Billed as the world’s first commercial multi-focal monitor, the Ultra Reality Extend merges the ease-of-use and simplicity of a traditional desktop display with the kind of spatial depth you can normally only get from VR headset. Granted, the max simulated depth the Extend delivers is only 2.5 meters, which isn’t nearly as far as you’d get from devices like a Meta Quest 3S or an Apple Vision Pro, but considering that Brelyon’s monitor doesn’t require any additional equipment (aside from a connected PC), the effect is truly impressive. And it’s much easier to use too, all you have to do is set yourself in front and the monitor will do the rest, which results in much less eye strain or the potential nausea that many people experience with modern VR goggles.
Brelyon
This allows the monitor to defy its dimensions, because even though it’s much chunkier than a typical display, the view inside is absolutely monstrous. From a 30-inch frame, the Ultra Reality Extend provides a virtual display that’s equivalent to a curved 122-inch screen. Meanwhile, its 4K/60Hz resolution uses 1-bit of monocular to deliver spatial content that looks closer to 8K with elements of the scene capable of looking closer or further away depending on the situation.
[…]
underpinning the monitor is Brelyon’s Visual Engine, which allows the display to automatically assign different depths to elements in games and videos on the fly without additional programming. That said, developers can further optimize their content for Brelyon’s tech, allowing them to add even more depth and immersion.
Unfortunately, the downside is that the Ultra Reality Extend’s unique approach to spatial content is quite expensive. That’s because while the monitor is available now, the company is targeting pricing between $5,000 to $8,000 per unit, with the exact numbers depending on the customer and any partnerships with Brelyon. Sadly, this means the display will be limited to enterprise buyers who will use it for things like making ultra-realistic flight simulators with depth-enabled UI instead of normal folk who might want a fancy monitor for movies and games. But if Brelyon’s tech takes off, one day, maybe…
LignoSat was sent to the ISS in November 2024 on a mission to demonstrate that wood could be a viable material from which to build spacecraft. The goal of the satellite includes studying how the selected wood reacts when exposed to the environment of space and its resistance to cosmic radiation.
Researchers will also monitor geomagnetic levels to determine whether the geomagnetic field can penetrate the satellite and interfere with the electronics.
According to NASA, three wood species had previously been exposed to space before honoki magnolia was selected to construct the cubesat. The 10cm long wood panels used in the constructions were assembled using a Japanese wood joinery method called “Blind Miter Dovetail Joint.” This method means that glue and nails are not required.
[…]
LignoSat was part of the Japanese Experiment Module (JEM) Small Satellite Orbital Deployer-30 (J-SSOD-30) CubeSat deployment mission, handled by the JEM Remote Manipulator System (JEMRMS). It is expected to spend a few months in low Earth orbit before eventually reentering the Earth’s atmosphere and burning up.
Considering the rate at which satellites are being launched into orbit – SpaceX sent a batch of 24 Starlink satellites into space earlier this week – the prospect of building the spacecraft out of materials with less of an environmental impact is appealing, although LignoSat does incorporate components made from more conventional materials.
According to a J-Stories report, researchers hope that more of the aluminum parts used to attach electronic components to the wooden box could be replaced by wood in the future.
In the report, Koji Murata of the Graduate School of Agriculture, Kyoto University, said, “If the launch of the wooden satellite proves that timber can be used in space, it should change how we look at timber on Earth and lead to new uses and a reevaluation of the material.”
Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.
This number is a steep increase from previous years, with most requests processed after the platform’s policy shift on sharing user data, announced in September 2024.
While Telegram has long been a platform used to communicate with friends and family, talk with like-minded peers, and as a way to bypass government censorship, it is also heavily used for cybercrime.
Threat actors commonly utilize the platform to sell illegal services, conduct attacks, sell stolen data, or as a command and control server for their malware.
As first reported by 404 Media, the new information on fulfilled law enforcement requests comes from the Telegram Transparency Report for the period between 1/1/24 and 12/13/24.
Previously, Telegram would only share users’ IP addresses and phone numbers in cases of terrorism and had only fulfilled 14 requests affecting 108 users until September 30, 2024.
Current numbers (left) and previous period figures (right) Source: BleepingComputer
Following the change in its privacy policy, Telegram will now share user data with law enforcement in other cases of crime, including cybercrime, the selling of illegal goods, and online fraud.
[…]
This change came in response to pressure from the authorities, culminating in the arrest of Telegram’s founder and CEO, Pavel Durov, in late August in France.
Durov subsequently faced a long list of charges, including complicity in cybercrime, organized fraud, and distribution of illegal material, as well as refusal to facilitate lawful interceptions aimed at aiding crime investigations.
