Join our Folding@Home team:
Main F@H site
Our team page
Support us: Subscribe Here
and buy SoylentNews Swag
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
31 million records containing email addresses and password hashes exposed:
Archive.org, possibly one of the only entities to preserve the entire history of the Internet, was recently compromised in a hack that revealed data of roughly 31 million users.
A little after 2 PM California time, social media blew up with screenshots showing what the archive.org homepage displayed.
It read:
archive.org
Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!
HIBP is short for Have I been Pwned, the authoritative site for breach notifications that help people protect their accounts after they've been compromised.
The message didn't last long. Soon after it appeared, archive.org, when it loaded at all, displayed a message saying the site was temporarily down. Later, the site returned. Archive.org's Brewster Kahle said on on a social media site that the archive had come under a DDoS attack.
Now, Have I Been Pwnd is reporting that archive.org was hacked. HIBP said the compromise occurred last month and exposed 31 million records containing email addresses, screen names, and bcrypt-hashed passwords.
See also: Internet Archive Breach Exposes 31 Million Users
There are open source projects and companies looking to help:
Earlier this month, the Italian energy company Enel X announced an abrupt withdrawal from the North American market. For its residential customers—owners of the popular Juicebox level 2 home chargers—the physical hardware will continue to work, but from tomorrow Enel X will have ended all software support, including updates and its apps. But Enel X also had commercial clients, and they're even more out of luck—from tomorrow those stations "will lose functionality in the absence of software continuity," Enel X says.
For Juicebox customers, the loss of Enel X's servers and apps isn't great—they will lose the ability to remotely manage the charger, or schedule charging sessions from it. But most electric vehicles—both battery EVs and plug-in hybrid EVs—have their own built-in software to schedule charging sessions, and to hear some owners tell it, Enel X's software was a poor substitute for the original Juicebox software written by eMotorworks, which was bought by Enel X in 2017.
[...] Meanwhile, a number of companies and open source projects are working on offering third-party support for Juiceboxes. Unfortunately, only newer Juiceboxes support the open charge point protocol; older devices may need to be physically modified, perhaps with open source hardware.
As might be expected, lots of charging solution providers are interested in helping Enel X's stranded commercial customers become their newest happy, smiling customers. But it's going to be up to those stranded by Enel X to find a new company and platform to work with.
In some cases that might mean migrating existing hardware over, but as SAE notes, Enel X has done little to make that migration simple. And many businesses may find what were functioning level 2 chargers today are just beige-colored bricks tomorrow. For example, with Enel X gone, there are no contracts in place for the SIM cards embedded in each charger that provide the connectivity those devices expect.
"When that goes dead, the only way you can really get those chargers going again is you physically send someone out there, or you ask the person on the property to take out the SIM card, replace it," said Joseph Schottland, CEO of EV+ Charging. "It's a big ask, because they've got to get the screwdriver out, take the back of the charger off... They've got to know where to look."
Who holds the copyright? Man, Machine or Software? Appeal in progress. Allen claim is that it took him over 100h of prompt-engineering to get the image just right.
Jason Allen—a synthetic media artist whose Midjourney-generated work "Théâtre D'opéra Spatial" went viral and incited backlash after winning a state fair art competition—is not giving up his fight with the US Copyright Office.
Last fall, the Copyright Office refused to register Allen's work, claiming that almost the entire work was AI-generated and insisting that copyright registration requires more human authorship than simply plugging a prompt into Midjourney.
Allen is now appealing that decision, asking for judicial review and alleging that "the negative media attention surrounding the Work may have influenced the Copyright Office Examiner's perception and judgment." He claims that the Examiner was biased and considered "improper factors" such as the public backlash when concluding that he had "no control over how the artificial intelligence tool analyzed, interpreted, or responded to these prompts."
https://ideas.lego.com/projects/10a3239f-4562-4d23-ba8e-f4fc94eef5c7
A working Turing Machine was submitted to Lego Ideas, consisting of approximately 2,900 parts and a bucketload of extreme cleverness. The Lego builder first came across the concept a few years ago and, despite it being an abstract model, decided to attempt making one out of the plastic components of Lego Technic.
