An anonymous reader quotes a report from TechCrunch: In a newly published paper titled "Achieving Human Level Competitive Robot Table Tennis," Google's DeepMind Robotics team is showcasing its own work on the game. The researchers have effectively developed a "solidly amateur human-level player" when pitted against a human component. During testing, the table tennis bot was able to beat all of the beginner-level players it faced. With intermediate players, the robot won 55% of matches. It's not ready to take on pros, however. The robot lost every time it faced an advanced player. All told, the system won 45% of the 29 games it played. "This is the first robot agent capable of playing a sport with humans at human level and represents a milestone in robot learning and control," the paper claims. "However, it is also only a small step towards a long-standing goal in robotics of achieving human level performance on many useful real world skills. A lot of work remains in order to consistently achieve human-level performance on single tasks, and then beyond, in building generalist robots that are capable of performing many useful tasks, skillfully and safely interacting with humans in the real world."

The robot's biggest trouble areas are responding to fast balls, high and low balls. It also has trouble with backhand and the ability to read the spin on an incoming ball. Here's how the researchers plan to address the issue with fast balls: "To address the latency constraints that hinder the robot's reaction time to fast balls, we propose investigating advanced control algorithms and hardware optimizations. These could include exploring predictive models to anticipate ball trajectories or implementing faster communication protocols between the robot's sensors and actuators."

An anonymous reader quotes a report from the Associated Press: The government of Australia's most populous state ordered all public employees to work from their offices by default beginning Tuesday and urged stricter limits on remote work, after news outlets provoked a fraught debate about work-from-home habits established during the pandemic. Chris Minns, the New South Wales premier, said in a notice to agencies Monday that jobs could be made flexible by means other than remote working, such as part-time positions and role sharing, and that "building and replenishing public institutions" required "being physically present." His remarks were welcomed by business and real estate groups in the state's largest city, Sydney, who have decried falling office occupancy rates since 2020, but denounced by unions, who pledged to challenge the initiative if it was invoked unnecessarily.

The instruction made the state's government, Australia's largest employer with more than 400,000 staff, the latest among a growing number of firms and institutions worldwide to attempt a reversal of remote working arrangements introduced as the coronavirus spread. But it defied an embrace of remote work by the governments of some other Australian states, said some analysts, who suggested lobbying by a major newspaper prompted the change. "It seems that the Rupert Murdoch-owned Daily Telegraph in Sydney has been trying to get the New South Wales government to mandate essentially that workers go back to the office," said Chris F. Wright, an associate professor in the discipline of work at the University of Sydney. The newspaper cited prospective economic boons for struggling businesses.

The newspaper wrote Tuesday that the premier's decision "ending the work from home era" followed its urging, although Minns did not name it as a factor. But the union representing public servants said there was scant evidence for the change and warned the state government could struggle to fill positions. "Throughout the New South Wales public sector, they're trying to retain people," said Stewart Little, the General Secretary of the Public Service Association. "In some critical agencies like child protection we're looking at 20% vacancy rates, you're talking about hundreds of jobs." Little added that government offices have shrunk since 2020 and agencies would be unable to physically accommodate every employee on site. Minns said the state would lease more space, according to the Daily Telegraph. Further reading: Ordered Back To the Office, Top Tech Talent Left Instead, Study Finds

For more than 30 years, the world's largest iceberg was stuck in the Antarctic. Five times the size of New York City's land area and more than 1,000 feet deep, the mammoth piece of ice finally became loose in 2020 and began a slow drift toward the Southern Ocean. Now, A23a, as it's known, is spinning in place. From a report: After leaving Antarctic waters, the iceberg got stuck in a vortex over a seamount, or an underwater mountain. Imagine a 1,400-square-mile piece of ice as deep as the Empire State Building spinning slowly but steadily enough to fully rotate it on its head over the course of about 24 days. The iceberg is spinning near the South Orkney Islands, about 375 miles northeast of the Antarctic Peninsula, "maintaining a chill 15 degree rotation per day," the British Antarctic Survey, the United Kingdom's polar research institute, said on social media.

