Bicycles Can Be Hacked Easily Now

Posted on by

[…] New research suggests that certain brands of bike parts have vulnerabilities that could allow them to be remotely compromised during competitions.

The research was unveiled this week at the Usenix Workshop on Offensive Technologies by researchers from Northeastern University and UC San Diego. In their paper, researchers note that, much like modern cars, today’s bicycles are “cyber-physical systems that contain embedded computers and wireless links to enable new types of telemetry and control.” One of the more common cyber-connected systems is the wireless gear shifter, which uses electronic switches instead of traditional control levers to allow bikers shift gears.

Researchers tested shifters sold by Shimano, a Japanese company that is one of the larger cycling parts sellers in the world. Unfortunately, researchers found that Shimano’s shifters are vulnerable to simple “replay attacks” of the sort that are frequently targeted at car fobs. Such attacks, which utilize a radio signal manipulation, allow attackers to capture and weaponize data wirelessly exchanged by hardware parts. In this case, attackers could use such an attack to “unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear,” Wired writes. Radio hardware necessary to carry out such an attack is relatively inexpensive.

“Security vulnerabilities in wireless gear-shifting systems can critically impact rider safety and performance, particularly in professional bike races,” researchers’ paper notes. “In these races, attackers could exploit these weaknesses to gain an unfair advantage, potentially causing crashes or injuries by manipulating gear shifts or jamming the shifting operation.”

Obviously cheating is common in athletic competitions, so a hackable bicycle would definitely be something to worry about for competitive racers. Researchers highlight this point: “The history of professional cycling’s struggles with illegal performance-enhancing drugs underscores the appeal of such undetectable attacks, which could similarly compromise the sport’s integrity,” they write. “Given these risks, it is essential to adopt an adversary’s viewpoint and ensure that this technology can withstand motivated attackers in the highly competitive environment of professional cycling.”

Gizmodo reached out to Shimano for comment. Last year, the company was the victim of a ransomware attack and, after refusing to pay, had several terabytes of its corporate data spilled onto the internet by the hackers.

[…]

Source: Bicycles Can Be Hacked Now

Anova Smart sous vide cooker to start charging $2/month for 10-year-old companion app, stop Bluetooth functionality

Posted on by

Anova, a company that sells smart sous vide cookers, is getting backlash from customers after announcing that it will soon charge a subscription fee for the device’s companion app.

[…]

In a blog post on Thursday, Anova CEO and cofounder Stephen Svajian announced that starting on August 21, people who sign up to use the Anova Culinary App with the cooking devices will have to pay $2 per month, or $10 per year. The app does various things depending on the paired cooker, but it typically offers sous vide cooking guides, cooking notifications, and the ability to view, save, bookmark, and share recipes.

The subscription fee will only apply to people who make an account after August 21. Those who downloaded the app and made an account before August 21 won’t have to pay. But everyone will have to make an account; some people have been using the app without one until now.

[…]

As Digital Trends pointed out, the announcement follows an Anova statement saying it will no longer let users remotely control their kitchen gadgets via Bluetooth starting on September 28, 2025. This means that remote control via the app will only be possible for models offering and using Wi-Fi connectivity.

[…]

Changing or removing features of a tech gadget people have already purchased is a risky move that can anger customers who have paid for a device they expected to work a certain way indefinitely.

[…]

You can also find angry users lamenting the changes on Reddit (examples here and here).

The announcement seems to have forced users to question the value of the Anova app entirely.

[…]

The commenter also challenged the idea of people sharing recipes with an app that will monetize them, saying, “Why would I ever publish a recipe I made to the app if they’re going to charge others to view it?

[…]

Users can avoid the subscription fee and still use the gadget, but it may be hard to swallow the lost functionality for a device you paid three figures for. Customers who can’t stomach the loss may consider alternatives, including those without Wi-Fi connectivity.

Source: Smart sous vide cooker to start charging $2/month for 10-year-old companion app | Ars Technica

Scientists find humans age dramatically in two bursts – at 44, then 60

Posted on by

[…] The study, which tracked thousands of different molecules in people aged 25 to 75, detected two major waves of age-related changes at around ages 44 and again at 60. The findings could explain why spikes in certain health issues including musculoskeletal problems and cardiovascular disease occur at certain ages.

“We’re not just changing gradually over time. There are some really dramatic changes,”

[…]

The research tracked 108 volunteers, who submitted blood and stool samples and skin, oral and nasal swabs every few months for between one and nearly seven years. Researchers assessed 135,000 different molecules (RNA, proteins and metabolites) and microbes (the bacteria, viruses and fungi living in the guts and on the skin of the participants).

The abundance of most molecules and microbes did not shift in a gradual, chronological fashion. When the scientists looked for clusters of molecules with the largest shifts, they found these transformations tended to occur when people were in their mid-40s and early 60s.

[…]

The first wave of changes included molecules linked to cardiovascular disease and the ability to metabolise caffeine, alcohol and lipids. The second wave of changes included molecules involved in immune regulation, carbohydrate metabolism and kidney function. Molecules linked to skin and muscle ageing changed at both time points. Previous research suggested that a later spike in ageing may occur around the age of 78, but the latest study could not confirm this because the oldest participants were 75.

The pattern fits with previous evidence that the risk of many age-related diseases does not increase incrementally, with Alzheimer’s and cardiovascular disease risk showing a steep uptick after 60.

[…]

Source: Scientists find humans age dramatically in two bursts – at 44, then 60 | Medical research | The Guardian

Texas AG Latest To Sue GM For Covertly Selling Driver Data To Insurance Companies

Posted on by

Last year Mozilla released a report showcasing how the auto industry has some of the worst privacy practices of any tech industry in America (no small feat). Massive amounts of driver behavior is collected by your car, and even more is hoovered up from your smartphone every time you connect. This data isn’t secured, often isn’t encrypted, and is sold to a long list of dodgy, unregulated middlemen.

