Nvidia is ready to fully transition to open-source Linux GPU kernel drivers, starting with the R555 series and planning a complete shift with the R560 series. The open-source kernel modules will only be available for select newer GPUs, while older architectures like Maxwell, Pascal, and Volta must continue using proprietary drivers. TechSpot reports: According to Nvidia, the open-source GPU kernel modules have helped deliver "equivalent or better" application performance compared to its proprietary kernels. The company has also added new features like Heterogeneous Memory Management (HMM) support, confidential computing, and the coherent memory architectures of the Grace platform to its open-source kernels. [...] For compatible GPUs, the default version of the driver installed by all methods is switching from proprietary to open-source. However, users will have the ability to manually select the closed-source modules if they are still available for their platform.

Unfortunately, the open-source kernel modules are not available for GPUs from the older Maxwell, Pascal, and Volta architectures, meaning people still running a GTX 980 or GTX 1080 will have to continue using Nvidia's proprietary drivers. For mixed deployments with older and newer GPUs in the same system, Nvidia recommends continuing to use the proprietary driver for full compatibility. "Nvidia has moved most of its proprietary functions into a proprietary, closed-source firmware blob," adds Ars Technica's Kevin Purdy. "The parts of Nvidia's GPUs that interact with the broader Linux system are open, but the user-space drivers and firmware are none of your or the OSS community's business."

An anonymous reader quotes a report from TechCrunch: Apple's practice of leveraging ideas from its third-party developer community to become new iOS and Mac features and apps has a hefty price tag, a new report indicates. Ahead of its fall release, you can download the public beta for iOS 18 right now to get a firsthand look at Apple's changes, which may affect apps that today have an estimated $393 million in revenue and have been downloaded roughly 58 million times over the past year, according to an analysis by app intelligence firm Appfigures. Every June at Apple's Worldwide Developers Conference, the iPhone maker teases the upcoming releases of its software and operating systems, which often include features previously only available through third-party apps. The practice is so common now it's even been given a name: "sherlocking" -- a reference to a 1990s search app for Mac that borrowed features from a third-party app known as Watson. Now when Apple launches a new feature that was before the domain of a third-party app, it's said to have "sherlocked" the app. [...]

In an analysis of third-party apps that generated more than 1,000 downloads per year, Appfigures discovered several genres that had found themselves in Apple's crosshairs in 2024. In terms of worldwide gross revenue, these categories have generated significant income over the past 12 months, with the trail app category making the most at $307 million per year, led by market leader and 2023 Apple "App of the Year" AllTrails. Grammar helper apps, like Grammarly and others, also generated $35.7 million, while math helpers and password managers earned $23.4 million and $20.3 million, respectively. Apps for making custom emoji generated $7 million, too. Of these, trail apps accounted for the vast majority of "potentially sherlocked" revenue, or 78%, noted Appfigures, as well as 40% of downloads of sherlocked apps. In May 2024, they accounted for an estimated $28.8 million in gross consumer spending and 2.5 million downloads, to give you an idea of scale.

Many of these app categories were growing quickly, with math solvers having seen revenue growth of 43% year-over-year followed by grammar helpers (+40%), password managers (+38%) and trail apps (+28%). Emoji-making apps, however, were seeing declines at -17% year-over-year. By downloads, grammar helpers had seen 9.4 million installs over the past 12 months, followed by emoji makers (10.6 million), math-solving apps (9.5 million) and password managers (457,000 installs). "Although these apps certainly have dedicated user bases that may not immediately choose to switch to a first-party offering, Apple's ability to offer similar functionality built-in could be detrimental to their potential growth," concludes TechCrunch's Sarah Perez. "Casual users may be satisfied by Apple's 'good enough' solutions and won't seek out alternatives."

The latest release of MySQL has underwhelmed some commentators who fear Oracle -- the custodian of the open source database -- may have other priorities. From a report: Earlier this month, Oracle -- which has long marketed its range of proprietary database systems -- published the 9.0 version as an "Innovation Release" of MySQL. MySQL 9.0 is now among the three iterations Oracle supports. The others include 8.0 (8.0.38) and the first update of the 8.4 LTS (8.4.1).