"It's basically just sitting there, spinning around and it will very slowly melt as long as it stays there," said Alex Brearley, a physical oceanographer and head of the Open Oceans research group at the British Antarctic Survey. "What we don't know is how quickly it will actually come out of this." A23a has been embroiled in drama since the start, a trait it picked up from its parent-berg. A23, which was even bigger than A23a, was one of three icebergs that broke off, or calved, from the Filchner Ice Shelf in 1986. At the time of the calving, A23 was home to a Soviet Union research center and researchers eventually had to abandon the base. A23a broke off later that year and hit bottom in the Weddell Sea, where it would remain for 34 more years.

Logitech has quashed its earlier remarks about building a subscription-based mouse, following widespread backlash to comments made by CEO Hanneke Faber. The Swiss-American computer peripherals maker clarified that the "forever mouse" concept, mentioned by Faber in a recent podcast interview, was merely speculative internal discussion and not a planned product.

Mike Masnick, a semi-regular Slashdot contributor and founder of the tech blog Techdirt, is joining the board of Bluesky, where he "will be providing advice and guidance to the company to help it achieve its vision of a more open, more competitive, more decentralized online world." Masnick writes: In the nearly three decades that I've been writing Techdirt I've been writing about what is happening in the world of the internet, but also about how much better the internet can be. That won't change. I will still be writing about what is happening and where I believe we should be going. But given that there are now people trying to turn some of that better vision into a reality, I cannot resist this opportunity to help them achieve that goal. The early internet had tremendous promise as a decentralized system that enabled anyone to build what they wanted on a global open network, opening up all sorts of possibilities for human empowerment and creativity. But over the last couple of decades, the internet has moved away from that democratizing promise. Instead, it has been effectively taken over by a small number of giant companies with centralized, proprietary, closed systems that have supplanted the more open network we were promised.

There are, of course, understandable reasons why those centralized systems have been successful, such as by providing a more user-friendly experience on the front-end. But there was a price to pay: losing user autonomy, privacy and the benefits of decentralization (not to mention losing a highly dynamic, competitive internet). The internet need not be so limited, and over the years I've tried to encourage people and companies to make different choices to return to the original promise and benefits of openness. With Bluesky, we now have one company who is trying. "Mike's work has been an inspiration to us from the start," says Jay Graber, CEO of Bluesky. "Having him join our board feels like a natural progression of our shared vision for a more open internet. His perspective will help ensure we're building something that truly serves users as we continue to evolve Bluesky and the AT Protocol."

Elon Musk has reignited his legal battle against OpenAI, the creators of ChatGPT, by filing a new lawsuit in a California federal court. The suit, which revives a six-year-old dispute, accuses OpenAI founders Sam Altman and Greg Brockman of breaching the company's founding principles by prioritizing commercial interests over public benefit.

Musk's complaint alleges that OpenAI's multibillion-dollar partnership with Microsoft contradicts the original mission to develop AI responsibly for humanity's benefit. The lawsuit describes the alleged betrayal in dramatic terms, claiming "perfidy and deceit... of Shakespearean proportions." OpenAI has not yet commented on the new filing. In response to Musk's previous lawsuit, which was withdrawn seven weeks ago, the company stated its commitment to building safe artificial general intelligence for the benefit of humanity.

Seattle is the smartest city in America, with Miami and then Austin close behind. That's according to a promotional study from smart-building tools company ProptechOS. Newsweek reports: The evaluation of tech infrastructure and connectivity was based on several factors, including the number of free Wi-Fi hot spots, the quantity and density of AI and IoT companies, average broadband download speeds, median 5G coverage per network provider, and the number of airports. Meanwhile, green infrastructure was assessed based on air quality, measured by exposure to PM2.5, tiny particles in the air that can harm health. Other factors include 10-year changes in tree coverage, both loss and gain; the number of electric vehicle charging points and their density per 100,000 people; and the number of LEED-certified green buildings. The tech job market was evaluated on the number of tech jobs advertised per 100,000 people.
Seattle came in first after assessing 16 key indicators across connectivity/infrastructure, sustainability, and tech jobs — "boasting 34 artificial intelligence companies and 13 Internet of Things companies per 100,000 residents." In terms of sustainability, Seattle has enhanced its tree coverage by 13,700 hectares from 2010 to 2020 and has established the equivalent of 10 electric vehicle charging points per 100,000 residents. Seattle has edged out last year's top city, Austin, to claim the title of the smartest city in the U.S., with an overall score of 75.7 out of 100. Miami wasn't far behind, achieving a score of 75.4. However, Austin still came out on top for smart city infrastructure, scoring 86.2 out of 100. This is attributed to its high broadband download speed of 275.60 Mbps — well above the U.S. average of 217.14 Mbps — and its concentration of 337 AI companies, or 35 per 100,000 people.
You can see the full listings here. The article notes that the same study also ranked Paris as the smartest city in Europe — slipping ahead of London — thanks to Paris's 99.5% 5G coverage, plus "the second-highest number of AI companies in Europe and the third-highest number of free Wi-Fi hot spots. Paris is also recognized for its traffic management systems, which monitor noise levels and air quality."