Talking to El Reg, the submitter "The Bananaman" stated: "My first few ideas [on] how to do this would be very big and inefficient if they were ever [to be] built, but I usually stopped developing them very early. The first one that could possibly work was three years ago and I built a part of the tape with the symbol reader and a very bad unfinished prototype of the 'truth table' that would use a 32-speed gearbox instead of the 'searching' mechanism. Later I realized that the 'truth table' can be made way more easily (it was my fourth idea on how to build the table and it still had a dozen revisions later on), and I came up with using the registers which made everything easier. I started building the prototype last vacation, then took a break and I've finished it this vacation."
There was also the challenge of fitting into the limits imposed by Lego Ideas. At the time of submission, this was 3,000 parts, and The Bananaman's contraption finally managed to come in at around 2,900. The limit has since been raised to 5,000 parts. Should it get to 10,000 supporters on the Lego Ideas site, it will go into Expert Review, where Lego's professionals will decide if it should be approved for production. The evaluation will depend on a range of criteria, including feasibility and strength of idea.
Governor Gavin Newsom over the weekend signed into law a bill amending the California Consumer Privacy Act, the state's spin on the GDPR in Europe, to classify "neural data" as protected personal information along the lines of precise geolocation, genetics and biometrics.
Neurorights Foundation medical director Sean Pauzauskie called the Califoria law "an enormous victory" for patients suffering from mental health disorders as well as for consumers simply looking to enhance their lives with new technologies.
The NGO co-sponsored the bill with a state senator.
"The essential privacy guardrails it ensures should only boost confidence in all varieties of these revolutionary neurotechnologies, the great majority which are based in California," Pauzauskie said in a release.
California is the second state to extend data protections to brainwaves, on the heels of Colorado putting in place a law requiring privacy safeguards along the lines of what is done for fingerprints.
The California law sends "a clear signal to the fast-growing neurotechnology industry" to protect people's mental privacy, NeuroRights Foundation general counsel Jared Genser said in a release.
Protections under the California law include the right to know what brain data is being collected, limit its disclosure, and to be able to opt-out or have it deleted.
The law applies to devices capable of recording or altering nervous system activity, whether they be implanted or worn, the NGO said.
The potential for devices to tap into how people feel or think has raised concerns they could be used to manipulate feelings or thoughts.
"In the coming years, the sensitivity of neural data will increase alongside surging investments...resulting in increased resolution of brain scans and larger datasets of brain data being collected," the NGO predicted.
"Meanwhile generative artificial intelligence will continue accelerating the ability to accurately decode these scans."
The companies behind the streaming industry, including smart TV and streaming stick manufacturers and streaming service providers, have developed a "surveillance system" that has "long undermined privacy and consumer protection," according to a report from the Center for Digital Democracy (CDD) published today and sent to the Federal Trade Commission (FTC). Unprecedented tracking techniques aimed at pleasing advertisers have resulted in connected TVs (CTVs) being a "privacy nightmare," according to Jeffrey Chester, report co-author and CDD executive director, resulting in calls for stronger regulation.
The 48-page report, How TV Watches Us: Commercial Surveillance in the Streaming Era [PDF], cites Ars Technica, other news publications, trade publications, blog posts, and statements from big players in streaming—from Amazon to NBCUniversal and Tubi, to LG, Samsung, and Vizio. It provides a detailed overview of the various ways that streaming services and streaming hardware target viewers in newfound ways that the CDD argues pose severe privacy risks. The nonprofit composed the report as part of efforts to encourage regulation. Today, the CDD sent letters to the FTC [PDF], Federal Communications Commission (FCC), California attorney general [PDF], and California Privacy Protection Agency (CPPA) [PDF], regarding its concerns.
[...] The report notes "misleading" privacy policies that have minimal information on data collection and tracking methods and the use of marketing tactics like cookie-less IDs and identity graphs that make promises of not collecting or sharing personal information "meaningless."
Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent:
Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy-Preserving Attribution (PPA) without explicitly seeking users' consent.
"Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said. "In essence, the browser is now controlling the tracking, rather than individual websites."
Noyb also called out Mozilla for allegedly taking a leaf out of Google's playbook by "secretly" enabling the feature by default without informing users.
PPA, which is currently enabled in Firefox version 128 as an experimental feature, has its parallels in Google's Privacy Sandbox project in Chrome.
