Feed aggregator

US FTC Revives Microsoft-Activision Deal Challenge

Slashdot - Wed, 2023-09-27 18:01
The US Federal Trade Commission is reviving its challenge against Microsoft's $69 billion acquisition of video game company Activision, a move which may seek to unwind the deal after it closes. From a report: The agency will move forward with its in-house trial against the acquisition after pausing it over the summer, according to an order the agency issued Wednesday. The move means the FTC will continue challenging the deal even after it has closed this year. "The commission has determined that the public interest warrants that this matter be resolved fully and expeditiously," the agency wrote in a filing. "Therefore, the commission is returning this matter to adjudication." The decision comes months after a US appeals court denied the FTC's bid to pause the Microsoft-Activision acquisition in July. The FTC typically drops challenges to deals when they lose in federal court.

Read more of this story at Slashdot.

Categories: Computer, News

The Band of Debunkers Busting Bad Scientists

Slashdot - Wed, 2023-09-27 17:20
Stanford's president and a high-profile physicist are among those taken down by a growing wave of volunteers who expose faulty or fraudulent research papers. WSJ: An award-winning Harvard Business School professor and researcher spent years exploring the reasons people lie and cheat. A trio of behavioral scientists examining a handful of her academic papers concluded her own findings were drawn from falsified data. It was a routine takedown for the three scientists -- Joe Simmons, Leif Nelson and Uri Simonsohn -- who have gained academic renown for debunking published studies built on faulty or fraudulent data. They use tips, number crunching and gut instincts to uncover deception. Over the past decade, they have come to their own finding: Numbers don't lie but people do. "Once you see the pattern across many different papers, it becomes like a one in quadrillion chance that there's some benign explanation," said Simmons, a professor at the Wharton School of the University of Pennsylvania and a member of the trio who report their work on a blog called Data Colada. Simmons and his two colleagues are among a growing number of scientists in various fields around the world who moonlight as data detectives, sifting through studies published in scholarly journals for evidence of fraud. At least 5,500 faulty papers were retracted in 2022, compared with 119 in 2002, according to Retraction Watch, a website that keeps a tally. The jump largely reflects the investigative work of the Data Colada scientists and many other academic volunteers, said Dr. Ivan Oransky, the site's co-founder. Their discoveries have led to embarrassing retractions, upended careers and retaliatory lawsuits. Neuroscientist Marc Tessier-Lavigne stepped down last month as president of Stanford University, following years of criticism about data in his published studies. Posts on PubPeer, a website where scientists dissect published studies, triggered scrutiny by the Stanford Daily. A university investigation followed, and three studies he co-wrote were retracted. Stanford concluded that although Tessier-Lavigne didn't personally engage in research misconduct or know about misconduct by others, he "failed to decisively and forthrightly correct mistakes in the scientific record."

Read more of this story at Slashdot.

Categories: Computer, News

Hollywood Studios Can Train AI Models on Writers' Work Under Tentative Deal

Slashdot - Wed, 2023-09-27 16:40
Hollywood studios are expected to retain the right to train artificial-intelligence models based on writers' work under the terms of a tentative labor agreement between the two sides, WSJ reported, citing people familiar with the situation. From the report: The writers would also walk away with an important win, a guarantee that they will receive credit and compensation for work they do on scripts, even if studios partially rely on AI tools, one of the people said. That provision had been in an earlier offer from the Alliance of Motion Picture and Television Producers, the group representing studios, streamers and networks. The Writers Guild of America said Sunday it had reached a tentative agreement with the AMPTP to end a nearly five-month strike. Neither side has released the details of the agreement. The WGA said it plans to release the terms once its leadership votes on the deal, which could happen as soon as Tuesday. The two sides have battled over issues ranging from wage increases to whether writers' rooms should have minimum staffing requirements. The use of generative AI by studios became a major issue, as advanced versions of the technology -- such as OpenAI's ChatGPT -- were released for public use over the past year. AI bots, which provide sophisticated, humanlike responses to user questions, are "trained" on large amounts of data. Entertainment executives didn't want to relinquish the right to train their own AI tools based on TV and movie scripts, since their understanding is that AI tech platforms already are training their own models on such materials, people familiar with the matter said.

