The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm, seizing computer equipment, mobile phones, and roughly 150,000 SIM cards of multiple mobile operators. BleepingComputer reports: The bots were used to push Russian propaganda justifying Russia's war in Ukraine, to disseminate illegal content and personal information, and in various other fraudulent activities. In a joint operation, the cyber police and units of the Ukrainian National Police executed 21 search operations in Vinnytsia, Zaporizhzhia, and Lvivand.

"The cyber police established that the attackers used special equipment and software to register thousands of bot accounts in various social networks and subsequently launch advertisements that violated the norms and legislation of Ukraine," a cyber police press release reads [machine translation]. "In addition to spreading hostile propaganda, the accounts were also used for unauthorized distribution of personal data of Ukrainian citizens on the Internet, in Internet fraud schemes, and for sending known false messages about threats to citizens' safety, destruction or damage to property." Cyber police in Ukraine have busted several pro-Russian bot farms in the last year, including one last month called "Botoferma" and another one late last year that was working for the Russian secret services. Ukraine also traced a Russian propaganda operation to a bot farm that was secretly operating in the country's own capital of Kyiv last August. "The farm operated more than 1 million bot accounts, which helped the propaganda operation build an audience of over 400,000 users on social media," reports PCMag.

Researchers have warned that leaked information from a ransomware attack on hardware-maker Gigabyte two years ago may contain critical zero-day vulnerabilities that pose a significant risk to the computing world. The vulnerabilities were found in firmware made by AMI for BMCs (baseboard management controllers), which are small computers integrated into server motherboards allowing remote management of multiple computers. These vulnerabilities, which can be exploited by local or remote attackers with access to Redfish remote management interfaces, could lead to unauthorized access, remote code execution, and potential physical damage to servers. Ars Technica reports: Until the vulnerabilities are patched using an update AMI published on Thursday, they provide a means for malicious hackers -- both financially motivated or nation-state sponsored -- to gain superuser status inside some of the most sensitive cloud environments in the world. From there, the attackers could install ransomware and espionage malware that runs at some of the lowest levels inside infected machines. Successful attackers could also cause physical damage to servers or indefinite reboot loops that a victim organization can't interrupt. Eclypsium warned such events could lead to "lights out forever" scenarios.

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, there's nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't. The researchers privately notified AMI of the vulnerabilities, and the company created firmware patches, which are available to customers through a restricted support page. AMI has also published an advisory here.

According to NBC News, New York City is using surveillance software with artificial intelligence to track people evading fares in its subway stations. From the report: The system was in use in seven subway stations in May, according to a report on fare evasion published online by the Metropolitan Transit Authority, which oversees New York City's public transportation. The MTA expects that by the end of the year, the system will expand by "approximately two dozen more stations, with more to follow," the report says. The report also found that the MTA lost $690 million to fare evasion in 2022. Joana Flores, an MTA spokesperson, said the AI system doesn't flag fare evaders to New York police, but she declined to comment on whether that policy could change.

Tim Minton, the MTA's communications director, said the system tracks fare evasion to figure out how much money the subway isn't collecting. "We're using it essentially as a counting tool," Minton said. "The objective is to determine how many people are evading the fare and how are they doing it." Minton said the videos are stored on the MTA's servers and are kept "for a limited period." New York Gov. Kathy Hochul's office announced last year that the city's transit systems had more than 10,000 surveillance cameras.

An anonymous reader quotes a report from Apple Insider: Apple's processor manufacturer TSMC says that it can't find enough skilled workers to open its Arizona facility on time, and mass chip production will have to wait until 2025. The Taiwan Semiconductor Manufacturing Company (TSMC) began work on a first factory in Arizona in 2021. Since then, the plant has seen safety concerns, complaints from TSMC about US taxation, and a claim that US staff don't work hard enough. Most recently, the company announced that it was sending more Taiwanese workers to the US to manage the final stages of making the plant operational. Now according to Nikkei Asia, that move has proven insufficient.

