Comment Re:Access (Score 1) 102
For 20 years, plus or minus, personal computers reversed that idea.
VP.NET Publishes SGX Enclave Code: Zero-Trust Privacy You Can Actually Verify 12
VP.NET has released the source code for its Intel SGX enclave on GitHub, allowing anyone to build the enclave and verify its mrenclave hash matches what's running on the servers. This takes "don't trust, verify" from marketing to reality, making privacy claims testable all the way down to hardware-enforced execution.
A move like this could set a new benchmark for transparency in privacy tech.
A move like this could set a new benchmark for transparency in privacy tech.
Comment Re:Sold his stock (Score 5, Informative) 98
I gave all my Apple wealth away because wealth and power are not what I live for. I have a lot of fun and happiness. I funded a lot of important museums and arts groups in San Jose, the city of my birth, and they named a street after me for being good. I now speak publicly and have risen to the top. I have no idea how much I have but after speaking for 20 years it might be $10M plus a couple of homes. I never look for any type of tax dodge. I earn money from my labor and pay something like 55% combined tax on it. I am the happiest person ever. Life to me was never about accomplishment, but about Happiness, which is Smiles minus Frowns. I developed these philosophies when I was 18-20 years old and I never sold out.
McDonald's AI Hiring Bot Exposed Millions of Applicants' Data To Hackers 25
An anonymous reader quotes a report from Wired: If you want a job at McDonald's today, there's a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and resume, directs them to a personality test, and occasionally makes them "go insane" by repeatedly misunderstanding their most basic questions. Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants -- including all the personal information they shared in those conversations -- with tricks as straightforward as guessing the username and password "123456."
On Wednesday, security researchers Ian Carroll and Sam Curryrevealedthat they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with along track record of independent security testing, discovered that simple web-based vulnerabilities -- including guessing one laughably weak password -- allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.
Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. "I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more," says Carroll. "So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years." Paradox.ai confirmed the security findings, acknowledging that only a small portion of the accessed records contained personal data. The company stated that the weak-password account ("123456") was only accessed by the researchers and no one else. To prevent future issues, Paradox is launching a bug bounty program. "We do not take this matter lightly, even though it was resolved swiftly and effectively," Paradox.ai's chief legal officer, Stephanie King, told WIRED in an interview. "We own this."
In a statement to WIRED, McDonald's agreed that Paradox.ai was to blame. "We're disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us," the statement reads. "We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection."
On Wednesday, security researchers Ian Carroll and Sam Curryrevealedthat they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with along track record of independent security testing, discovered that simple web-based vulnerabilities -- including guessing one laughably weak password -- allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.
Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. "I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more," says Carroll. "So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years." Paradox.ai confirmed the security findings, acknowledging that only a small portion of the accessed records contained personal data. The company stated that the weak-password account ("123456") was only accessed by the researchers and no one else. To prevent future issues, Paradox is launching a bug bounty program. "We do not take this matter lightly, even though it was resolved swiftly and effectively," Paradox.ai's chief legal officer, Stephanie King, told WIRED in an interview. "We own this."
In a statement to WIRED, McDonald's agreed that Paradox.ai was to blame. "We're disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us," the statement reads. "We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection."
VP.net Promises "Cryptographically Verifiable Privacy" (torrentfreak.com) 36
TorrentFreak spotlights VP.net, a brand-new service from Private Internet Access founder Andrew Lee (the guy who gifted Linux Journal to Slashdot) that eliminates the classic "just trust your VPN" problem by locking identity-mapping and traffic-handling inside Intel SGX enclaves.
The company promises 'cryptographically verifiable privacy' by using special hardware 'safes' (Intel SGX), so even the provider can't track what its users are up to.
The design goal is that no one, not even the VPN company, can link "User X" to "Website Y."
Lee frames it as enabling agency over one's privacy:
"Our zero trust solution does not require you to trust us - and that's how it should be. Your privacy should be up to your choice - not up to some random VPN provider in some random foreign country."
The team behind VP.net includes CEO Matt Kim as well as arguably the first Bitcoin veterans Roger Ver and Mark Karpeles.