[...] In June, Peter Zaitsev, an early MySQL engineer and founder of open source consultancy Percona, said he feared the lack of features in MySQL was a result of Oracle's focus on Heatwave, a proprietary analytics database built on MySQL. He had previously defended Oracle's stewardship of the open source database. The release of MySQL 9.0 has not assuaged those concerns, said colleague Dave Stokes, Percona technology evangelist. It had not lived up to the previous 8.0 release, which arrived with many new features. "MySQL 9.0 is supposed to be an 'innovation release' where [Oracle offers] access to the latest features and improvements and [users] enjoy staying on top of the latest technologies," he said. However, he pointed out most more innovative features, such as vector support and embedded JavaScript store procedures, were not in the free MySQL Community Edition and were only available on the paid-for HeatWave edition. "The ability to store the output of an EXPLAIN command to a variable is not the level of new feature hoped for," he said.

On July 12, 1999, the last Morse code message was sent from a Bay Area radio station, marking the end of an era. Every July 12, the Historic KPH Maritime Radio Receiving Station in Point Reyes revives the golden age of maritime radio, with volunteers exchanging Morse code messages worldwide. The Mercury News reports: Friday's "Night of Nights" event, which commemorates the long-gone stations and the skilled radiotelegraph operators who linked ships to shore, starts at 5:01 p.m. -- precisely one minute after the 1999 message ended. Operators will keep working until 11 p.m. "We're carrying on," said historical society president Richard Dillman, 80, who learned Morse code as a boy. "Morse code is not dead."

The event, based at KPH's stations that are now part of the wild and windswept Point Reyes National Seashore, northwest of San Francisco, is not open to the public. But amateur radio operators around the world can participate by sending messages and exchanging greetings. The operating frequencies of the historical society's amateur station, under the call sign K6KPH, are 3550, 7050, 14050, 18097.5 and 21050. Radiogrammed messages arrive from as far away as New Zealand and Europe, rich with memories of rewarding careers or poignant tributes to lost loved ones. "Dear dad, we love you and we miss you so much," said one. The station uses the original historic KPH transmitters, receivers, antennas and other equipment, carefully repaired and restored by the society's experts. [...]

All over the Pacific coast, stations closed. KPH's receiving headquarters -- an Art Deco cube built between 1929 and 1931, its entrance framed by a tunnel of cypress trees -- was acquired by the National Park Service in 1999. Its transmission station is located on a windswept bluff in Bolinas. [Historical society president Richard Dillman] and friend Tom Horsfall resolved to repair, restore and operate KPH as a way to honor the men and women who for 100 years had served ships in the North Pacific and Indian Ocean. "It was a brotherhood," said Dillman. "There was camaraderie -- a love of Morse code and the ability to do a job well." [...] They pitched their ambitious plan to the National Park Service.

"At first, I was skeptical about their proposal," said Don Neubacher, the Seashore's former Superintendent. "But over time, I realized the Maritime Radio Historical Society, led by Richard Dillman, was a gift for the National Park Service." "I was impressed by the overwhelming knowledge of early wireless and ship-to-shore communication," he said, "and their lifelong commitment to saving this critical piece of Point Reyes history." With a dozen society volunteers from all over the Bay Area -- all over the age of 60, self-described "radio squirrels" -- they went to work. They meet on Saturday mornings over coffee and breakfast "services" dubbed "The Church of the Continuous Wave," sometimes ogling over radio schematics. Then, for a few hours, they broadcast news and weather.

Alphabet, Google's parent company, is reportedly in advanced negotiations to acquire cloud security startup Wiz for approximately $23 billion, Wall Street Journal reported on Sunday. The potential deal, which would value Wiz at nearly double its most recent private valuation of $12 billion, underscores the growing importance of cybersecurity in Alphabet's enterprise strategy as it seeks to narrow the gap with cloud computing rivals such as Microsoft, Morgan Stanley said in a note.

Founded in January 2020, Wiz has quickly established itself as a leading player in the Cloud-Native Application Protection Platform (CNAPP) space, utilizing an agentless approach to secure cloud application deployments throughout their lifecycle. The company's platform continuously assesses and prioritizes critical risks across various security domains, providing customers with a comprehensive view of their cloud security posture. Wiz has experienced rapid growth since its inception, with annual recurring revenue (ARR) exceeding $350 million as of January 2024, representing a year-over-year increase of over 75%. The company boasts an impressive client roster, with more than 40% of Fortune 100 companies among its customers, and has raised nearly $2 billion in funding to date.