Newsweek also shares this statement from ProptechOS's founder/chief ecosystem officer. "Advancements in smart cities and future technologies such as next-generation wireless communication and AI are expected to reduce environmental impacts and enhance living standards."

In April CNBC reported on an alternate list of the smartest cities in the world, created from research by the World Competitiveness Center. It defined smart cities as "an urban setting that applies technology to enhance the benefits and diminish the shortcomings of urbanization for its citizens." And CNBC reported that based on the list, "Smart cities in Europe and Asia are gaining ground globally while North American cities have fallen down the ranks... Of the top 10 smart cities on the list, seven were in Europe." Here are the top 10 smart cities, according to the 2024 Smart City Index.

- Zurich, Switzerland
- Oslo, Norway
- Canberra, Australia
- Geneva, Switzerland
- Singapore
- Copenhagen, Denmark
- Lausanne, Switzerland
- London, England
- Helsinki, Finland
- Abu Dhabi, United Arab Emirates

Notably, for the first time since the index's inception in 2019, there is an absence of North American cities in the top 20... The highest ranking U.S. city this year is New York City which ranked 34th, followed by Boston at 36th and Washington DC, coming in at 50th place.

Stack Overflow says over 65,000 developers took their annual survey — and "For the first time this year, we asked if developers felt AI was a threat to their job..."

Some analysis from The New Stack: Unsurprisingly, only 12% of surveyed developers believe AI is a threat to their current job. In fact, 70% are favorably inclined to use AI tools as part of their development workflow... Among those who use AI tools in their development workflow, 81% said productivity is one of its top benefits, followed by an ability to learn new skills quickly (62%). Much fewer (30%) said improved accuracy is a benefit. Professional developers' adoption of AI tools in the development process has risen rapidly, going from 44% in 2023 to 62% in 2024...

Seventy-one percent of developers with less than five years of experience reported using AI tools in their development process, as compared to just 49% of developers with 20 years of experience coding... At 82%, [ChatGPT] is twice as likely to have been used than GitHub Copilot. Among ChatGPT users, 74% want to continue using it.
But "only 43% said they trust the accuracy of AI tools," according to Stack Overflow's blog post, "and 45% believe AI tools struggle to handle complex tasks."

More analysis from The New Stack: The latest edition of the global annual survey found full-time employment is holding steady, with over 80% reporting that they have full-time jobs. The percentage of unemployed developers has more than doubled since 2019 but is still at a modest 4.4% worldwide... The median annual salary of survey respondents declined significantly. For example, the average full-stack developer's median 2024 salary fell 11% compared to the previous year, to $63,333... Wage pressure may be the result of more competition from an increase in freelancing.

Eighteen percent of professional developers in the 2024 survey said they are independent contractors or self-employed, which is up from 9.5% in 2020. Part-time employment has also risen, presenting even more pressure on full-time salaries... Job losses at tech companies have contributed to a large influx of talent into the freelance market, noted Stack Overflow CEO Prashanth Chandrasekar in an interview with The New Stack. Since COVID-19, he added, the emphasis on remote work means more people value job flexibility. In the 2024 survey, only 20% have returned to full-time in-person work, 38% are full-time remote, while the remainder are in a hybrid situation. Anticipation of future productivity growth due to AI may also be creating uncertainty about how much to pay developers.
Two stats jumped out for Visual Studio magazine: In this year's big Stack Overflow developer survey things are much the same for Microsoft-centric data points: VS Code and Visual Studio still rule the IDE roost, while .NET maintains its No. 1 position among non-web frameworks. It's been this way for years, though in 2021 it was .NET Framework at No. 1 among IDEs, while the new .NET Core/.NET 5 entry was No. 3. Among IDEs, there has been less change. "Visual Studio Code is used by more than twice as many developers than its nearest (and related) alternative, Visual Studio," said the 2024 Stack Overflow Developer survey, the 14th in the series of massive reports.
Stack Overflow shared some other interesting statistics:

