT Jobs At 300 Companies
An anonymous reader quotes a report from Ars Technica: An Arizona woman has been accused of helping generate millions of dollars for North Korea's ballistic missile program by helping citizens of that country land IT jobs at US-based Fortune 500 companies. Christina Marie Chapman, 49, of Litchfield Park, Arizona, raised $6.8 million in the scheme, federal prosecutors said in an indictment unsealed Thursday. Chapman allegedly funneled the money to North Korea's Munitions Industry Department, which is involved in key aspects of North Korea's weapons program, including its development of ballistic missiles. Part of the alleged scheme involved Chapman and co-conspirators compromising the identities of more than 60 people living in the US and using their personal information to get North Koreans IT jobs across more than 300 US companies. As another part of the alleged conspiracy, Chapman operated a "laptop farm" at one of her residences to give the employers the impression the North Korean IT staffers were working from within the US; the laptops were issued by the employers. By using proxies and VPNs, the overseas workers appeared to be connecting from US-based IP addresses. Chapman also received employees' paychecks at her home, prosecutors said. Federal prosecutors said that Chapman and three North Korean IT workers -- using the aliases of Jiho Han, Chunji Jin, Haoran Xu, and others -- had been working since at least 2020 to plan a remote-work scheme. In March of that year, prosecutors said, an individual messaged Chapman on LinkedIn and invited her to "be the US face" of their company. From August to November of 2022, the North Korean IT workers allegedly amassed guides and other information online designed to coach North Koreans on how to write effective cover letters and resumes and falsify US Permanent Resident Cards. Under the alleged scheme, the foreign workers developed "fictitious personas and online profiles to match the job requirements" and submitted fake documents to the Homeland Security Department as part of an employment eligibility check. Chapman also allegedly discussed with co-conspirators about transferring the money earned from their work. Chapman was arrested Wednesday. It wasn't immediately known when she or Didenko were scheduled to make their first appearance in court. If convicted, Chapman faces 97.5 years in prison, and Didenko faces up to 67.5 years.Read more of this story at Slashdot.
Companies Are So Desperate For Data Centers They're Leasing Them Before They're Even Built
Data center construction levels are at an all-time high. And more than ever, companies that need them have already called dibs. From a report: In the first quarter of 2024, what amounts to about half of the existing supply of data center megawattage in the US is under construction, according to real estate services firm CBRE. And 84% of that is already leased. Typically that rate had been about 50% the last few years -- already notably higher than other real estate classes. "I'm astonished and impressed by the demand for facilities yet to be fully constructed," CBRE Data Center Research Director Gordon Dolven told Sherwood. That advanced interest means that despite the huge amount of construction, there's still going to be a shortage of data centers to meet demand. In other words, data center vacancy rates are staying low and rents high. Nationwide the vacancy rates are near record lows of 3.7% and average asking rent for data centers was up 19% year over year, according to CBRE. It was up 42% in Northern Virginia, where many data centers are located. These sorts of price jumps are "unprecedented" compared with other types of real estate. For comparison, rents for industrial and logistics real estate, another hot asset class used in e-commerce, is expected to go up 8% this year.Read more of this story at Slashdot.
Germany's Sovereign Tech Fund Now Supporting FFmpeg
Michael Larabel reports via Phoronix: Following Germany's Sovereign Tech Fund providing significant funding for GNOME, Rust Coreutils, PHP, a systemd bug bounty, and numerous other free software projects, the FFmpeg multimedia library is the latest beneficiary to this funding from the Germany government. The Sovereign Tech Fund notes that the FFmpeg project is receiving 157,580 euros for 2024 and 2025. An announcement on the FFmpeg.org project site notes: "The FFmpeg community is excited to announce that Germany's Sovereign Tech Fund has become its first governmental sponsor. Their support will help sustain the [maintenance] of the FFmpeg project, a critical open-source software multimedia component essential to bringing audio and video to billions around the world everyday."Read more of this story at Slashdot.