If confirmed, the acquisition would mark Alphabet's largest to date, significantly expanding its footprint in the burgeoning cloud security market. The move follows previous security-focused acquisitions by the tech giant, including the $5.4 billion purchase of Mandiant in 2022 and the $500 million acquisition of Siemplify. Morgan Stanley adds that the potential acquisition could raise questions about Wiz's ability to maintain neutrality across multiple cloud platforms, potentially benefiting competitors such as Palo Alto Networks and CrowdStrike in the near term.

"The latest version of the Linux kernel adds an array of improvements," writes the blog OMG Ubuntu, " including a new memory sealing system call, a speed boost for AES-XTS encryption on Intel and AMD CPUs, and expanding Rust language support within the kernel to RISC-V." Plus, like in all kernel releases, there's a glut of groundwork to offer "initial support" for upcoming CPUs, GPUs, NPUs, Wi-Fi, and other hardware (that most of us don't use yet, but require Linux support to be in place for when devices that use them filter out)...

Linux 6.10 adds (after much gnashing) the mseal() system call to prevent changes being made to portions of the virtual address space. For now, this will mainly benefit Google Chrome, which plans to use it to harden its sandboxing. Work is underway by kernel contributors to allow other apps to benefit, though. A similarly initially-controversial change merged is a new memory-allocation profiling subsystem. This helps developers fine-tune memory usage and more readily identify memory leaks. An explainer from LWN summarizes it well.

Elsewhere, Linux 6.10 offers encrypted interactions with trusted platform modules (TPM) in order to "make the kernel's use of the TPM reasonably robust in the face of external snooping and packet alteration attacks". The documentation for this feature explains: "for every in-kernel operation we use null primary salted HMAC to protect the integrity [and] we use parameter encryption to protect key sealing and parameter decryption to protect key unsealing and random number generation." Sticking with security, the Linux kernel's Landlock security module can now apply policies to ioctl() calls (Input/Output Control), restricting potential misuse and improving overall system security.

On the networking side there's significant performance improvements to zero-copy send operations using io_uring, and the newly-added ability to "bundle" multiple buffers for send and receive operations also offers an uptick in performance...

A couple of months ago Canonical announced Ubuntu support for the RISC-V Milk-V Mars single-board computer. Linux 6.10 mainlines support for the Milk-V Mars, which will make that effort a lot more viable (especially with the Ubuntu 24.10 kernel likely to be v6.10 or newer). Others RISC-V improvements abound in Linux 6.10, including support for the Rust language, boot image compression in BZ2, LZ4, LZMA, LZO, and Zstandard (instead of only Gzip); and newer AMD GPUs thanks to kernel-mode FPU support in RISC-V.
Phoronix has their own rundown of Linux 6.10, plus a list of some of the highlights, which includes:

• The initial DRM Panic infrastructure
• The new Panthor DRM driver for newer Arm Mali graphics
• Better AMD ROCm/AMDKFD support for "small" Ryzen APUs and new additions for AMD Zen 5.
• AMD GPU display support on RISC-V hardware thanks to RISC-V kernel mode FPU
• More Intel Xe2 graphics preparations
• Better IO_uring zero-copy performance
• Faster AES-XTS disk/file encryption with modern Intel and AMD CPUs
• Continued online repair work for XFS
• Steam Deck IMU support
• TPM bus encryption and integrity protection

Long-time Slashdot reader schwit1 shared this report from non-profit libertarian law firm, the Institute for Justice: U.S. District Judge Rita Lin has permanently enjoined the California Bureau of Security and Investigative Services from enforcing its private-investigator licensing requirement against anti-spam entrepreneur Jay Fink. The order declares that forcing Jay to get a license to run his business is so irrational that it violates the Due Process Clause of the Fourteenth Amendment...