• "Javascript (62%), HTML/CSS (53%), and Python (51%) top the list of most used languages for the second year in a row... [JavaScript] has been the most popular language every year since the inception of the Developer Survey in 2011."

• "Python is the most desired language this year (users that did not indicate using this year but did indicate wanting to use next year), overtaking JavaScript."

• "The language that most developers used and want to use again is Rust for the second year in a row with an 83% admiration rate. "

• "Python is most popular for those learning to code..."

• "Technical debt is a problem for 62% of developers, twice as much as the second- and third-most frustrating problems for developers: complex tech stacks for building and deployment."

AI music generators Suno and Udio responded to the lawsuits filed by the major recording labels, arguing that their platforms are tools for making new, original music that "didn't and often couldn't previously exist."

"Those genres and styles -- the recognizable sounds of opera, or jazz, or rap music -- are not something that anyone owns," the companies said. "Our intellectual property laws have always been carefully calibrated to avoid allowing anyone to monopolize a form of artistic expression, whether a sonnet or a pop song. IP rights can attach to a particular recorded rendition of a song in one of those genres or styles. But not to the genre or style itself." TorrentFreak reports: "[The labels] frame their concern as one about 'copies' of their recordings made in the process of developing the technology -- that is, copies never heard or seen by anyone, made solely to analyze the sonic and stylistic patterns of the universe of pre-existing musical expression. But what the major record labels really don't want is competition." The labels' position is that any competition must be legal, and the AI companies state quite clearly that the law permits the use of copyrighted works in these circumstances. Suno and Udio also make it clear that snippets of copyrighted music aren't stored as a library of pre-existing content in the neural networks of their AI models, "outputting a collage of 'samples' stitched together from existing recordings" when prompted by users.

"[The neural networks were] constructed by showing the program tens of millions of instances of different kinds of recordings," Suno explains. "From analyzing their constitutive elements, the model derived a staggeringly complex collection of statistical insights about the auditory characteristics of those recordings -- what types of sounds tend to appear in which kinds of music; what the shape of a pop song tends to look like; how the drum beat typically varies from country to rock to hip-hop; what the guitar tone tends to sound like in those different genres; and so on." These models are vast stores, not of copyrighted music, the defendants say, but information about what musical styles consist of, and it's from that information new music is made.

Most copyright lawsuits in the music industry are about reproduction and public distribution of identified copyright works, but that's certainly not the case here. "The Complaint explicitly disavows any contention that any output ever generated by Udio has infringed their rights. While it includes a variety of examples of outputs that allegedly resemble certain pre-existing songs, the Complaint goes out of its way to say that it is not alleging that those outputs constitute actionable copyright infringement." With Udio declaring that, as a matter of law, "that key point makes all the difference," Suno's conclusion is served raw. "That concession will ultimately prove fatal to Plaintiffs' claims. It is fair use under copyright law to make a copy of a protected work as part of a back-end technological process, invisible to the public, in the service of creating an ultimately non-infringing new product." Noting that Congress enacted the first copyright law in 1791, Suno says that in the 233 years since, not a single case has ever reached a contrary conclusion.