Archie, the Internet's First Search Engine, Is Rescued and Running
An anonymous reader quotes a report from Ars Technica: It's amazing, and a little sad, to think that something created in 1989 that changed how people used and viewed the then-nascent Internet had nearly vanished by 2024. Nearly, that is, because the dogged researchers and enthusiasts at The Serial Port channel on YouTube have found what is likely the last existing copy of Archie. Archie, first crafted by Alan Emtage while a student at McGill University in Montreal, Quebec, allowed for the searching of various "anonymous" FTP servers around what was then a very small web of universities, researchers, and government and military nodes. It was groundbreaking; it was the first echo of the "anything, anywhere" Internet to come. And when The Serial Port went looking, it very much did not exist. While Archie would eventually be supplanted by Gopher, web portals, and search engines, it remains a useful way to index FTP sites and certainly should be preserved. The Serial Port did this, and the road to get there is remarkable and intriguing. You are best off watching the video of their rescue, along with its explanatory preamble. But I present here some notable bits of the tale, perhaps to tempt you into digging further.Read more of this story at Slashdot.
NetBSD Bans AI-Generated Code
Seven Spirals writes: NetBSD committers are now banned from using any AI-generated code from ChatGPT, CoPilot, or other AI tools. Time will tell how this plays out with both their users and core team. "If you commit code that was not written by yourself, double check that the license on that code permits import into the NetBSD source repository, and permits free distribution," reads NetBSD's updated commit guidelines. "Check with the author(s) of the code, make sure that they were the sole author of the code and verify with them that they did not copy any other code. Code generated by a large language model or similar technology, such as GitHub/Microsoft's Copilot, OpenAI's ChatGPT, or Facebook/Meta's Code Llama, is presumed to be tainted code, and must not be committed without prior written approval by core."Read more of this story at Slashdot.
In a Milestone, the US Exceeds 5 Million Solar Installations
According to the Solar Energy Industries Association (SEIA), the U.S. has officially surpassed 5 million solar installations. "The 5 million milestone comes just eight years after the U.S. achieved its first million in 2016 -- a stark contrast to the four decades it took to reach that initial milestone since the first grid-connected solar project in 1973," reports Electrek. From the report: Since the beginning of 2020, more than half of all U.S. solar installations have come online, and over 25% have been activated since the Inflation Reduction Act became law 20 months ago. Solar arrays have been installed on homes and businesses and as utility-scale solar farms. The U.S. solar market was valued at $51 billion in 2023. Even with changes in state policies, market trends indicate robust growth in solar installations across the U.S. According to SEIA forecasts, the number of solar installations is expected to double to 10 million by 2030 and triple to 15 million by 2034. The residential sector represents 97% of all U.S. solar installations. This sector has consistently set new records for annual installations over the past several years, achieving new highs for five straight years and in 10 out of the last 12 years. The significant growth in residential solar can be attributed to its proven value as an investment for homeowners who wish to manage their energy costs more effectively. California is the frontrunner with 2 million solar installations, though recent state policies have significantly damaged its rooftop solar market. Meanwhile, other states are experiencing rapid growth. For example, Illinois, which had only 2,500 solar installations in 2017, now boasts over 87,000. Similarly, Florida has seen its solar installations surge from 22,000 in 2017 to 235,000 today. By 2030, 22 states or territories are anticipated to surpass 100,000 solar installations. The U.S. has enough solar installed to cover every residential rooftop in the Four Corners states of Colorado, Utah, Arizona, and New Mexico.Read more of this story at Slashdot.
Winamp Is 'Opening Up' Its Source Code
In a press release today, the best music player of the 1990s announced that it'll open up its source code to developers worldwide. "Winamp will open up its code for the player used on Windows, enabling the entire community to participate in its development," said the company. "This is an invitation to global collaboration, where developers worldwide can contribute their expertise, ideas, and passion to help this iconic software evolve." Alexandre Saboundjian, CEO of Winamp, explains: "This is a decision that will delight millions of users around the world. Our focus will be on new mobile players and other platforms. We will be releasing a new mobile player at the beginning of July. Still, we don't want to forget the tens of millions of users who use the software on Windows and will benefit from thousands of developers' experience and creativity. Winamp will remain the owner of the software and will decide on the innovations made in the official version."Read more of this story at Slashdot.