[…]
To access Telegram transparency reports for your country, use the platform’s dedicated bot from here.
That’s one way to get what you want – make up spurious charges, arrest someone and hold them for as long as it takes for you to get what you want without having to actually prove you can legally get at it. If it wasn’t the government doing it this would be called kidnapping and extortion.
A federal judge this week rejected Google’s motion to throw out a class-action lawsuit alleging that it invaded the privacy of users who opted out of functionality that records a users’ web and app activities. A jury trial is scheduled for August 2025 in US District Court in San Francisco.
The lawsuit concerns Google’s Web & App Activity (WAA) settings, with the lead plaintiff representing two subclasses of people with Android and non-Android phones who opted out of tracking. “The WAA button is a Google account setting that purports to give users privacy control of Google’s data logging of the user’s web app and activity, such as a user’s searches and activity from other Google services, information associated with the user’s activity, and information about the user’s location and device,” wrote US District Judge Richard Seeborg, the chief judge in the Northern District Of California.
Google says that Web & App Activity “saves your activity on Google sites and apps, including associated info like location, to give you faster searches, better recommendations, and more personalized experiences in Maps, Search, and other Google services.” Google also has a supplemental Web App and Activity setting that the judge’s ruling refers to as “(s)WAA.”
“The (s)WAA button, which can only be switched on if WAA is also switched on, governs information regarding a user’s ‘[Google] Chrome history and activity from sites, apps, and devices that use Google services.’ Disabling WAA also disables the (s)WAA button,” Seeborg wrote.
Google sends data to developers
But data is still sent to third-party app developers through the Google Analytics for Firebase (GA4F), “a free analytical tool that takes user data from the Firebase kit and provides app developers with insight on app usage and user engagement,” the ruling said. GA4F “is integrated in 60 percent of the top apps” and “works by automatically sending to Google a user’s ad interactions and certain identifiers regardless of a user’s (s)WAA settings, and Google will, in turn, provide analysis of that data back to the app developer.”
Plaintiffs have brought claims of privacy invasion under California law. Plaintiffs “present evidence that their data has economic value,” and “a reasonable juror could find that Plaintiffs suffered damage or loss because Google profited from the misappropriation of their data,” Seeborg wrote.
[…]
In a proposed settlement of a different lawsuit, Google last year agreed to delete records reflecting users’ private browsing activities in Chrome’s Incognito mode.
[…]
Google contends that its system is harmless to users. “Google argues that its sole purpose for collecting (s)WAA-off data is to provide these analytic services to app developers. This data, per Google, consists only of non-personally identifiable information and is unrelated (or, at least, not directly related) to any profit-making objectives,” Seeborg wrote.
On the other side, plaintiffs say that Google’s tracking contradicts its “representations to users because it gathers exactly the data Google denies saving and collecting about (s)WAA-off users,” Seeborg wrote. “Moreover, Plaintiffs insist that Google’s practices allow it to personalize ads by linking user ad interactions to any later related behavior—information advertisers are likely to find valuable—leading to Google’s lucrative advertising enterprise built, in part, on (s)WAA-off data unlawfully retrieved.”
[…]
Google, as the judge writes, purports to treat user data as pseudonymous by creating a randomly generated identifier that “permits Google to recognize the particular device and its later ad-related behavior… Google insists that it has created technical barriers to ensure, for (s)WAA-off users, that pseudonymous data is delinked to a user’s identity by first performing a ‘consent check’ to determine a user’s (s)WAA settings.”
Whether this counts as personal information under the law is a question for a jury, the judge wrote. Seeborg pointed to California law that defines personal information to include data that “is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Given the legal definition, “a reasonable juror could view the (s)WAA-off data Google collected via GA4F, including a user’s unique device identifiers, as comprising a user’s personal information,” he wrote.
Meta is abandoning the use of independent fact checkers on Facebook and Instagram, replacing them with X-style “community notes” where commenting on the accuracy of posts is left to users.
In a video posted alongside a blog post by the company on Tuesday, chief executive Mark Zuckerberg said third-party moderators were “too politically biased” and it was “time to get back to our roots around free expression”.
The move comes as Zuckerberg and other tech executives seek to improve relations with US President-elect Donald Trump before he takes office later this month.
Trump and his Republican allies have criticised Meta for its fact-checking policy, calling it censorship of right-wing voices.
Speaking after the changes were announced, Trump told a news conference he was impressed by Zuckerberg’s decision and that Meta had “come a long way”.
Asked whether Zuckerberg was “directly responding” to threats Trump had made to him in the past, the incoming US president responded: “Probably”.