"We are encountering certain challenges, as there is an insufficient amount of skilled workers with the specialized expertise required for equipment installation in a semiconductor-grade facility," said TSMC chair Mark Liu. "Consequently we expect the production schedule of N4 [4-nanometer] process technology to be pushed out to 2025," continued Liu. The news comes alongside TSMC's latest earnings report, which shows that the firm's profits have fallen, though they are expected to recover when the iPhone 15 range launches. TSMC blames the results on a slow economic recover in China, and a downturn in the consumer electronics market.

Google today announced its support for interoperable end-to-end encrypted communication between large messaging platforms, with plans to integrate the MLS protocol into Google Messages and Android. 9to5Google reports: Google says it is "strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms," which is presumably in reference to the European Union's Digital Markets Act. That regulation would require iMessage to be interoperable with other messaging platforms. To achieve this, Google says this interoperability requires "open, industry-vetted standards, particularly in the area of privacy, security, and end-to-end encryption." If not, end-to-end encrypted group messaging and other advanced features would be "impossible in practice." Specifically, "group messages would have to be encrypted and delivered multiple times to cater for every different protocol." [...]

Google says MLS would make possible "practical interoperability across services and platforms, scaling to groups of thousands of multi-device users." This could "unleash a huge field of new opportunities for the users and developers of interoperable messaging services that adopt it."; It is also flexible enough to allow providers to address emerging threats to user privacy and security, such as quantum computing. Google plans to build MLS into its Messages app, which offers E2EE 1:1 and group RCS chats today, and "support its wide deployment across the industry by open sourcing our implementation in the Android codebase." How RCS factors into this remains to be seen.

A new study (PDF) from Stanford found that ChatGPT performed worse on certain tasks in June than its March version. The paper supports a widely held, though unproven, notion that the AI language model's performance in coding and compositional tasks has deteriorated in recent months. Fortune reports: The study compared the performance of the chatbot, created by OpenAI, over several months at four "diverse" tasks: solving math problems, answering sensitive questions, generating software code, and visual reasoning. Researchers found wild fluctuations -- called drift -- in the technology's ability to perform certain tasks. The study looked at two versions of OpenAI's technology over the time period: a version called GPT-3.5 and another known as GPT-4. The most notable results came from research into GPT-4's ability to solve math problems.

Over the course of the study researchers found that in March GPT-4 was able to correctly identify that the number 17077 is a prime number 97.6% of the times it was asked. But just three months later, its accuracy plummeted to a lowly 2.4%. Meanwhile, the GPT-3.5 model had virtually the opposite trajectory. The March version got the answer to the same question right just 7.4% of the time -- while the June version was consistently right, answering correctly 86.8% of the time. Similarly varying results happened when the researchers asked the models to write code and to do a visual reasoning test that asked the technology to predict the next figure in a pattern.

James Zou, a Stanford computer science professor who was one of the study's authors, says the "magnitude of the change" was unexpected from the "sophisticated ChatGPT." The vastly different results from March to June and between the two models reflect not so much the model's accuracy in performing specific tasks, but rather the unpredictable effects of changes in one part of the model on others. [...] The exact nature of these unintended side effects is still poorly understood because researchers and the public alike have no visibility into the models powering ChatGPT. It's a reality that has only become more acute since OpenAI decided to backtrack on plans to make its code open source in March. "These are black-box models," Zou says. "So we don't actually know how the model itself, the neural architectures, or the training data have changed."

An anonymous reader quotes a report from PBS: An IRS plan to test drive a new electronic free-file tax return system next year has got supporters and critics of the idea mobilizing to sway the public and Congress over whether the government should set up a permanent program to help people file their taxes without needing to pay somebody else to figure out what they owe. On one side, civil society groups this week launched a coalition to promote the move toward a government-run free-file program. On the other, tax preparation firms like Intuit -- the parent company of TurboTax -- and H&R Block have been pouring millions into trying to stop the idea cold. The advocacy groups are exponentially out-monied.