The initiative, now abandoned by Google, sought to replace third-party tracking cookies with a set of APIs baked into the web browser that advertisers can talk to in order to determine users' interests and serve targeted ads.
Put differently, the web browser acts as a middleman that stores information about the different categories that users can be slotted into based on their internet browsing patterns.
PPA, per Mozilla, is a way for sites to "understand how their ads perform without collecting data about individual people," describing it as a "non-invasive alternative to cross-site tracking."
It's also similar to Apple's Privacy Preserving Ad Click Attribution, which allows advertisers to measure the effectiveness of their ad campaigns on the web without compromising on user privacy.
The way PPA works is as follows: Websites that serve ads can ask Firefox to remember the ads in the form of an impression that includes details about the ads themselves, such as the destination website.
If a Firefox user ends up visiting the destination website and performs an action that's deemed valuable by the business – e.g., making an online purchase by clicking on the ad, also called "conversion" – that website can prompt the browser to generate a report.
The generated report is encrypted and submitted anonymously using the Distributed Aggregation Protocol (DAP) to an "aggregation service," after which the results are combined with other similar reports to create a summary such that it makes it impossible to learn too much about any individual.
This, in turn, is made possible by a mathematical framework called differential privacy that enables the sharing of aggregate information about users in a privacy-preserving manner by adding random noise to the results to prevent re-identification attacks.
"PPA is enabled in Firefox starting in version 128," Mozilla notes in a support document. "A small number of sites are going to test this and provide feedback to inform our standardization plans, and help us understand if this is likely to gain traction."
"PPA does not involve sending information about your browsing activities to anyone. Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising."
It's this aspect that noyb has found fault with, as it's in violation of the European Union's (E.U.) stringent data protection regulations by enabling PPA by default without seeking users' permissions.
"While this may be less invasive than unlimited tracking, which is still the norm in the US, it still interferes with user rights under the E.U.'s GDPR," the advocacy group said. "In reality, this tracking option doesn't replace cookies either, but is simply an alternative - additional - way for websites to target advertising."
It further noted that a Mozilla developer justified the move by claiming that users cannot make an informed decision and that "explaining a system like PPA would be a difficult task."
"It's a shame that an organization like Mozilla believes that users are too dumb to say yes or no," Felix Mikolasch, data protection lawyer at noyb, said. "Users should be able to make a choice and the feature should have been turned off by default."
Getting into arguments with strangers online or family members at the dinner table can feel a bit like debating with a brick wall. We are probably all guilty of feeling like we are right, even if we don't have all the facts. According to a recent psychology study, people tend to assume that they have all of the information that they need to make a decision or support their position–even if they don't. This phenomenon dubbed the "illusion of information adequacy" is detailed in a study published October 9 in the journal PLoS ONE.
"Interpersonal conflict is on the rise, driving increases in anger, anxiety, and general stress," Angus Fletcher, a study co-author and narrative theorist and neurophysiologist at the Ohio State University, tells Popular Science. "We wanted to look into those misunderstandings and see if they could be mitigated."
The team calls this belief that we are correct–even when we don't have all of the information–the illusion of adequacy.
Fletcher describes the illusion of adequacy as, "The less that our brain knows, the more confident it is that it knows all it needs to know. This makes us prone to thinking that we have all the crucial facts about a decision, leaping to confident conclusions and decisive judgments, when we are missing necessary information."
Source: Popular Science
Citation: Gehlbach H, Robinson CD, Fletcher A (2024) The illusion of information adequacy. PLoS ONE 19(10): e0310216. https://doi.org/10.1371/journal.pone.0310216
Journal Reference: The illusion of information adequacy
https://www.da.vidbuchanan.co.uk/blog/dram-emfi.html#can-you-get-root-with-only-a-cigarette-lighter
Before you can write an exploit, you need a bug. When there are no bugs, we have to get creative—that's where Fault Injection comes in. Fault injection can take many forms, including software-controlled data corruption, power glitching, clock glitching, electromagnetic pulses, lasers, and more.