Jay's business stems from California's anti-spam act, which allows individuals to sue spammers. But to sue, they have to first compile evidence. To do that, recipients often have to wade through thousands of emails. For more than a decade, Jay has offered a solution: he and his team will scour a client's junk folder and catalog the messages that likely violate the law. But last summer, Jay's job — and Californians' ability to bring spammers to justice — came to a screeching halt when the state told him he was a criminal. A regulator told Jay he needed a license to read through emails that might be used as evidence in a lawsuit. And because Jay didn't have a private investigator license, the state shut him down.
The state of California has since "agreed to jointly petition the court for an order that forever prohibits it from enforcing its licensure law against Jay," according to the article.

Otherwise the anti-spam crusader would've had to endure thousands of hours of private investigator training...

An anonymous reader quotes a report from DefenseScoop: A group of NATO countries are set to begin implementing a new project aimed at improving the alliance's ability to quickly share intelligence gathered by space-based assets operated by both member nations and the commercial sector. Seventeen NATO members signed a memorandum of understanding for the Alliance Persistence Surveillance from Space (APSS) program as part of the annual NATO summit being held in Washington this week, the alliance announced Tuesday. Members will now move into a five-year implementation phase of the project, during which allies will contribute more than $1 billion "to leverage commercial and national space assets, and to expand advanced exploitation capacities," according to a press release.

The United States is one of the nations signed onto the initiative, as well as Belgium, Canada, Denmark, Finland, France, Germany, Greece, Hungary, Italy, Luxembourg, the Netherlands, Norway, Poland, Romania, Sweden and Turkey, according to a NATO source. The transatlantic organization created APSS last year with the intent to establish a "virtual constellation" -- dubbed Aquila -- comprising both national and commercial space systems, sensors and data that can be used by NATO's command structure and other allies. The project is considered "the largest multinational investment in space-based capabilities" in the alliance's history, and is set to increase NATO's ability "to monitor activities on the ground and at sea with unprecedented accuracy and timeliness," a press release stated.

Participating nations will be able to use their own space systems, provide tools for intelligence collection and analysis, or purchase space-based data gathered by commercial constellations. "Integrating and exploiting data from space effectively has been a growing challenge over time," a NATO press release stated. "By leveraging latest technologies from industry, APSS will help advance NATO's innovation agenda and offer a new platform to engage with the growing space industry." The APSS project is part of the larger implementation of NATO's overarching space policy adopted in 2019, which officially recognized space as a new operational domain. Since then, the alliance has worked to bolster its presence in space -- including the establishment of a NATO Space Centre in 2020 and approval of an official Space Branch within the Allied Command Transformation in June.

A 2023 red team exercise by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed critical security failings, including unpatched vulnerabilities, inadequate incident response, and weak credential management, leading to a full domain compromise. According to The Register's Connor Jones, the agency failed to detect or remediate malicious activity for five months. From the report: According to the agency's account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 - 9.8) in the target agency's Oracle Solaris enclave, leading to what it said was a full compromise. It's worth noting that CVE-2022-21587, an unauthenticated remote code execution (RCE) bug carrying a near-maximum 9.8 CVSS rating, was added to CISA's known exploited vulnerability (KEV) catalog in February 2023. The initial intrusion by CISA's red team was made on January 25, 2023. "After gaining access, the team promptly informed the organization's trusted agents of the unpatched device, but the organization took over two weeks to apply the available patch," CISA's report reads. "Additionally, the organization did not perform a thorough investigation of the affected servers, which would have turned up IOCs and should have led to a full incident response. About two weeks after the team obtained access, exploit code was released publicly into a popular open source exploitation framework. CISA identified that the vulnerability was exploited by an unknown third party. CISA added this CVE to its Known Exploited Vulnerabilities Catalog on February 2, 2023." [...]

After gaining access to the Solaris enclave, the red team discovered they couldn't pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful. It said real adversaries may have instead used prolonged password-praying attacks rather than phishing at this stage, given that several service accounts were identified as having weak passwords. After gaining that access, the red team injected a persistent RAT and later discovered unsecured admin credentials, which essentially meant it was game over for the agency being assessed. "None of the accessed servers had any noticeable additional protections or network access restrictions despite their sensitivity and critical functions in the network," CISA said.