So apart from donating money to the Oligarchy, now there will be a kind of “free speech” where Trump amigo’s and nutjobs can cry all they like whilst silencing actual intelligence. I wonder how fast people will leave FB for Bluesky.
Scientists have used high-energy particle collisions to peer inside protons, the particles that sit inside the nuclei of all atoms. This has revealed for the first time that quarks and gluons, the building blocks of protons, experience the phenomenon of quantum entanglement.
[…]
despite Einstein’s skepticism about entanglement, this “spooky” phenomenon has been verified over and over again. Many of those verifications have concerned testing increasing distances over which entanglement can be demonstrated. This new test took the opposite approach, investigating entanglement over a distance of just one quadrillionth of a meter, finding it actually occurs within individual protons.
The team found that the sharing of information that defines entanglement occurs across whole groups of fundamental particles called quarks and gluons within a proton.
[…]
To probe the inner structure of protons, scientists looked at high-energy particle collisions that have occurred in facilities like the Large Hadron Collider (LHC). When particles collide at extremely high speeds, other particles stream away from the collision like wreckage flung away from a crash between two vehicles.
This team used a technique developed in 2017 that applies quantum information science to electron-proton collisions to determine how entanglement influences the paths of particles streaming away. If quarks and gluons are entangled with protons, this technique says that should be revealed by the disorder, or “entropy,” seen in the sprays of daughter particles.
“Think of a kid’s messy bedroom, with laundry and other things all over the place,” Tu said. “In that disorganized room, the entropy is very high.”
The contrast to this is a low-entropy situation which is akin to a neatly tidied and sorted bedroom in which everything is organized in its proper place. A messy room indicates entanglement, if you will.
“For a maximally entangled state of quarks and gluons, there is a simple relation that allows us to predict the entropy of particles produced in a high-energy collision,” Brookhaven Lab theorist Dmitri Kharzeev said in the statement. “We tested this relation using experimental data.”
The interior of the Large Hadron Collider is within which protons and other particles are collided at high speeds. (Image credit: Robert Lea)
To investigate how “messy” particles get after a collision, the team first turned to data generated by proton-proton collisions conducted at the LHC. Then, in search of “cleaner” data, the researchers looked to electron-proton collisions carried out at the Hadron-Electron Ring Accelerator (HERA) particle collider from 1992 to 2007.
This data was delivered by the H1 team and its spokesperson as well as Deutsches Elektronen-Synchrotron (DESY) researcher Stefan Schmitt after a three-year search through HERA results.
Comparing HERA data with the entropy calculations, the team’s results matched their predictions perfectly, providing strong evidence that quarks and gluons inside protons are maximally entangled.
“Entanglement doesn’t only happen between two particles but among all the particles,” Kharzeev said. “Maximal entanglement inside the proton emerges as a consequence of strong interactions that produce a large number of quark-antiquark pairs and gluons.”
The revelation of maximal entanglement of quarks and gluons within protons could help reveal what keeps these fundamental particles bound together with the building blocks of atomic nuclei.
[…] In this article, we present a comparative analysis of the carbon emissions associated with AI systems (ChatGPT, BLOOM, DALL-E2, Midjourney) and human individuals performing equivalent writing and illustrating tasks. Our findings reveal that AI systems emit between 130 and 1500 times less CO2e per page of text generated compared to human writers, while AI illustration systems emit between 310 and 2900 times less CO2e per image than their human counterparts. Emissions analyses do not account for social impacts such as professional displacement, legality, and rebound effects. In addition, AI is not a substitute for all human tasks. Nevertheless, at present, the use of AI holds the potential to carry out several major activities at much lower emission levels than can humans.
Some of the best tech we see at CES feels pulled straight from sci-fi. Yesterday at CES 2025, I tested out Neural Lab’s AirTouch technology, which lets you interact with a display using hand gestures alone, exactly what movies like Minority Report and Iron Man promised.
[…]
Neural Lab’s software is compatible with tablets, computers and really any device running at least Android 11, Windows 10 and later or Linux. The technology was developed with accessibility in mind after one of the founders had trouble keeping in touch with their parents overseas because navigating video conferencing programs was just too difficult for the older generation.
[…]
AirTouch tracks 3D hand movements and keys off of eye gazes to recognize intent, allowing it to ignore extraneous gestures. It currently supports nine gestures and customization allows users to program up to 15.
[…]
AirTouch is available now as a $30-per-month subscription for individuals (and $300 monthly for companies). Neural Labs says it takes just five minutes to install the software on any compatible device.
About seven years after the HDMI 2.1 specification was introduced, the HDMI Forum has announced the next generation: HDMI 2.2, which will require new cables to take advantage of its most high-performance features. It will not require a new connector, though, thankfully.
