Meta's AI chief said the large language models that power generative AI products such as ChatGPT would never achieve the ability to reason and plan like humans, as he focused instead on a radical alternative approach to create "superintelligence" in machines. From a report: Yann LeCun, chief AI scientist at the social media giant that owns Facebook and Instagram, said LLMs had "very limited understanding of logicâ... do not understand the physical world, do not have persistent memory, cannot reason in any reasonable definition of the term and cannot planâ...âhierarchically."

In an interview with the Financial Times, he argued against relying on advancing LLMs in the quest to make human-level intelligence, as these models can only answer prompts accurately if they have been fed the right training data and are, therefore, "intrinsically unsafe." Instead, he is working to develop an entirely new generation of AI systems that he hopes will power machines with human-level intelligence, although he said this vision could take 10 years to achieve. Meta has been pouring billions of dollars into developing its own LLMs as generative AI has exploded, aiming to catch up with rival tech groups, including Microsoft-backed OpenAI and Alphabet's Google.

An anonymous reader quotes a report from Bloomberg: ASML Holding NV and Taiwan Semiconductor Manufacturing Co. have ways to disable the world's most sophisticated chipmaking machines in the event that China invades Taiwan, according to people familiar with the matter. Officials from the US government have privately expressed concerns to both their Dutch and Taiwanese counterparts about what happens if Chinese aggression escalates into an attack on the island responsible for producing the vast majority of the world's advanced semiconductors, two of the people said, speaking on condition of anonymity. ASML reassured officials about its ability to remotely disable the machines when the Dutch government met with the company on the threat, two others said. The Netherlands has run simulations on a possible invasion in order to better assess the risks, they added.

The remote shut-off applies to Netherlands-based ASML's line of extreme ultraviolet machines, known within the industry as EUVs, for which TSMC is its single biggest client. EUVs harness high-frequency light waves to print the smallest microchip transistors in existence -- creating chips that have artificial-intelligence uses as well as more sensitive military applications. About the size of a city bus, an EUV requires regular servicing and updates. As part of that, the company can remotely force a shut-off which would act as a kill switch, the people said, speaking on condition of anonymity. The Veldhoven-based company is the world's only manufacturer of these machines, which sell for more than $217 million apiece.

Apple said on Tuesday it plans to ask a U.S. judge to dismiss a lawsuit filed by the Justice Department and 15 states in March that alleged the iPhone maker monopolized the smartphone market, hurt smaller rivals and drove up prices. From a report: In a letter to U.S. District Judge Julien X. Neals in New Jersey, Apple said "far from being a monopolist, Apple faces fierce competition from well-established rivals, and the complaint fails to allege that Apple has the ability to charge supra-competitive prices or restrict output in the alleged smartphone markets." In the letter to the judge, Apple said the DOJ relies on a new "theory of antitrust liability that no court has recognized."

The government is expected to respond within seven days to the Apple letter, which the court requires parties to submit, hoping to expedite cases before advancing to a potentially more robust and expensive effort to dismiss a lawsuit. The Justice Department alleges that Apple uses its market power to get more money from consumers, developers, content creators, artists, publishers, small businesses and merchants. The civil lawsuit accuses Apple of an illegal monopoly on smartphones maintained by imposing contractual restrictions on, and withholding critical access from, developers.

In a new blog post, Ethereum co-founder Vitalik Buterin has shared his thoughts on three issues core to Ethereum's decentralization: MEV, liquid staking, and the hardware requirements of nodes. The Block reports: In his post, published on May 17, Buterin first addresses the issue of MEV, or the financial gain that sophisticated node operators can capture by reordering the transactions within a block. Buterin characterizes the two approaches to MEV as "minimization" (reducing MEV through smart protocol design, such as CowSwap) and "quarantining" (attempting to reduce or eliminate MEV altogether through in-protocol techniques). While MEV quarantining seems like an alluring option, Buterin notes that the prospect comes with some centralization risks. "If builders have the power to exclude transactions from a block entirely, there are attacks that can quite easily arise," Buterin noted. However, Buterin championed the builders working on MEV quarantining through concepts like transaction inclusion lists, which "take away the builder's ability to push transactions out of the block entirely." "I think ideas in this direction - really pushing the quarantine box to be as small as possible - are really interesting, and I'm in favor of going in that direction," Buterin concluded.

