Bilingual Brain-Reading Implant Decodes Spanish and English

Posted on by

For the first time, a brain implant has helped a bilingual person who is unable to articulate words to communicate in both of his languages. An artificial-intelligence (AI) system coupled to the brain implant decodes, in real time, what the individual is trying to say in either Spanish or English.

The findings, published on 20 May in Nature Biomedical Engineering, provide insights into how our brains process language, and could one day lead to long-lasting devices capable of restoring multilingual speech to people who can’t communicate verbally.

[…]

The person at the heart of the study, who goes by the nickname Pancho, had a stroke at age 20 that paralysed much of his body. As a result, he can moan and grunt but cannot speak clearly.

[…]

the team developed an AI system to decipher Pancho’s bilingual speech. This effort, led by Chang’s PhD student Alexander Silva, involved training the system as Pancho tried to say nearly 200 words. His efforts to form each word created a distinct neural pattern that was recorded by the electrodes.

The authors then applied their AI system, which has a Spanish module and an English one, to phrases as Pancho tried to say them aloud. For the first word in a phrase, the Spanish module chooses the Spanish word that matches the neural pattern best. The English component does the same, but chooses from the English vocabulary instead. For example, the English module might choose ‘she’ as the most likely first word in a phrase and assess its probability of being correct to be 70%, whereas the Spanish one might choose ‘estar’ (to be) and measure its probability of being correct at 40%.

[…]

From there, both modules attempt to build a phrase. They each choose the second word based on not only the neural-pattern match but also whether it is likely to follow the first one. So ‘I am’ would get a higher probability score than ‘I not’. The final output produces two sentences — one in English and one in Spanish — but the display screen that Pancho faces shows only the version with the highest total probability score.

The modules were able to distinguish between English and Spanish on the basis of the first word with 88% accuracy and they decoded the correct sentence with an accuracy of 75%.

[…]

The findings revealed unexpected aspects of language processing in the brain. Some previous experiments using non-invasive tools have suggested that different languages activate distinct parts of the brain. But the authors’ examination of the signals recorded directly in the cortex found that “a lot of the activity for both Spanish and English was actually from the same area”, Silva says.

Furthermore, Pancho’s neurological responses didn’t seem to differ much from those of children who grew up bilingual, even though he was in his thirties when he learnt English — in contrast to the results of previous studies. Together, these findings suggest to Silva that different languages share at least some neurological features, and that they might be generalizable to other people.

[…]

Source: Bilingual Brain-Reading Implant Decodes Spanish and English | Scientific American

Netflix app update for Windows PCs will ditch downloads and offline viewing but give you stuff you never wanted.

Posted on by

In the past few weeks, users have received notifications on their Netflix Windows indicating that a new update is coming. The update will ship with many new features and quality-of-life improvements, including support for watching live events, improved streaming quality, compatibility with ad-supported plans, and more.

Wait – who wants any of this stuff? What quality-of-life is improved here?

[…]

However, the update will also include a new change that won’t allow users to download movies or series via the Netflix app for offline viewing or when facing intermittent internet connection issues.

Source: An official Netflix app update for Windows PCs will ditch downloads and offline viewing following a crackdown on account sharing | Windows Central

So you get stuff you really don’t want to lose stuff you really do want – especially if you travel. Which most people do.

What are they thinking at Netflix? Well, I guess it’s out with the pirate hat again and download what I want to watch offline – even if it is available to me on a service I pay for…

Adobe threatens to sue Nintendo emulator Delta for its look-alike logo

Posted on by

Delta, an emulator that can play Nintendo games, had to change its logo after Adobe threatened legal action. You’d think it would face trouble from Nintendo, seeing as it has been going after emulators these days, but no. It’s Adobe who’s going after the developer, which told TechCrunch that it first received an email from the company’s lawyer on May 7. Adobe warned Delta that their logos are too similar, with its app icon infringing on the well-known Adobe “A,” and asked it to change its logo so it wouldn’t violate the company’s rights. Delta reportedly received an email from Apple, as well, telling the developer that Adobe asked it to take down the emulator app.

A purple icon.
Delta

If you’ll recall, Apple started allowing retro game emulators on the App Store, as long as they don’t offer pirated games for download. Delta was one of the first to be approved for listing and was at the top of Apple’s charts for a while, which is probably why it caught Adobe’s attention. At the time of writing, it sits at number six in the ranking for apps in Entertainment with 17,100 ratings.

The developer told both Adobe and Apple that its logo was a stylized version of the Greek letter “delta,” and not the uppercase letter A. Regardless, it debuted a new logo, which looks someone took a sword to its old one to cut it in half. It’s a temporary solution, though — the developer said it’s releasing the “final” version of its new logo when Delta 1.6 comes out.

Source: Adobe threatens to sue Nintendo emulator Delta for its look-alike logo

Winamp has announced that it is opening up its source code

Posted on by

Winamp has announced that on 24 September 2024, the application’s source code will be open to developers worldwide.

Winamp will open up its code for the player used on Windows, enabling the entire community to participate in its development. This is an invitation to global collaboration, where developers worldwide can contribute their expertise, ideas, and passion to help this iconic software evolve.

[…]

Interested developers can now make themselves known at the following address: about.winamp.com/free-llama

Source: About Winamp – Winamp has announced that it is opening up its source code to enable collaborative development of its legendary player for Windows.

Why only now? who knows. But it will hopefully be a huge boost to WACUP – which is a player that looks a lot like Winamp, allows you to use it’s (old and new) plugins but has been updated to be modern.

Germany’s Sovereign Tech Fund Now Supporting FFmpeg

Posted on by

Following Germany’s Sovereign Tech Fund providing significant funding for GNOME, Rust Coreutils, PHP, a systemd bug bounty, and numerous other free software projects, the FFmpeg multimedia library is the latest beneficiary to this funding from the Germany government.