Read more of this story at Slashdot.

Categories: Computer, News

China Lists Mobile App Stores That Comply With New Rule, But Apple Missing

Slashdot - Wed, 2023-09-27 16:04
China's cyberspace regulator released on Wednesday names of the first batch of mobile app stores that have completed filing business details to regulators, signalling it has begun to enforce new rules that expand its oversight of mobile apps. From a report: A total of 26 app stores operated by companies including Tencent, Huawei, Ant Group, Baidu, Xiaomi and Samsung have submitted filings to the authority, according to the Cyberspace Administration of China (CAC). Apple's App Store is not among the app stores on the list. Beijing has been expanding oversight of smartphone and mobile app usage over the past several years. The country now requires mobile app stores and mobile apps to submit business details to the government. These rules are causing consternation in the industry that publishing apps in the world's second largest economy will become very difficult and many apps may need to be taken down.

Read more of this story at Slashdot.

Categories: Computer, News

Google Search Caught Publicly Indexing Users' Conversations With Bard AI

Slashdot - Wed, 2023-09-27 15:00
An anonymous reader quotes a report from VentureBeat: SEO consultant Gagan Ghotra observed that Google Search had begun to index shared Bard conversational links into its search results pages, potentially exposing information users meant to be kept contained or confidential. This means that if a person used Bard to ask it a question -- possibly even a question related to the contents of their private emails -- then shared the link with a designated third-party, say, their spouse, friend or business partner, the conversation accessible at that link could in turn be scraped by Google's crawler and show up publicly, to the entire world, in its Search Results. Google Brain research scientist Peter J. Liu replied to Ghotra on X by noting that the Google Search indexing only occurred for those conversations that users had elected to click the share link on, not all Bard conversations, to which Ghotra patiently explained: "Most users wouldn't be aware of the fact that shared conversation mean it would be indexed by Google and then show up in SERP, most people even I was thinking of it as a feature to share conversation with some friend or colleague & it being just visible to people who have conversation URL." Ultimately, Google's Search Liaison account on X, which provides "insights on how Google Search works," wrote back to Ghotra to say "Bard allows people to share chats, if they choose. We also don't intend for these shared chats to be indexed by Google Search. We're working on blocking them from being indexed now."

Read more of this story at Slashdot.

Categories: Computer, News

Is the Philips Hue Ecosystem 'Collapsing Into Stupidity'?

Slashdot - Wed, 2023-09-27 12:00
The Philips Hue ecosystem of home automation devices is "collapsing into stupidity," writes Rachel Kroll, veteran sysadmin and former production engineer at Facebook. "Unfortunately, the idiot C-suite phenomenon has happened here too, and they have been slowly walking down the road to full-on enshittification." From her blog post: I figured something was up a few years ago when their iOS app would block entry until you pushed an upgrade to the hub box. That kind of behavior would never fly with any product team that gives a damn about their users -- want to control something, so you start up the app? Forget it, we are making you placate us first! How is that user-focused, you ask? It isn't. Their latest round of stupidity pops up a new EULA and forces you to take it or, again, you can't access your stuff. But that's just more unenforceable garbage, so who cares, right? Well, it's getting worse. It seems they are planning on dropping an update which will force you to log in. Yep, no longer will your stuff Just Work across the local network. Now it will have yet another garbage "cloud" "integration" involved, and they certainly will find a way to make things suck even worse for you. If you have just the lights and smart outlets, Kroll recommends deleting the units from the Hue Hub and adding them to an IKEA Dirigera hub. "It'll run them just fine, and will also export them to HomeKit so that much will keep working as well." That said, it's not a perfect solution. You will lose motion sensor data, the light level, the temperature of that room, and the ability to set custom behaviors with those buttons. "Also, there's no guarantee that IKEA won't hop on the train to sketchville and start screwing over their users as well," adds Kroll. What has your experience been with the Philips Hue ecosystem? Do you have any alternatives you recommend?