Last March the New York Times revealed that automakers like GM routinely sell access to driver behavior data to insurance companies, which then use that data to justify jacking up your rates. The practice isn’t clearly disclosed to consumers, and has resulted in 11 federal lawsuits in less than a month.

Now Texas AG Ken Paxton has belatedly joined the fun, filing suit (press release, complaint) in the state district court of Montgomery County against GM for “false, deceptive, and misleading business practices”:

“Companies are using invasive technology to violate the rights of our citizens in unthinkable ways. Millions of American drivers wanted to buy a car, not a comprehensive surveillance system that unlawfully records information about every drive they take and sells their data to any company willing to pay for it.”

Paxton notes that GM’s tracking impacted 1.8 million Texans and 14 million vehicles, few if any of whom understood they were signing up to be spied on by their vehicle. This is, amazingly enough, the first state lawsuit against an automaker for privacy violations, according to Politico.

The sales pitch for this kind of tracking and sales is that good drivers will be rewarded for more careful driving. But as publicly-traded companies, everybody in this chain — from insurance companies to automakers — are utterly financially desensitized from giving anybody a consistent break for good behavior. That’s just not how it’s going to work. Everybody pays more and more. Always.

But GM and other automakers’ primary problem is they weren’t telling consumers this kind of tracking was even happening in any clear, direct way. Usually it’s buried deep in an unread end user agreement for roadside assistant apps and related services. Those services usually involve a free trial, but the user agreement to data collection sticks around.

[…]

Source: Texas AG Latest To Sue GM For Covertly Selling Driver Data To Insurance Companies | Techdirt

Singing from memory shows most people can actually sing pitch perfect or very very close

Posted on by

Psychologists from UC Santa Cruz wanted to study “earworms,” the types of songs that get stuck in your head and play automatically on a loop. So they asked people to sing out any earworms they were experiencing and record them on their phones when prompted at random times throughout the day.

When researchers analyzed the recordings, they found that a remarkable proportion of them perfectly matched the of the original songs they were based upon.

More specifically, 44.7% of recordings had a pitch error of 0 semitones, and 68.9% were accurate within 1 semitone of the original . These findings were published in the journal Attention, Perception, & Psychophysics.

“What this shows is that a surprisingly large portion of the population has a type of automatic, hidden ‘perfect pitch’ ability,”

[…]

“Interestingly, if you were to ask people how they thought they did in this task, they would probably be pretty confident that they had the melody right, but they would be much less certain that they were singing in the right key,” Evans said.

“As it turns out, many people with very strong pitch memory may not have very good judgment of their own accuracy, and that may be because they don’t have the labeling ability that comes with true perfect pitch.”

Evans explained that true perfect pitch is the ability to accurately produce or identify a given note on the first try and without a reference pitch. […] scientists are increasingly finding that accurate pitch memory is much more common.

[…]

“People who study memory often think about long-term memories as capturing the gist of something, where the brain takes shortcuts to represent information, and one way our brains could try to represent the gist of music would be to forget what the original key was,” explained Professor Davidenko.

“Music sounds very similar in different keys, so it would be a good shortcut for the brain to just ignore that information, but it turns out that it’s not ignored.

[…]

He noted that the pitch accuracy of participants in the study was not predicted by any objective measures of singing ability, and none of the participants were musicians or reported having perfect pitch. In other words, you don’t have to have special abilities to demonstrate this foundational musical skill.

[…]

Source: Singing from memory unlocks a surprisingly common musical superpower

Researchers figure out how to keep clocks on the Earth, Moon in sync

Posted on by

[…] Our communications and GPS networks all depend on keeping careful track of the precise timing of signals—including accounting for the effects of relativity. The deeper into a gravitational well you go, the slower time moves, and we’ve reached the point where we can detect differences in altitude of a single millimeter. Time literally flows faster at the altitude where GPS satellites are than it does for clocks situated on Earth’s surface. Complicating matters further, those satellites are moving at high velocities, an effect that slows things down.

[…]

It would be easy to set up an equivalent system to track time on the Moon, but that would inevitably see the clocks run out of sync with those on Earth—a serious problem for things like scientific observations

[…]

Ashby and Patla worked on developing a system where anything can be calculated in reference to the center of mass of the Earth/Moon system. Or, as they put it in the paper, their mathematical system “enables us to compare clock rates on the Moon and cislunar Lagrange points with respect to clocks on Earth by using a metric appropriate for a locally freely falling frame such as the center of mass of the Earth–Moon system in the Sun’s gravitational field.”

[…]

The paper’s body has 55 of them, and there are another 67 in the appendices.

[…]

Things get complicated because there are so many factors to consider. There are tidal effects from the Sun and other planets. Anything on the surface of the Earth or Moon is moving due to rotation; other objects are moving while in orbit. The gravitational influence on time will depend on where an object is located.

[…]

he researchers say that their approach, while focused on the Earth/Moon system, is still generalizable. Which means that it should be possible to modify it and create a frame of reference that would work on both Earth and anywhere else in the Solar System. Which, given the pace at which we’ve sent things beyond low-Earth orbit, is probably a healthy amount of future-proofing.

The Astronomical Journal, 2024. DOI: 10.3847/1538-3881/ad643a  (About DOIs).

Source: Researchers figure out how to keep clocks on the Earth, Moon in sync | Ars Technica

Patreon will have to use Apple’s in-app purchase system or be removed from the App Store. Also only subscriptions now.

Posted on by

Apple takes a lot of strong positions, but their ultimate hill to die on might just be requiring apps to make purchases through the tech giant. The latest example comes from Patreon, which announced that Apple is requiring it to switch over to the iOS in-app purchase system or risk expulsion. Patreon’s entire purpose is to allow creators to offer “patrons” memberships in exchange for content. While some tiers are unpaid, creators offer paid options to make money — something this shift could impact.