The Sovereign Tech Fund notes that the FFmpeg project is receiving €157,580.00 for 2024 and 2025.

FFmpeg logo

An announcement on the FFmpeg.org project site notes:

“The FFmpeg community is excited to announce that Germany’s Sovereign Tech Fund has become its first governmental sponsor. Their support will help sustain the [maintenance] of the FFmpeg project, a critical open-source software multimedia component essential to bringing audio and video to billions around the world everyday.”

Exciting news and great continuing to see the significant investments across many open-source projects being made by the Sovereign Tech Fund.

Source: Germany’s Sovereign Tech Fund Now Supporting FFmpeg – Phoronix

Ffmpeg is a hugely important tool used for manipulating video and sound files in all kinds of ways. It is used under the hood by all kinds of projects. It’s really encouraging to see governments funding this kind of stuff, especially considering the problems open source developers are running into. There should be a lot more of this and a lot less of businesses ‘funding’ open source projects and then forking them into closed source versions (here’s looking at you, Amazon).

People Are Jailbreaking Their PS4s Using Smart TVs

Posted on by

Jailbreaking a PlayStation 4 might sound tricky. But actually, all you need nowadays is an LG Smart TV, a few minutes of your time, and the internet.

Why would you want to jailbreak a PlayStation 4 console in 2024? There are a few reasons. For one, it opens the console up, letting you freely back up game installs and saves. You can also run emulators on the PS4 and play your installed games without a disc. And yes, some people are pirating new games and playing them on these hacked consoles, too. But we are not here to talk about that. Instead, I want to share a strange way people are jailbreaking PS4s.

As reported by HackADay.com, a recently created method for jailbreaking a PS4 involves plugging it into a jailbroken LG smart TV. (And yes, in case you didn’t know about this already, people are jailbreaking smart televisions, too.) Once you’ve hacked your LG TV, you install a digital tool onto the TV and hook your PS4 up to it using an ethernet cable. Then run the exploit tool on the TV and set up a LAN connection on the PS4…and that’s it. At that point, the tool should work its magic and you’ll soon have a jailbroken PS4.

Michael Crump

This new tool is built upon the work of other modders and hackers who were able to figure out new ways to jailbreak Sony’s last-gen console. And to be clear, I’m not suggesting you go buy an LG TV, jailbreak it, and then use that device to hack your PS4 and start downloading pirated games.

But being able to take full control of expensive electronic devices, like phones, TVs, and consoles, is something that we should all support as it allows these pieces of tech to be useful long after their corporate owners have moved on.

And based on what a lousy job video game companies have been doing at preserving old (or even fairly new) games, in 20 years or so, a modded PS4—jailbroken using a TV—might be the easiest way to play digital games you bought years ago but lost access to because the servers were killed.

Source: People Are Jailbreaking Their PS4s Using Smart TVs

Top EU court says there is no right to online anonymity, because copyright is more important

Posted on by

A year ago, Walled Culture wrote about an extremely important case that was being considered by the Court of Justice of the European Union (CJEU), the EU’s top court. The central question was whether the judges considered that copyright was more important than privacy. The bad news is that the CJEU has just decided that it is:

The Court, sitting as the Full Court, holds that the general and indiscriminate retention of IP addresses does not necessarily constitute a serious interference with fundamental rights.

IP addresses refer to the identifying Internet number assigned to a user’s system when it is online. That may change each time someone uses the Internet, but if Internet Service Providers are required by law to retain information about who was assigned a particular address at a given time, then it is possible to carry out routine surveillance of people’s online activities. The CJEU has decided this is acceptable:

EU law does not preclude national legislation authorising the competent public authority, for the sole purpose of identifying the person suspected of having committed a criminal offence, to access the civil identity data associated with an IP address

The key problem is that copyright infringement by a private individual is regarded by the court as something so serious that it negates the right to privacy. It’s a sign of the twisted values that copyright has succeeded on imposing on many legal systems. It equates the mere copying of a digital file with serious crimes that merit a prison sentence, an evident absurdity.

As one of the groups that brought the original case, La Quadrature du Net, writes, this latest decision also has serious negative consequences for human rights in the EU:

Whereas in 2020, the CJEU considered that the retention of IP addresses constituted a serious interference with fundamental rights and that they could only be accessed, together with the civil identity of the Internet user, for the purpose of fighting serious crime or safeguarding national security, this is no longer true. The CJEU has reversed its reasoning: it now considers that the retention of IP addresses is, by default, no longer a serious interference with fundamental rights, and that it is only in certain cases that such access constitutes a serious interference that must be safeguarded with appropriate protection measures.

As a result, La Quadrature du Net says:

While in 2020 [the CJEU] stated that there was a right to online anonymity enshrined in the ePrivacy Directive, it is now abandoning it. Unfortunately, by giving the police broad access to the civil identity associated with an IP address and to the content of a communication, it puts a de facto end to online anonymity.

This is a good example of how copyright’s continuing obsession with ownership and control of digital material is warping the entire legal system in the EU. What was supposed to be simply a fair way of rewarding creators has resulted in a monstrous system of routine government surveillance carried out on hundreds of millions of innocent people just in case they copy a digital file.

Source: Top EU court says there is no right to online anonymity, because copyright is more important – Walled Culture

Device Decodes ‘Internal Speech’ in the Brain

Posted on by

Scientists have developed brain implants that can decode internal speech — identifying words that two people spoke in their minds without moving their lips or making a sound.

Although the technology is at an early stage — it was shown to work with only a handful of words, and not phrases or sentences — it could have clinical applications in future.

Similar brain–computer interface (BCI) devices, which translate signals in the brain into text, have reached speeds of 62–78 words per minute for some people. But these technologies were trained to interpret speech that is at least partly vocalized or mimed.