Hardware fault injection is something that typically requires specialized (and expensive) equipment. The costs stem from requiring a high degree of precision in terms of both when and where the fault is injected. There are many valiant attempts at bringing down the costs, with notable projects ranging from the RP2040-based PicoEMP, all the way to "Laser Fault Injection for The Masses". (The RP2040 crops up a lot due to its low cost combined with the "PIO" peripheral, which can do I/O with tight timings and latency)
A while back I read about using a piezo-electric BBQ Igniter coupled to an inductor as a low-budget tool for electro-magnetic fault injection (EMFI), and I was captivated. I wondered, how far can you take such a primitive tool? At the time, the best thing I could come up with was exploiting a software implementation of AES running on an Arduino, using DFA—it worked!
But I wasn't fully satisfied. I wanted to exploit something more "real," but I was out of ideas for the time being....
Amazon plans to show more ads on Prime Video in 2025 to test how much viewers can handle. Even though some subscribers may not like ads, Amazon has not seen a big drop in customers since adding them. By adding more commercials and shoppable ads, Amazon is trying to see how much ads people will tolerate while watching their favorite shows.
Amazon will "ramp up" Prime Video ads in 2025: https://arstechnica.com/gadgets/2024/10/amazon-prime-video-is-getting-more-ads-next-year/
Our resident anonymous Anonymous Coward has offered the following story with which to start your weekend:
Motor Trend tells this quirky story about the Facebook boss, https://www.motortrend.com/news/mark-zuckerberg-porsche-cayenne-minivan-custom/
"Pricilla wanted a minivan, so I've been designing something I'm pretty sure should exist: a Porsche Cayenne Turbo GT Minivan."
I'm pretty sure that this unholy combination should _not_ exist! Motor Trend seems to concur,
As for the conversion, it looks fairly well-executed, though it does make the Cayenne look somewhat like a sea mammal with wheels. It's weird, but we don't hate it. It's unclear how long it took West Coast Customs to do the conversion or how much it cost, though we assume the answer is "a long time" and "expensive."
It's bad enough that Porsche took a turn to the ordinary when they started making SUVs, as a cash grab to suppliment their traditional expertise in sports and racing cars. But a minivan is a step too far...
Starting a new car company isn't easy—just ask Henrik Fisker, whose second bite at that particular cherry ended the same way as his first when it filed for bankruptcy this July. At the time, Fisker said it wanted to try to "preserve certain customer programs," but Ars wondered what this actually meant, particularly now that electric vehicles are so dependent on software support and cloud connectivity. Now, thanks to a recent court filing spotted by TechCrunch, we know the answer: nothing good.
Car publications were already warning consumers to steer clear of the Ocean as early as this March, despite massive price cuts that saw these electric SUVs being offered for less than $25,000. A New York-based company called American Lease was less deterred by this warning and in June agreed to purchase the remaining Fisker inventory—approximately 3,300 cars for a total of $46.3 million dollars. By October, American Lease had paid Fisker $42.5 million and had taken delivery of about 1,100 Oceans.
That was the plan until the end of last week, at least. Last Friday evening, Fisker informed American Lease that the Oceans "cannot, as a technical matter, be 'ported' from the Fisker server to which the vehicles are currently linked to a distinct server owned and/or controlled by" American Lease.
[...] American Lease says it "cannot overstate the significance of this unwelcome news," particularly since it had already paid Fisker the vast majority of the agreed price. American Lease is also more than a little unhappy that the news was delivered a few days before a court hearing scheduled for today and says it's unclear how long Fisker has known that its cars cannot be ported to a new server.
The Royal Swedish Academy of Sciences has decided to award the Nobel Prize in Physics 2024 to
John J. Hopfield
Princeton University, NJ, USAGeoffrey E. Hinton
University of Toronto, Canada"for foundational discoveries and inventions that enable machine learning with artificial neural networks"
John Hopfield invented a network that uses a method for saving and recreating patterns. We can imagine the nodes as pixels. The Hopfield network utilises physics that describes a material's characteristics due to its atomic spin – a property that makes each atom a tiny magnet. The network as a whole is described in a manner equivalent to the energy in the spin system found in physics, and is trained by finding values for the connections between the nodes so that the saved images have low energy. When the Hopfield network is fed a distorted or incomplete image, it methodically works through the nodes and updates their values so the network's energy falls. The network thus works stepwise to find the saved image that is most like the imperfect one it was fed with.