CISA described this as a "full domain compromise" that gave the attackers access to tier zero assets -- the most highly privileged systems. "The team found a password file left from a previous employee on an open, administrative IT share, which contained plaintext usernames and passwords for several privileged service accounts," the report reads. "With the harvested Lightweight Directory Access Protocol (LDAP) information, the team identified one of the accounts had system center operations manager (SCOM) administrator privileges and domain administrator privileges for the parent domain. "They identified another account that also had administrative permissions for most servers in the domain. The passwords for both accounts had not been updated in over eight years and were not enrolled in the organization's identity management (IDM)." From here, the red team realized the victim organization had trust relationships with multiple external FCEB organizations, which CISA's team then pivoted into using the access they already had.

The team "kerberoasted" one partner organization. Kerberoasting is an attack on the Kerberos authentication protocol typically used in Windows networks to authenticate users and devices. However, it wasn't able to move laterally with the account due to low privileges, so it instead used those credentials to exploit a second trusted partner organization. Kerberoasting yielded a more privileged account at the second external org, the password for which was crackable. CISA said that due to network ownership, legal agreements, and/or vendor opacity, these kinds of cross-organizational attacks are rarely tested during assessments. However, SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act (NDAA), the same powers that also allow CISA's Federal Attack Surface Testing (FAST) pentesting program to operate. It's crucial that these avenues are able to be explored in such exercises because they're routes into systems adversaries will have no reservations about exploring in a real-world scenario. For the first five months of the assessment, the target FCEB agency failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity. CISA said the findings demonstrated the need for agencies to apply defense-in-depth principles. The cybersecurity agency recommended network segmentation and a Secure-by-Design commitment.

A bipartisan group of senators reached a new agreement on legislation that would ban members of Congress, their spouses and dependent children, as well as the president and vice president, from purchasing and selling stocks while in office. According to CNBC, it would also give lawmakers 90 days to sell their stocks. From the report: The proposal is the latest chapter in a yearslong saga in Congress to pass regulations that limit lawmakers' ability to buy and sell stocks, and the first one to get formal consideration by a Senate committee -- in this case the Homeland Security & Governmental Affairs Committee on July 24. Ethics experts say that legislators' access to the kind of information they receive gives them the potential of having an unfair advantage to the investing public.

Sens. Hawley, Jon Ossoff, D-Ga., Jeff Merkley, D-Ore., and Gary Peters, D-Mich., negotiated and announced the new details. If passed, the bill would also prohibit lawmakers' spouses and dependent children from trading stocks, beginning March 2027. Also starting that year, the U.S. president, vice president and all members of Congress would have to divest from any covered investments. The penalty for violating the divestment mandate, as proposed by the senators, would cost a lawmaker the greater amount of either their monthly salary, or 10% of the value of each covered asset in violation.

Amazon Web Services is the latest entrant to the generative AI game with the announcement of App Studio, a groundbreaking tool capable of building complex software applications from simple written prompts. TechCrunch's Ron Miller reports: "App Studio is for technical folks who have technical expertise but are not professional developers, and we're enabling them to build enterprise-grade apps," Sriram Devanathan, GM of Amazon Q Apps and AWS App Studio, told TechCrunch. Amazon defines enterprise apps as having multiple UI pages with the ability to pull from multiple data sources, perform complex operations like joins and filters, and embed business logic in them. It is aimed at IT professionals, data engineers and enterprise architects, even product managers who might lack coding skills but have the requisite company knowledge to understand what kinds of internal software applications they might need. The company is hoping to enable these employees to build applications by describing the application they need and the data sources they wish to use.

Examples of the types of applications include an inventory-tracking system or claims approval process. The user starts by entering the name of an application, calling the data sources and then describing the application they want to build. The system comes with some sample prompts to help, but users can enter an ad hoc description if they wish. It then builds a list of requirements for the application and what it will do, based on the description. The user can refine these requirements by interacting with the generative AI. In that way, it's not unlike a lot of no-code tools that preceded it, but Devanathan says it is different. [...] Once the application is complete, it goes through a mini DevOps pipeline where it can be tested before going into production. In terms of identity, security and governance, and other requirements any enterprise would have for applications being deployed, the administrator can link to existing systems when setting up the App Studio. When it gets deployed, AWS handles all of that on the back end for the customer, based on the information entered by the admin.

Scharon Harding reports via Wired: In 2019, Nike got closer than ever to its dreams of popularizing self-tying sneakers by releasing the Adapt BB. Using Bluetooth, the sneakers paired to the Adapt app that let users do things like tighten or loosen the shoes' laces and control its LED lights. However, Nike has announced that it's "retiring" the app on August 6 (Warning: source may be paywalled; alternative source), when it will no longer be downloadable from Apple's App Store or the Google Play Store; nor will it be updated.