The latest study — published in Nature Human Behaviour on 13 May — is the first to decode words spoken entirely internally, by recording signals from individual neurons in the brain in real time.

[…]

The researchers implanted arrays of tiny electrodes in the brains of two people with spinal-cord injuries. They placed the devices in the supramarginal gyrus (SMG), a region of the brain that had not been previously explored in speech-decoding BCIs.

Figuring out the best places in the brain to implant BCIs is one of the key challenges for decoding internal speech

[…]

wo weeks after the participants were implanted with microelectrode arrays in their left SMG, the researchers began collecting data. They trained the BCI on six words (battlefield, cowboy, python, spoon, swimming and telephone) and two meaningless pseudowords (nifzig and bindip). “The point here was to see if meaning was necessary for representation,” says Wandelt.

Over three days, the team asked each participant to imagine speaking the words shown on a screen and repeated this process several times for each word. The BCI then combined measurements of the participants’ brain activity with a computer model to predict their internal speech in real time.

For the first participant, the BCI captured distinct neural signals for all of the words and was able to identify them with 79% accuracy. But the decoding accuracy was only 23% for the second participant, who showed preferential representation for ‘spoon’ and ‘swimming’ and had fewer neurons that were uniquely active for each word. “It’s possible that different sub-areas in the supramarginal gyrus are more, or less, involved in the process,” says Wandelt.

Christian Herff, a computational neuroscientist at Maastricht University in the Netherlands, thinks these results might highlight the different ways in which people process internal speech. “Previous studies showed that there are different abilities in performing the imagined task and also different BCI control abilities,” adds Marchesotti.

The authors also found that 82–85% of neurons that were active during internal speech were also active when the participants vocalized the words. But some neurons were active only during internal speech, or responded differently to specific words in the different tasks.

[…]

Source: Device Decodes ‘Internal Speech’ in the Brain | Scientific American

Gene therapy relieves back pain, repairs damaged disc in mice

Posted on by

Disc-related back pain may one day meet its therapeutic match: gene therapy delivered by naturally derived nanocarriers that, a new study shows, repairs damaged discs in the spine and lowers pain symptoms in mice.

Scientists engineered nanocarriers using mouse connective-tissue cells called fibroblasts as a model of skin cells and loaded them with genetic material for a protein key to tissue development. The team injected a solution containing the carriers into damaged discs in mice at the same time the back injury occurred.

Assessing outcomes over 12 weeks, researchers found through imaging, tissue analysis, and mechanical and behavioral tests that the gene therapy restored structural integrity and function to degenerated discs and reduced signs of back pain in the animals.

[…]

“This can be used at the same time as surgery to actually boost healing of the disc itself,” said co-senior author Natalia Higuita-Castro, associate professor of biomedical engineering and neurological surgery at Ohio State. “Your own cells are actually doing the work and going back to a healthy state.”

The study was published online recently in the journal Biomaterials.

An estimated 40% of low-back pain cases are attributed to degeneration of the cushiony intervertebral discs that absorb shocks and provide flexibility to the spine, previous research suggests. And while trimming away bulging tissue from a herniated disc during surgery typically reduces pain, it does not repair the disc itself — which continues to degenerate with the passage of time.

[…]

This new study builds upon previous work in Higuita-Castro’s lab, which reported a year ago that nanocarriers called extracellular vesicles loaded with anti-inflammatory cargo curbed tissue injury in damaged mouse lungs. The engineered carriers are replicas of the natural extracellular vesicles that circulate in humans’ bloodstream and biological fluids, carrying messages between cells.

To create the vesicles, scientists apply an electrical charge to a donor cell to transiently open holes in its membrane, and deliver externally obtained DNA inside that converts to a specific protein, as well as molecules that prompt the manufacture of even more of a functional protein.

In this study, the cargo consisted of material to produce a “pioneer” transcription factor protein called FOXF1, which is important in the development and growth of tissues.

[…]

Compared to controls, the discs in mice receiving gene therapy showed a host of improvements: The tissue plumped back up and became more stable through production of a protein that holds water and other matrix proteins, all helping promote range of motion, load bearing and flexibility in the spine. Behavioral tests showed the therapy decreased symptoms of pain in mice, though these responses differed by sex — males and females showed varying levels of susceptibility to pain based on the types of movement being assessed.

The findings speak to the value of using universal adult donor cells to create these extracellular vesicle therapies, the researchers said, because they don’t carry the risk of generating an immune response. The gene therapy also, ideally, would function as a one-time treatment — a therapeutic gift that keeps on giving.

[…]

There are more experiments to come, testing the effects of other transcription factors that contribute to intervertebral disc development. And because this first study used young adult mice, the team also plans to test the therapy’s effects in older animals that model age-related degeneration and, eventually, in clinical trials for larger animals known to develop back problems.

[…]

Story Source:

Materials provided by Ohio State University. Original written by Emily Caldwell. Note: Content may be edited for style and length.

Journal Reference:

  1. Shirley N. Tang, Ana I. Salazar-Puerta, Mary K. Heimann, Kyle Kuchynsky, María A. Rincon-Benavides, Mia Kordowski, Gilian Gunsch, Lucy Bodine, Khady Diop, Connor Gantt, Safdar Khan, Anna Bratasz, Olga Kokiko-Cochran, Julie Fitzgerald, Damien M. Laudier, Judith A. Hoyland, Benjamin A. Walter, Natalia Higuita-Castro, Devina Purmessur. Engineered extracellular vesicle-based gene therapy for the treatment of discogenic back pain. Biomaterials, 2024; 308: 122562 DOI: 10.1016/j.biomaterials.2024.122562

Source: Gene therapy relieves back pain, repairs damaged disc in mice | ScienceDaily