Geoffrey Hinton used the Hopfield network as the foundation for a new network that uses a different method: the Boltzmann machine. This can learn to recognise characteristic elements in a given type of data. Hinton used tools from statistical physics, the science of systems built from many similar components. The machine is trained by feeding it examples that are very likely to arise when the machine is run. The Boltzmann machine can be used to classify images or create new examples of the type of pattern on which it was trained. Hinton has built upon this work, helping initiate the current explosive development of machine learning.
https://www.nobelprize.org/prizes/physics/2024/press-release/
https://en.wikipedia.org/wiki/John_Hopfield
https://sv.wikipedia.org/wiki/Geoffrey_Hinton
Months ago, 13-year-old Willis "Blue Scuti" Gibson became the first person to "beat" NES Tetris, crashing the game after a 1,511-line, 157-level performance. Over the weekend, 16-year-old Michael "dogplayingtetris" Artiaga became the first to reach an even more impressive plateau in the game, looping past Level 255 and instantly rolling the game all the way back to the ultra-slow Level 0.
It took Artiaga a bit over 80 minutes and a full 3,300 cleared lines to finally achieve the game's first near-mythical "rebirth" live in front of hundreds of Twitch viewers.
[...]
Artiaga's record does come with a small asterisk since he used a version of the game that was modified to avoid the crashes that stopped Blue Scuti's historic run.
[...]
NES Tetris was never designed for play past Level 29, though, which means unintended glitches start to get in the way of any truly endless Tetris sessions. At Level 138, a memory overflow error causes the Tetris pieces to show up in some increasingly funky colors, including palettes that are incredibly hard to make out at Levels 146 and 148.
[...]
Even with a modified game, though, Artiaga faced another massive mountain of a glitch before he could achieve rebirth: Level 235. While the Tetris Level counter usually cycles every 10 lines, vagaries of the game's binary-coded decimal line counter cause the level count to get stuck on 235 for a whopping 810 lines. To make matters worse, the Level 235 glitched color palette is a dull green that is hard to see against the game's black background, making the level a true test of endurance.
[...]
Artiaga—who started playing high-level Tetris competitively at the age of 10 in 2019—has won the Classic Tetris World Championship two times, in addition to setting multiple records in the game and dominating many smaller tournaments. Despite all that, he said during his stream that "this is the best thing I've ever done in Tetris, bro."
[...]
"Oh my god, I'm so glad that game is over, bro," Artiaga said on stream. "I never want to play this game again, bro... I was starting to lose my mind."Now that the Tetris rebirth has been proven humanly possible (with crash-avoidance mods, at least), the community will no doubt move on to see who, if anyone, can complete a double rebirth in a single uninterrupted Tetris session.
[...]
One thing's for sure: The classic Tetris scene has certainly come a long way since the days of the Level 29 "kill screen."
Side Note: Tetris is now over 40 years old.
Previously on SoylentNews:
Tetris -- A Cognitive Vaccine - 20240927
Hackers Discover How to Reprogram NES Tetris From Within the Game - 20240512
NES Tetris Beaten - 20240106
Hackers' Delight: a History of MIT Pranks and Hacks - 20231124
Tetris' Creators Reveal the Game's Greatest Unsolved Mysteries - 20230428
Happy 30th Birthday Tetris! - 20140608
Think the recent kerfluffle over deepfakes is something new? Guess again.
Concern about deceptively edited photos feels like a very modern anxiety, yet a century ago similar worries were being litigated...
Portrait photography gave rise to an industry of photo 'retouching' – analog 'beauty filters' – to flatter subjects in a way portrait painters once did. This trend lead to questions about technology distorting our perceptions of beauty, reality and truth:
Other commercial applications of photo retouching emerged: in 1911 tourists visiting Washington D.C. could acquire fake photographs of themselves posing with then President of the United States William Taft. This troubled Government officials. Upon discovering the practice in 1911, a United States Attorney ordered it stopped.
The following year a fugitive - wanted for people trafficking - was found in possession of a fake photo posing with President Taft, it was reported he'd used it to buy the trust of his victims:
That this seemingly benign practice had been weaponized prompted some to demand it be regulated against abuse. The justice department prepared a law, that was introduced by then Senator Henry Cabot Lodge - who'd similarly been troubled after reportedly finding a photograph of himself with someone he'd never met.
Now I have to wonder if Grandpa really did befriend a bigfoot.