In an announcement recently spotted by The Verge, Nike's brief explanation for discontinuing the app is that Nike "is no longer creating new versions of Adapt shoes." The company started informing owners about the app's retirement about four months ago. Those who already bought the shoes can still use the app after August 6, but it's expected that iOS or Android updates will eventually make the app unusable. Also, those who get a new device won't be able to download Adapt after August 6.

Without the app, wearers are unable to change the color of the sneaker's LED lights. The lights will either maintain the last color scheme selected via the app or, per Nike, "if you didn't install the app, light will be the default color." While owners will still be able to use on-shoe buttons to turn the shoes on or off, check its battery, adjust the lace's tightness, and save fit settings, the ability to change lighting and control the shoes via mobile phone were big selling points of the $350 kicks.

An anonymous reader quotes a report from the Washington Post: Federal regulators have for the first time banned a digital platform from serving users under 18 (Warning: source may be paywalled; alternative source), accusing the app -- known as NGL -- of exaggerating its ability to use artificial intelligence to curb cyberbullying in a groundbreaking settlement. Anapp popular among children and teens, NGL aggressively marketed to young users despite risks of bullying on the anonymous messaging site, the Federal Trade Commission and the Los Angeles District Attorney's Office alleged in a complaint unveiled Tuesday.

The complaint alleged that NGL tricked users into paying for subscriptions by sending them computer-generated messages appearing to be from real people and offering a service for as much as $9.99 a week to find out their real identity. People who signed up received only "hints" of those identities, whether they were real or not, enforcers said. After users complained about the "bait-and switch tactic," executives at the company "laughed off" their concerns, referring to them as "suckers," the FTC said in an announcement. NGL, internet shorthand for "not gonna lie," agreed to pay $5 million and stop marketing to kids and teens to settle the lawsuit, which also alleged that the company violated children's privacy laws by collecting data from youths under 13 without parental consent.

The settlement marks a major milestone in the federal government's efforts to tackle concerns that tech platforms are exposing children to noxious material and profiting from it. And it's one of the most significant actions by the FTC under Chair Lina Khan, who has dialed up scrutiny of the tech sector at the agency since taking over in 2021. "We will keep cracking down on businesses that unlawfully exploit kids for profit," Khan (D) said in a statement. NGL co-founder Joao Figueiredo said in a statement Tuesday that the company cooperated with the FTC's investigation for nearly two years and viewed the "resolution as an opportunity to make NGL better than ever."

"While we believe many of the allegations around the youth of our user base are factually incorrect, we anticipate that the agreed upon age-gating and other procedures will now provide direction for others in our space, and hopefully improve policies generally."

Goldman Sachs' head of global equity research Jim Covello has expressed skepticism about the potential returns from AI technology, despite an estimated $1 trillion in planned industry investment over the coming years. In a recent report [PDF], Covello argued that AI applications must solve complex, high-value problems to justify their substantial costs, which he believes the technology is not currently designed to do.

"AI technology is exceptionally expensive, and to justify those costs, the technology must be able to solve complex problems, which it isn't designed to do," Covello said. Unlike previous technological revolutions like e-commerce, which provided low-cost solutions from the start, AI remains prohibitively expensive even for basic tasks, he said. Covello also questioned whether AI costs would decline sufficiently over time, citing potential lack of competition in critical components like GPU chips.

The Goldman executive also expressed doubt about AI's ability to boost company valuations, arguing that efficiency gains would likely be competed away and that the path to revenue growth remains unclear. Despite the skepticism, Covello acknowledged that substantial AI infrastructure spending will continue in the near term due to competitive pressures and investor expectations.