Patreon users need to know about two main changes. By this November, all creators can only offer a subscription-based plan on iOS as the app store doesn’t support other formats, such as first-of-the-month or per-creation plans. As a result, Patreon is rolling out a 16-month-long migration process that will shift all memberships to subscriptions by November 2025. At that point, subscription-based plans will be the only option available, unfortunately proving Apple’s far-reaching power.

Apple will also be taking a 30 percent cut on all subscriptions made on the Patreon iOS app after November of this year — something its done for Patreon in-app commerce purchases since early 2024. Patreon has designed a tool that allows creators to increase their prices on the iOS app and leave them as is on the browser site and Android devices. However, creators can turn it off if they’d rather leave their rates as is.

Source: Patreon will have to use Apple’s in-app purchase system or be removed from the App Store

Stratasys sues Bambu Lab over patents used widely by consumer 3D printers | Ars Technica

Posted on by

[…]

In two complaints, (1, 2, PDF) filed in the Eastern District of Texas, Marshall Division, against six entities related to Bambu Lab, Stratasys alleges that Bambu Lab infringed upon 10 patents that it owns, some through subsidiaries like Makerbot (acquired in 2013). Among the patents cited are US9421713B2, “Additive manufacturing method for printing three-dimensional parts with purge towers,” and US9592660B2, “Heated build platform and system for three-dimensional printing methods.”

There are not many, if any, 3D printers sold to consumers that do not have a heated bed, which prevents the first layers of a model from cooling during printing and potentially shrinking and warping the model. “Purge towers” (or “prime towers” in Bambu’s parlance) allow for multicolor printing by providing a place for the filament remaining in a nozzle to be extracted and prevent bleed-over between colors. Stratasys’ infringement claims also target some fundamental technologies around force detection and fused deposition modeling (FDM) that, like purge towers, are used by other 3D-printer makers that target entry-level and intermediate 3D-printing enthusiasts.

[…]

Source: Stratasys sues Bambu Lab over patents used widely by consumer 3D printers | Ars Technica

UK Once Again Denies A Passport Over Applicant’s Name Due To Intellectual Property Concerns – again

Posted on by

I can’t believe this, but it happened again. Almost exactly a decade ago, Tim Cushing wrote about a bonkers story out of the UK in which a passport applicant who’s middle name was “Skywalker” was denied the passport due to purported trademark or copyright concerns. The question that ought to immediately leap to mind should be: wait, nothing about a name or its appearance on a passport amounts to either creative expression being copied, nor use in commerce, meaning that neither copyright nor trademark law ought to apply in the slightest.

And you would have thought that coming out of that whole episode, proper guidance would have been given to the UK’s passport office so that this kind of stupidity doesn’t happen again. Unfortunately, it did happen again. A UK woman attempted to get a passport for her daughter, who she named Khaleesi, only to have it refused over the trademark for the Game of Thrones character that held the same fictional title.

Lucy, 39, from Swindon in Wiltshire, said the Passport Office initially refused the application for Khaleesi, six.

Officials said they were unable to issue a passport unless Warner Brothers gave permission because it owned the name’s trademark. But the authority has since apologised for the error.

“I was absolutely devastated, we were so looking forward to our first holiday together,” Lucy said.

While any intellectual property concerns over a passport are absolutely silly, I would argue that trademark law makes even less sense here than copyright would. Again, trademark law is designed specifically to protect the public from being confused as to the source of a good or service in commerce. There is no good or service nor commerce here. Lucy would simply like to take her own child across national borders. That’s it. Lucy had to consult with an attorney due to this insanity, which didn’t initially yield the proper result.

After seeking legal advice, her solicitors discovered that while there is a trademark for Game of Thrones, it is for goods and services – but not for a person’s name.

“That information was sent to the Passport Office who said I would need a letter from Warner Brothers to confirm my daughter is able to use that name,” she said.

This amounts to a restriction on the rights and freedoms of a child in a free country as a result of the choice their parent’s made about their name. Whatever your thoughts on IP laws in general, that simply cannot be the aim of literally any of them.

Now, once the media got a hold of all of this, the Passport Office eventually relented, said it made an error in denying the passport, and has put the application through. But even the government’s explanation doesn’t fully make sense.

Official explained there had been a misunderstanding and the guidance staff had originally given applies only to people changing their names.

“He advised me that they should be able to process my daughter’s passport now, ” she said.

Why would the changing of a name be any different? My name is my name, not a creative expression, nor a use in commerce. If I elect to change my name from “Timothy Geigner” to “Timothy Mickey Mouse Geigner”, none of that equates to an infringement of Disney’s rights, copyright nor trademark. It’s just my name. It would only be if I attempted to use my new name in commerce or as part of an expression that I might run afoul of either trademark or copyright law.

What this really is is the pervasive cancer that is ownership culture. It’s only with ownership culture that you get a passport official somehow thinking that Warner Bros. production of a fantasy show means a six year old can’t get a passport.

Source: UK Once Again Denies A Passport Over Applicant’s Name Due To Intellectual Property Concerns | Techdirt

Amazon-Anthropic Investment Investigated by UK Government – is it a stealth merger?

Posted on by

The U.K. government has launched a preliminary investigation into the partnership between Amazon and Anthropic to see if it will significantly lessen competition. This comes days after a similar probe was announced into Alphabet’s collaboration with the AI startup.

In March, Amazon concluded its $4 billion (£3.16 billion) investment in Anthropic, the company behind the Claude LLM family, some of the only viable competitors to OpenAI’s ChatGPT and Google’s Gemini. It was founded by former OpenAI employees, including siblings Daniela and Dario Amodei, who were both execs.

In return for the investment, Anthropic committed to using Amazon Web Services as its primary cloud provider for “mission critical workloads, including safety research and future foundation model development.” It also agreed to use Amazon’s Trainium and Inferentia chips to build, train, and deploy its models and host them on the AI app development platform Amazon Bedrock.