Read more of this story at Slashdot.

Categories: Computer, News

Chinese Astronauts May Build a Base Inside a Lunar Lava Tube

Slashdot - Wed, 2023-09-27 09:00
According to Universe Today, China may utilize lunar caves as potential habitats for astronauts on the Moon, offering defense against hazards like radiation, meteorites, and temperature variations. From the report: Different teams of scientists from different countries and agencies have studied the idea of using lava tubes as shelter. At a recent conference in China, Zhang Chongfeng from the Shanghai Academy of Spaceflight Technology presented a study into the underground world of lava tubes. Chinese researchers did fieldwork in Chinese lava tubes to understand how to use them on the Moon. According to Zhang, there's enough similarity between lunar and Earthly lava tubes for one to be an analogue of the other. It starts with their two types of entrances, vertical and sloped. Both worlds have both types. Most of what we've found on the Moon are vertical-opening tubes, but that may be because of our overhead view. The openings are called skylights, where the ceiling has collapsed and left a debris accumulation on the floor of the tube directly below it. Entering through these requires either flight or some type of vertical lift equipment. Sloped entrances make entry and exit much easier. It's possible that rovers could simply drive into them, though some debris would probably need to be cleared. According to Zhang, this is the preferred entrance that makes exploration easier. China is prioritizing lunar lava tubes at Mare Tranquillitatis (Sea of Tranquility) and Mare Fecunditatis (Sea of Fecundity) for exploration. China is planning a robotic system that can explore caves like the one in Mare Tranquillitatis. The primary probe will have either wheels or feet and will be built to adapt to challenging terrain and to overcome obstacles. It'll also have a scientific payload. Auxiliary vehicles can separate from the main probe to perform more reconnaissance and help with communications and "energy support." They could be diversified so the mission can meet different challenges. They might include multi-legged crawling probes, rolling probes, and even bouncing probes. These auxiliary vehicles would also have science instruments to study the lunar dust, radiation, and the presence of water ice in the tubes. China is also planning a flight-capable robot that could find its way through lava tubes autonomously using microwave and laser radars. "China's future plan, after successful exploration, is a crewed base," the report adds. "It would be a long-term underground research base in one of the lunar lava tubes, with a support center for energy and communication at the tube's entrance. The terrain would be landscaped, and the base would include both residential and research facilities inside the tube." "[R]egardless of when they start, China seems committed to the idea. Ding Lieyun, a top scientist at Huazhong University of Science and Technology, told the China Science Daily that 'Eventually, building habitation beyond the Earth is essential not only for all humanity's quest for space exploration but also for China's strategic needs as a space power.'"

Read more of this story at Slashdot.

Categories: Computer, News

A Single Bug

The Daily WTF - Wed, 2023-09-27 08:30

Matt's team had a party after their last release. It was a huge push, with tons of new features, that came at the end of many months of work. On the Monday after the party, they came back into work for unsurprising bad news: nothing is perfect, so there were several issues and defects that needed to be patched, quickly.

Since QA is the team responsible for signing off and approving any work, QA is the team that also owns the defect tickets. Matt and his team can't do any work without a ticket, which meant they spent almost an entire day knowing there were bugs to fix, but without any idea of what bugs to fix.

The next day, QA finally finished triaging the issues. There were a slew of low priority tickets, none of which were bugs, but enhancement requests- this screen is confusing, this path through the application requires too many button presses, no one can find this option. There was, however, only one bug ticket.

"Hunh," Matt thought, "that doesn't sound so bad."

Upon opening the ticket, Matt discovered that it was indeed bad. There were almost a dozen serious bugs, but for whatever reason, QA had bundled them into a single ticket. This made everybody's life much harder. Every change in the code had to have an associated ticket, every bug ticket had to have an attached test plan, every ticket has to have a single owner and assignee (but Matt's entire team would be splitting this work). Everything about getting this fixed was harder because QA had created a bottleneck by tying together unrelated bugs into a single ticket.