IEEE Spectrum (the IEEE's official publication) asks the question. "How does an AI code generator compare to a human programmer?" A study published in the June issue of IEEE Transactions on Software Engineering evaluated the code produced by OpenAI's ChatGPT in terms of functionality, complexity and security. The results show that ChatGPT has an extremely broad range of success when it comes to producing functional code — with a success rate ranging from anywhere as poor as 0.66 percent and as good as 89 percent — depending on the difficulty of the task, the programming language, and a number of other factors. While in some cases the AI generator could produce better code than humans, the analysis also reveals some security concerns with AI-generated code.
The study tested GPT-3.5 on 728 coding problems from the LeetCode testing platform — and in five programming languages: C, C++, Java, JavaScript, and Python. The results? Overall, ChatGPT was fairly good at solving problems in the different coding languages — but especially when attempting to solve coding problems that existed on LeetCode before 2021. For instance, it was able to produce functional code for easy, medium, and hard problems with success rates of about 89, 71, and 40 percent, respectively. "However, when it comes to the algorithm problems after 2021, ChatGPT's ability to generate functionally correct code is affected. It sometimes fails to understand the meaning of questions, even for easy level problems," said Yutian Tang, a lecturer at the University of Glasgow. For example, ChatGPT's ability to produce functional code for "easy" coding problems dropped from 89 percent to 52 percent after 2021. And its ability to generate functional code for "hard" problems dropped from 40 percent to 0.66 percent after this time as well...

The researchers also explored the ability of ChatGPT to fix its own coding errors after receiving feedback from LeetCode. They randomly selected 50 coding scenarios where ChatGPT initially generated incorrect coding, either because it didn't understand the content or problem at hand. While ChatGPT was good at fixing compiling errors, it generally was not good at correcting its own mistakes... The researchers also found that ChatGPT-generated code did have a fair amount of vulnerabilities, such as a missing null test, but many of these were easily fixable.
"Interestingly, ChatGPT is able to generate code with smaller runtime and memory overheads than at least 50 percent of human solutions to the same LeetCode problems..."

Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."

"Images captured from space show the growth of Cuba's electronic eavesdropping stations," reported the Wall Street Journal this week, citing a new report from the Center for Strategic and International Studies, a Washington-based think tank.

But they added that the stations "are believed to be linked to China," including previously-unreported construction about 70 miles from the U.S. naval base at Guantanamo Bay. (The Journal had previously reported China and Cuba were "negotiating closer defense and intelligence ties, including establishing a new joint military training facility on the island and an eavesdropping facility.") At the time, the Journal reported that Cuba and China were already jointly operating eavesdropping stations on the island, according to U.S. officials, who didn't disclose their locations. It couldn't be determined which, if any, of those are included in the sites covered by the CSIS report.

The concern about the stations, former officials and analysts say, is that China is using Cuba's geographical proximity to the southeastern U.S. to scoop up sensitive electronic communications from American military bases, space-launch facilities, and military and commercial shipping. Chinese facilities on the island "could also bolster China's use of telecommunications networks to spy on U.S. citizens," said Leland Lazarus, an expert on China-Latin America relations at Florida International University... Authors of the CSIS report, after analyzing years' worth of satellite imagery, found that Cuba has significantly upgraded and expanded its electronic spying facilities in recent years and pinpointed four sites — at Bejucal, El Salao, Wajay and Calabazar... "These are active locations with an evolving mission set," said Matthew Funaiole, a senior follow at CSIS and the report's chief author.
The CSIS web site shows some of the satellite images. "Pinpointing the specific targets of these assets is nearly impossible," they add — but since Cuba has no space program, "the types of space-tracking capabilities observed are likely intended to monitor the activities of other nations (like the United States) with a presence in orbit." While China's own satellites could also benefit from a North America-based groundstation for communications, the Cuban facilities "would also provide the ability to monitor radio traffic and potentially intercept data delivered by U.S. satellites as they pass over highly sensitive military sites across the southern United States."

The think tank points out that one possibly-installed system would be within range to monitor rocket launches from Cape Canaveral and NASA's Kennedy Space Center. "Studying these launches — particularly those of SpaceX's Falcon 9 and Falcon Heavy reusable first-stage booster rocket systems — is likely of keen interest to China as it attempts to catch up to U.S. leadership in space launch technology."

Epilogue, the company behind the GB Operator emulator, which lets users play Game Boy cartridges on a PC, announced that it's working on an update to turn the Game Boy Camera into a lo-fi webcam. Time Extension reports: The Playback app currently allows you to download photos from the Game Boy Camera accessory, but Epilogue has just demonstrated the ability to use the peripheral as a webcam.