Flood of Fake Science Forces Multiple Journal Closures

Posted on by
Fake studies have flooded the publishers of top scientific journals, leading to thousands of retractions and millions of dollars in lost revenue. The biggest hit has come to Wiley, a 217-year-old publisher based in Hoboken, N.J., which Tuesday will announce that it is closing 19 journals, some of which were infected by large-scale research fraud.
In the past two years, Wiley has retracted more than 11,300 papers that appeared compromised, according to a spokesperson, and closed four journals. It isn’t alone: At least two other publishers have retracted hundreds of suspect papers each. Several others have pulled smaller clusters of bad papers.
Although this large-scale fraud represents a small percentage of submissions to journals, it threatens the legitimacy of the nearly $30 billion academic publishing industry and the credibility of science as a whole.
The discovery of nearly 900 fraudulent papers in 2022 at IOP Publishing, a physical sciences publisher, was a turning point for the nonprofit. “That really crystallized for us, everybody internally, everybody involved with the business,” said Kim Eggleton, head of peer review and research integrity at the publisher. “This is a real threat.”

Wiley will announce that it is closing 19 journals. Photo: Wiley

The sources of the fake science are “paper mills”—businesses or individuals that, for a price, will list a scientist as an author of a wholly or partially fabricated paper. The mill then submits the work, generally avoiding the most prestigious journals in favor of publications such as one-off special editions that might not undergo as thorough a review and where they have a better chance of getting bogus work published.
World-over, scientists are under pressure to publish in peer-reviewed journals—sometimes to win grants, other times as conditions for promotions. Researchers say this motivates people to cheat the system. Many journals charge a fee to authors to publish in them.
Problematic papers typically appear in batches of up to hundreds or even thousands within a publisher or journal. A signature move is to submit the same paper to multiple journals at once to maximize the chance of getting in, according to an industry trade group now monitoring the problem. Publishers say some fraudsters have even posed as academics to secure spots as guest editors for special issues and organizers of conferences, and then control the papers that are published there.
“The paper mill will find the weakest link and then exploit it mercilessly until someone notices,” said Nick Wise, an engineer who has documented paper-mill advertisements on social media and posts examples regularly on X under the handle @author_for_sale.
The journal Science flagged the practice of buying authorship in 2013. The website Retraction Watch and independent researchers have since tracked paper mills through their advertisements and websites. Researchers say they have found them in multiple countries including Russia, Iran, Latvia, China and India. The mills solicit clients on social channels such as Telegram or Facebook, where they advertise the titles of studies they intend to submit, their fee and sometimes the journal they aim to infiltrate. Wise said he has seen costs ranging from as little as $50 to as much as $8,500.
When publishers become alert to the work, mills change their tactics.
[…]
For Wiley, which publishes more than 2,000 journals, the problem came to light two years ago, shortly after it paid nearly $300 million for Hindawi, a company founded in Egypt in 1997 that included about 250 journals. In 2022, a little more than a year after the purchase, scientists online noticed peculiarities in dozens of studies from journals in the Hindawi family.
Scientific papers typically include citations that acknowledge work that informed the research, but the suspect papers included lists of irrelevant references. Multiple papers included technical-sounding passages inserted midway through, what Bishop called an “AI gobbledygook sandwich.” Nearly identical contact emails in one cluster of studies were all registered to a university in China where few if any of the authors were based. It appeared that all came from the same source.
[…]
The extent of the paper mill problem has been exposed by members of the scientific community who on their own have collected patterns in faked papers to recognize this fraud at scale and developed tools to help surface the work.
One of those tools, the “Problematic Paper Screener,” run by Guillaume Cabanac, a computer-science researcher who studies scholarly publishing at the Université Toulouse III-Paul Sabatier in France, scans the breadth of the published literature, some 130 million papers, looking for a range of red flags including “tortured phrases.”
Cabanac and his colleagues realized that researchers who wanted to avoid plagiarism detectors had swapped out key scientific terms for synonyms from automatic text generators, leading to comically misfit phrases. “Breast cancer” became “bosom peril”; “fluid dynamics” became “gooey stream”; “artificial intelligence” became “counterfeit consciousness.” The tool is publicly available.
Another data scientist, Adam Day, built “The Papermill Alarm,” a tool that uses large language models to spot signs of trouble in an article’s metadata, such as multiple suspect papers citing each other or using similar templates and simply altering minor experimental details. Publishers can pay to use the tool.
[…]
The incursion of paper mills has also forced competing publishers to collaborate. A tool launched through STM, the trade group of publishers, now checks whether new submissions were submitted to multiple journals at once, according to Joris van Rossum, product director who leads the “STM Integrity Hub,” launched in part to beat back paper mills. Last fall, STM added Day’s “The Papermill Alarm” to its suite of tools.
While publishers are fighting back with technology, paper mills are using the same kind of tools to stay ahead.
“Generative AI has just handed them a winning lottery ticket,” Eggleton of IOP Publishing said. “They can do it really cheap, at scale, and the detection methods are not where we need them to be. I can only see that challenge increasing.”

Source: Flood of Fake Science Forces Multiple Journal Closures – WSJ

Patent troll hits Microsoft with $242 million US verdict in Cortana lawsuit

Posted on by

Microsoft (MSFT.O) must pay patent owner IPA Technologies $242 million, a federal jury in Delaware said on Friday after determining that Microsoft’s Cortana virtual-assistant software infringed an IPA patent.

The jury agreed with IPA after a week-long trial that Microsoft’s voice-recognition technology violates IPA’s patent rights in computer-communications software.
IPA is a subsidiary of patent-licensing company Wi-LAN, which is jointly owned by Canadian technology company Quarterhill (QTRH.TO)
, opens new tab and two investment firms. It bought the patent and others from SRI International’s Siri Inc, which Apple acquired in 2010 and whose technology it used in its Siri virtual assistant.
“We remain confident that Microsoft never infringed on IPA’s patents and will appeal,” a Microsoft spokesperson said.
Representatives for IPA and Wi-LAN did not immediately respond to a request for comment on the verdict.
IPA filed the lawsuit in 2018, accusing Microsoft of infringing patents related to personal digital assistants and voice-based data navigation.
The case was later narrowed to concern one IPA patent. Microsoft argued that it does not infringe and that the patent is invalid.
IPA has also sued Google and Amazon over its patents. Amazon defeated IPA’s lawsuit in 2021, and the Google case is still ongoing.