In addition to addressing allegations unique to their individual cases, the AI companies accuse the labels of various types of anti-competitive behavior. Imposing conditions to prevent streaming services obtaining licensed music from smaller labels at lower rates, seeking to impose a "no AI" policy on licensees, to claims that they "may have responded to outreach from potential commercial counterparties by engaging in one or more concerted refusals to deal." The defendants say this type of behavior is fueled by the labels' dominant control of copyrighted works and by extension, the overall market. Here, however, ownership of copyrighted music is trumped by the existence and knowledge of musical styles, over which nobody can claim ownership or seek to control. "No one owns musical styles. Developing a tool to empower many more people to create music, by scrupulously analyzing what the building blocks of different styles consist of, is a quintessential fair use under longstanding and unbroken copyright doctrine. "Plaintiffs' contrary vision is fundamentally inconsistent with the law and its underlying values." You can read Suno and Udio's answers to the RIAA's lawsuits here (PDF) and here (PDF).

Meta's Twitter rival, Threads, has reached a new milestone of 200 million active users, according to Instagram head Adam Mosseri. "I'm excited to share that we crossed the 200M milestone on @threads," Mosseri wrote. "My hope is that Threads can inspire ideas that bring people together and this amazing community continues to grow." TechCrunch reports: Growth for Threads has been strong. The text-focused social media platform, which launched in July 2023, reached 150 million users in April 2024 and 175 million users in July on its one-year anniversary, before another growth spurt led it to hit 200 million a month later. [...]

Last year, Zuckerberg suggested Threads has a "good chance" of becoming a platform with more than a billion users. On the latest earnings call, the Meta CEO also described the platform as being on a good growth trajectory. "We're making steady progress towards building what looks like it's going to be another major social app. And we are seeing deeper engagement," he said, adding: "I'm quite pleased with the trajectory here."

Tuesday Meta released Llama 3.1, its largest open-source AI model to date. But just one day Mistral released Large 2, notes this report from TechCrunch, "which it claims to be on par with the latest cutting-edge models from OpenAI and Meta in terms of code generation, mathematics, and reasoning...

"Though Mistral is one of the newer entrants in the artificial intelligence space, it's quickly shipping AI models on or near the cutting edge." In a press release, Mistral says one of its key focus areas during training was to minimize the model's hallucination issues. The company says Large 2 was trained to be more discerning in its responses, acknowledging when it does not know something instead of making something up that seems plausible. The Paris-based AI startup recently raised $640 million in a Series B funding round, led by General Catalyst, at a $6 billion valuation...

However, it's important to note that Mistral's models are, like most others, not open source in the traditional sense — any commercial application of the model needs a paid license. And while it's more open than, say, GPT-4o, few in the world have the expertise and infrastructure to implement such a large model. (That goes double for Llama's 405 billion parameters, of course.)
Mistral only has 123 billion parameters, according to the article. But whichever system prevails, "Open Source AI Is the Path Forward," Mark Zuckerberg wrote this week, predicting that open-source AI will soar to the same popularity as Linux: This year, Llama 3 is competitive with the most advanced models and leading in some areas. Starting next year, we expect future Llama models to become the most advanced in the industry. But even before that, Llama is already leading on openness, modifiability, and cost efficiency... Beyond releasing these models, we're working with a range of companies to grow the broader ecosystem. Amazon, Databricks, and NVIDIA are launching full suites of services to support developers fine-tuning and distilling their own models. Innovators like Groq have built low-latency, low-cost inference serving for all the new models. The models will be available on all major clouds including AWS, Azure, Google, Oracle, and more. Companies like Scale.AI, Dell, Deloitte, and others are ready to help enterprises adopt Llama and train custom models with their own data.
"As the community grows and more companies develop new services, we can collectively make Llama the industry standard and bring the benefits of AI to everyone," Zuckerberg writes. He says that he's heard from developers, CEOs, and government officials that they want to "train, fine-tune, and distill" their own models, protecting their data with a cheap and efficient model — and without being locked into a closed vendor. But they also tell him that want to invest in an ecosystem "that's going to be the standard for the long term." Lots of people see that open source is advancing at a faster rate than closed models, and they want to build their systems on the architecture that will give them the greatest advantage long term...

One of my formative experiences has been building our services constrained by what Apple will let us build on their platforms. Between the way they tax developers, the arbitrary rules they apply, and all the product innovations they block from shipping, it's clear that Meta and many other companies would be freed up to build much better services for people if we could build the best versions of our products and competitors were not able to constrain what we could build. On a philosophical level, this is a major reason why I believe so strongly in building open ecosystems in AI and AR/VR for the next generation of computing...