Buterin also addressed the relatively low number of solo Ethereum stakers, as most stakers choose to stake with a staking provider, either a centralized offering like Coinbase or a decentralized offering like Lido or RocketPool, given the complexity, hardware requirement, and 32 eth minimum needed to operate an Ethereum node solo. While Buterin acknowledges the progress being made to reduce the cost and complexity around running a solo node, he also noted "once again there is more that we could do," perhaps through reducing the time to withdraw staked ether or reducing the 32 eth minimum requirement to become a solo staker. "Incorrect answers could lead Ethereum down a path of centralization and 're-creating the traditional financial system with extra steps'; correct answers could create a shining example of a successful ecosystem with a wide and diverse set of solo stakers and highly decentralized staking pools," Buterin wrote. [...]

Buterin finished his post by imploring the Ethereum ecosystem to tackle the hard questions rather than shy away from them. "...We should have deep respect for the properties that make Ethereum unique, and continue to work to maintain and improve on those properties as Ethereum scales," Buterin wrote. Buterin added today, in a post on X, that he was pleased to see civil debate among community members. "I'm really proud that ethereum does not have any culture of trying to prevent people from speaking their minds, even when they have very negative feelings toward major things in the protocol or ecosystem. Some wave the ideal of 'open discourse' as a flag, some take it seriously," Buterin wrote.

OpenAI is pausing the use of the popular Sky voice in ChatGPT over concerns it sounds too much like the "Her" actress Scarlett Johansson. From a report: The company says the voices in ChatGPT were from paid voice actors. A final five were selected from an initial pool of 400 and it's purely a coincidence the unnamed actress behind the Sky voice has a similar tone to Johansson. Voice is about to become more prominent for OpenAI as it begins to roll out a new GPT-4o model into ChatGPT. With it will come an entirely new conversational interface where users can talk in real-time to a natural-sounding and emotion-mimicking AI.

While the Sky voice and a version of ChatGPT Voice have been around for some time, the comparison to Johansson became more obvious due to OpenAI CEO Sam Altman, and many others, drawing the similarity between the new AI model and the movie "Her". In "Her," Scarlett Johansson voices an advanced AI operating system named Samantha, who develops a romantic relationship with a lonely writer played by Joaquin Phoenix. With its ability to mimic emotional responses, the parallels from GPT-4o were obvious.

Earlier this week the Washington Post reported that America's Defense department "is growing concerned that the United Launch Alliance, one of its key partners in launching national security satellites to space, will not be able to meet its needs to counter China and build its arsenal in orbit with a new rocket that ULA has been developing for years." In a letter sent Friday to the heads of Boeing's and Lockheed Martin's space divisions, Air Force Assistant Secretary Frank Calvelli used unusually blunt terms to say he was growing "concerned" with the development of the Vulcan rocket, which the Pentagon intends to use to launch critical national security payloads but which has been delayed for years. ULA, a joint venture of Boeing and Lockheed Martin, was formed nearly 20 years ago to provide the Defense Department with "assured access" to space. "I am growing concerned with ULA's ability to scale manufacturing of its Vulcan rocket and scale its launch cadence to meet our needs," he wrote in the letter, a copy of which was obtained by The Washington Post. "Currently there is military satellite capability sitting on the ground due to Vulcan delays...."

ULA originally won 60 percent of the Pentagon's national security payloads under the current contract, known as Phase 2. SpaceX won an award for the remaining 40 percent, but it has been flying its reusable Falcon 9 rocket at a much higher rate. ULA launched only three rockets last year, as it transitions to Vulcan; SpaceX launched nearly 100, mostly to put up its Starlink internet satellite constellation. Both are now competing for the next round of Pentagon contracts, a highly competitive procurement worth billions of dollars over several years. ULA is reportedly up for sale; Blue Origin is said to be one of the suitors...