Ask Slashdot: Now that there's a VPN where you don't have to "just trust the provider" - arguably the first real zero-trust VPN - are trust based VPNs obsolete?
The design goal is that no one, not even the VPN company, can link "User X" to "Website Y."
Lee frames it as enabling agency over one's privacy:
"Our zero trust solution does not require you to trust us - and that's how it should be. Your privacy should be up to your choice - not up to some random VPN provider in some random foreign country."
The team behind VP.net includes CEO Matt Kim as well as arguably the first Bitcoin veterans Roger Ver and Mark Karpeles.
Ask Slashdot: Now that there's a VPN where you don't have to "just trust the provider" - arguably the first real zero-trust VPN - are trust based VPNs obsolete?
Intel Wins Jury Trial Over Patent Licenses In $3 Billion VLSI Fight (reuters.com) 22
A Texas jury ruled that Intel may hold a license to patents owned by VLSI Technology through its agreement with Finjan Inc., both controlled by Fortress Investment Group -- potentially nullifying over $3 billion in previous patent infringement verdicts against Intel. Reuters reports: VLSI has sued Intel in multiple U.S. courts for allegedly infringing several patents covering semiconductor technology. A jury in Waco, Texas awarded VLSI $2.18 billion in their first trial in 2021, which a U.S. appeals court has since overturned and sent back for new proceedings.
An Austin, Texas jury determined that VLSI was entitled to nearly $949 million from Intel in a separate patent infringement trial in 2022. Intel has argued in that case that the verdicts should be thrown out based on a 2012 agreement that gave it a license to patents owned by Finjan and other companies "under common control" with it. U.S. District Judge Alan Albright held the latest jury trial in Austin to determine whether Finjan and VLSI were under the "common control" of Fortress. VLSI said it was not subject to the Finjan agreement, and that the company did not even exist until four years after it was signed.
An Austin, Texas jury determined that VLSI was entitled to nearly $949 million from Intel in a separate patent infringement trial in 2022. Intel has argued in that case that the verdicts should be thrown out based on a 2012 agreement that gave it a license to patents owned by Finjan and other companies "under common control" with it. U.S. District Judge Alan Albright held the latest jury trial in Austin to determine whether Finjan and VLSI were under the "common control" of Fortress. VLSI said it was not subject to the Finjan agreement, and that the company did not even exist until four years after it was signed.
Comment Get Rid of Added Sugar... (Score 2) 181
About 70% of the food in a US grocery store, and pretty much all food at restaurants, has added sugar (even *salt* has added sugar these days as an "anti-caking" agent...) Stop adding sugar to everything...
Comment Re:Yes, duh. (Score 1) 73
Apple has tried for years to make more from services income, but aside from the App Store, they haven't done very well. And the App Store is heavily tied to their hardware, which leads back to the original issue.
So Apple's services income for the last quarter was $26.6B. For FY2024 they brought in basically $100B for services alone, which would be enough to put them in the top 40 US companies - not struggling and certainly past trying to "make money" from services. Overall Apple (hardware + services) is #3 behind Walmart and Amazon with $383.4B in revenue for FY2024...
Comment Chrome == Internet Explorer... (Score 1) 180
I would be all for this except that I regularly get web apps that either only work with Chrome (for no good reason) or perform very badly on alternative browsers. Chrome is the new Internet Explorer and we don't want people writing web apps for Chrome, we want them writing web apps to standards that all of the browsers support.
These days you can develop a web site that renders correctly on dozens of different web browsers and you can write complex web applications that run on those same browsers. Let's not prop Google up as the "savior of the Internet"...
Comment Re:Obligatory XKCD (Score 1) 136
You did read the title, right? The one that said "China launches HDMI and DisplayPort alternative — GPMI boasts up to 192 Gbps bandwidth, 480W power delivery"? That's a tad more than 120Gbps.
The Slashdot story only says 240W and 96Gbps, and the title says nothing. I didn’t bother reading TFA because honestly I could care less about 8k.