I believe that open source is necessary for a positive AI future. AI has more potential than any other modern technology to increase human productivity, creativity, and quality of life — and to accelerate economic growth while unlocking progress in medical and scientific research. Open source will ensure that more people around the world have access to the benefits and opportunities of AI, that power isn't concentrated in the hands of a small number of companies, and that the technology can be deployed more evenly and safely across society. There is an ongoing debate about the safety of open source AI models, and my view is that open source AI will be safer than the alternatives. I think governments will conclude it's in their interest to support open source because it will make the world more prosperous and safer... [O]pen source should be significantly safer since the systems are more transparent and can be widely scrutinized...

The bottom line is that open source AI represents the world's best shot at harnessing this technology to create the greatest economic opportunity and security for everyone... I believe the Llama 3.1 release will be an inflection point in the industry where most developers begin to primarily use open source, and I expect that approach to only grow from here. I hope you'll join us on this journey to bring the benefits of AI to everyone in the world.

"Scientists working with NASA's Perseverance rover state emphatically that they are not claiming to have discovered life on Mars," writes the New York Times.

"But many would regard a rock that the rover just finished studying as 'Most Likely to Contain Fossilized Microbial Martians'..." The rover has drilled and stashed a piece of the rock, which scientists hope can be brought back to Earth in the coming years for closer analysis and more definitive answers. "What we are saying is that we have a potential biosignature on Mars," said Kathryn Stack Morgan, the mission's deputy project scientist. She describes a biosignature as a structure, composition or texture in a rock that could have a biological origin.

The rock, which scientists named Cheyava Falls, possesses features that are reminiscent of what microbes might have left behind when this area was warm and wet several billion years ago, part of an ancient river delta. The scientists clarified that they did not spot anything that they thought might be actual fossilized organisms... Within the rock, Perseverance's instruments detected organic compounds, which would provide the building blocks for life as we know it. The rover also found veins of calcium sulfate — mineral deposits that appear to have been deposited by flowing water. Liquid water is another key ingredient for life. Perseverance also spotted small off-white splotches, about 1 millimeter in size, that have black rings around them, like miniature leopard spots. The black rings contain iron phosphate.

The chemical reactions that created the leopard spots could also have provided energy for microbes to live on.
"One of the key parts of Perseverance's mission is to drill samples of interesting rocks for a future mission to bring samples back to Earth for scientists to study with state-of-the-art instruments in their laboratories," the article points out. And while exactly how those rocks would be return has yet to be determined, deputy project scientist Morgan tells the Times, "I think this sample comes to the top of the list."

Marvel Studios President Kevin Feige, who has overseen the Marvel Cinematic Universe's unprecedented success, has expressed his longstanding appreciation for sequels and world-building in cinema at a time when Disney's top executive has admitted that the company has diluted audience's attention by making too many TV shows and movies.

"I was never cynical or rolling my eyes the way people still do today for some reason, even though there've been sequels since the '30s and they're an absolute pillar of the industry," Feige told Variety in an interview, highlighting his enthusiasm for returning to beloved characters and expanding on established narratives. The studio's ambitious expansion into streaming content for Disney+ has led to what Disney CEO Bob Iger described as "some disappointments" in theatrical releases. In July 2023, Iger cited the increased output for streaming as a factor that "diluted focus and attention" at Marvel. In response to these challenges, Disney announced a strategic shift in May, with plans to reduce Marvel's output to a maximum of three films and two TV series per year. This move aligns with Iger's commitment to prioritize quality over quantity, a strategy he believes is "particularly true with Marvel."

An anonymous reader quotes a report from The Hacker News: Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files. Each category comes with its own iconography, color, and text to distinguish them from one another and help users make an informed choice.

Google is also adding what's called automatic deep scans for users who have opted-in to the Enhanced Protection mode of Safe Browsing in Chrome so that they don't have to be prompted each time to send the files to Safe Browsing for deep scanning before opening them. In cases where such files are embedded within password-protected archives, users now have the option to "enter the file's password and send it along with the file to Safe Browsing so that the file can be opened and a deep scan may be performed." Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what's known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings "DO NOT SHIP" or "DO NOT TRUST." These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here. "It's a big problem," said Martin Smolar, a malware analyst specializing in rootkits who reviewed the Binarly research. "It's basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically... execute any malware or untrusted code during system boot. Of course, privileged access is required, but that's not a problem in many cases."