In a statement to The Post, ULA said that its "factory and launch site expansions have been completed or are on track to support our customers' needs with nearly 30 launch vehicles in flow at the rocket factory in Decatur, Alabama." Last year, ULA CEO Tory Bruno said in an interview that the deal with Amazon would allow the company to increase its flight rate to 20 to 25 a year and that to meet that cadence it was hiring "several hundred" more employees. The more often Vulcan flies, he said, the more efficient the company would become. "Vulcan is much less expensive" than the Atlas V rocket that the ULA currently flies, Bruno said, adding that ULA intends to eventually reuse the engines. "As the flight rate goes up, there's economies of scale, so it gets cheaper over time. And of course, you're introducing reusability, so it's cheaper. It's just getting more and more competitive."
The article also notes that years ago ULA "decided to eventually retire its workhorse Atlas V rocket after concerns within the Pentagon and Congress that it relied on a Russian-made engine, the RD-180. In 2014, the company entered into a partnership with Jeff Bezos' Blue Origin to provide its BE-4 engines for use on Vulcan. However, the delivery of those engines was delayed for years — one of the reasons Vulcan's first flight didn't take place until earlier this year."

The article says Cavelli's letter cited the Pentagon's need to move quickly as adversaries build capabilities in space, noting "counterspace threats" and adding that "our adversaries would seek to deny us the advantage we get from space during a potential conflict."

"The United States continues to face an unprecedented strategic competitor in China, and our space environment continues to become more contested, congested and competitive."

America's Defense Department "is rushing to expand its capacity to wage war in space," reports the New York Times, "convinced that rapid advances by China and Russia in space-based operations pose a growing threat to U.S. troops and other military assets on the ground and U.S. satellites in orbit." [T]he Defense Department is looking to acquire a new generation of ground- and space-based tools that will allow it to defend its satellite network from attack and, if necessary, to disrupt or disable enemy spacecraft in orbit, Pentagon officials have said in a series of interviews, speeches and recent statements... [T]he move to enhance warfighting capacity in space is driven mostly by China's expanding fleet of military tools in space... [U.S. officials are] moving ahead with an effort they are calling "responsible counterspace campaigning," an intentionally ambiguous term that avoids directly confirming that the United States intends to put its own weapons in space. But it also is meant to reflect this commitment by the United States to pursue its interest in space without creating massive debris fields that would result if an explosive device or missile were used to blow up an enemy satellite. That is what happened in 2007, when China used a missile to blow up a satellite in orbit. The United States, China, India and Russia all have tested such missiles. But the United States vowed in 2022 not to do any such antisatellite tests again.

The United States has also long had ground-based systems that allow it to jam radio signals, disrupting the ability of an enemy to communicate with its satellites, and is taking steps to modernize these systems. But under its new approach, the Pentagon is moving to take on an even more ambitious task: broadly suppress enemy threats in orbit in a fashion similar to what the Navy does in the oceans and the Air Force in the skies.
The article notes a recent report drafted by a former Space Force colonel cited three ways to disable enemy satellite networks: cyberattacks, ground or space-based lasers, and high-powered microwaves. "John Shaw, a recently retired Space Force lieutenant general who helped run the Space Command, agreed that directed-energy devices based on the ground or in space would probably be a part of any future system. 'It does minimize debris; it works at the speed of light,' he said. 'Those are probably going to be the tools of choice to achieve our objective." The Pentagon is separately working to launch a new generation of military satellites that can maneuver, be refueled while in space or have robotic arms that could reach out and grab — and potentially disrupt — an enemy satellite. Another early focus is on protecting missile defense satellites. The Defense Department recently started to require that a new generation of these space-based monitoring systems have built-in tools to evade or respond to possible attack. "Resiliency feature to protect against directed energy attack mechanisms" is how one recent missile defense contract described it. Last month the Pentagon also awarded contracts to two companies — Rocket Lab and True Anomaly — to launch two spacecraft by late next year, one acting as a mock enemy and the other equipped with cameras, to pull up close and observe the threat. The intercept satellite will not have any weapons, but it has a cargo hold that could carry them.
The article notes that Space Force's chief of space operations has told Senate appropriators that about $2.4 billion of the $29.4 billion in Space Force's proposed 2025 budget was set aside for "space domain awareness." And it adds that the Pentagon "is working to coordinate its so-called counterspace efforts with major allies, including Britain, Canada and Australia, through a multinational operation called Operation Olympic Defender. France has been particularly aggressive, announcing its intent to build and launch by 2030 a satellite equipped with a high-powered laser." [W]hat is clear is that a certain threshold has now been passed: Space has effectively become part of the military fighting domain, current and former Pentagon officials said. "By no means do we want to see war extend into space," Lt. Gen. DeAnna Burt, deputy chief of space operations, said at a Mitchell Institute event this year. "But if it does, we have to be prepared to fight and win."