Sony Lays Down the Gauntlet on AI
Sony Music Group, one of the world's biggest record labels, warned AI companies and music streaming platforms not to use the company's content without explicit permission. From a report: Sony Music, whose artists include Lil Nas X and Celine Dion, sent letters to more than 700 companies in an effort to protect its intellectual property, which includes album cover art, metadata, musical compositions and lyrics, from being used for training AI models. "Unauthorized use" of Sony Music Group content in the "training, development or commercialization of AI systems" deprives the company and its artists of control and compensation for those works, according to the letter, which was obtained by Bloomberg News. [...] Sony Music, along with the rest of the industry, is scrambling to balance the creative potential of the fast-moving technology while also protecting artists' rights and its own profits. "We support artists and songwriters taking the lead in embracing new technologies in support of their art," Sony Music Group said in statement Thursday. "However, that innovation must ensure that songwriters' and recording artists' rights, including copyrights, are respected."Read more of this story at Slashdot.
Reddit Reintroduces Its Awards System
After shutting down its awards system last July, Reddit announced that it is bringing it back, with much of the same and some new features. There'll be "a new design for awards, a new award button under eligible posts and a leaderboard showing top awards earned for a comment or a post," reports TechCrunch. From the report: The company sunset its awards program last year along with the ability for users to purchase coins. At the same time, Reddit introduced "Golden Upvotes," which were purchased directly through cash. In a new post, the company said the system wasn't as expressive as awards. "While the golden upvote was certainly simpler in theory, in practice, it missed the mark. It wasn't as fun or expressive as legacy awards, and it was unclear how it benefited the recipient," the social network said. Users who want to give awards to posts and comments will need to buy "gold," which kind of replaces coins. On a support page, the company mentioned that, on average, awards cost anywhere between 15 to 50 gold. Gold packages in Reddit's mobile apps currently start at $1.99 for 100 gold. Users can buy as much as 2,750 gold for $49.99. The company is also adding some safeguards to the awards system, such as disabling awards in NSFW subreddits, trauma and addiction support subreddits, and subreddits with mature content. Additionally, users will be able to report awards to avoid them being used for moderator removals.Read more of this story at Slashdot.
GTA 6 Release Date Narrowed To Fall 2025 Amid Questions about Delays
Take-Two Interactive is doubling down Grand Theft Auto VI's release date, saying the long-awaited sequel will be out fall 2025 despite rumors of a possible delay into 2026. From a report: Take-Two announced GTA 6's updated release window in its latest earnings report, saying that its current outlook is based on the new date. "We do feel highly confident that we'll deliver [Grand Theft Auto VI] in fall of 2025," Take-Two CEO Strauss Zelnick told IGN in an interview when asked if he was concerned that GTA 6 may get delayed.Read more of this story at Slashdot.
Another Billionaire Pushes a Bid For TikTok, But To Decentralize It
An anonymous reader quotes a report from Techdirt, written by Mike Masnick: If you're a fan of chaos, well, the TikTok ban situation is providing plenty of chaos to follow. Ever since the US government made it clear it was seriously going to move forward with the obviously unconstitutional and counterproductive plan to force ByteDance to divest from TikTok or have the app effectively banned from the U.S., various rich people have been stepping up with promises to buy the app. There was former Trump Treasury Secretary Steven Mnuchin with plans to buy it. Then there was "mean TV investor, who wants you to forget his sketchy history" Kevin O'Leary with his own TikTok buyout plans. I'm sure there have been other rich dudes as well, though strikingly few stories of actual companies interested in purchasing TikTok. But now there's another billionaire to add to the pile: billionaire real estate/property mogul Frank McCourt (who has had some scandals in his own history) has had an interesting second act over the last few years as a big believer in decentralized social media. He created and funded Project Liberty, which has become deeply involved in a number of efforts to create infrastructure for decentralized social media, including its own Decentralized Social Networking Protocol (DSTP). Over the past few years, I've had a few conversations with people involved in Project Liberty and related projects. Their hearts are in the right place in wanting to rethink the internet in a manner that empowers users over big companies, even if I don't always agree with their approach (he also frequently seems to surround himself with all sorts of tech haters, who have somewhat unrealistic visions of the world). Either way, McCourt and Project Liberty have now announced a plan to bid on TikTok. They plan to merge it into his decentralization plans. "Frank McCourt, Founder of Project Liberty and Executive Chairman of McCourt Global, today announced that Project Liberty is organizing a bid to acquire the popular social media platform TikTok in the U.S., with the goal of placing people and data empowerment at the center of the platform's design and purpose," reads a press release from Project Liberty. "Working in consultation with Guggenheim Securities, the investment banking and capital markets business of Guggenheim Partners, and Kirkland & Ellis, one of the world's largest law firms, as well as world-renowned technologists, academics, community leaders, parents and engaged citizens, this bid for TikTok offers an innovative, alternative vision for the platform's infrastructure -- one that allows people to reclaim agency over their digital identities and data by proposing to migrate the platform to a new digital open-source protocol. In launching the bid, McCourt and his partners are seizing this opportunity to return control and value back into the hands of individuals and provide Americans with a meaningful voice, choice, and stake in the future of the web."Read more of this story at Slashdot.