Binarly founder and CEO Alex Matrosov added: "Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?"

"Despite its domestic space program faltering even before sanctions due to its invasion of Ukraine, and at least one very public failure on a less ambitious project, Russia has announced it will begin construction of a Russian-only replacement for the ISS and place it in a more difficult-to-access polar orbit," writes longtime Slashdot reader Baron_Yam. "Russia is motivated by military and political demands to achieve this, but whether it has the means or not seems uncertain at best." Reuters reports: Russia is aiming to create the four-module core of its planned new orbital space station by 2030, its Roscosmos space agency said on Tuesday. The head of Roscosmos, Yuri Borisov, signed off on the timetable with the directors of 19 enterprises involved in creating the new station. The agency confirmed plans to launch an initial scientific and energy module in 2027. It said three more modules would be added by 2030 and a further two between 2031 and 2033. [...]

Apart from the design and manufacture of the modules, Roscomos said the schedule approved by Borisov includes flight-testing a new-generation crewed spacecraft and building rockets and ground-based infrastructure. The new station will enable Russia to "solve problems of scientific and technological development, national economy and national security that are not available on the Russian segment of the ISS due to technological limitations and the terms of international agreements," it said.

An anonymous reader quotes a report from 404 Media's Jason Koebler: The Department of Homeland Security bought a dog-like robot that it has modified with an "antenna array" that gives law enforcement the ability to overload people's home networks in an attempt to disable any internet of things devices they have, according to the transcript of a speech given by a DHS official at a border security conference for cops obtained by 404 Media. The DHS has also built an "Internet of Things" house to train officers on how to raid homes that suspects may have "booby trapped" using smart home devices, the official said.

The robot, called "NEO," is a modified version of the "Quadruped Unmanned Ground Vehicle (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS's Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting "booby traps" with internet of things and smart home devices, and that NEO allows DHS to remotely disable the home networks of a home or building law enforcement is raiding. The Border Security Expo is open only to law enforcement and defense contractors. A transcript of Huffman's speech was obtained by the Electronic Frontier Foundation's Dave Maass using a Freedom of Information Act request and was shared with 404 Media. [...]

The robot is a modified version of Ghost Robotics' Vision 60 Q-UGV, which the company says it has sold to "25+ National Security Customers" and which is marketed to both law enforcement and the military. "Our goal is to make our Q-UGVs an indispensable tool and continuously push the limits to improve its ability to walk, run, crawl, climb, and eventually swim in complex environments," the company notes on its website. "Ultimately, our robot is made to keep our warfighters, workers, and K9s out of harm's way." "NEO can enter a potentially dangerous environment to provide video and audio feedback to the officers before entry and allow them to communicate with those in that environment," Huffman said, according to the transcript. "NEO carries an onboard computer and antenna array that will allow officers the ability to create a 'denial-of-service' (DoS) event to disable 'Internet of Things' devices that could potentially cause harm while entry is made."

Wiz, the cloud security startup that was in acquisition talks with Google, has decided not to forward with the deal and to remain an independent company, according to an internal note sent to company employees on Monday. Fortune: "While we are flattered by offers we have received, we have chosen to continue on our path to building Wiz," CEO Assaf Rappaport wrote in the note. Rappaport said in the email that the company's next target is to reach $1 billion in annual recurring revenue and to take the company public.

Re-visiting the Napster era, Stephen Witt's book How Music Got Free has been adapted into a two-part documentary on Paramount+. But the documentary's director believes "The real innovative minds here were a bunch of rogue teenagers and a guy working a blue-collar factory job in the tiny town of Shelby, North Carolina," according to this article in the Guardian: By day, [Glover] worked at Universal Music's CD manufacturing plant in North Carolina, from which he smuggled out hot albums by stars like Mary J Blige and 50 Cent before they were even released. For the documentary, Glover spoke openly, and largely without regret, as did others who worked at that plant who did their own share of stealing. Part of their incentive was class revenge: while they were paid piddling wages by the hour, the industry used the products they manufactured to mint millions. To maximize profits on his end, Glover set up a subscription service to let those in his circle know what CDs and movies were coming. "He was doing what Netflix would later do," Stapleton said...

