Companies racing to develop more powerful artificial intelligence are rapidly nearing a new problem: The internet might be too small for their plans (non-paywalled link). From a report: Ever more powerful systems developed by OpenAI, Google and others require larger oceans of information to learn from. That demand is straining the available pool of quality public data online at the same time that some data owners are blocking access to AI companies. Some executives and researchers say the industry's need for high-quality text data could outstrip supply within two years, potentially slowing AI's development.

AI companies are hunting for untapped information sources, and rethinking how they train these systems. OpenAI, the maker of ChatGPT, has discussed training its next model, GPT-5, on transcriptions of public YouTube videos, people familiar with the matter said. Companies also are experimenting with using AI-generated, or synthetic, data as training material -- an approach many researchers say could actually cause crippling malfunctions. These efforts are often secret, because executives think solutions could be a competitive advantage.

Data is among several essential AI resources in short supply. The chips needed to run what are called large-language models behind ChatGPT, Google's Gemini and other AI bots also are scarce. And industry leaders worry about a dearth of data centers and the electricity needed to power them. AI language models are built using text vacuumed up from the internet, including scientific research, news articles and Wikipedia entries. That material is broken into tokens -- words and parts of words that the models use to learn how to formulate humanlike expressions.

"As you're reading this, you're more likely than not already inside 'The Matrix'," according to a headline on the front page of CNN.com this weekend.

It linked to an opinion piece by Rizwan Virk, founder of MIT's startup incubator/accelerator program. He's now a doctoral researcher at Arizona State University, where his profile identifies him as an "entrepreneur, video game pioneer, film producer, venture capitalist, computer scientist and bestselling author." Virk's 2019 book was titled "The Simulation Hypothesis: An MIT Computer Scientist Shows Why AI, Quantum Physics and Eastern Mystics Agree We Are in a Video Game." In the decades since [The Matrix was released], this idea, now called the simulation hypothesis, has come to be taken more seriously by technologists, scientists and philosophers. The main reason for this shift is the stunning improvements in computer graphics, virtual and augmented reality (VR and AR) and AI. Taking into account three developments just this year from Apple, Neuralink and OpenAI, I can now confidently state that as you are reading this article, you are more likely than not already inside a computer simulation. This is because the closer our technology gets to being able to build a fully interactive simulation like the Matrix, the more likely it is that someone has already built such a world, and we are simply inside their video game world...

In 2003, Oxford philosopher Nick Bostrom imagined a "technologically mature" civilization could easily create a simulated world. The logic, then, is that if any civilization ever reaches this point, it would create not just one but a very large number of simulations (perhaps billions), each with billions of AI characters, simply by firing up more servers. With simulated worlds far outnumbering the "real" world, the likelihood that we are in a simulation would be significantly higher than not. It was this logic that prompted Elon Musk to state, a few years ago, that the chances that we are not in a simulation (i.e. that we are in base reality) was "one in billions." It's a theory that is difficult to prove — but difficult to disprove as well. Remember, the simulations would be so good that you wouldn't be able to tell the difference between a physical and a simulated world. Either the signals are being beamed directly into your brain, or we are simply AI characters inside the simulation...

Recent developments in Silicon Valley show that we could get to the simulation point very soon. Just this year, Apple released its Vision Pro headset — a mixed-reality (including augmented and virtual reality) device that, if you believe initial reviews (ranging from mildly positive to ecstatic), heralds the beginning of a new era of spatial computing — or the merging of digital and physical worlds... we can see a direct line to being able to render a realistic fictional world around us... Just last month, OpenAI released Sora AI, which can now generate highly realistic videos that are pretty damn difficult to distinguish from real human videos. The fact that AI can so easily fool humans visually as well as through text (and according to some, has already passed the well-known Turing Test) shows that we are not far from fully immersive worlds populated with simulated AI characters that seem (and perhaps even think they are) conscious. Already, millions of humans are chatting with AI characters, and millions of dollars are pouring into making AI characters more realistic. Some of us may be players of the game, who have forgotten that we allowed the signal to be beamed into our brain, while others, like Neo or Morpheus or Trinity in "The Matrix," may have been plugged in at birth...