After shutting down its awards system last July, Reddit announced that it is bringing it back, with much of the same and some new features. There'll be "a new design for awards, a new award button under eligible posts and a leaderboard showing top awards earned for a comment or a post," reports TechCrunch. From the report: The company sunset its awards program last year along with the ability for users to purchase coins. At the same time, Reddit introduced "Golden Upvotes," which were purchased directly through cash. In a new post, the company said the system wasn't as expressive as awards. "While the golden upvote was certainly simpler in theory, in practice, it missed the mark. It wasn't as fun or expressive as legacy awards, and it was unclear how it benefited the recipient," the social network said.

Users who want to give awards to posts and comments will need to buy "gold," which kind of replaces coins. On a support page, the company mentioned that, on average, awards cost anywhere between 15 to 50 gold. Gold packages in Reddit's mobile apps currently start at $1.99 for 100 gold. Users can buy as much as 2,750 gold for $49.99. The company is also adding some safeguards to the awards system, such as disabling awards in NSFW subreddits, trauma and addiction support subreddits, and subreddits with mature content. Additionally, users will be able to report awards to avoid them being used for moderator removals.

Kylie Robison reports via The Verge: Hugging Face, one of the biggest names in machine learning, is committing $10 million in free shared GPUs to help developers create new AI technologies. The goal is to help small developers, academics, and startups counter the centralization of AI advancements. [...] Delangue is concerned about AI startups' ability to compete with the tech giants. Most significant advancements in artificial intelligence -- like GPT-4, the algorithms behind Google Search, and Tesla's Full Self-Driving system -- remain hidden within the confines of major tech companies. Not only are these corporations financially incentivized to keep their models proprietary, but with billions of dollars at their disposal for computational resources, they can compound those gains and race ahead of competitors, making it impossible for startups to keep up. Hugging Face aims to make state-of-the-art AI technologies accessible to everyone, not just the tech giants. [...]

Access to compute poses a significant challenge to constructing large language models, often favoring companies like OpenAI and Anthropic, which secure deals with cloud providers for substantial computing resources. Hugging Face aims to level the playing field by donating these shared GPUs to the community through a new program called ZeroGPU. The shared GPUs are accessible to multiple users or applications concurrently, eliminating the need for each user or application to have a dedicated GPU. ZeroGPU will be available via Hugging Face's Spaces, a hosting platform for publishing apps, which has over 300,000 AI demos created so far on CPU or paid GPU, according to the company.

Access to the shared GPUs is determined by usage, so if a portion of the GPU capacity is not actively utilized, that capacity becomes available for use by someone else. This makes them cost-effective, energy-efficient, and ideal for community-wide utilization. ZeroGPU uses Nvidia A100 GPU devices to power this operation -- which offer about half the computation speed of the popular and more expensive H100s. "It's very difficult to get enough GPUs from the main cloud providers, and the way to get them -- which is creating a high barrier to entry -- is to commit on very big numbers for long periods of times," Delangue said. Typically, a company would commit to a cloud provider like Amazon Web Services for one or more years to secure GPU resources. This arrangement disadvantages small companies, indie developers, and academics who build on a small scale and can't predict if their projects will gain traction. Regardless of usage, they still have to pay for the GPUs. "It's also a prediction nightmare to know how many GPUs and what kind of budget you need," Delangue said.