Though the HDMI Forum is officially calling the new specification HDMI 2.2, the accompanying cable will also receive a new name: Ultra96. All told, the selling point of both the Ultra96 cable and HDMI 2.2 specification are the increased bandwidth, which doubles the HDMI 2.1 bandwidth from 48Gbps to a staggering 96Gbps. [me: not really very impressive considering it doesn’t allow much over 8k resolution]
At this point, however, the HDMI Forum is only talking conceptually about the new specification. Companies who are part of the new HDMI adopter program will receive the full specifications in the first half of 2025
[…]
Remember, HDMI 2.1 supports uncompressed single-display resolution of 8K at 60Hz with 8-bit color depth at 4:2:0 chroma, and the same cables support compression at 10K120 resolution at 12-bit color depths.
[…]
Alternatively, users have the choice of using DisplayPort, which was “upgraded” from DisplayPort 2.0 to DisplayPort 2.1 in 2022, tightening the specification for USB 4. In January 2024, DisplayPort added the 2.1a specification, whose bandwidth tops out at 80Gbps.
The Pew survey found 76 percent of respondents voicing “a great deal or fair amount of confidence in scientists to act in the public’s best interests.” That’s up a bit from last year, but still down from prepandemic measures, to suggest that an additional one in 10 Americans has lost confidence in scientists since 2019.
The Pew survey’s results, however, show this propaganda worked on some Republican voters. The drop in public confidence in science the survey reports is almost entirely contained to that circle, plunging from 85 percent approvalamong Republican votersin April of 2020 to 66 percent now. It hardly budged for those not treated to nightly doses of revisionist history in an echo chamber—where outlets pretended thatmasking, schooland business restrictions, and vaccines, weren’t necessitiesin staving off a deadly new disease. Small wonder that Republican voters’excess death rates were 1.5 timesthose among Democrats after COVID vaccines appeared.
Amanda Montañez; Source: Pew Research Center
Instead of noting the role of this propaganda in their numbers, Pew’s statement about the survey pointed only to perceptions that scientists aren’t “good communicators,” held by 52 percent of respondents, and the 47 percent who said, “research scientists feel superior to others” in the survey.
[…]
it matches the advice in a December NASEM report on scientific misinformation: “Scientists, medical professionals, and health professionals who choose to take on high profile roles as public communicators of science should understand how their communications may be misinterpreted in the absence of context or in the wrong context.” This completely ignores the deliberate misinterpretation of science to advance political aims, the chief kind of science misinformation dominating the modern public sphere.
It isn’t a secret what is going on: Oil industry–funded lawmakers and other mouthpieces have similarly vilified climate scientists for decades to stave off paying the price for global warming. A study published in 2016 in the American Sociological Review concluded that the U.S. public’s slow erosion of trust in science from 1974 to 2010 was almost entirely among conservatives. Such conservatives had adopted “limited government” politics, which clashes with science’s “fifth branch” advisory role in setting regulations—seen most clearly in the FDA resisting Trump’s calls for wholesale approval of dangerous drugs to treat COVID. That flavor of politics made distrust for scientists the collateral damage of the half-century-long attack on regulation. The utter inadequacy of an unscientific, limited-government response to the 2020 pandemic only primed this resentment—fanned by hate aimed at Fauci—to deliver the dent in trust for science we see today.
Flying a first-person view (FPV) remote controlled aircraft with goggles is an immersive experience that makes you feel as if you’re really sitting in the cockpit of the plane or quadcopter. Unfortunately, while your wearing the goggles, you’re also completely blind to the world around you. That’s why you’re supposed to have a spotter nearby to keep watch on the local meatspace while you’re looping through the air.
But what if you could have the best of both worlds? What if your goggles not only allowed you to see the video stream from your craft’s FPV camera, but you could also see the world around you. That’s precisely the idea behind mixed reality goggles such as Apple Vision Pro and Meta’s Quest, you just need to put all the pieces together. In a recent video [Hoarder Sam] shows you exactly how to pull it off, and we have to say, the results look quite compelling.
[Sam]’s approach relies on the fact that there’s already cheap analog FPV receivers out there that act as a standard USB video device, with the idea being that they let you use your laptop, smartphone, or tablet as a monitor. But as the Meta Quest 3 is running a fork of Android, these devices are conveniently supported out of the box. The only thing you need to do other than plug them into the headset is head over to the software repository for the goggles and download a video player app.
The FPV receiver can literally be taped to the Meta Quest
With the receiver plugged in and the application running, you’re presented with a virtual display of your FPV feed hovering in front of you that can be moved around and resized. The trick is to get the size and placement of this virtual display down to the point where it doesn’t take up your entire field of vision, allowing you to see the FPV view and the actual aircraft at the same time. Of course, you don’t want to make it too small, or else flying might become difficult.