However, the Competition and Markets Authority believes that this partnership could result in a “substantial lessening of competition” within the U.K. tech markets.

[…]

Complete mergers and acquisitions often trigger extensive regulatory scrutiny and potential antitrust actions for this reason, which can delay or block proceedings. To avoid this situation, Big Tech instead makes strategic investments in the most promising startups and hires their top talent, allowing them to gain influence and access to innovative technologies unchecked.

In an April report on how the CMA is looking into AI foundational models, the CMA said, “Without fair, open, and effective competition and strong consumer protection, underpinned by these principles, we see a real risk that the full potential of organisations or individuals to use AI to innovate and disrupt will not be realised, nor its benefits shared widely across society.

[…]

The CMA is looking to identify “relevant merger situation(s)” that allow large tech companies to “shield themselves from competition” in the U.K. It says that “a range of different kinds of transactions and arrangements” could represent a relevant merger with the provisions of the Enterprise Act 2002.

The Digital Markets, Competition, and Consumers Bill that was passed in May also “anticipates new powers for the CMA.” According to the April report, the CMA can “enforce consumer protection law against infringing firms” and apply non-compliance penalties of up to 10% of a firm’s worldwide turnover.

“We are ready to use these new powers to raise standards in the market and, if necessary, to tackle firms that do not play by the rules through enforcement action,” it said.

[…]

Source: Amazon-Anthropic Merger Investigated by UK Government

New U.N. Cybercrime Treaty Could Threaten Human Rights

Posted on by

The United Nations approved its first international cybercrime treaty yesterday. The effort succeeded despite opposition from tech companies and human rights groups, who warn that the agreement will permit countries to expand invasive electronic surveillance in the name of criminal investigations. Experts from these organizations say that the treaty undermines the global human rights of freedom of speech and expression because it contains clauses that countries could interpret to internationally prosecute any perceived crime that takes place on a computer system.

[…]

among the watchdog groups that monitored the meeting closely, the tone was funereal. “The U.N. cybercrime convention is a blank check for surveillance abuses,” says Katitza Rodriguez, the Electronic Frontier Foundation’s (EFF’s) policy director for global privacy. “It can and will be wielded as a tool for systemic rights violations.”

In the coming weeks, the treaty will head to a vote among the General Assembly’s 193 member states. If it’s accepted by a majority there, the treaty will move to the ratification process, in which individual country governments must sign on.

The treaty, called the Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes, was first devised in 2019, with debates to determine its substance beginning in 2021. It is intended to provide a global legal framework to prevent and respond to cybercrimes.

[…]

experts have expressed that the newly adopted treaty lacks such safeguards for a free Internet. A major concern is that the treaty could be applied to all crimes as long as they involve information and communication technology (ICT) systems. HRW has documented the prosecution of LGBTQ+ people and others who expressed themselves online. This treaty could require countries’ governments to cooperate with other nations that have outlawed LGBTQ+ conduct or digital forms of political protest, for instance.

“This expansive definition effectively means that when governments pass domestic laws that criminalize a broad range of conducts, if it’s committed through an ICT system, they can point to this treaty to justify the enforcement of repressive laws,” said HRW executive director Tirana Hassan in a news briefing late last month.

[…]

“The treaty allows for cross-border surveillance and cooperation to gather evidence for serious crimes, effectively transforming it into a global surveillance network,” Rodriguez says. “This poses a significant risk of cross-border human rights abuses and transnational repression.”

[…]

Source: New U.N. Cybercrime Treaty Could Threaten Human Rights | Scientific American

For a more complete look at the threats presented by this treaty, also see: UN Cybercrime Treaty does not define cybercrime, allows any definition and forces all signatories to secretly surveil their own population on request by any other signatory (think totalitarian states spying on people in democracies with no recourse)

Apple tries again to make EU officials happy with new fees for in-app purchases

Posted on by

Apple this week revised its alternative contractual terms for devs selling apps in the European Union – a revision that was immediately dismissed by critics as more “malicious compliance.”

[…]

Essentially, Apple has allowed developers in the EU to choose whether they want to use its own In‑App Purchase system for App Store transactions or an alternative payment processor for In-App transactions. EU app developers can also choose to sell their apps through a third-party storefront.

The Alternative Terms contract covers: 1) In‑App Purchase system from the App Store; 2) alternative payment processors; and 3) linking out from apps.

The StoreKit addendum covers just linking out – it “allows the ability to link out for purchases of digital goods or services for apps distributed in the EU and includes new business terms for those transactions.” It’s not for in-app transactions.

The StoreKit contract doesn’t include the Core Technology fee – assessed for devs using the Alternative Terms contract on app installs beyond one million at €0.50 for each app installed.

But it does come with two new fees: a 5 percent “Initial Acquisition Fee” and a 10/20 percent “Store Services Fee.”

On iOS, under the Alternative Terms contract, Apple demands a 17 percent commission for apps sold in EU storefronts of the App Store, or 10 percent for App Store Small Business Program participants. Then there’s the 3 percent payment processing fee, and the Core Technology fee is applicable.

There’s also an Initial acquisition fee of 5 percent “for sales of digital goods and services, made on any platform, that occur within a 12-month period after an initial install.” And there’s a Store services fee of 10 percent “for sales of digital goods and services, made on any platform, that occur within a fixed 12-month period from the date of an install, including app updates and reinstalls.”

Under the StoreKit Contract, the Initial acquisition fee is the same – 5 percent – but the Store service fee is 20 percent. For App Store Small Business Program participants or auto-renewal subscriptions beyond one year, that drops to 7 percent.

Fee calculation is complicated enough that Apple has built a web-based calculator for the task.

In a statement provided to The Register, Spotify said, “We are currently assessing Apple’s deliberately confusing proposal. At first glance, by demanding as much as a 25 percent fee for basic communication with users, Apple once again blatantly disregards the fundamental requirements of the Digital Markets Act (DMA). The European Commission has made it clear that imposing recurring fees on basic elements like pricing and linking is unacceptable. We call on the Commission to expedite its investigation, implement daily fines and enforce the DMA.”