An anonymous reader quotes a report from TechCrunch: Facebook and Instagram are under formal investigation in the European Union over child protection concerns, the Commission announced Thursday. The proceedings follow a raft of requests for information to parent entity Meta since the bloc's online governance regime, the Digital Services Act (DSA), started applying last August. The development could be significant as the formal proceedings unlock additional investigatory powers for EU enforcers, such as the ability to conduct office inspections or apply interim measures. Penalties for any confirmed breaches of the DSA could reach up to 6% of Meta's global annual turnover.

Meta's two social networks are designated as very large online platforms (VLOPs) under the DSA. This means the company faces an extra set of rules -- overseen by the EU directly -- requiring it to assess and mitigate systemic risks on Facebook and Instagram, including in areas like minors' mental health. In a briefing with journalists, senior Commission officials said they suspect Meta of failing to properly assess and mitigate risks affecting children. They particularly highlighted concerns about addictive design on its social networks, and what they referred to as a "rabbit hole effect," where a minor watching one video may be pushed to view more similar content as a result of the platforms' algorithmic content recommendation engines.

Commission officials gave examples of depression content, or content that promotes an unhealthy body image, as types of content that could have negative impacts on minors' mental health. They are also concerned that the age assurance methods Meta uses may be too easy for kids to circumvent. "One of the underlying questions of all of these grievances is how can we be sure who accesses the service and how effective are the age gates -- particularly for avoiding that underage users access the service," said a senior Commission official briefing press today on background. "This is part of our investigation now to check the effectiveness of the measures that Meta has put in place in this regard as well." In all, the EU suspects Meta of infringing DSA Articles 28, 34, and 35. The Commission will now carry out an in-depth investigation of the two platforms' approach to child protection.

Russia is increasingly seeking to encourage and direct hackers to attack British and other western targets, the director of GCHQ has said in her first keynote speech as head of the British intelligence agency. From a report: Anne Keast-Butler said her agency was "increasingly concerned about growing links" between the Russian intelligence services and proxy hacker groups who have long taken advantage of a permissive environment within the country. "Before, Russia simply created the right environments for these groups to operate but now they're nurturing and inspiring these non state cyber actors," she said in a speech to the Cyber UK conference, in what she described as a "globally pervasive" threat.

The spy chief, appointed last year to be the first woman to hold the role, referenced the threat from ransomware -- "the most acute and pervasive cyber threat" -- where cybercriminals, typically from Russia, take control of a company's data and systems and demand significant sums to regain access. GCHQ was "doing everything we can" to counter ransomware actors, Keast-Butler said, degrade their ability to attack systems across government and business and to "produce intelligence that means those involved in ransomware are held to account." There is "no hiding place" for cybercriminals she added.

Google is opening up API access to its Google Home smart home platform, allowing app developers to access over 600 million connected devices and tap into the Google Home automation engine. In addition, Google announced that it'll be turning Google TVs into Google Home hubs and Matter controllers. The Verge reports: The Home APIs can access any Matter device or Works with Google Home device, and allows developers to build their own experiences using Google Home devices and automations into their apps on both iOS and Android. This is a significant move for Google in opening up its smart home platform, following shutting down its Works with Nest program back in 2019. [...] The Home APIs are already available to Google's early access partners, and Google is opening up a waitlist for any developer to sign up today. "We are opening up access on a rolling basis so they can begin building and testing within their apps," Anish Kattukaran, head of product at Google Home and Nest, told The Verge. "The first apps using the home APIs will be able to publish to the Play and App stores in the fall."