In the meantime, the record companies and their lobbying arm, the RIAA, focused their wrath on the most public face of file-sharing: Napster. In truth, all Fanning's company did was make more accessible the work the pirates innovated and first distributed... For its part, the music industry reacted in the worst way possible, PR-wise. They sued the kids who made up their strongest fanbase. "One of the key lessons we learned from this era is that you can't sue your way out of a situation like this," Witt said. "You have to build a new technology that supersedes what the pirates did."

Eventually, that's what happened, though the first attempts in that direction made things worse than ever for the labels and stars. When Apple first created the iPod in 2001, there wasn't yet an Apple store where listeners could purchase music legally. "It was just a place to put your stolen MP3s," said Witt. Labels couldn't sue Apple because of a ruling dictating that the manufacturer of a device couldn't be held responsible for piracy enacted by its users. While Steve Jobs later modified his approach, creating a way for fans to buy individual songs for the iPod, "that did more damage to the industry than anything", Witt said. "Whereas, before they could sell a $15 CD to fans who really just wanted one song, now those fans could get that song for just a dollar...."

Eventually, the collective efforts of the streaming companies returned the music industry to massive profitability, though often at the expense of its artists, who often receive a meager slice of the proceeds.... Things ended less favorably for the pirates, some of whom now have criminal records. Likewise, Glover served a short prison sentence though, today, he is chief maintenance technician at the Ryder Truck manufacturing plant in his home town.
A Forbes senior contributor (and director Alexandria Stapleton) believe that for the younger generation it may be "their first introduction to why the music industry is the way that they're used to."

And Stapleton says their sympathies are with those factory workers. Stapleton: They were completely underpaid. They were making literally nothing. It's important for people to understand that while the industry was charging $20 for a CD, it cost like 20 cents to make. That's a big profit margin. And to have a factory that was paying barely enough for people to put food on the table, I think there's something wrong with that...

Witt: It's amazing to think about what they were really doing, which was essentially filling the technological vacuum that the record industry was refusing to fill, right? The record industry was not building out the successor technology to the compact disc because the compact disc was just too profitable for them. Instead, a bunch of random teenagers built the next generation of technology for them, and yeah, it caused a lot of damage. But I don't think that teenagers were necessarily trying to hurt anyone... They weren't malicious. They just were fascinated by how this stuff worked. And of course, they were also completely entranced by the celebrity of the musicians themselves.
In the interview Witt adds that a lot of those teenagers "were really kind of traumatized by their experience with the FBI I would say, and they wanted to get that story out there."

The documentary was produced by LeBron James and Eminem, "who rode the tail end of the CD boom to stratospheric heights," remembers a Fast Company opinion columnist. (And 25 years later, that columnist has gone back to listening to vinyl records, which "reignited for me a long-missing air of full engagement... Technology marches forward, except when it occasionally lurches backward...")

An anonymous reader quotes a report from the New York Times: For years, the people building powerful artificial intelligence systems have used enormous troves of text, images and videos pulled from the internet to train their models. Now, that data is drying up. Over the past year, many of the most important web sources used for training A.I. models have restricted the use of their data, according to a study published this week by the Data Provenance Initiative, an M.I.T.-led research group. The study, which looked at 14,000 web domains that are included in three commonly used A.I. training data sets, discovered an "emerging crisis in consent," as publishers and online platforms have taken steps to prevent their data from being harvested.

The researchers estimate that in the three data sets -- called C4, RefinedWeb and Dolma -- 5 percent of all data, and 25 percent of data from the highest-quality sources, has been restricted. Those restrictions are set up through the Robots Exclusion Protocol, a decades-old method for website owners to prevent automated bots from crawling their pages using a file called robots.txt. The study also found that as much as 45 percent of the data in one set, C4, had been restricted by websites' terms of service. "We're seeing a rapid decline in consent to use data across the web that will have ramifications not just for A.I. companies, but for researchers, academics and noncommercial entities," said Shayne Longpre, the study's lead author, in an interview.