Source: Microsoft hit with $242 million US verdict in Cortana patent lawsuit | Reuters

So basically some company that never did anything except buy some rights from somewhere managed to extort a quarter of a billion dollars from MS. What a brilliant system copyright is!

iPhone users report deleted photos reappearing after update – turns out for Apple, delete doesn’t mean delete

Posted on by

Some iPhone users are reportedly seeing photos they had previously deleted resurface on their devices ever since updating to the latest version of iOS.

The user reports originate from Reddit, and it’s not just a couple of Apple users experiencing issues. By our count, 16 people who deleted their photos say they’ve come back. The deleted photos are apparently marked as recently added, making it very obvious which have made a comeback.

One user says that even photos from 2010 reappeared, and that they have “deleted them repeatedly.”

The Register was able to find a handful of instances of X users reporting the same problem.

[…]

The recent complaints were preceded by a different Reddit thread where three users reported the exact same thing happening in the beta version of iOS 17.5.

[…]

Some users previously reported disappearing photos on older versions of iOS 17, and the fix may have resulted in both accidentally and purposefully deleted photos being brought back to life.

If the issue is genuine, it wouldn’t be the first time iCloud has kept its hands on data after it was supposedly deleted, despite Apple’s emphasis on the privacy of its users. Back in 2017, iCloud was patched to fix a glitch where user browser history was retained for up to a year or so.

Source: iPhone users report deleted photos reappearing after update • The Register

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says

Posted on by

Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday.

In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it “calls the very integrity of the blockchain into question.”

[…]

The indictment goes into detail explaining that the scheme allegedly worked by exploiting the ethereum blockchain in the moments after a transaction was conducted but before the transaction was added to the blockchain.

These pending transactions, the DOJ explained, must be structured into a proposed block and then validated by a validator before it can be added to the blockchain, which acts as a decentralized ledger keeping track of crypto holdings. It appeared that the brothers tampered with this process by “establishing a series of ethereum validators” through shell companies and foreign exchanges that concealed their identities and masked their efforts to manipulate the blocks and seize ethereum.

To do this, they allegedly deployed “bait transactions” designed to catch the attention of specialized bots often used to help buyers and sellers find lucrative prospects in the ethereum network. When bots snatched up the bait, their validators seemingly exploited a vulnerability in the process commonly used to structure blocks to alter the transaction by reordering the block to their advantage before adding the block to the blockchain.

When victims detected the theft, they tried to request the funds be returned, but the DOJ alleged that the brothers rejected those requests and hid the money instead.

The brothers’ online search history showed that they studied up and “took numerous steps to hide their ill-gotten gains,” the DOJ alleged. These steps included “setting up shell companies and using multiple private cryptocurrency addresses and foreign cryptocurrency exchanges” that specifically did not rely on detailed “know your customer” (KYC) procedures.

[…]

Source: MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says | Ars Technica

Dell hack but who Dell didn’t think it was a big deal now includes customer phone numbers

Posted on by

The person who claimed to have stolen the physical addresses of 49 million Dell customers appears to have taken more data from a different Dell portal, TechCrunch has learned.

The newly compromised data includes names, phone numbers and email addresses of Dell customers. This personal data is contained in customer “service reports,” which also include information on replacement hardware and parts, comments from on-site engineers, dispatch numbers and, in some cases, diagnostic logs uploaded from the customer’s computer.

[…]

The stolen data included customer names and physical addresses, as well as less sensitive data, such as “Dell hardware and order information, including service tag, item description, date of order and related warranty information.”

I am not sure that knowledge of your operating environment, the amount you spend and service tag information constitutes “less sensitive data”. Actually, no, it is not “less sensitive”

Dell downplayed the breach at the time, saying that the spill of customer addresses did not pose “a significant risk to our customers,” and that the stolen information did not include “any highly sensitive customer information,” such as email addresses and phone numbers.

[…]

Source: Threat actor scraped Dell support tickets, including customer phone numbers | TechCrunch

Sonos App Redesign AMA – 769 angry questions, 19 corporate useless answers

Posted on by

After the absolute shitshow and riots around the release of the new app, which missed core functionalities and broke systems, Sonos did participate in their promised Ask Me Anything. Kind of. Three Sonos employees apparently attended, but managed to barely respond to any of the questions – which were almost all overwhelmingly angry, disappointed and hoping for control of their expensive machines.

Diane Roberts, Senior Director of Software Engineering and Product Management at Sonos responsible for the Sonos Apps managed to answer 9 questions

Tucker Severson, Director of Product Management and leads the PM team responsible for the Sonos Apps managed to answer a grand total of four questions

Kate, Senior Director of User Experience, Kate leads the UX team responsible for Sonos’ home audio hardware, software, and app user experiences got in six answers

Most of the answers given were disrespectful corporate shitspeak, blaming the customers for wanting the features they already had or alluding to how ‘energized’ the team was to roll out features in the future.

None apologised or seemed to even acknowledge the > 750 complaints about the new app.

None of these head honchos had ever even looked at the Sonos forum before! This is where they would have been able to see problems that people really had before embarking on their app redesign adventure.

Some guy called Mike – the Sonos employee left after the original people ran away posted an insulting closing comment, saying

We covered as many of the most asked questions as possible. We know tracking the responses wasn’t as easy as we had hoped. But we wanted to let the community air frustrations and have their questions answered.