The access is not just limited to smart home developers. In the blog post, Matt Van Der Staay, engineering director at Google Home, said the Home APIs could be used to connect smart home devices to fitness or delivery apps. "You can build a complex app to manage any aspect of a smart home, or simply integrate with a smart device to solve pain points -- like turning on the lights automatically before the food delivery driver arrives." The APIs allow access to most devices connected to Google Home and to the Google Home structure, letting apps control and manage devices such as Matter light bulbs or the Nest Learning Thermostat. They also leverage Google Home's automation signals, such as motion from sensors, an appliance's mode changing, or Google's Home and Away mode, which uses various signals to determine if a home is occupied. [...]

What's also interesting here is that developers will be able to use the APIs to access and control any device that works with the new smart home standard Matter and even let people set up Matter devices directly in their app. This should make it easier for them to implement Matter into their apps, as it will add devices to the Google Home fabric, so they won't have to develop their own. In addition, Google announced that it's vastly expanding its Matter infrastructure by turning Google TVs into Google Home hubs and Matter controllers. Any app using the APIs would need a Google hub in a customer's home in order to control Matter devices locally. Later this year, Chromecast with Google TV, select panel TVs with Google TV running Android 14 or higher, and some LG TVs will be upgraded to become Google Home hubs.

Additionally, Kattukaran said Google will upgrade all of its existing home hubs -- which include Nest Hub (second-gen), Nest Hub Max, and Google Wifi -- with a new ability called Home runtime. "With this update, all hubs for Google Home will be able to directly route commands from any app built with Home APIs (such as the Google Home app) to a customer's Matter device locally, when the phone is on the same Wi-Fi network as the hub," said Kattukaran. This means you should see "significant latency improvements using local control via a hub for Google Home," he added.

This week, in celebration of Global Accessibility Awareness Day, Apple is introducing several new accessibility features. Noteworthy additions include eye-tracking support for recent iPhone and iPad models, customizable vocal shortcuts, music haptics, and vehicle motion cues. Engadget reports: The most intriguing feature of the set is the ability to use the front-facing camera on iPhones or iPads (at least those with the A12 chip or later) to navigate the software without additional hardware or accessories. With this enabled, people can look at their screen to move through elements like apps and menus, then linger on an item to select it. That pause to select is something Apple calls Dwell Control, which has already been available elsewhere in the company's ecosystem like in Mac's accessibility settings. The setup and calibration process should only take a few seconds, and on-device AI is at work to understand your gaze. It'll also work with third-party apps from launch, since it's a layer in the OS like Assistive Touch. Since Apple already supported eye-tracking in iOS and iPadOS with eye-detection devices connected, the news today is the ability to do so without extra hardware. [...]

There are plenty more features coming to the company's suite of products, including Live Captions in VisionOS, a new Reader mode in Magnifier, support for multi-line braille and a virtual trackpad for those who use Assistive Touch. It's not yet clear when all of these announced updates will roll out, though Apple has historically made these features available in upcoming versions of iOS. With its developer conference WWDC just a few weeks away, it's likely many of today's tools get officially released with the next iOS. Apple detailed all the new features in a press release.

With Amazon on its heels, the nation's biggest company by revenue is hunting for ways to continue growing. From a report: For a decade, Walmart has reigned as the nation's biggest company by revenue. Its sales last year added up to $648 billion -- more than $1.2 million a minute. That status comes with benefits. It gives Walmart power in negotiations with product manufacturers and in dealing with government officials over policy issues. It's also a point of pride: Job postings often tout working at the "Fortune 1" company as a perk. Its reign is looking shaky lately [non-paywalled link]. If current sales trends persist, Amazon is likely to overtake Walmart soon. Amazon reported $575 billion in total revenue last year, up 12% from the previous year, compared with Walmart's revenue growth of 6%.