Comment Re:Obligatory XKCD (Score 2) 136
Thunderbolt 5 is already shipping, supports 120Gbps (more than 96), and supports 8k video...
AI Crawlers Haven't Learned To Play Nice With Websites (theregister.com) 57
SourceHut, an open-source-friendly git-hosting service, says web crawlers for AI companies are slowing down services through their excessive demands for data. From a report: "SourceHut continues to face disruptions due to aggressive LLM crawlers," the biz reported Monday on its status page. "We are continuously working to deploy mitigations. We have deployed a number of mitigations which are keeping the problem contained for now. However, some of our mitigations may impact end-users."
SourceHut said it had deployed Nepenthes, a tar pit to catch web crawlers that scrape data primarily for training large language models, and noted that doing so might degrade access to some web pages for users. "We have unilaterally blocked several cloud providers, including GCP [Google Cloud] and [Microsoft] Azure, for the high volumes of bot traffic originating from their networks," the biz said, advising administrators of services that integrate with SourceHut to get in touch to arrange an exception to the blocking.
SourceHut said it had deployed Nepenthes, a tar pit to catch web crawlers that scrape data primarily for training large language models, and noted that doing so might degrade access to some web pages for users. "We have unilaterally blocked several cloud providers, including GCP [Google Cloud] and [Microsoft] Azure, for the high volumes of bot traffic originating from their networks," the biz said, advising administrators of services that integrate with SourceHut to get in touch to arrange an exception to the blocking.
After Meta Blocks Whistleblower's Book Promotion, It Becomes an Amazon Bestseller (thetimes.com) 39
After Meta convinced an arbitrator to temporarily prevent a whistleblower from promoting their book about the company (titled: Careless People), the book climbed to the top of Amazon's best-seller list. And the book's publisher Macmillan released a defiant statement that "The arbitration order has no impact on Macmillan... We will absolutely continue to support and promote it." (They added that they were "appalled by Meta's tactics to silence our author through the use of a non-disparagement clause in a severance agreement.")
Saturday the controversy was even covered by Rolling Stone: [Whistleblower Sarah] Wynn-Williams is a diplomat, policy expert, and international lawyer, with previous roles including serving as the Chief Negotiator for the United Nations on biosafety liability, according to her bio on the World Economic Forum...
Since the book's announcement, Meta has forcefully responded to the book's allegations in a statement... "Eight years ago, Sarah Wynn-Williams was fired for poor performance and toxic behavior, and an investigation at the time determined she made misleading and unfounded allegations of harassment. Since then, she has been paid by anti-Facebook activists and this is simply a continuation of that work. Whistleblower status protects communications to the government, not disgruntled activists trying to sell books."
But the negative coverage continues, with the Observer Sunday highlighting it as their Book of the Week. "This account of working life at Mark Zuckerberg's tech giant organisation describes a 'diabolical cult' able to swing elections and profit at the expense of the world's vulnerable..."
Though ironically Wynn-Williams started their career with optimism about Facebook's role in the app internet.org. . "Upon witnessing how the nascent Facebook kept Kiwis connected in the aftermath of the 2011 Christchurch earthquake, she believed that Mark Zuckerberg's company could make a difference — but in a good way — to social bonds, and that she could be part of that utopian project...
What internet.org involves for countries that adopt it is a Facebook-controlled monopoly of access to the internet, whereby to get online at all you have to log in to a Facebook account. When the scales fall from Wynn-Williams's eyes she realises there is nothing morally worthwhile in Zuckerberg's initiative, nothing empowering to the most deprived of global citizens, but rather his tool involves "delivering a crap version of the internet to two-thirds of the world". But Facebook's impact in the developing world proves worse than crap. In Myanmar, as Wynn-Williams recounts at the end of the book, Facebook facilitated the military junta to post hate speech, thereby fomenting sexual violence and attempted genocide of the country's Muslim minority. "Myanmar," she writes with a lapsed believer's rue, "would have been a better place if Facebook had not arrived." And what is true of Myanmar, you can't help but reflect, applies globally...