So Matt went over to Bruce, the QA manager who'd created the ticket. "Could you please split this ticket?"

"No, I can't."

"Yes, you can. Just abandon this one and make new ones."

Bruce shook his head. "You don't understand. These are post release bugs. Which means we released software with bugs in it. Which means the QA process failed. When the management dashboard shows a dozen high priority bugs post-release, management thinks that someone wasn't doing their job properly. That looks bad. So, we make one ticket, roll all the issues under that one, and it looks much better on the dashboard."

Matt was offended that anyone would try to game the system like that. QA was making everybody's job harder and trying to conceal issues from management. Well, the joke was on QA- Matt went straight up the tree to the management team.

He sent an email, laying out what was happening, and most important, why it was happening. QA was trying to hide the failures in the QA process. Later that day, one of the directors set up a meeting with Matt to discuss the email.

"So, I understand you have some concerns," the VP said, "and I just wanted to show you how we view that." The VP pulled up the management dashboard, and flipped back to an old release, from a few years ago. Many of the metrics showed red stoplights. "So, here's a release that went badly. Too many tickets for bugs." They flipped to the most recent release. Here, all the lights were green. "And this is a release that went well."

"Right," Matt said, "but this release only looks like it went well because they only opened one ticket for many bugs!"

The VP nodded without listening. "Right, but this dashboard tracks open tickets. We like releases with only one open ticket. The lights are green, see?"

"But there are more bugs than there are tickets. They're hiding the fact that there are more bugs!"

"But this dashboard doesn't track bugs, it tracks tickets."

There are few things more immovable than a manager with pretty green lights on a dashboard. Goodhart's Law struck again. Matt admitted defeat and fixed the ticket the hard way.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!
Categories: Computer

Burkey Belser, Designer of Ubiquitous Nutrition Facts Label, Dies At 76

Slashdot - Wed, 2023-09-27 05:30
An anonymous reader quotes a report from the Washington Post: Burkey Belser, a graphic designer who created the ubiquitous nutrition facts label -- a stark rectangle listing calories, fat, sodium and other content information -- that adorns the packaging of nearly every digestible product in grocery stores, died Sept. 25 at his home in Bethesda, Md. He was 76. The cause was bladder cancer, said his wife Donna Greenfield, with whom he founded the Washington, D.C., design firm Greenfield/Belser. Mr. Belser's nutrition facts label -- rendered in bold and light Helvetica type -- was celebrated as a triumph of public health and graphic design when it debuted in 1994 following passage of the Nutrition Labeling and Education Act. Although some products had previously included nutritional information, there was no set standard, and the information was of little public health value in helping consumers make better food choices. The new law, drafted as obesity and other diet-related illnesses were surging, required mandatory food labels with nutrients presented in the context of a healthy 2,000-calorie-a-day diet. Writing in a journal published by the Professional Association for Design, Massimo Vignelli, the renowned Italian designer, called Mr. Belser's creation a "clean testimonial of civilization, a statement of social responsibility, and a masterpiece of graphic design." The Food and Drug Administration chose Mr. Belser to design the nutrition label following his success creating the black and yellow energy guide label for appliances. Once dubbed the "Steve Jobs of information design," Mr. Belser's fondness for exceedingly simple design perfectly suited him for a job that required stripping down nutritional facts to the bare essentials. The report proceeds to tell the tale of how Mr. Belser worked pro bono with his team to labor through three dozen iterations of the label, ultimately settling on "simplicity in itself." "There's a harmony about it, and the presentation has no extraneous components to it," Belser told The Washington Post. "The words are left and right justified, which gave it a kind of balance. There was no grammatical punctuation like commas or periods or parentheses that would slow the reader down." He compared the finished product -- which he later adapted to over-the-counter drugs -- to the Apple iPod. "The detail is so important that you wouldn't even notice it and if you didn't notice it's a sign that it succeeded," he said. "I don't know if anybody's heart beats faster when they see nutrition facts, but they sense a pleasure that they get the information they need."