Walmart's behemoth size means that to meet its own sales target of around 4% growth each year, the company has to find an additional $26 billion in sales this year. That's no easy task. About 90% of Americans already shop at the retailer. The pandemic and rising inflation boosted Walmart's revenue by $100 billion since 2019. It faces continued uncertainty in consumer confidence and while it's spending in some areas, it's pulling back in others. Earlier this week, Walmart told workers it would cut hundreds of corporate jobs and ask most remote workers to move to offices. While Amazon's and Walmart's businesses compete head on, there are big differences. Amazon earns much of its profit from non-retail operations such as cloud computing and advertising, while grabbing retail market share with fast shipping. Walmart gets the bulk of its sales and profits from U.S. stores, while growing side businesses like advertising and digital sales.

Walmart executives are most wary of Amazon's ability to keep increasing profits through its non-retail business, while eating more of the retail landscape with ever-faster shipping and a bigger product selection, people familiar with the company said. Internally some executives are highlighting Walmart's role as a good corporate citizen and emphasizing that it's important to be the best at serving customers and workers, not just the biggest, say some of those people. Its scale can also have downsides, say some, like outsize attention on every misstep.

OpenAI unveiled its latest foundation model, GPT-4o, and a ChatGPT desktop app at its Spring Updates event on Monday. GPT-4o, which will be available to all free users, boasts the ability to reason across voice, text, and vision, according to OpenAI's chief technology officer Mira Murati. The model can respond in real-time, detect emotion, and adjust its voice accordingly. Developers will have access to GPT-4o through OpenAI's API at half the price and twice the speed of its predecessor, GPT-4 Turbo.

Further reading: VentureBeat.

An anonymous reader quotes a report from The Verge: The Maryland legislature passed two bills over the weekend limiting tech platforms' ability to collect and use consumers' data. Maryland Governor Wes Moore is expected to sign one of those bills, the Maryland Kids Code, on Thursday, MoCo360 reports. If signed into law, the other bill, the Maryland Online Privacy Act, will go into effect in October 2025. The legislation would limit platforms' ability to collect user data and let users opt out of having their data used for targeted advertising and other purposes. Together, the bills would significantly limit social media and other platforms' ability to track their users -- but tech companies, including Amazon, Google, and Meta, have opposed similar legislation. Lawmakers say the goal is to protect children, but tech companies say the bills are a threat to free speech.

Part of the Maryland Kids Code -- the Maryland Age-Appropriate Design Code Act -- will go into effect much sooner, on October 1st. It bans platforms from using "system design features to increase, sustain, or extend the use of the online product," including autoplaying media, rewarding users for spending more time on the platform, and spamming users with notifications. Another part of the legislation prohibits certain video game, social media, and other platforms from tracking users who are younger than 18. "It's meant to rein in some of the worst practices with sensible regulation that allows companies to do what's right and what is wonderful about the internet and tech innovation, while at the same time saying, 'You can't take advantage of our kids,'" Maryland state Delegate Jared Solomon, one of the bill's sponsors, said in a press conference Wednesday.

"We are technically the second state to pass a kids code," Solomon told The New York Times. "But we are hoping to be the first state to withstand the inevitable court challenge that we know is coming."

An anonymous reader shares a report: Sonos has responded to the avalanche of feedback -- some good, plenty bad -- about the company's redesigned mobile app that was released on May 7th. In the days since, customers have complained about missing features like sleep timers, broken local music library management, and no longer having the ability to edit playlists or the upcoming song queue. More alarmingly, the Sonos app's accessibility has also taken a hit, something the company says it's aiming to resolve by next month.

In a statement provided to The Verge, Sonos confirms that it's keenly aware of the gripes that customers have expressed about the new app. It's hearing their response and is working to address the functionality that has (for now) gone missing. But the company is also standing behind its decision to roll out the app this week, basically describing it as a rough patch that will, in theory, lead to a much better experience for everyone down the line. "Redesigning the Sonos app is an ambitious undertaking that represents just how seriously we are committed to invention and re-invention," said chief product officer Maxime Bouvat-Merlin. "It takes courage to rebuild a brand's core product from the ground up, and to do so knowing it may require taking a few steps back to ultimately leap into the future."