Not very much seemed to be possible, not many questions were answered and the community was left more frustrated than it began.

Keith and I will work on recapping all the questions and feedback we have responded to

Again, if that’s going to be the recap, Sonos is going to miss absolutely everything that people were upset about.

A feature list was linked to: The New Sonos App and Future Feature Updates which put things like playing your own music and being able to update WiFi settings to mid-June, meaning you can hardly use the system if you rely on music you bought instead of streamed.

Source: Sonos App Redesign AMA | Sonos Community

Capacitor Breakthrough: 19-Fold Increase in Energy Storage Potential – could kill batteries

Posted on by

A battery’s best friend is a capacitor. Powering everything from smartphones to electric vehicles, capacitors store energy from a battery in the form of an electrical charge and enable ultrafast charging and discharging. However, their Achilles’ heel has always been their limited energy storage efficiency.

Now, Washington University in St. Louis researchers have unveiled a groundbreaking capacitor design that looks like it could overcome those energy storage challenges.

In a study published in Science, lead author Sang-Hoon Bae, an assistant professor of mechanical engineering and materials science, demonstrates a novel heterostructure that curbs energy loss, enabling capacitors to store more energy and charge rapidly without sacrificing durability.

While batteries excel in storage capacity, they fall short in speed, unable to charge or discharge rapidly. Capacitors fill this gap, delivering the quick energy bursts that power-intensive devices demand. Some smartphones, for example, contain up to 500 capacitors, and laptops around 800. Just don’t ask the capacitor to store its energy too long.

Within capacitors, ferroelectric materials offer high maximum polarization. That’s useful for ultra-fast charging and discharging, but it can limit the effectiveness of energy storage or the “relaxation time” of a conductor.

[…]

Bae makes the change—one he unearthed while working on something completely different—by sandwiching 2D and 3D materials in atomically thin layers, using chemical and nonchemical bonds between each layer. He says a thin 3D core inserts between two outer 2D layers to produce a stack that’s only 30 nanometers thick

[…]

“Initially, we weren’t focused on energy storage, but during our exploration of material properties, we found a new physical phenomenon that we realized could be applied to energy storage,” Bae says in a statement

[…]

The sandwich structure isn’t quite fully conductive or nonconductive. This semiconducting material, then, allows the energy storage, with a density up to 19 times higher than commercially available ferroelectric capacitors, while still achieving 90 percent efficiency—also better than what’s currently available.

The capacitor can hang on to its energy thanks to the minuscule gap in the material structure.

[…]

The study team will continue to optimize the material structure to ensure ultrafast charging and discharging with a new high-energy density. “We must be able to do that without losing storage capacity over repeated charges,” Bae says, “to see this material used broadly in large electronic like electric vehicles.”

Source: Capacitor Breakthrough: 19-Fold Increase in Energy Storage Potential

US Patent and Trademark Office confirms another leak of filers’ address data

Posted on by

The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years.

The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address — which can include their home address — appeared in public records between August 23, 2023 and April 19, 2024.

U.S. trademark law requires that applicants include a private address when filing their paperwork with the agency to prevent fraudulent trademark filings.

USPTO said that while no addresses appeared in regular searches on the agency’s website, about 14,000 applicants’ private addresses were included in bulk datasets that USPTO publishes online to aid academic and economic research.

The agency took blame for the incident, saying the addresses were “inadvertently exposed as we transitioned to a new IT system,” according to the email to affected applicants, which TechCrunch obtained. “Importantly, this incident was not the result of malicious activity,” the email said.

Upon discovery of the security lapse, the agency said it “blocked access to the impacted bulk data set, removed files, implemented a patch to fix the exposure, tested our solution, and re-enabled access.”

If this sounds remarkably familiar, USPTO had a similar exposure of applicants’ address data last June. At the time, USPTO said it inadvertently exposed about 61,000 applicants’ private addresses in a years-long data spill in part through the release of its bulk datasets, and told affected individuals that the issue was fixed.

[…]

Source: US Patent and Trademark Office confirms another leak of filers’ address data | TechCrunch

Dell customer order database stolen, 49m records for sale on dark web

Posted on by

Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected.

According to the US computer maker, the stolen data includes people’s names, addresses, and details about their Dell equipment, but does not include sensitive stuff like payment info. Still, its portal was compromosed.

“We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address and certain Dell hardware and order information,” a Dell spokesperson told The Register today.

“It did not include financial or payment information, email address, telephone number or any highly sensitive customer data.”

A report at the end of last month from the aptly named Daily Dark Web suggested as many as 49 million Dell customers may have had some of their account information taken. The data is said to cover purchases made between 2017 and 2024.

Judging from a screenshot of a sample of the stolen info, the Dell database now up for sale on a cyber-crime forum includes the following columns: service tag, items, date, country, warranty, organization name, address, city, province, postal code, customer code, and order number.

[…]

Source: Dell customer order database stolen, for sale on dark web • The Register

Apparently Dell doesn’t think knowing your name coupled to your address and how much expensive stuff you bought from them constitutes a risk though, so you’re allright. But not really.

Google Cloud accidentally deletes UniSuper’s online account with 620k customers due to ‘unprecedented misconfiguration’

Posted on by

More than half a million UniSuper fund members went a week with no access to their superannuation accounts after a “one-of-a-kind” Google Cloud “misconfiguration” led to the financial services provider’s private cloud account being deleted, Google and UniSuper have revealed.

Services began being restored for UniSuper customers on Thursday, more than a week after the system went offline. Investment account balances would reflect last week’s figures and UniSuper said those would be updated as quickly as possible.

The UniSuper CEO, Peter Chun, wrote to the fund’s 620,000 members on Wednesday night, explaining the outage was not the result of a cyber-attack, and no personal data had been exposed as a result of the outage. Chun pinpointed Google’s cloud service as the issue.