The fact that we are approaching the simulation point so soon in our future means that the likelihood that we are already inside someone else's advanced simulation goes up exponentially. Like Neo, we would be unable to tell the difference between a simulated and a physical world. Perhaps the most appropriate response to that is another of Reeves' most famous lines from that now-classic sci-fi film: Woah.
The author notes that the idea of being trapped inside a video game already "had been articulated by one of the Wachowskis' heroes, science fiction author Philip K. Dick, who stated, all the way back in 1977, 'We are living in a computer programmed reality.'" A few years ago, I interviewed Dick's wife Tessa and asked her what he would have thought of "The Matrix." She said his first reaction would have been that he loved it; however, his second reaction would most likely have been to call his agent to see if he could sue the filmmakers for stealing his ideas.

A Linux Foundation subsidiary has developed a free and open-source 3D game engine distributed under the Apache license. And last week the Open 3D Foundation announced "a big step forward, showcasing the power of open-source technologies in giving gamers around the globe unforgettable gaming experiences."

"We are proud to unveil MadWorld as the first mobile title powered by O3DE," said Joe Bryant, Executive Director of the Open 3D Foundation, "demonstrating the large potential of open-source technologies in game development."

And then this week Los Angeles Business Journal reported that El Segundo-based gaming studio Carbonated Inc. "has raised $11 million of series A funding to finance the development and release of its debut game title... Prior to its most recent round, Carbonated closed an $8.5 million seed funding round in 2020, which also included participation from Andreessen and Bitkraft." Since its founding [in 2015], the company has been focusing on research and development for its upcoming first title, called "MadWorld." The third-person, multiplayer shooter game is set in a post-apocalyptic world and features both player-versus-player and player-versus-environment features. Players of the game will battle for land control in a dystopian setting. Using a combination of open-source mapping tools and Carbonated's proprietary custom operations technology, called Carbyne, the game's world is designed around real-life cities and locations. Players are initially dropped into the game's version of their own real-time location.

The game allows players to optionally engage using blockchain technology with a digital asset-ownership layer powered by a blockchain network called XPLA.
Earlier this month Madworld "opened up for Early Access registration," reports the egamers web site, arguing that the game "is set to redefine the gaming landscape and will make its public debut later this year." After a catastrophic event named "The Collapse," MadWorld takes place in a desolate Earth where players engage in a battle for survival, highlighting the game's unique setting and immersive experience. The game's world is intricately designed with 250,000 land plots mapped out on a hexagonal grid, each presenting unique resources and strategic benefits. This innovative approach to game design enhances the gameplay experience and introduces a new layer of strategy and competition.

MadWorld's gameplay is centered around integrating Web3 technologies, which allows for the ownership, enhancement, and trading of tokenized representations of real-world locations. This feature encourages players to create clans and work together or compete for essential resources that are spread across the vast game world. Clans can acquire these resources by paying tributes to NFT landowners using "Rounds," the in-game currency. This mechanism not only fosters a sense of community and teamwork but also creates unique economic opportunities within the game by blending traditional gaming elements with the emerging field of digital assets.
"With its use of O3DE, Carbonated can enhance the game's visual fidelity, performance, and scalability," according to the Linux Foundation's announcement, "in order to deliver a fast-paced adventure on mobile platforms." O3DE is an open-source game engine developed by a collaborative community of industry experts. It includes state-of-the-art rendering capabilities, dynamic lighting, and realistic physics simulation. These features have enabled Carbonated to build realistic dystopian environments and create action-packed gameplay in MadWorld.
According to its official site, MadWorld "is set to be released to the public sometime in 2024 and is currently being tested on iOS and Android operating systems."

Carbonated's CEO Travis Boatman made this prediction to the site Decrypt. "We think mobile is where the breakout will happen for Web3."

"Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI," the Register reported Thursday

"Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned." If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.

According to Bar Lanyado, security researcher at Lasso Security, one of the businesses fooled by AI into incorporating the package is Alibaba, which at the time of writing still includes a pip command to download the Python package huggingface-cli in its GraphTranslator installation instructions. There is a legit huggingface-cli, installed using pip install -U "huggingface_hub[cli]". But the huggingface-cli distributed via the Python Package Index (PyPI) and required by Alibaba's GraphTranslator — installed using pip install huggingface-cli — is fake, imagined by AI and turned real by Lanyado as an experiment.