An April AP analysis found that overall, Intuit, H&R Block, and other private companies and advocacy groups for large tax preparation businesses, as well as proponents in favor of electronic free file, have reported spending $39.3 million since 2006 to lobby on "free-file" and other matters. Federal law doesn't require domestic lobbyists to itemize expenses by specific issue, so the sums are not limited to free-file. Intuit spent at least $25.6 million since 2006 on lobbying, H&R Block about $9.6 million and the conservative Americans for Tax Reform roughly $3 million. In contrast, the NAACP has spent $140,000 lobbying on "free-file" since 2006 and Public Citizen has spent $110,000 in the same time frame. "What we have on our side is public opinion," said Igor Volsky, executive director of the liberal Groundwork Action advocacy group. Volsky's organization and leaders from Public Citizen, the Center for the Study of Social Policy, Code for America, the Economic Security Project and others launched the "Coalition for Free and Fair Filing" on Wednesday. The group's mission is to "ensure all U.S. taxpayers can easily file tax returns and get the tax credits they deserve by safeguarding and expanding" the new IRS program. "The overwhelming majority of people demand a free-file option," Volsky said. "Now the question for us is how do you channel that into effective political pressure."

The IRS in May released a report that said most taxpayers are interested in filing their taxes directly to the IRS for free, and concurrently announced plans to launch the pilot program for the 2024 filing season. The goal is to test a direct file system that will help the IRS decide whether to move forward with a more permanent program. That idea has faced the immediate threat of budget cuts from congressional Republicans. Republicans on the House Appropriations Committee in June proposed a budget rider that would prohibit funds to be used for the IRS to create a government-run tax preparation software, unless approved by a group of House and Senate committees. The move "safeguards the IRS from an obvious conflict of interest where the tax collector becomes the tax preparer," the bill's summary states.

Microsoft is on track to deliver an improved version of its combat goggles by July 31 for intensive soldier testing that will help the US Army decide whether to deploy the devices by 2025 or cancel the troubled program, according to the service. From a report: After delivery, the first 20 prototype IVAS 1.2 goggles will be assessed by two squads of solders in late August to check for improvements in reliability, low-light performance and how well they fit soldiers without repeats of the nausea and dizziness that halted the deployment of earlier versions. Microsoft said in a statement that the deliveries will be three months ahead of schedule.

"This initial assessment measures system performance to ensure engineering efforts are on schedule and meeting design objectives," the Army said. A decision to deploy the military version would unlock billions of dollars for procurement that Congress has become unwilling to free up pending improvements to the device, which is based on the company's HoloLens "mixed reality" goggles.

Google continues the rollout of its Privacy Sandbox APIs -- its replacement for tracking cookies for the online advertising industry. From a report: Today, right on schedule and in time for the launch of Chrome 115 into the stable release channel, Google announced that it will now start enabling the relevance and measurement APIs in its browser. This will be a gradual rollout, with Google aiming for a 99% availability by mid-August. At this point, Google doesn't expect to make any major changes to the APIs. This includes virtually all of the core Privacy Sandbox features, including Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames. It's worth noting that for the time being, Privacy Sandbox will run in parallel with third-party cookies in the browser. It won't be until early 2024 that Google will deprecate third-party cookies for 1% of Chrome users. After that, the process will speed up though and Google will deprecate these cookies for all users by the second half of 2024.

Ahead of the Oppenheimer release, IMAX's TikTok showed the massive 70mm film print and special IMAX extensions. The video interestingly featured an emulated Palm m130, commonly known as a Palm Pilot, a 2002 device running on a Motorola 33MHz DragonBall VZ processor and Palm OS 4.1. From a report: In an IMAX theater, the m130's job is to control the quick turn reel unit, or QTRU for short. (For many years, it appears, a non-emulated m130 sat holstered in most theaters.) The QTRU's job is to control the platters, which are those large horizontal shelves where all of a film's many reels are stitched together, stored, and then quickly spun out to and from the projector. The IMAX 1570 projector moves film at a little under six feet per second, so it's all happening really fast.

The m130 is apparently crucial to keeping the thing humming -- "PALM PILOT MUST BE ON ALL THE TIME," reads a notice above an image of a different m130 that has since been passed around the internet -- but doesn't often need to be used. "I've never had to interact with the Palm Pilot," says one person familiar with the technology. "It's really just a status screen." Its job is to keep the QTRU moving at a consistent speed and to help keep the film's video in sync with its audio.