In an extraordinary joint statement from Chun and the global CEO for Google Cloud, Thomas Kurian, the pair apologised to members for the outage, and said it had been “extremely frustrating and disappointing”.

They said the outage was caused by a misconfiguration that resulted in UniSuper’s cloud account being deleted, something that had never happened to Google Cloud before.

“Google Cloud CEO, Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription,” the pair said.

“This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally. This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again.”

While UniSuper normally has duplication in place in two geographies, to ensure that if one service goes down or is lost then it can be easily restored, because the fund’s cloud subscription was deleted, it caused the deletion across both geographies.

UniSuper was able to eventually restore services because the fund had backups in place with another provider.

“These backups have minimised data loss, and significantly improved the ability of UniSuper and Google Cloud to complete the restoration,” the pair said.

[…]

Source: Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ | Superannuation | The Guardian

Sonos releases new but hugely broken, incomplete app causing shitstorm

Posted on by

Sonos launched a new version of its app this week, altering the software experience that tens of millions of users rely on to control the company’s premium home wireless home speaker systems.

Turns out, people really hate it! The response from users on Reddit, on audio forums, and on social media has been almost total condemnation since the app experience switched over on May 7. Users on the dedicated r/sonos subreddit are particularly peeved about it, expressing frustration at all manner of problems. The quickest way to see the scores of complaints is to visit the megathread the users in the community started to catalog all the problems they’re experiencing.

Sonos app
Courtesy of Sonos

Many features that had long been a part of the Sonos app are simply missing in the update. Features such as the ability to set sleep timers and alarms, set the speakers at a precise volume level, add songs to the end of a queue, manage Wi-Fi connectivity, and add new speakers are missing or broken, according to the complaints. Users are also reporting that the revamped search engine in the app often can’t search a connected local library running on a networked computer or a network-attached storage drive—they way many of Sonos’ most loyal users listen to their large private music libraries. Some streaming services are partially or completely broken for some users too, like TuneIn and LivePhish+.

Worse, the new app is not as accessible as the previous version, with one Reddit user calling it “an accessibility disaster.” The user, Rude-kangaroo6608, writes: “As a blind guy, I now have a system that I can hardly use.”

Source: Many People Do Not Like the New Sonos App

Also, they got rid of the next and previous buttons and you can’t scrob through the song in the small player. You can’t add all files in a directory in your Library at once to the Sonos playlist – you have to add them one by one. The shuffle is gone. You can’t re-arrange queues. The system loses speakers randomly. So basically, you can’t really use the app to play music with.

Tuesday May 14th there will be an Ask Me Anything (AMA) – I would feel sorry for the Sonos people taking the questions, but don’t because they caused this fiasco in the first place. It certainly is “courageous” (ie stupid) to release an incomplete and broken app on top over expensive hardware.

 

Attack against virtually all VPN apps neuters their entire purpose

Posted on by

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user’s VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.

Reading, dropping, or modifying VPN traffic

The effect of TunnelVision is “the victim’s traffic is now decloaked and being routed through the attacker directly,” a video demonstration explained. “The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet.”

TunnelVision – CVE-2024-3661 – Decloaking Full and Split Tunnel VPNs – Leviathan Security Group.

The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. Researchers from Leviathan Security explained:

Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway. When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it.

We use DHCP option 121 to set a route on the VPN user’s routing table. The route we set is arbitrary and we can also set multiple routes if needed. By pushing routes that are more specific than a /0 CIDR range that most VPNs use, we can make routing rules that have a higher priority than the routes for the virtual interface the VPN creates. We can set multiple /1 routes to recreate the 0.0.0.0/0 all traffic rule set by most VPNs.

Pushing a route also means that the network traffic will be sent over the same interface as the DHCP server instead of the virtual network interface. This is intended functionality that isn’t clearly stated in the RFC. Therefore, for the routes we push, it is never encrypted by the VPN’s virtual interface but instead transmitted by the network interface that is talking to the DHCP server. As an attacker, we can select which IP addresses go over the tunnel and which addresses go over the network interface talking to our DHCP server.

A malicious DHCP option 121 route that causes traffic to never be encrypted by the VPN process.
Enlarge / A malicious DHCP option 121 route that causes traffic to never be encrypted by the VPN process.
Leviathan Security

We now have traffic being transmitted outside the VPN’s encrypted tunnel. This technique can also be used against an already established VPN connection once the VPN user’s host needs to renew a lease from our DHCP server. We can artificially create that scenario by setting a short lease time in the DHCP lease, so the user updates their routing table more frequently. In addition, the VPN control channel is still intact because it already uses the physical interface for its communication. In our testing, the VPN always continued to report as connected, and the kill switch was never engaged to drop our VPN connection.

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It’s also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server.

The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that’s diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn’t implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation.

The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn’t in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. The research, from Leviathan Security researchers Lizzie Moratti and Dani Cronce, is available here.

Source: Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica

Helldivers 2 Won’t Require PSN Account On Steam after all, Sony Confirms

Posted on by

PlayStation has announced that, after about three days of online yelling and reviewing bombing, it will no longer require Helldivers 2 players on PC to link their Steam account to a PlayStation Network account in order to continue accessing the popular sci-fi co-op shooter.

On May 2, PlayStation and Arrowhead Games Studios—the developers behind Helldivers 2—announced on Steam that a so-called “grace period” was ending and that all PC players would need a PSN account to keep playing one of 2024’s best video games. Technically, this was always the plan as noted on the Helldivers 2 Steam store page. However, due to the game’s messy launch in February, PC players were allowed to play without a PSN account. This led to an awkward situation on Thursday when Sony announced all players would need to have a PlayStation account by June 4 to keep playing. Now, following a massive negative reaction, PlayStation is backtracking.