"Myanmar is where Wynn-Williams thinks the 'carelessness' of Facebook is most egregious," writes the Sunday Times: In 2018, UN human rights experts said Facebook had helped spread hate speech against Rohingya Muslims, about 25,000 of whom were slaughtered by the Burmese military and nationalists. Facebook is so ubiquitous in Myanmar, Wynn-Williams points out, that people think it is the entire internet. "It's no surprise that the worst outcome happened in the place that had the most extreme take-up of Facebook." Meta admits it was "too slow to act" on abuse in its Myanmar services....
After Wynn-Williams left Facebook, she worked on an international AI initiative, and says she wants the world to learn from the mistakes we made with social media, so that we fare better in the next technological revolution. "AI is being integrated into weapons," she explains. "We can't just blindly wander into this next era. You think social media has turned out with some issues? This is on another level."
Saturday the controversy was even covered by Rolling Stone: [Whistleblower Sarah] Wynn-Williams is a diplomat, policy expert, and international lawyer, with previous roles including serving as the Chief Negotiator for the United Nations on biosafety liability, according to her bio on the World Economic Forum...
Since the book's announcement, Meta has forcefully responded to the book's allegations in a statement... "Eight years ago, Sarah Wynn-Williams was fired for poor performance and toxic behavior, and an investigation at the time determined she made misleading and unfounded allegations of harassment. Since then, she has been paid by anti-Facebook activists and this is simply a continuation of that work. Whistleblower status protects communications to the government, not disgruntled activists trying to sell books."
But the negative coverage continues, with the Observer Sunday highlighting it as their Book of the Week. "This account of working life at Mark Zuckerberg's tech giant organisation describes a 'diabolical cult' able to swing elections and profit at the expense of the world's vulnerable..."
Though ironically Wynn-Williams started their career with optimism about Facebook's role in the app internet.org. . "Upon witnessing how the nascent Facebook kept Kiwis connected in the aftermath of the 2011 Christchurch earthquake, she believed that Mark Zuckerberg's company could make a difference — but in a good way — to social bonds, and that she could be part of that utopian project...
What internet.org involves for countries that adopt it is a Facebook-controlled monopoly of access to the internet, whereby to get online at all you have to log in to a Facebook account. When the scales fall from Wynn-Williams's eyes she realises there is nothing morally worthwhile in Zuckerberg's initiative, nothing empowering to the most deprived of global citizens, but rather his tool involves "delivering a crap version of the internet to two-thirds of the world". But Facebook's impact in the developing world proves worse than crap. In Myanmar, as Wynn-Williams recounts at the end of the book, Facebook facilitated the military junta to post hate speech, thereby fomenting sexual violence and attempted genocide of the country's Muslim minority. "Myanmar," she writes with a lapsed believer's rue, "would have been a better place if Facebook had not arrived." And what is true of Myanmar, you can't help but reflect, applies globally...
"Myanmar is where Wynn-Williams thinks the 'carelessness' of Facebook is most egregious," writes the Sunday Times: In 2018, UN human rights experts said Facebook had helped spread hate speech against Rohingya Muslims, about 25,000 of whom were slaughtered by the Burmese military and nationalists. Facebook is so ubiquitous in Myanmar, Wynn-Williams points out, that people think it is the entire internet. "It's no surprise that the worst outcome happened in the place that had the most extreme take-up of Facebook." Meta admits it was "too slow to act" on abuse in its Myanmar services....
After Wynn-Williams left Facebook, she worked on an international AI initiative, and says she wants the world to learn from the mistakes we made with social media, so that we fare better in the next technological revolution. "AI is being integrated into weapons," she explains. "We can't just blindly wander into this next era. You think social media has turned out with some issues? This is on another level."
Comment Re:That library file limit (Score 1) 7
Nope. That's why I changed all my players to BlueOS.
Microsoft Admits GitHub Hosted Malware That Infected Almost a Million Devices (theregister.com) 17
Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves. From a report: Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms. "These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub" according to Microsoft's threat research team.
GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths. Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."
GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths. Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."
Slashdot Top Deals
Practical people would be more practical if they would take a little more time for dreaming. -- J. P. McEvoy