Billionaire Tencent co-founder Pony Ma has penned a lengthy op-ed backing Chinese pledges to resuscitate the private sector, becoming the most prominent entrepreneur to endorse Beijing's promises to unshackle a giant swath of the economy. From a report: China's third-wealthiest person echoed many of the sentiments in an official policy document published Wednesday that called for the revival of private businesses, at a time the world's No. 2 economy is struggling to gain momentum. He was joined by Xiaomi co-founder Lei Jun, the smartphone mogul turned EV entrepreneur, who in a separate editorial likened the policies to a manifesto for quality growth and innovation.

Ma, who rarely voices his opinions but has publicly supported important policies in the past, penned an article for state-owned CCTV in which he called private enterprise pivotal to the nation, and explicitly referenced Chinese President Xi Jinping's previous proclamations on the matter. He talked about the advent of AI and how the country needed to embrace next-generation technology. Ma's comments are notable given Tencent was among the corporations targeted by a sweeping crackdown on the private sector that began in 2020 with the scrapping of Ant Group's IPO. "We must once again embrace the opportunities presented by the coming industrial revolution," Ma wrote in his op-ed carried on CCTV's website. Using the policies as a guide, "we will look ahead with confidence and redouble our efforts."

Amazon has announced that its palm-scanning payment technology, called Amazon One, will roll out to all 500-plus Whole Foods locations by the end of 2023. From a report: Amazon first introduced the contactless Amazon One payment system in 2020, but its expansion by the end of 2023 will be its largest to date. Amazon One works by the user scanning their palm above a reader -- in other words, it's another form of contactless biometric authentication, like Apple's Face ID. But instead of reading your face, Amazon One reads the lines and ridges of your palm and the unique vein patterns beneath it. This reading of deeper subcutaneous features means that someone can't just photograph your palm and start loading up on costly cheeses at Whole Foods at your expense.

Your palm signature is associated with your Amazon Prime account or just a credit card, and it means you don't even need to bring your phone or wallet with you to shop and pay for goods. Currently, Amazon One is available at 200 Whole Foods in the United States as well as 200 locations at other retail outlets. Amazon's rollout will bring the total Amazon One payment locations to over 700 by year's end. Other locations where you can currently use Amazon One include Coors Field in Colorado and select Panera Bread restaurants.

The price of an individual YouTube Premium subscription is increasing by $2 to $13.99 per month in the US for new and current customers. From a report: This price increase is live for new subscribers as seen on youtube.com/premium. Instead of $11.99, YouTube Premium now costs $13.99/month. Meanwhile, it's $18.99 if you're subscribing from the iOS YouTube app. Toward the end of last year, family Premium plans saw a big hike to $22.99/month. That remains the same today. The annual subscription, which was introduced in January of 2022, goes to $139.99 in a $20 increase. Compared to paying monthly, you save $27.89.

Google is testing a product that uses artificial intelligence technology to produce news stories, pitching it to news organizations including The New York Times, The Washington Post and The Wall Street Journal's owner, News Corp, The Times reported, citing people familiar with the matter. From the report: The tool, known internally by the working title Genesis, can take in information -- details of current events, for example -- and generate news copy, the people said, speaking on the condition of anonymity to discuss the product.

One of the three people familiar with the product said that Google believed it could serve as a kind of personal assistant for journalists, automating some tasks to free up time for others, and that the company saw it as responsible technology that could help steer the publishing industry away from the pitfalls of generative A.I. Some executives who saw Google's pitch described it as unsettling, asking not to be identified discussing a confidential matter. Two people said it seemed to take for granted the effort that went into producing accurate and artful news stories.

Netflix is bringing password-sharing crackdown to consumers in India and every other market starting today, the global streaming giant said after a limited rollout of the restriction helped the firm sign up nearly 6 million subscribers in the quarter ending June. From a report: The streaming giant said it will start to address account sharing between households in almost all of its remaining countries starting Thursday. Netflix, which once supported the practice of account password-sharing, now finds it posing complex challenges to its business prospects.

It began testing the restriction last year, much to many subscribers' chagrin, and expanded it to a number of other countries including Canada, New Zealand, Portugal, Spain and the U.S. in 2023. In some aforementioned markets, Netflix allowed those sharing the password to pay extra to accommodate their friends.