[…]

United Kingdom’s Competition and Markets Authority – as part of its Mobile Browsers and Cloud Gaming Market investigation – is contemplating uncomfortable remedies [PDF] against the fruiterer.

[…]

Among the issues that concern the CMA are: Apple’s requirement that all browsers on its mobile devices use its own WebKit rendering engine; Apple’s and Google’s dominance of browser engines; and Apple’s rules that limit in-app browsers.

Some of the options being considered include: “Requirement for Apple to grant access to alternative browser engines to iOS”; “Requirement for Apple to grant equivalent access to iOS to browsers using alternative browser engines”; and “Requirement for Apple to grant equivalent access to APIs used by WebKit and Safari to browsers using alternative browser engines.”

[…]

Source: Apple tries again to make EU officials happy – with new fees • The Register

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Posted on by

Security flaws in your computer’s firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in the firmware of any particular computer maker, but in the chips found across hundreds of millions of PCs and servers. Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer’s memory that, in many cases, it may be easier to discard a machine than to disinfect it.

At the Defcon hacker conference tomorrow, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they’re calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode

[…]

an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity. For systems with certain faulty configurations in how a computer maker implemented AMD’s security feature known as Platform Secure Boot—which the researchers warn encompasses the large majority of the systems they tested—a malware infection installed via Sinkclose could be harder yet to detect or remediate, they say, surviving even a reinstallation of the operating system.

[…]

Only opening a computer’s case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.

Nissim sums up that worst-case scenario in more practical terms: “You basically have to throw your computer away.”

In a statement shared with WIRED, AMD acknowledged IOActive’s findings, thanked the researchers for their work, and noted that it has “released mitigation options for its AMD EPYC datacenter products and AMD Ryzen PC products, with mitigations for AMD embedded products coming soon.” (The term “embedded,” in this case, refers to AMD chips found in systems such as industrial devices and cars.) For its EPYC processors designed for use in data-center servers, specifically, the company noted that it released patches earlier this year. AMD declined to answer questions in advance about how it intends to fix the Sinkclose vulnerability, or for exactly which devices and when, but it pointed to a full list of affected products that can be found on its website’s security bulletin page.

[…]

Nissim and Okupski respond that while exploiting Sinkclose requires kernel-level access to a machine, such vulnerabilities are exposed in Windows and Linux practically every month

[…]

Nissim and Okupski’s Sinkclose technique works by exploiting an obscure feature of AMD chips known as TClose. (The Sinkclose name, in fact, comes from combining that TClose term with Sinkhole, the name of an earlier System Management Mode exploit found in Intel chips in 2015.) In AMD-based machines, a safeguard known as TSeg prevents the computer’s operating systems from writing to a protected part of memory meant to be reserved for System Management Mode known as System Management Random Access Memory or SMRAM. AMD’s TClose feature, however, is designed to allow computers to remain compatible with older devices that use the same memory addresses as SMRAM, remapping other memory to those SMRAM addresses when it’s enabled. Nissim and Okupski found that, with only the operating system’s level of privileges, they could use that TClose remapping feature to trick the SMM code into fetching data they’ve tampered with, in a way that allows them to redirect the processor and cause it to execute their own code at the same highly privileged SMM level.

[…]

Nissim and Okupski say they agreed with AMD not to publish any proof-of-concept code for their Sinkclose exploit for several months to come, in order to provide more time for the problem to be fixed.

[…]

Source: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections | WIRED

Warner Bros. Scrubs Cartoon Network Website, Erasing Years of History

Posted on by

Warners Bros. Discovery has not been having a great time recently, and is going through a wave of increasingly desperate cost-cutting initiatives because of it. Several of those movements have felt particularly targeted at the studio’s animated offerings, from its inability to release finished films to selling off its current, past, and would-be successes to other streamers. Its latest indignity comes at the cost of Cartoon Network’s online presence.

Variety reports that Warner completely wiped the Cartoon Network website—previously home to an archive of clips and full episodes of a wide variety of animated series, including the likes of Steven UniverseTeen Titans Go!, We Bare Bears, Adventure Time, and other past and present CN series—leaving nothing and redirecting visitors to a message encouraging them to instead sign up for Max.

[…]

As well as removing free access to series, the Cartoon Network website also hosted years of beloved flash games relating to its shows. While many have been erased over the years through various site redesigns—and archived elsewhere for nostalgic fans—at least some of the current archives are still accessible via international versions of the Cartoon Network website in regions where Max is currently unavailable.

The news comes after Warner recently announced plans to shutter its dedicated streaming service for classic animation, Boomerang.

[…]

Source: Warner Bros. Scrubs Cartoon Network Website, Erasing Years of History

Oxford scientists’ new light-absorbing material can turn everyday objects into solar panels

Posted on by

Oxford University scientists may have solved one of the greatest hindrances of expanding access to solar energy. Scientists from the university’s physics department have created an ultra-thin layer of material that can be applied to the exterior of objects with sunlight access in place of bulky silicon-based solar panels.

The ultra-thin and flexible film is made by stacking layers of light-absorbing layers of perovskite that are just over one micron thick. The new materials are also 150 times thinner than a traditional silicon wafer and can produce 5 percent more energy efficiency than traditional, single-layer silicon photovoltaics, according to a statement released by Oxford University.

Dr. Shauifeng Hu, a postdoctoral fellow at Oxford’s physics department, says he believes “this approach could enable the photovoltaic devices to achieve far greater efficiencies, exceeding 45 percent.”

This new approach to solar energy technology could also reduce the cost of solar energy. Due to their thinness and flexibility, they can be applied to almost any surface. This reduces the cost of construction and installation and could increase the number of solar energy farms producing more sustainable energy.