In a tweet at midnight on May 5, PlayStation said it had heard all the “feedback” on linking a Steam and PSN account and decided…nah, never mind.

Helldivers fans — we’ve heard your feedback on the Helldivers 2 account linking update,” announced PlayStation. “The May 6 update, which would have required Steam and PlayStation Network account linking for new players and for current players beginning May 30, will not be moving forward.”

PlayStation said it was still “learning what is best for PC players” and suggested all the feedback the company received about the situation had been “invaluable.”

“Thanks again for your continued support of Helldivers 2 and we’ll keep you updated on future plans,” concluded PlayStation’s late-night tweet.

This reverse on account linking follows a horrible time for Arrowhead’s devs and community managers, who were forced to manage a massive digital war across Twitter, Reddit, and Discord. The CEO of Arrowhead spent most of the weekend apologizing on Twitter and talking to angry fans.

Source: Helldivers 2 Won’t Require PSN Account On Steam, Sony Confirms

FCC fines America’s largest wireless carriers $200 million for selling customer location data without permission

Posted on by

The Federal Communications Commission has slapped the largest mobile carriers in the US with a collective fine worth $200 million for selling access to their customers’ location information without consent. AT&T was ordered to pay $57 million, while Verizon has to pay $47 million. Meanwhile, Sprint and T-Mobile are facing a penalty with a total amount of $92 million together, since the companies had merged two years ago. The FCC conducted an in-depth investigation into the carriers’ unauthorized disclosure and sale of subscribers’ real-time location data after their activities came to light in 2018.

To sum up the practice in the words of FCC Commissioner Jessica Rosenworcel: The carriers sold “real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors.” According to the agency, the scheme started to unravel following public reports that a sheriff in Missouri was tracking numerous individuals by using location information a company called Securus gets from wireless carriers. Securus provides communications services to correctional facilities in the country.

While the carriers eventually ceased their activities, the agency said they continued operating their programs for a year after the practice was revealed and after they promised the FCC that they would stop selling customer location data. Further, they carried on without reasonable safeguards in place to ensure that the legitimate services using their customers’ information, such as roadside assistance and medical emergency services, truly are obtaining users’ consent to track their locations.

Source: FCC fines America’s largest wireless carriers $200 million for selling customer location data

Microsoft’s latest Windows security updates might break your VPN

Posted on by

Microsoft says the April security updates for Windows may break your VPN. (Oops!) “Windows devices might face VPN connection failures after installing the April 2024 security update (KB5036893) or the April 2024 non-security preview update,” the company wrote in a status update. It’s working on a fix.

Bleeping Computer first reported the issue, which affects Windows 11, Windows 10 and Windows Server 2008 and later. User reports on Reddit are mixed, with some commenters saying their VPNs still work after installing the update and others claiming their encrypted connections were indeed borked.

“We are working on a resolution and will provide an update in an upcoming release,” Microsoft wrote.

There’s no proper fix until Microsoft pushes a patched update. However, you can work around the issue by uninstalling all the security updates. In an unfortunate bit of timing for CEO Satya Nadella, he said last week that he wants Microsoft to put “security above else.” I can’t imagine making customers (temporarily) choose between going without a VPN and losing the latest protection is what he had in mind.

At least one Redditor claims that uninstalling and reinstalling their VPN app fixed the problem for them, so it may be worth trying that before moving on to more drastic measures.

If you decide to uninstall the security updates, Microsoft tells you how. “To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument,” the company wrote in its patch notes. “You can find the package name by using this command: DISM /online /get-packages.”

Source: Microsoft’s latest Windows security updates might break your VPN

Helldivers 2 PC players suddenly have to link to a PSN account and they’re not being chill about it

Posted on by

Nintendo sent a Digital Millennium Copyright Act (DMCA) notice for over 8,000 GitHub repositories hosting code from the Yuzu Switch emulator, which the Zelda maker previously described as enabling “piracy at a colossal scale.” The sweeping takedown comes two months after Yuzu’s creators quickly settled a lawsuit with Nintendo and its notoriously trigger-happy legal team for $2.4 million.

GamesIndustry.biz first reported on the DMCA notice, affecting 8,535 GitHub repos. Redacted entities representing Nintendo assert that the Yuzu source code contained in the repos “illegally circumvents Nintendo’s technological protection measures and runs illegal copies of Switch games.”

GitHub wrote on the notice that developers will have time to change their content before it’s disabled. In keeping with its developer-friendly approach and branding, the Microsoft-owned platform also offered legal resources and guidance on submitting DMCA counter-notices.

Nintendo’s legal blitz, perhaps not coincidentally, comes as game emulators are enjoying a resurgence. Last month, Apple loosened its restrictions on retro game players in the App Store (likely in response to regulatory threats), leading to the Delta emulator establishing itself as the de facto choice and reaching the App Store’s top spot. Nintendo may have calculated that emulators’ moment in the sun threatened its bottom line and began by squashing those that most immediately imperiled its income stream.

Sadly, Nintendo’s largely undefended legal assault against emulators ignores a crucial use for them that isn’t about piracy. Game historians see the software as a linchpin of game preservation. Without emulators, Nintendo and other copyright holders could make a part of history obsolete for future generations, as their corresponding hardware will eventually be harder to come by.

[…]

This has royally pissed off PC players, though it’s worth noting that it’s free to make a PSN account. This has led to review bombing on Steam and many promises to abandon the game when the linking becomes a requirement, according to a report by Kotaku. The complaints range from frustration over adding yet another barrier to entry after downloading an 80GB game to fears that the PSN account would likely be hacked. While it is true that Sony was the target of a huge hack that impacted 77 million PSN accounts, that was back in 2011. Obama was still in his first term. Also worth noting? Steam was hacked in 2011, impacting 35 million accounts.

[…]

Source: Helldivers 2 PC players suddenly have to link to a PSN account and they’re not being chill about it