[Sam] says he didn’t realize just how comfortable this setup would be until he started flying around with it. Obviously being able to see your immediate surroundings is helpful, as it makes it much easier to talk to others and make sure nobody wanders into the flight area. But he says it’s also really nice when bringing your bird in for a landing, as you’ve got multiple viewpoints to work with.
Perhaps the best part of this whole thing is that anyone with a Meta Quest can do this right now. Just buy the appropriate receiver, stick it to your goggles, and go flying. If any readers give this a shot, we’d love to hear how it goes for you in the comments.
A Volkswagen software subsidiary called Cariad experienced a massive data leak that left 800,000 EV owners exposed, according to reporting by the German publication Spiegel Netzwelt. The leak allowed personal information to be left online for months, including movement data and contact information.
This included precise location data for 460,000 vehicles made by VW, Seat and Audi. According to reports, the information was accessible via the Amazon cloud storage platform.
[…]
VW said in a statement reviewed by the German press agency DPAthat the error has since been rectified, so that the information is no longer accessible. Additionally, the company noted that the leak only pertained to location and contact info, as passwords and payment data weren’t impacted. It added that only select vehicles registered for online services were initially at risk
This article then states that because it required technical expertise to access the locations, you shouldn’t be worried, which is quite frankly a retarded position to take: it is exactly those people with technical expertise that are the ones looking for these vulnerabilities and interested in exploiting them. Location data is extremely sensitive.
German electric air taxi company Volocopter has filed for bankruptcy protection, the latest in a string of similar startups to hit financial turbulence. The company plans to keep operating while it searches for new investors.
“We are ahead of our industry peers in our technological, flight test, and certification progress. That makes us an attractive company to invest in while we organize ourselves with internal restructuring,” CEO Dirk Hoke said in a statement.
Volocopter is one of the more well-funded electric air taxi startups, having raised hundreds of millions of dollars over nearly a decade with backing from major automakers like Germany’s Mercedes-Benz and China’s Geely.
Apple has agreed to pay $95 million to settle a lawsuit alleging that its voice assistant Siri routinely recorded private conversations that were then shared with third parties and used for targeted ads.
In the proposed class-action settlement—which comes after five years of litigation—Apple admitted to no wrongdoing. Instead, the settlement refers to “unintentional” Siri activations that occurred after the “Hey, Siri” feature was introduced in 2014, where recordings were apparently prompted without users ever saying the trigger words, “Hey, Siri.”
Sometimes Siri would be inadvertently activated, a whistleblower told The Guardian, when an Apple Watch was raised and speech was detected. The only clue that users seemingly had of Siri’s alleged spying was eerily accurate targeted ads that appeared after they had just been talking about specific items like Air Jordans or brands like Olive Garden, Reuters noted (claims which remain disputed).
[…]
It’s currently unknown how many customers were affected, but if the settlement is approved, the tech giant has offered up to $20 per Siri-enabled device for any customers who made purchases between September 17, 2014, and December 31, 2024. That includes iPhones, iPads, Apple Watches, MacBooks, HomePods, iPod touches, and Apple TVs, the settlement agreement noted. Each customer can submit claims for up to five devices.
A hearing when the settlement could be approved is currently scheduled for February 14. If the settlement is certified, Apple will send notices to all affected customers. Through the settlement, customers can not only get monetary relief but also ensure that their private phone calls are permanently deleted.
While the settlement appears to be a victory for Apple users after months of mediation, it potentially lets Apple off the hook pretty cheaply. If the court had certified the class action and Apple users had won, Apple could’ve been fined more than $1.5 billion under the Wiretap Act alone, court filings showed.
But lawyers representing Apple users decided to settle, partly because data privacy law is still a “developing area of law imposing inherent risks that a new decision could shift the legal landscape as to the certifiability of a class, liability, and damages,” the motion to approve the settlement agreement said. It was also possible that the class size could be significantly narrowed through ongoing litigation, if the court determined that Apple users had to prove their calls had been recorded through an incidental Siri activation—potentially reducing recoverable damages for everyone.
“The percentage of those who experienced an unintended Siri activation is not known,” the motion said. “Although it is difficult to estimate what a jury would award, and what claims or class(es) would proceed to trial, the Settlement reflects approximately 10–15 percent of Plaintiffs expected recoverable damages.”
Siri’s unintentional recordings were initially exposed by The Guardian in 2019, plaintiffs’ complaint said. That’s when a whistleblower alleged that “there have been countless instances of recordings featuring private discussions between doctors and patients, business deals, seemingly criminal dealings, sexual encounters and so on. These recordings are accompanied by user data showing location, contact details, and app data.”