This technology, however, is still in the research stage and the university doesn’t mention the long-term stability of the newly designed perovskite panels. Going from 6 to 27 percent solar energy efficiency in five years is an impressive feat but stability has always been limited compared to photovoltaic technology, according to the US Department of Energy. A 2016 study in the science journal Solar Energy Materials and Solar Cells also noted that perovskite can provide “efficient, low-cost energy generation” but it also has “poor stability” due its sensitivity to moisture.

Source: Oxford scientists’ new light-absorbing material can turn everyday objects into solar panels

After 33 Years, GameStop Shuts Down And Disappears ‘Game Informer’

Posted on by

[…]

Nobody is going to let decades of journalistic output just suddenly get disappeared out of nowhere… right?

When it comes to Game Informer, the GameStop owned video game magazine that has been in production for over three decades, that’s exactly what just happened.

Staff at the magazine, which also publishes a website, weekly podcast, and online video documentaries about game studios and developers, were all called into a meeting on Friday with parent company GameStop’s VP of HR. In it they were told the publication was closing immediately, they were all laid off, and would begin receiving severance terms. At least one staffer was in the middle of a work trip when the team was told.

The sudden closure of Game Informer means that issue number 367, the outlet’s Dragon Age: The Veilguard cover story, will be its last. The entire website has been taken offline as well.

This isn’t link rot. It’s link decapitation. Every single URL from the Game Informer website now points only to the main site URL, with the following message posted on it.

After 33 thrilling years of bringing you the latest news, reviews, and insights from the ever-evolving world of gaming, it is with a heavy heart that we announce the closure of Game Informer.

From the early days of pixelated adventures to today’s immersive virtual realms, we’ve been honored to share this incredible journey with you, our loyal readers. While our presses may stop, the passion for gaming that we’ve cultivated together will continue to live on.

Thank you for being part of our epic quest, and may your own gaming adventures never end.

Barring anyone with physical copies of the magazine, or those that created their own online scans of those magazines, or whatever you can still get out of the Internet Archive, it’s all just gone. Thousands of articles and features, millions of words of journalistic output, simply erased. Even the ExTwitter account for the publication has been disappeared, even after it was used to post the same message as on the website. What you will see if you go that link for the disappeared tweet is an outpouring of sadness from all sorts of folks, including famed voice actors, content creators like Mega Ran, and even game studios, all eulogizing the beloved magazine.

And it seems that this shut down, almost certainly at the hands of CEO Ryan Cohen, occurred without any opportunity for those who produced all of this content to take backups for archive purposes.

[…]

And, because cultural disasters like this tend to be sprinkled with at least a dash of irony:

A recent in-depth feature on the retro game studio Digital Eclipse about gaming’s history and preservation is one of the stories that is no longer accessible. A write-up about Game Informer’s famous game vault, containing releases from across its decades long history, is also inaccessible.

So a gaming journalism outfit failed to preserve its own features on game preservation. That would actually be funny if it weren’t so infuriating.

Source: After 33 Years, GameStop Shuts Down And Disappears ‘Game Informer’ | Techdirt

Wow, #GME you have lost a diamondhand. I no longer believe in this stonk.

Posted in Art

Google will let you search your Chrome browsing history by asking questions like a human – Firefox, you need this!

Posted on by

[…]

you’ll be able to ask questions of your browsing history in natural language using Gemini, Google’s family of large language models that power its AI systems. You can type a question like “What was that ice cream shop I looked at last week?” into your address bar after accessing your history and Chrome will show relevant pages from whatever you’ve browsed so far.

Google Search History with AI
Google

“The high level is really wanting to introduce a more conversational interface to Chrome’s history so people don’t have to remember URLs,” said Parisa Tabriz, vice president of Chrome, in a conversation with reporters ahead of the announcement.

The feature will only be available to Chrome’s desktop users in the US for now and will be opt-in by default. It also won’t work with websites you browsed in Incognito mode. And the company says that it is aware of the implications of having Google’s AI parse through your browsing history to give you an answer. Tabriz said that the company does not directly use your browsing history or tabs to train its large language models. “Anything related to browsing history is super personal, sensitive data,” she said. “We want to be really thoughtful and make sure that we’re thinking about privacy from the start and by design.”

[…]

Source: Google will let you search your Chrome browsing history by asking questions like a human

Absolutely brilliant! And it should be able to implement this on a privacy friendly scale – for which I wouldn’t trust Google for a second!

Europe launches ‘AI Factories’ initiative

Posted on by

[…]

According to the Commission, AI Factories are envisioned as “dynamic ecosystems” that bring together all the necessary ingredients – compute power, data, and talent – to create cutting-edge generative AI models, so it isn’t just about making a supercomputer available and telling people to get on with it.

The ultimate goal for these AI Factories is that they will serve as hubs able to drive advances in AI across various key domains, from health to energy, manufacturing to meteorology, it said.

To get there, the EuroHPC JU says that its AI Factories approach aims to create a one-stop shop for startups, SMEs, and scientific users to facilitate access to services as well as skill development and support.

In addition, an AI Factory will also be able to apply for a grant to develop an optional system/partition focused on the development of experimental AI-optimized supercomputing platforms. The goal of such platforms would be to stimulate the development and design of a wide range of technologies for AI-ready supercomputers.

The EuroHPC JU says it will kick off a two-pronged approach to delivering AI Factories from September. One will be a call for new hosting agreements for the acquisition of a new AI supercomputer, or for an upgraded supercomputer in the case applicants aim to upgrade an existing EuroHPC supercomputer to have AI capabilities.

[…]

According to the EuroHPC JU, grants will be offered to cover the operational costs of the supercomputers, as well as to support AI Factory activities and services.

The second prong is aimed at entities that already host a EuroHPC supercomputer capable of training large-scale, general-purpose AI models and emerging AI applications. It will also offer grants to support AI Factory activities.