Read more of this story at Slashdot.

Categories: Computer, News

World's First Drug To Regrow Teeth Enters Clinical Trials

Slashdot - Wed, 2023-09-27 04:02
Michelle Butterfield writes via Global News: A team of scientists, led by a Japanese pharmaceutical startup, are getting set to start human trials on a new drug that has successfully grown new teeth in animal test subjects. Toregem Biopharma is slated to begin clinical trials in July of next year after it succeeded growing new teeth in mice five years ago, the Japan Times reports. Dr. Katsu Takahashi, a lead researcher on the project and head of the dentistry and oral surgery department at the Medical Research Institute Kitano Hospital, says "the idea of growing new teeth is every dentist's dream." In his research, which he's been conducting at Kyoto University since 2005, Takahashi learned of a particular gene in mice that affects the growth of their teeth. The antibody for this gene, USAG-1, can help stimulate tooth growth if it is suppressed -- and scientists have since worked to develop a "neutralizing antibody medicine" that is able to block USAG-1. Now, his team has been testing the theory that "blocking" this protein could grow more teeth. After their successful tests on mice, the team went on to perform similarly positive trials on ferrets -- animals who have a similar dental pattern to humans. Now, testing will turn to healthy adult humans and, if all goes well, the team plans to hold a clinical trial for the drug from 2025 for children between two and six years old with anodontia -- a rare genetic disorder that results in the absence of six or more baby and/or adult teeth. According to the Japan Times, the children involved in the clinical trial will be injected with one dose of the drug to see if it induces teeth growth. If successful, the medicine could be available for regulatory approval by 2030.

Read more of this story at Slashdot.

Categories: Computer, News

Unity Dev Group Dissolves After 13 Years Over 'Completely Eroded' Company Trust

Slashdot - Wed, 2023-09-27 03:25
Kyle Orland writes via Ars Technica: The "first official Unity user group in the world" has announced that it is dissolving after 13 years because "the trust we used to have in the company has been completely eroded." The move comes as many developers are saying they will continue to stay away from the company's products even after last week's partial rollback of some of the most controversial parts of its fee structure plans. Since its founding in 2010, the Boston Unity Group (BUG) has attracted thousands of members to regular gatherings, talks, and networking events, including many technical lectures archived on YouTube. But the group says it will be hosting its last meeting Wednesday evening via Zoom because the Unity of today is very different from the Dave Helgason-led company that BUG says "enthusiastically sanctioned and supported" the group at its founding. "Over the past few years, Unity has unfortunately shifted its focus away from the games industry and away from supporting developer communities," the group leadership wrote in a departure note. "Following the IPO, the company has seemingly put profit over all else, with several acquisitions and layoffs of core personnel. Many key systems that developers need are still left in a confusing and often incomplete state, with the messaging that advertising and revenue matter more to Unity than the functionality game developers care about." BUG says the install-fee terms Unity first announced earlier this month were "unthinkably hostile" to users and that even the "new concessions" in an updated pricing model offered late last week "disproportionately affect the success of indie studios in our community." But it's the fact that such "resounding, unequivocal condemnation from the games industry" was necessary to get those changes in the first place that has really shaken the community to its core. "We've seen how easily and flippantly an executive-led business decision can risk bankrupting the studios we've worked so hard to build, threaten our livelihoods as professionals, and challenge the longevity of our industry," BUG wrote. "The Unity of today isn't the same company that it was when the group was founded, and the trust we used to have in the company has been completely eroded."

Read more of this story at Slashdot.