"We now have a live feed from the Game Boy Camera, but still need to fine-tune some things and allow for configuration options," says the company. "We wanted to share this update because it was exciting to see it finally work, and [we] can't wait to see everyone having fun with it. It's the worst and the best webcam you'll ever have."

Longtime Slashdot reader fahrbot-bot shares a report from CNN, written by Olesya Dmitracova: Nyobolt, based in Cambridge, has developed a new 35kWh lithium-ion battery that was charged from 10% to 80% in just over four and a half minutes in its first live demonstration last week. [...] Nyobolt's technology builds on a decade of research led by University of Cambridge battery scientist Clare Grey and Cambridge-educated Shivareddy, the company said. Key to its batteries' ability to be charged super-fast without a big impact on their longevity is a design that means they generate less heat. It also makes them safer as overheating can cause a lithium-ion battery to catch fire and explode. In addition, the materials used to make the batteries' anodes allow for a faster transfer of electrons. Nyobolt is currently in talks to sell its batteries to eight electric car manufacturers. At 35 kWh, the battery is much smaller than the 85 kWh in a more typical American electric vehicle (EV). Yet the technology may be used in larger battery packs in the future.

Independent testing of Nyobolt's batteries by what it called a leading global manufacturer found that they can achieve over 4,000 fast-charge cycles, equivalent to 600,000 miles (965,600 kilometers), while retaining more than 80% of capacity, Nyobolt said in its Friday statement. William Kephart, an e-mobility specialist at consultancy P3 Group and a former engineer, said EV batteries of the kind Nyobolt has developed could "theoretically" be charged as fast as the firm is promising, but the challenge was manufacturing such batteries on an industrial scale. A crucial chemical element in Nyobolt's batteries is niobium but, as Kephart pointed out, last year only an estimated 83,000 tons (94,500 tons) was mined worldwide. Compare that with graphite, commonly used as anode material in lithium-ion batteries: an estimated 1.6 million tons (1.8 million tons) was produced in 2023. In addition, there are currently "a lot of unknowns" with the niobium battery technology, he told CNN. "The industry will work it out (but) it's not seen by the industry as a scalable technology just yet," he added.

An anonymous reader quotes a report from the Financial Times: Google's greenhouse gas emissions have surged 48 percent in the past five years due to the expansion of its data centers that underpin artificial intelligence systems, leaving its commitment to get to "net zero" by 2030 in doubt. The Silicon Valley company's pollution amounted to 14.3 million tons of carbon equivalent in 2023, a 48 percent increase from its 2019 baseline and a 13 percent rise since last year, Google said in its annual environmental report on Tuesday. Google said the jump highlighted "the challenge of reducing emissions" at the same time as it invests in the build-out of large language models and their associated applications and infrastructure, admitting that "the future environmental impact of AI" was "complex and difficult to predict."

Chief sustainability officer Kate Brandt said the company remained committed to the 2030 target but stressed the "extremely ambitious" nature of the goal. "We do still expect our emissions to continue to rise before dropping towards our goal," said Brandt. She added that Google was "working very hard" on reducing its emissions, including by signing deals for clean energy. There was also a "tremendous opportunity for climate solutions that are enabled by AI," said Brandt. [...] In Tuesday's report, Google said its 2023 energy-related emissions -- which come primarily from data center electricity consumption -- rose 37 percent year on year, and overall represented a quarter of its total greenhouse gas emissions. Google's supply chain emissions -- its largest chunk, representing 75 percent of its total emissions -- also rose 8 percent. Google said they would "continue to rise in the near term" as a result in part of the build-out of the infrastructure needed to run AI systems.

Google has pledged to achieve net zero across its direct and indirect greenhouse gas emissions by 2030, and to run on carbon-free energy during every hour of every day within each grid it operates by the same date. However, the company warned in Tuesday's report that the "termination" of some clean energy projects during 2023 had pushed down the amount of renewables it had access to. Meanwhile, the company's data centre electricity consumption had "outpaced" Google's ability to bring more clean power projects online in the US and Asia-Pacific regions. Google's data centre electricity consumption increased 17 percent in 2023, and amounted to approximately 7-10 percent of global data center electricity consumption, the company estimated.Its data centers also consumed 17 percent more water in 2023 than during the previous year, Google said.