[…]

Source: Europe launches ‘AI Factories’ initiative • The Register

EU Commission opens stakeholder participation in drafting general-purpose AI code of practice

Posted on by

The European Commission has issued a call to stakeholders to participate in drafting a code of practice for general-purpose artificial intelligence (GPAI), a key part of compliance with the AI Act for deployers of technology like ChatGPT, according to a press release on Tuesday (30 July).

[…]

a diversity of stakeholders will be engaged in the process, albeit with companies still maintaining a somewhat stronger position in the planned structure, according to the call for expression of interest published today, which runs until 25 August.

Separately, on Tuesday the Commission opened up a consultation for parties to express their views on the code of practice until 10 September, without participating directly in its drafting.

GPAI providers, like OpenAI or Microsoft, can use the code to demonstrate compliance with their obligations until harmonised standards are created. The standards will support compliance with GPAI obligations, which take effect in August 2025, one year after the AI Act comes into force.

The Commission may give the code general validity within the EU through an implementing act, similar to how it plans to convert a voluntary Code of Practice on Disinformation under the Digital Services Act into a formal Code of Conduct.

[…]

Source: EU Commission opens stakeholder participation in drafting general-purpose AI code of practice – Euractiv

Thin edge-lit LCD TVs Break Faster Under Prolonged Use: tested for 10k hours

Posted on by

[…] At the time of this article’s publication, our 100 TVs had been running for over 10,000 hours since the launch of the test, which represents roughly six years of use in a typical U.S. household

[…]

The results of this investigation are unequivocal: edge-lit TVs are inherently prone to significant durability issues, including warped reflector sheets, cracked light guide plates, and burnt-out LEDs due to concentrated heat. These problems manifest after prolonged use at maximum brightness, posing a significant risk to their long-term reliability.

[…]

we recommend prioritizing models with better heat distribution, such as direct-lit or FALD TVs, for improved longevity and performance.

[…]

Excluding the 18 OLEDs, which have burn-in from constantly streaming CNN, over 25% of the 82 LCD TVs in our test suffer from visible uniformity issues.

It gets worse if we look at LCD TVs by their sub-type. Seven out of the eleven (64%) edge-lit models in our test suffer from uniformity issues, one has outright failed, and others are in the process of doing so. In contrast, only 14 out of the 71 (20%) full-array local dimming (FALD) and direct-lit TVs have uniformity issues.

The issues we’ve encountered with the edge-lit TVs in our test seem to be the same across models and brands

[…]

Brand/Model/Year LG QNED80 2022 LG NANO85 2021 Samsung AU8000 2021
Time to Issue Onset 7,600 3,300 2,200
50% Gray Uniformity

@ ~10 000 h

 LG QNED80 2022 - 50% Gray Uniformity Picture - 10 000h LG NANO85 2021 - 50% Gray Uniformity Picture - 10 000 h Samsung AU8000 - 50% Gray Uniformity Picture - 10 000 h
Brand/Model/Year Samsung Q60A QLED 2021 Samsung Q70A QLED 2021 Samsung The Frame 2022
Time to Issue Onset 2,200 2,200 3,300
50% Gray Uniformity

@ ~10 000 h

 Samsung Q60A - 50% Gray Uniformity Picture - 10 000 h Samsung Q70A - 50% Gray Uniformity Picture - 10 000 h Samsung The Frame 2022 - 50% Gray Uniformity Picture - 10 000 h
Brand/Model/Year Samsung Q60B QLED 2022
Time to Issue Onset 5,500
50% Gray Uniformity

@ ~10 000 h

  Samsung Q60B - 50% Gray Uniformity Picture - 10 000 h

 

Source: Thin LCD TVs Break Faster Under Prolonged Use: Key Findings From Running 100 TVs for Over 10,000 Hours – RTINGS.com

Suno & Udio To RIAA: Your Music Is Copyrighted, You Can’t Copyright Styles

Posted on by

AI music generators Suno and Udio responded to the lawsuits filed by the major recording labels, arguing that their platforms are tools for making new, original music that “didn’t and often couldn’t previously exist.”

“Those genres and styles — the recognizable sounds of opera, or jazz, or rap music — are not something that anyone owns,” the companies said. “Our intellectual property laws have always been carefully calibrated to avoid allowing anyone to monopolize a form of artistic expression, whether a sonnet or a pop song. IP rights can attach to a particular recorded rendition of a song in one of those genres or styles. But not to the genre or style itself.” TorrentFreak reports: “[The labels] frame their concern as one about ‘copies’ of their recordings made in the process of developing the technology — that is, copies never heard or seen by anyone, made solely to analyze the sonic and stylistic patterns of the universe of pre-existing musical expression. But what the major record labels really don’t want is competition.” The labels’ position is that any competition must be legal, and the AI companies state quite clearly that the law permits the use of copyrighted works in these circumstances. Suno and Udio also make it clear that snippets of copyrighted music aren’t stored as a library of pre-existing content in the neural networks of their AI models, “outputting a collage of ‘samples’ stitched together from existing recordings” when prompted by users.

“[The neural networks were] constructed by showing the program tens of millions of instances of different kinds of recordings,” Suno explains. “From analyzing their constitutive elements, the model derived a staggeringly complex collection of statistical insights about the auditory characteristics of those recordings — what types of sounds tend to appear in which kinds of music; what the shape of a pop song tends to look like; how the drum beat typically varies from country to rock to hip-hop; what the guitar tone tends to sound like in those different genres; and so on.” These models are vast stores, not of copyrighted music, the defendants say, but information about what musical styles consist of, and it’s from that information new music is made.