Categories: Computer, News

Windows 11's New 'Never Combine' Icons Feature Is Almost Unusable

Slashdot - Wed, 2023-09-27 03:02
Lawrence Abrams writes via BleepingComputer: After almost three years, Microsoft has finally added the 'Never combine taskbar button' back to Windows, and it still doesn't work correctly. The combine taskbar items feature in Windows 10 allows you to show an icon for every open application in Windows, even if they are multiple instances of the same application. For example, if you have ten instances of Notepad or a few browser windows open, the feature will allow you to see an icon on the taskbar for each open Windows rather than combining it into a single application icon. For me and many others, removing this feature made it impossible to upgrade to Windows 11, as switching between the myriad open windows became a nightmare. This frustration is reflected in the Windows 11 Feedback Hub, where a suggestion to never combine app icons and show labels has received 17,527 upvotes, making it the 10th most requested feature. Today, those users who have been holding off on upgrading to Windows 11 because of this missing feature "may" finally be able to do so. This is because Microsoft finally released the "never combine" feature as part of its Windows 11 22H2 Moment 4 update released today. However, even with this feature added, it is still subpar to Windows 10, as, unlike the previous version of Windows, it continues to show the windows titles next to the icon, taking up a lot of space. It's baffling that Microsoft can't get this feature right after three years with it being one of the most highly requested features. A simple toggle to disable the showing of Windows titles could have been added, or Microsoft could have replicated the Windows 10 feature many of us requested.

Read more of this story at Slashdot.

Categories: Computer, News

Air Force Receives Its First Electric Air Taxi

Slashdot - Wed, 2023-09-27 02:45
An anonymous reader quotes a report from the New York Times: The Air Force said on Monday that it had received its first electric passenger aircraft capable of taking off and landing vertically, a milestone for the companies that hope to one day sell thousands of such vehicles to serve as air taxis. Joby Aviation, an air taxi start-up, delivered the aircraft to Edwards Air Force Base in Southern California, where the first supersonic flight took place. Air taxis are typically powered by batteries and designed to lift off and land like helicopters, but include wings to fly like airplanes. Joby, which is based in Santa Cruz, Calif., said that its electric aircraft is substantially quieter than helicopters or planes. Each can carry one pilot and four passengers and travel as fast as 200 miles per hour and as far as 100 miles, according to the company. The delivery is the first under an Air Force contract that Joby said was valued at up to $131 million and gives the government the option to receive up to nine aircraft. The Air Force and Joby will operate the vehicle, but Joby will still own the aircraft and receive both fixed and variable payments for hours flown. NASA, which has a facility at the base, will also conduct research on the vehicle. The Air Force has signed similar contracts with other air taxi companies under a program called Agility Prime, part of a broader effort to promote innovation. Agility Prime's mission is to support development of air taxis and similar technology, giving the Air Force a head start in exploring how it might use such aircraft while also providing financial and testing support to the air taxi companies. At Edwards Air Force Base, Joby's aircraft will be tested as a means to transport cargo and people. The vehicles could also be used to monitor the expansive base or tested to conduct medical evacuations, for example. All told, the Air Force has more than 100 performance measures it wants to evaluate, said Beau Griffith, the deputy lead of Agility Prime. "Bearing out the promise of these vehicles is the program's goal," he said. NASA will work closely with the military and Joby in testing the aircraft, with the aim of using its research to guide air taxi development and support the F.A.A. Starting next year, NASA pilots and researchers will explore how Joby's vehicle would operate in a typical city environment, examining flight procedures and how it could interact with air traffic control and local infrastructure. Joby's aircraft is expected to remain at the base for at least a year, and the company has plans to deliver another in 2024.

Read more of this story at Slashdot.

Categories: Computer, News

Meta Pays a Lot of Money To Break Lease On London Office Building

Slashdot - Wed, 2023-09-27 02:02
"As a result of the move to working from home, Meta has walked away from one of its offices in London at the cost of 149 million pounds," writes Slashdot reader Bruce66423. The London Evening Standard reports: Meta paid the FTSE 250 developer 149 million pounds on Monday in order to break the lease on the building, 1 Triton Square. The tech firm, which also owns Instagram, let the space from 2021 following a refurbishment but never moved into the space. Meta has three open London sites including a neighbouring building in Regent's Place, near Warren Street in central London. Analysts at BNP Paribas Exane claimed Meta has another 18 years on its lease at the site. British Land said it will receive the one-off payment to end the lease but the agreement would also reduce its earnings per share by 0.6% over the six months to next March.