OpenAI, the company behind ChatGPT, is exploring whether users should be allowed to create AI-generated pornography and other explicit content with its products. From a report:While the company stressed that its ban on deepfakes would continue to apply to adult material, campaigners suggested the proposal undermined its mission statement to produce "safe and beneficial" AI. OpenAI, which is also the developer of the DALL-E image generator, revealed it was considering letting developers and users "responsibly" create what it termed not-safe-for-work (NSFW) content through its products. OpenAI said this could include "erotica, extreme gore, slurs, and unsolicited profanity."

It said: "We're exploring whether we can responsibly provide the ability to generate NSFW content in age-appropriate contexts ... We look forward to better understanding user and societal expectations of model behaviour in this area." The proposal was published as part of an OpenAI document discussing how it develops its AI tools. Joanne Jang, an employee at the San Francisco-based company who worked on the document, told the US news organisation NPR that OpenAI wanted to start a discussion about whether the generation of erotic text and nude images should always be banned from its products. However, she stressed that deepfakes would not be allowed.

Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It's believe that the vulnerability "may have been possible since 2002 and may already have been discovered and used in the wild since then," reports Ars Technica. From the report: The effect of TunnelVision is "the victim's traffic is now decloaked and being routed through the attacker directly," a video demonstration explained. "The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet." The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. [...]

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It's also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that's diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn't in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.

The Rabbit R1 is one of the first standalone AI companion devices to hit the market, offering the ability to translate languages, identify objects in your environment, and order DoorDash, among other things. It's been in the news last week for its all around poor reviews that cite poor battery life, painfully slow responses, and missing features (sound familiar?). Now, it's been confirmed that the Rabbit R1 is powered by an Android app that can run on existing Android phones. Android Authority reports: What ended up souring a lot of people's opinions on the product was the revelation -- in an Android Authority original report -- that the R1 is basically an Android app in a box. Many consumers who believed that the product would be better suited as a mobile app felt validated after our report, but there was one stickler in it that we needed to address: how we got the R1 launcher up and running on an Android phone. See, in our preliminary report, we mentioned that the Rabbit R1's launcher app is intended to be preinstalled in the firmware and be granted several privileged, system-level permissions. While that statement is still true, we should've clarified that the R1 launcher doesn't actually need those permissions. In fact, none of the system-level permissions that the R1 launcher requests are at all necessary for the app to perform its core functionality.

To prove this, we got the Rabbit R1 launcher up and running again on a stock, unrooted Android device (a Xiaomi 13T Pro), thanks to help from a team of reverse engineers including ChromMob, EmilyLShepherd, marceld505, thel3l, and uwukko. We were able to go through the entire setup process as if our device was an actual Rabbit R1. Afterwards, we were able to talk to ChatGPT, use the Vision function to identify objects, play music from Spotify, and even record voice notes. As demonstrated in our hands-on video at the top of this article, all of the existing core functionality that the Rabbit R1 offers would work as an Android or even iOS app. The only functions that wouldn't work are unrelated to the product's core functionality and are things your phone can already do, such as powering off or rebooting the device, toggling Bluetooth, connecting to a cellular or Wi-Fi network, or setting a screen lock.

During our research, Android Authority was also able to obtain a copy of the Rabbit R1's firmware. Our analysis reveals that Rabbit did not make significant modifications to the BSP (Board Support Package) provided by MediaTek. The R1, in fact, still ships with all the standard apps included in AOSP, as well as the many apps provided by MediaTek. This is despite the fact that none of these apps are needed nor ever shown to the user, obviously. Rabbit only made a few changes to the AOSP build that MediaTek provided them, such as adding the aforementioned R1 launcher app, adding a fork of the open-source "AnySoftKeyboard" app with a custom theme, adding an OTA updater app, and adding a custom boot animation. [...] Yes, it's true that all the R1 launcher does is act as a local client to the cloud services offered by Rabbit, which is what truly handles the core functionality. It's also true that there's nothing wrong or unusual with companies using AOSP for their own hardware. But the fact of the matter is that Rabbit does little to justify its use of custom hardware except by making the R1 have an eye-catching design.