Most copyright lawsuits in the music industry are about reproduction and public distribution of identified copyright works, but that’s certainly not the case here. “The Complaint explicitly disavows any contention that any output ever generated by Udio has infringed their rights. While it includes a variety of examples of outputs that allegedly resemble certain pre-existing songs, the Complaint goes out of its way to say that it is not alleging that those outputs constitute actionable copyright infringement.” With Udio declaring that, as a matter of law, “that key point makes all the difference,” Suno’s conclusion is served raw. “That concession will ultimately prove fatal to Plaintiffs’ claims. It is fair use under copyright law to make a copy of a protected work as part of a back-end technological process, invisible to the public, in the service of creating an ultimately non-infringing new product.” Noting that Congress enacted the first copyright law in 1791, Suno says that in the 233 years since, not a single case has ever reached a contrary conclusion.

In addition to addressing allegations unique to their individual cases, the AI companies accuse the labels of various types of anti-competitive behavior. Imposing conditions to prevent streaming services obtaining licensed music from smaller labels at lower rates, seeking to impose a “no AI” policy on licensees, to claims that they “may have responded to outreach from potential commercial counterparties by engaging in one or more concerted refusals to deal.” The defendants say this type of behavior is fueled by the labels’ dominant control of copyrighted works and by extension, the overall market. Here, however, ownership of copyrighted music is trumped by the existence and knowledge of musical styles, over which nobody can claim ownership or seek to control. “No one owns musical styles. Developing a tool to empower many more people to create music, by scrupulously analyzing what the building blocks of different styles consist of, is a quintessential fair use under longstanding and unbroken copyright doctrine. “Plaintiffs’ contrary vision is fundamentally inconsistent with the law and its underlying values.” You can read Suno and Udio’s answers to the RIAA’s lawsuits here (PDF) and here (PDF).

Source: Suno & Udio To RIAA: Your Music Is Copyrighted, You Can’t Copyright Styles

Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out

Posted on by

[…] For those who rely on Microsoft Authenticator, the experience can go beyond momentary frustration to full-blown panic as they become locked out of their accounts.

That’s because, due to an issue involving which fields it uses, Microsoft Authenticator often overwrites accounts when a user adds a new account via QR scan — the most common method of doing so.

But because of the way the resulting lockout happens, the user is not likely to realize the issue resides with Microsoft Authenticator. Instead, the company issuing the authentication is considered the culprit, resulting in wasted corporate helpdesk hours trying to fix an issue not of that company’s making.

The core of the problem? Microsoft Authenticator will overwrite an account with the same username. Given the prominent use of email addresses for usernames, most users’ apps share the same username.

[…]

There are multiple workarounds. The easiest is for companies to use any other authentication app. Not using the QR code scan feature — and manually entering the code — will also sidestep the issue, which doesn’t appear to arise when the authenticated accounts belong to Microsoft.

CSO Online found complaints of this problem dating back to 2020, but it appears to have been in place since Microsoft Authenticator was released in June 2016.

[…]

Source: Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online

Chrome Web Store warns end is coming for uBlock Origin

Posted on by

[…] With the stable release of Chrome 127 on July 23, 2024, the full spectrum of Chrome users could see the warning. One user of the content-blocking add-on filed a GitHub Issue about the notification.

“This extension may soon no longer be supported because it doesn’t follow best practices for Chrome extensions,” the Chrome Web Store (CWS) notification banner explained.

But Google is being too cautious in its language. uBlock Origin (uBO) will stop working entirely when Google Chrome drops support for Manifest v2 – which uBlock Origin and other extensions rely on to do their thing. When Manifest v2 is no longer supported by Chrome, uBlock Origin won’t work at all – that’s what Google should be telling users.

Raymond Hill, the creator and maintainer of uBO, has made it clear that he will not be trying to adapt uBO to Google’s Manifest v3 – the extension architecture that is replacing v2.

“You will have to find an alternative to uBO before Google Chrome disables it for good,” he explained in a list of FAQs for uBlock Origin Lite – a content-blocking extension that functions on the upcoming Manifest v3 system but lacks the ability to create custom filters.

uBlock Origin Lite, he explained, is “not meant as a [Manifest v3]-compliant version of uBO, it’s meant as a reliable Lite version of uBO, suitable for those who used uBO in an install-and-forget manner.”

This is a nuanced statement. He’s not saying that if you move from uBO to uBlock Origin Lite all will be well and exactly the same – just that uBlock Origin Lite works on Manifest v3, so it will continue working after the v2 purge.

This nuance is needed because Manifest v2 provided uBlock Origin and other extensions deep access to sites and pages being visited by the user. It allowed adverts and other stuff to be filtered out as desired, whereas v3 pares back that functionality.

While it’s difficult to generalize about how the experience of uBO under Manifest v2 and uBOL under Manifest v3 will differ, Hill expects uBOL “will be less effective at dealing with” websites that detect and block content blockers, and at “minimizing website breakage” when stuff is filtered out, because existing uBO filters can’t be converted to declarative rules.

[…]

Source: Chrome Web Store warns end is coming for uBlock Origin • The Register

Sonos apologized months too late for messing up its app and has offered a roadmap for fixing everything which has already slipped

Posted on by

Sonos seriously stepped in it a couple of months back when it released an overhauled first-party mobile app that shipped with a number of missing features. These included core functions like sleep timers and alarms. Many of the company’s speakers would not appear as a pairing option and it became extremely difficult to precisely adjust the volume level of a paired speaker.Additionally, music search and playback were both negatively impacted by the change, leading to numerous customer complaints.

Now, the company has apologized for releasing the half-baked app. CEO Patrick Spence whipped up a blog post to address the “significant problems” with the new software.

“There isn’t an employee at Sonos who isn’t pained by having let you down, and I assure you that fixing the app for all of our customers and partners has been and continues to be our number one priority,” he wrote.

Spence also wrote that the company had planned to quickly incorporate the missing features and patch up any errors, but these fixes were delayed by a “number of issues” that were unique to the update. He did confirm that Sonos has been actively pushing out patches approximately every two weeks to address a wide variety of concerns.

[…]

Source: Sonos apologized for messing up its app and has offered a roadmap for fixing everything