Read more of this story at Slashdot.

Categories: Computer, News

Google Podcasts Shutting Down In 2024 For YouTube Music

Slashdot - Wed, 2023-09-27 01:20
Google Podcasts is shutting down in 2024 after YouTube Music picks up full global availability of podcasts, which is expected before the end of 2023. As 9to5Google reports, YouTube Music "will be Google's one podcasting app and service going forward." From the report: The big advantage of Google Podcasts was its simplicity and wide availability on Android (through the Google Search app). A "simple migration tool" will move your existing subscriptions from Google Podcasts. Notably, there will be the ability in YouTube Music to add podcasts via RSS feeds, "including shows not currently hosted by YouTube." Google will also provide a non-YTM export option via "OPML file of their show subscriptions" that will work with other podcast players. On the podcaster front, YouTube will allow for RSS uploads instead of requiring a video version. The next step over the coming weeks and months will see Google "gather feedback to make the migration process from Google Podcasts to YouTube Music as simple and easy as possible." "For now, nothing is changing and fans will continue to have access to YouTube, YouTube Music and Google Podcasts," says YouTube. "We're committed to being transparent in communicating future changes with our users and podcasters and will have more to share about this process in the coming months."

Read more of this story at Slashdot.

Categories: Computer, News

GPUs From All Major Suppliers Are Vulnerable To New Pixel-Stealing Attack

Slashdot - Wed, 2023-09-27 00:40
An anonymous reader quotes a report from Ars Technica: GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper (PDF) published Tuesday. The cross-origin attack allows a malicious website from one domain -- say, example.com -- to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains. [...] GPU.zip works only when the malicious attacker website is loaded into Chrome or Edge. The reason: For the attack to work, the browser must: 1. allow cross-origin iframes to be loaded with cookies 2. allow rendering SVG filters on iframes and 3. delegate rendering tasks to the GPU For now, GPU.zip is more of a curiosity than a real threat, but that assumes that Web developers properly restrict sensitive pages from being embedded by cross-origin websites. End users who want to check if a page has such restrictions in place should look for the X-Frame-Options or Content-Security-Policy headers in the source. "This is impactful research on how hardware works," a Google representative said in a statement. "Widely adopted headers can prevent sites from being embedded, which prevents this attack, and sites using the default SameSite=Lax cookie behavior receive significant mitigation against personalized data being leaked. These protections, along with the difficulty and time required to exploit this behavior, significantly mitigate the threat to everyday users. We are in communication and are actively engaging with the reporting researchers. We are always looking to further improve protections for Chrome users." An Intel representative, meanwhile, said that the chipmaker has "assessed the researcher findings that were provided and determined the root cause is not in our GPUs but in third-party software." A Qualcomm representative said "the issue isn't in our threat model as it more directly affects the browser and can be resolved by the browser application if warranted, so no changes are currently planned." Apple, Nvidia, AMD, and ARM didn't comment on the findings. An informational write-up of the findings can be found here.

Read more of this story at Slashdot.

Categories: Computer, News

Chase UK To Ban Cryptocurrency Purchases Over Fraud Fears

Slashdot - Wed, 2023-09-27 00:00
An anonymous reader writes: Chase UK, JPMorgan's UK Bank, has told its customers that it will not carry out transactions related to crypto assets. The Financial Times writes: JPMorgan's UK bank will stop customers buying cryptocurrencies from next month to combat rising numbers of criminals using digital assets to target victims. The ban by Chase UK, which notified customers by email on Tuesday, marks a step up as British lenders try to stop their networks being used for scams and frauds. While several banks, including HSBC and NatWest, have set restrictions on their customers' purchases for crypto, outright bans are rare. Chase said its UK block, which will come into effect from October 16, had been informed by data showing the high rate of crypto scams and fraud in the UK, including fake investments and false celebrity endorsements.

Read more of this story at Slashdot.