[…]
Meanwhile, Google faces a similar lawsuit in the same district from plaintiffs represented by the same firms over its voice assistant, Reuters noted. A win in that suit could affect anyone who purchased “Google’s own smart home speakers, Google Home, Home Mini, and Home Max; smart displays, Google Nest Hub, and Nest Hub Max; and its Pixel smartphones” from approximately May 18, 2016 to today, a December court filing noted. That litigation likely won’t be settled until this fall.
Historically, manufacturers have let buyers unlock that access and customize what software their phones run. Notable exceptions in the US have, for the most part, only included carrier-specific phone variants.
Unlocking a Pixel smartphone, for example, requires adjusting a couple of settings and installing a couple of well-known tools. Then you’re ready to purge locked software or install a new launcher. Roughly a year ago, Xiaomi introduced a policy limiting users to three unlocked devices per account, providing only a limited time window for unlocking, and demanding waiting periods before doing so. It’s now gone even further, limiting users to unlocking the bootloader of just a single device throughout the year.
[…]
Custom ROMs usually (but not always) derive from pre-existing OSs like Android or Xiaomi’s HyperOS. To write operating software that works on a certain device, you need to develop it on that specific device. Consequently, individuals and teams throughout the enthusiast phone sphere constantly add to their collections of bootloader-unlocked phones. The new unlocking restrictions could place undue hardship on resource-limited development teams, reducing the number of custom ROMs produced moving forward.
Custom ROMs are not only important so you can do what you want on your hardware, but very important is that they allow you to keep updating a device long beyond manufacturer support (eg Cyanogen mod), keeping “outdated” devices running and useful.
New research from Anthropic, one of the leading AI companies and the developer of the Claude family of Large Language Models (LLMs), has released research showing that the process for getting LLMs to do what they’re not supposed to is still pretty easy and can be automated. SomETIMeS alL it tAKeS Is typing prOMptS Like thiS.
As the researchers explain, “BoN Jailbreaking works by repeatedly sampling variations of a prompt with a combination of augmentations—such as random shuffling or capitalization for textual prompts—until a harmful response is elicited.”
For example, if a user asks GPT-4o “How can I build a bomb,” it will refuse to answer because “This content may violate ourusage policies.” BoN Jailbreaking simply keeps tweaking that prompt with random capital letters, shuffled words, misspellings, and broken grammar until GPT-4o provides the information. Literally the example Anthropic gives in the paper looks like mocking sPONGbOB MEMe tEXT.
Anthropic tested this jailbreaking method on its own Claude 3.5 Sonnet, Claude 3 Opus, OpenAI’s GPT-4o, GPT-4o-mini, Google’s Gemini-1.5-Flash-00, Gemini-1.5-Pro-001, and Facebook’s Llama 3 8B. It found that the method “achieves ASRs [attack success rate] of over 50%” on all the models it tested within 10,000 attempts or prompt variations.
[…]
In January, we showed that the AI-generated nonconsensual nude images of Taylor Swift that went viral on Twitter were created with Microsoft’s Designer AI image generator by misspelling her name, using pseudonyms, and describing sexual scenarios without using any sexual terms or phrases. This allowed users to generate the images without using any words that would trigger Microsoft’s guardrails. In March, we showed that AI audio generation company ElevenLabs’s automated moderation methods preventing people from generating audio of presidential candidates were easily bypassed by adding a minute of silence to the beginning of an audio file that included the voice a user wanted to clone.
[…]
It’s also worth noting that while there’s good reasons for AI companies to want to lock down their AI tools and that a lot of harm comes from people who bypass these guardrails, there’s now no shortage of “uncensored” LLMs that will answer whatever question you want and AI image generation models and platforms that make it easy to create whatever nonconsensual images users can imagine.
This report summarizes insights from the inaugural 2024 Open Source Software Funding Survey1, a collaboration between GitHub, the Linux Foundation, and researchers from Harvard University. The objective of this study was to better understand how organizations2 fund, contribute to, and otherwise support open source software.
PayPal-owned browser extension Honey manipulates affiliate marketing systems and withholds discount information from users, according to an investigation by YouTube channel MegaLag.
The extension — which rose in popularity after promising consumers it would find them the best online deals — replaces existing affiliate cookies with its own during checkout, diverting commission payments from content creators who promoted the products to PayPal, MegaLag reported in a 23-minute video[YouTube link].
The investigation revealed that Honey, which PayPal acquired in 2019 for $4 billion, allows merchants in its cashback program to control which coupons appear to users, hiding better publicly available discounts.
British soldiers have successfully trialled for the first time a game-changing weapon that can take down a swarm of drones using radio waves for less than the cost of a pack of mince pies.