Hugging Face Is Sharing $10 Million Worth of Compute To Help Beat the Big AI Companies
Kylie Robison reports via The Verge: Hugging Face, one of the biggest names in machine learning, is committing $10 million in free shared GPUs to help developers create new AI technologies. The goal is to help small developers, academics, and startups counter the centralization of AI advancements. [...] Delangue is concerned about AI startups' ability to compete with the tech giants. Most significant advancements in artificial intelligence -- like GPT-4, the algorithms behind Google Search, and Tesla's Full Self-Driving system -- remain hidden within the confines of major tech companies. Not only are these corporations financially incentivized to keep their models proprietary, but with billions of dollars at their disposal for computational resources, they can compound those gains and race ahead of competitors, making it impossible for startups to keep up. Hugging Face aims to make state-of-the-art AI technologies accessible to everyone, not just the tech giants. [...] Access to compute poses a significant challenge to constructing large language models, often favoring companies like OpenAI and Anthropic, which secure deals with cloud providers for substantial computing resources. Hugging Face aims to level the playing field by donating these shared GPUs to the community through a new program called ZeroGPU. The shared GPUs are accessible to multiple users or applications concurrently, eliminating the need for each user or application to have a dedicated GPU. ZeroGPU will be available via Hugging Face's Spaces, a hosting platform for publishing apps, which has over 300,000 AI demos created so far on CPU or paid GPU, according to the company. Access to the shared GPUs is determined by usage, so if a portion of the GPU capacity is not actively utilized, that capacity becomes available for use by someone else. This makes them cost-effective, energy-efficient, and ideal for community-wide utilization. ZeroGPU uses Nvidia A100 GPU devices to power this operation -- which offer about half the computation speed of the popular and more expensive H100s. "It's very difficult to get enough GPUs from the main cloud providers, and the way to get them -- which is creating a high barrier to entry -- is to commit on very big numbers for long periods of times," Delangue said. Typically, a company would commit to a cloud provider like Amazon Web Services for one or more years to secure GPU resources. This arrangement disadvantages small companies, indie developers, and academics who build on a small scale and can't predict if their projects will gain traction. Regardless of usage, they still have to pay for the GPUs. "It's also a prediction nightmare to know how many GPUs and what kind of budget you need," Delangue said.Read more of this story at Slashdot.
Palo Alto Networks Is Buying Security Assets From IBM
Palo Alto Networks is acquiring IBM's QRadar cloud software and migrating customers to its Cortex Xsiam platform as part of a broader partnership aimed at expanding its consulting capabilities and customer base. The sum of the deal was not disclosed. CNBC reports: The move normally takes one to three months, Nikesh Arora, Palo Alto's CEO, told CNBC. Also, IBM will train more than 1,000 of its consulting employees on Palo Alto's products. [...] For IBM, a more robust lineup of contemporary security tools for consulting might help the company deliver on its stated goal of revenue growth in the mid-single digits for 2024. In the first quarter, revenue increased 3%, with a 2% bump in the consulting segment. Palo Alto is growing much faster than IBM. In the January quarter, revenue jumped 19%. The company will report results for the latest quarter on Monday. Palo Alto more than doubled in value last year and its stock is up 6% year to date, lifting the company's market cap past $100 billion. The stock rose more than 1% in extended trading. IBM is up close to 5% this year and is now valued at $154 billion. The companies said the transaction should close by the end of September, subject to regulatory approval and other conditions. [...] IBM will continue to sell its QRadar software for use in on-premises data centers. At the same time, IBM will suggest that clients using it consider switching to Palo Alto's Cortex Xsiam.Read more of this story at Slashdot.