Categories: Computer, News

Walmart To Roll Out New Prepaid Phone Service From Boost Founder

Slashdot - Tue, 2023-09-26 23:21
Walmart is expanding its offerings of prepaid phone plans with MobileX, a wireless service launched earlier this year by Boost cofounder Peter Adderton. Walmart will be MobileX's first and exclusive retail partner, the companies said in an announcement Tuesday. From a report: MobileX, which uses Verizon's network through a wholesale agreement, will be available on Walmart's website and in stores starting Tuesday, the companies said. It will offer unlimited pay-as-you go plans starting at $14.88 per month, and a lower-cost plan with customizable offerings starting at $4.08 a month. An artificial intelligence-powered guide that can anticipate a customer's data needs can customize plans tailored to their usage, the company said in a statement. [...] Walmart gives MobileX, which launched online in February, more visibility as a low-cost alternative to more expensive monthly plans from the big three wireless carriers. Still, cheap mobile services have had a difficult time dislodging people from more expensive plans. Many subscribers are locked into two and three-year phone payment plans and even those that could switch say the hassle is not worth the savings.

Read more of this story at Slashdot.

Categories: Computer, News

Windows 11's Next Big Update Now Available With Copilot, AI-powered Paint

Slashdot - Tue, 2023-09-26 22:40
Microsoft is releasing one of its biggest updates to Windows 11 today. It includes access to the new Windows Copilot, AI-powered updates to Paint, Snipping Tool, and Photos, RGB lighting support, a modernized File Explorer, and much more. From a report: Windows Copilot is the big new feature for this Windows 11 update, bringing the same Bing Chat feature straight to the Windows 11 desktop. It appears as a sidebar in Windows 11, allowing you to control settings on a PC, launch apps, or simply answer queries. Microsoft is integrating Copilot into many parts of Windows, too. Copilot will essentially exist as an AI-powered digital assistant, much like Microsoft's vision for Cortana. While Microsoft shut down the Cortana app inside Windows 11 last month, Copilot looks like it's very much Microsoft's big push into AI. Microsoft is also adding AI-powered features to Paint, Snipping Tool, and Windows 11's Photos app. Microsoft Paint is getting Photoshop-like features, with support for transparency and layers. [...] File Explorer is getting a more modern look with this Windows 11 update. The updated File Explorer UI includes a modern home interface with large file thumbnails and a carousel interface that can surface recent files and favorited ones. These changes make File Explorer blend in better with the overall Windows 11 design.

Read more of this story at Slashdot.

Categories: Computer, News

Microsoft is Trying To Lessen Its Addiction To OpenAI as AI Costs Soar

Slashdot - Tue, 2023-09-26 22:01
Microsoft's push to put artificial intelligence into its software has hinged almost entirely on OpenAI, the startup Microsoft funded in exchange for the right to use its cutting-edge technology. But as the costs of running advanced AI models rise, Microsoft researchers and product teams are working on a plan B. The Information: In recent weeks, Peter Lee, who oversees Microsoft's 1,500 researchers, directed many of them to develop conversational AI that may not perform as well as OpenAI's but that is smaller in size and costs far less to operate, according to a current employee and another person who recently left the company. Microsoft's product teams are already working on incorporating some of that Microsoft-made AI software, powered by large language models, in existing products, such as a chatbot within Bing search that is similar to OpenAI's ChatGPT, these people said. [...] Microsoft's research group doesn't have illusions about developing a large AI like GPT-4. The team doesn't have the same computing resources as OpenAI, nor does it have armies of human reviewers to give feedback about how well their LLMs answer questions so engineers can improve them. Undeniably, OpenAI and other developers -- including Google and Anthropic, which on Monday received $4 billion from Amazon Web Services -- are firmly ahead of Microsoft when it comes to developing advanced LLMs. But Microsoft may be able to compete in a race to build AI models that mimic the quality of OpenAI software at a fraction of the cost, as Microsoft showed in June with the release of one in-house model it calls Orca.

Read more of this story at Slashdot.

Categories: Computer, News

Pages