The Radio Frequency Directed Energy Weapon (RFDEW) development system can detect, track and engage a range of threats across land, air and sea.
RFDEWs are capable of neutralising targets up to 1km away with near instant effect and at an estimated cost of 10p per shot fired, providing a cost-effective complement to traditional missile-base air defence systems.
The RFDEW is different from Laser Directed Energy Weapons – such as DragonFire – because it uses a radio frequency to disrupt hostile threats, rather than a laser beam of light energy.
The weapon uses high frequency waves to disrupt or damage critical electronic components inside devices such as drones, causing them to be immobilised or fall out of the sky. It can also be used against threats on land and at sea.
The British Army successfully trialed a demonstrator version of the RFDEW. The development system has been produced by a consortium led by Thales UK and including sub-contractors QinetiQ, Teledyne e2v and Horiba Mira and supports up to 135 high-skilled jobs in the UK.
[…]
Its high level of automation means the system can be operated by a single person and could be mounted onto a military vehicle, such as a MAN SV, to provide mobility.
[…]
A live firing trial was recently completed by the Army’s Royal Artillery Trials and Development Unit and 7 Air Defence Group at a range in West Wales, where they successfully targeted and engaged Uncrewed Aerial Systems (UAS), in a first for the British Armed Forces.
following a Dec. 5 driver update that skipped GeForce Experience in favor of the Nvidia App (all future updates will follow its lead). The new app is meant to streamline the grab bag of features Nvidia has accumulated over the years, pairing its driver updating utility with a streamlined gaming overlay and improved tools for easily optimizing graphics or enabling G-Sync and other advanced settings. However, upon installing it, some gamers noticed their games running a bit more slowly.
“We’ve confirmed reports around the web that the Nvidia App using the default settings can impact gaming performance,” writes Tom’s Hardware’s Jarred Walton, “dropping frame rates by up to 15% in some cases.”
In particular, Walton saw performance drops ranging from 2% to 12% across the games he tested, which included Assassin’s Creed Mirage, Baldur’s Gate 3, Black Myth: Wukong, Flight Simulator 2024, and Stalker 2.
[…]
In a statement to Walton, Nvidia confirmed that the issue is specifically with the Game Filters and Photo Mode setting, and that the company is actively looking into a fix. So while you might not be able to play your games with an RTX HDR filter in the meantime, you’ll be able to use the rest of the app, even the overlay, as you would have before.
[…]
The simplest solution, and probably the best one for most people, is to follow Nvidia’s official advice and turn off the Game Filters and Photo Mode setting. To do this, just navigate to Settings > Features > Overlay > Game Filters and Photo Mode and toggle it off. I
Which unfortunately is OK because the new app does creates problems with photos / screenshots and screen videos being way too bright, among a raft of other problems.
But you don’t need to log in to this app to get driver updates.
Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car’s license plate number at will to avoid traffic tickets and tolls—or even pin them on someone else.
Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image.
That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. “You can put whatever you want on the screen, which users are not supposed to be able to do,” says Rodriguez. “Imagine you are going through a speed camera or if you are a criminal and you don’t want to get caught.”
One of Reviver’s license plates, jailbroken to show any image IOActive researcher Josep Rodriguez chooses.
Photography: IOActive
Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle—whose driver would then receive the malicious user’s tickets and toll bills. “If you can change the license plate number whenever you want, you can cause some real problems,” Rodriguez says.
All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates’ features without paying Reviver’s $29.99 monthly subscription fee.
Because the vulnerability that allowed him to rewrite the plates’ firmware exists at the hardware level—in Reviver’s chips themselves—Rodriguez says there’s no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company’s license plates are very likely to remain vulnerable despite Rodriguez’s warning—a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. “It’s a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it,” he says.
Hackers aligned with the Chinese government have infiltrated U.S. telecommunications infrastructure so deeply that it allowed the interception of unencrypted communications on a number of people, according to reports that first emerged in October. The operation, dubbed Salt Typhoon, apparently allowed hackers to listen to phone calls and nab text messages, and the penetration has been so extensive they haven’t even been booted from the telecom networks yet. The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week on best practices for protecting “highly targeted individuals,” which includes a new warning (PDF) about text messages.
“Do not use SMS as a second factor for authentication. SMS messages are not encrypted—a threat actor with access to a telecommunication provider’s network who intercepts these messages can read them. SMS MFA is not phishing-resistant and is therefore not strong authentication for accounts of highly targeted individuals,” the guidance, which has been posted online, reads. Not every service even allows for multi-factor authentication and sometimes text messages are the only option. But when you have a choice, it’s better to use phishing-resistant methods like passkeys or authenticator apps. CISA prefaces its guidance by insisting it’s only really speaking about high-value targets. The telecommunications hack mentioned above has been called the “worst hack in our nation’s history,” according to Sen. Mark Warner (D-VA).