EU Opens Child Safety Probes of Facebook and Instagram, Citing Addictive Design Concerns
An anonymous reader quotes a report from TechCrunch: Facebook and Instagram are under formal investigation in the European Union over child protection concerns, the Commission announced Thursday. The proceedings follow a raft of requests for information to parent entity Meta since the bloc's online governance regime, the Digital Services Act (DSA), started applying last August. The development could be significant as the formal proceedings unlock additional investigatory powers for EU enforcers, such as the ability to conduct office inspections or apply interim measures. Penalties for any confirmed breaches of the DSA could reach up to 6% of Meta's global annual turnover. Meta's two social networks are designated as very large online platforms (VLOPs) under the DSA. This means the company faces an extra set of rules -- overseen by the EU directly -- requiring it to assess and mitigate systemic risks on Facebook and Instagram, including in areas like minors' mental health. In a briefing with journalists, senior Commission officials said they suspect Meta of failing to properly assess and mitigate risks affecting children. They particularly highlighted concerns about addictive design on its social networks, and what they referred to as a "rabbit hole effect," where a minor watching one video may be pushed to view more similar content as a result of the platforms' algorithmic content recommendation engines. Commission officials gave examples of depression content, or content that promotes an unhealthy body image, as types of content that could have negative impacts on minors' mental health. They are also concerned that the age assurance methods Meta uses may be too easy for kids to circumvent. "One of the underlying questions of all of these grievances is how can we be sure who accesses the service and how effective are the age gates -- particularly for avoiding that underage users access the service," said a senior Commission official briefing press today on background. "This is part of our investigation now to check the effectiveness of the measures that Meta has put in place in this regard as well." In all, the EU suspects Meta of infringing DSA Articles 28, 34, and 35. The Commission will now carry out an in-depth investigation of the two platforms' approach to child protection.Read more of this story at Slashdot.
Russia Directing Hackers To Attack UK and West, Says Director of GCHQ
Russia is increasingly seeking to encourage and direct hackers to attack British and other western targets, the director of GCHQ has said in her first keynote speech as head of the British intelligence agency. From a report: Anne Keast-Butler said her agency was "increasingly concerned about growing links" between the Russian intelligence services and proxy hacker groups who have long taken advantage of a permissive environment within the country. "Before, Russia simply created the right environments for these groups to operate but now they're nurturing and inspiring these non state cyber actors," she said in a speech to the Cyber UK conference, in what she described as a "globally pervasive" threat. The spy chief, appointed last year to be the first woman to hold the role, referenced the threat from ransomware -- "the most acute and pervasive cyber threat" -- where cybercriminals, typically from Russia, take control of a company's data and systems and demand significant sums to regain access. GCHQ was "doing everything we can" to counter ransomware actors, Keast-Butler said, degrade their ability to attack systems across government and business and to "produce intelligence that means those involved in ransomware are held to account." There is "no hiding place" for cybercriminals she added.Read more of this story at Slashdot.
Samsung Mocks Apple's Controversial 'Crush' Ad With 'UnCrush' Pitch
Samsung has released a response to Apple's recently criticized "Crush" ad, which featured the destruction of instruments, arcade games, and sculptures to promote the new iPad Pro. Apple subsequently apologized, with an executive admitting they "missed the mark." In a video titled "UnCrush," created by BBH USA and directed by Zen Pace, Samsung depicts a woman navigating debris reminiscent of Apple's ad, using a Galaxy Tab S9 and Galaxy AI to play guitar, in contrast to Apple's destructive message. "We would never crush creativity," the caption of Samsung's video reads.Read more of this story at Slashdot.
Revolutionary New Google Feature Hidden Under 'More' Tab Shows Links To Web Pages
An anonymous reader shares a report: After launching a feature that adds more AI junk than ever to search results, Google is experimenting with a radical new feature that lets users see only the results they were looking for, in the form of normal text links. As in, what most people actually use Google for. "We've launched a new 'Web' filter that shows only text-based links, just like you might filter to show other types of results, such as images or videos," the official Google Search Liaison Twitter account, run by Danny Sullivan, posted on Tuesday. The option will appear at the top of search results, under the "More" option. "We've added this after hearing from some that there are times when they'd prefer to just see links to web pages in their search results, such as if they're looking for longer-form text documents, using a device with limited internet access, or those who just prefer text-based results shown separately from search features," Sullivan wrote. "If you're in that group, enjoy!" Searching Google has become a bloated, confusing experience for users in the last few years, as it's gradually started prioritizing advertisements and sponsored results, spammy affiliate content, and AI-generated web pages over authentic, human-created websites.Read more of this story at Slashdot.
...68697071727374757677...