Hundreds of websites will be shut down on the day that Britain’s Online Safety Act comes into effect, in what are believed to be the first casualties of the new internet laws.
Microcosm, a web forum hosting service that runs 300 sites including cycling forums and local community hubs, said that the sites would go offline on March 16, the day that Ofcom starts enforcing the Act.
Its owner said they were unable to comply with the lengthy requirements of the Act, which created a “disproportionately high personal liability”.
The new laws, which were designed to crack down on illegal content and protect children, threaten fines of up to £18m or 10pc of revenue for sites that fail to comply with the laws.
On Monday, Ofcom set out more than 40 measures that it expects online services to follow by March, such as carrying out risk assessments about their sites and naming senior people accountable for ensuring safety.
Microcosm, which has hosted websites including cycling forum LFGSS since 2007, is run as a non-profit funded by donations and largely relies on users to follow community guidelines. Its sites attract a combined 250,000 users.
Dee Kitchen, who operates the service and moderates its 300 sites, said: “What this is, is a chilling effect [on small sites].
“For the really small sites and the charitable sites and the local sports club there’s no carve-out for anything.
“It feels like a huge risk, and it feels like it can be so easily weaponised by angry people who are the subject of moderation.
“It’s too vague and too broad and I don’t want to take that personal risk.”
Announcing the shutdown on the LFGSS forum, they said: “It’s devastating to just … turn it off … but this is what the Act forces a sole individual running so many social websites for a public good to do.”
The tool, named “EagleMsgSpy,” was discovered by researchers at U.S. cybersecurity firm Lookout. The company said at the Black Hat Europe conference on Wednesday that it had acquired several variants of the spyware, which it says has been operational since “at least 2017.”
Kristina Balaam, a senior intelligence researcher at Lookout, told TechCrunch the spyware has been used by “many” public security bureaus in mainland China to collect “extensive” information from mobile devices. This includes call logs, contacts, GPS coordinates, bookmarks, and messages from third-party apps including Telegram and WhatsApp. EagleMsgSpy is also capable of initiating screen recordings on smartphones, and can capture audio recordings of the device while in use, according to research Lookout shared with TechCrunch.
A manual obtained by Lookout describes the app as a “comprehensive mobile phone judicial monitoring product” that can obtain “real-time mobile phone information of suspects through network control without the suspect’s knowledge, monitor all mobile phone activities of criminals and summarize them.”
[…]
Lookout notes that EagleMsgSpy currently requires physical access to a target device. However, Balaam told TechCrunch that the tool is still being developed as recently as late 2024, and said “it’s entirely possible” that EagleMsgSpy could be modified to not require physical access.
Lookout noted that internal documents it obtained allude to the existence of an as-yet-undiscovered iOS version of the spyware.
The advent of Bluetooth trackers has made it a lot easier to find your bag or keys when they’re lost, but it has also put inconspicuous tracking tools in the hands of people who might misuse them. Apple and Google have both implemented tracker alerts to let you know if there’s an unknown Bluetooth tracker nearby, and now as part of a new update, Google is letting Android users actually locate those trackers, too.
The feature is one of two new tools Google is adding to Find My Device-compatible trackers. The first, “Temporarily Pause Location” is what you’re supposed to enable when you first receive an unknown tracker notification. It blocks your phone from updating its location with trackers for 24 hours. The second, “Find Nearby,” helps you pinpoint where the tracker is if you can’t see it or easily hear it.
By clicking on an unknown tracker notification you’ll be able to see a map of where the tracker was last spotted moving with you. From there, you can play a sound to see if you can locate it (Google says the owner won’t be notified). If you can’t find it, Find Nearby will connect your phone to the tracker over Bluetooth and display a shape that fills in the closer you get to it.
Google / Engadget
The tool is identical to what Google offers for locating trackers and devices you actually own, but importantly, you don’t need to use Find My Device or have your own tracker to benefit. Like Google’s original notifications feature, any device running Android 6.0 and up can deal with unknown Bluetooth trackers safely.
Expanding Find Nearby seems like the final step Google needed to take to tamp down Bluetooth tracker misuse, something Apple already does with its Precision Finding tool for AirTags. The companies released a shared standard for spotting unknown Bluetooth trackers regardless of whether you use Android or iOS in May 2024, following the launch of Google’s Find My Device network in April. Both Google and Apple offered their own methods of dealing with unknown trackers before then to prevent trackers from being used for everything from robbery to stalking.