He created huggingface-cli in December after seeing it repeatedly hallucinated by generative AI; by February this year, Alibaba was referring to it in GraphTranslator's README instructions rather than the real Hugging Face CLI tool... huggingface-cli received more than 15,000 authentic downloads in the three months it has been available... "In addition, we conducted a search on GitHub to determine whether this package was utilized within other companies' repositories," Lanyado said in the write-up for his experiment. "Our findings revealed that several large companies either use or recommend this package in their repositories...."

Lanyado also said that there was a Hugging Face-owned project that incorporated the fake huggingface-cli, but that was removed after he alerted the biz.
"With GPT-4, 24.2 percent of question responses produced hallucinated packages, of which 19.6 percent were repetitive, according to Lanyado..."

In November of 2021 America passed a "Bipartisan Infrastructure Law" which included $7.5 billion for up to 20,000 EV charging spots, or around 5,000 stations, notes the Washington Post (citing an analysis from the EV policy analyst group Atlas Public Policy).

And new stations are now already open in Hawaii, New York, Ohio and Pennsylvania, "and under construction in four other states. Twelve additional states have awarded contracts for constructing the charging stations." A White House spokesperson said America should reach its goal of 500,000 charging stations by 2026.

So why is it that right now — more than two years after the bill's passage — why does the Federal Highway System say the program has so far only delivered seven open charging stations with a total of 38 charging spots? Nick Nigro, founder of Atlas Public Policy, said that some of the delays are to be expected. "State transportation agencies are the recipients of the money," he said. "Nearly all of them had no experience deploying electric vehicle charging stations before this law was enacted." Nigro says that the process — states have to submit plans to the Biden administration for approval, solicit bids on the work, and then award funds — has taken much of the first two years since the funding was approved. "I expect it to go much faster in 2024," he added.

"We are building a national EV charging network from scratch, and we want to get it right," a spokesperson for the Federal Highway Administration said in an email. "After developing program guidance and partnering with states to guide implementation plans, we are hitting our stride as states move quickly to bring National Electric Vehicle Infrastructure stations online...."

Part of the slow rollout is that the new chargers are expected to be held to much higher standards than previous generations of fast chargers. The United States currently has close to 10,000 "fast" charging stations in the country, of which over 2,000 are Tesla Superchargers, according to the Department of Energy. Tesla Superchargers — some of which have been opened to drivers of other vehicles — are the most reliable fast-charging systems in the country. But many non-Tesla fast chargers have a reputation for poor performance and sketchy reliability. EV advocates have criticized Electrify America, the company created by Volkswagen after the company's "Dieselgate" emissions scandal, for spending hundreds of millions of dollars on chargers that don't work well. The company has said they are working to improve reliability. The data analytics company J.D. Power has estimated that only 80 percent of all charging attempts in the country are successful.

Biden administration guidance requires the new publicly funded chargers to be operational 97% of the time, provide 150kW of power at each charger, and be no more than one mile from the interstate, among many other requirements.EV policy experts say those requirements are critical to building a good nationwide charging program — but also slow down the build-out of the chargers. "This funding comes with dozens of rules and requirements," Laska said. "That is the nature of what we're trying to accomplish....

"States are just not operating with the same urgency that some of the rest of us are."
The article notes that private companies are also building charging stations — but the publicly-funded spots would increase America's car-charging capacity by around 50 percent, "a crucial step to alleviating 'range anxiety' and helping Americans shift into battery electric cars.

"States just have to build them first."

Starting next month, Meta's Ray-Ban smart glasses will support multimodal AI features to perform translation, along with object, animal, and monument identification. The Verge reports: Users can activate the glasses' smart assistant by saying "Hey Meta," and then saying a prompt or asking a question. It will then respond through the speakers built into the frames. The NYT offers a glimpse at how well Meta's AI works when taking the glasses for a spin in a grocery store, while driving, at museums, and even at the zoo.

Although Meta's AI was able to correctly identify pets and artwork, it didn't get things right 100 percent of the time. The NYT found that the glasses struggled to identify zoo animals that were far away and behind cages. It also didn't properly identify an exotic fruit, called a cherimoya, after multiple tries. As for AI translations, the NYT found that the glasses support English, Spanish, Italian, French, and German.

Steven J. Vaughan-Nichols, writing for ComputerWorld: Essentially, all software is built using open source. By Synopsys' count, 96% of all codebases contain open-source software. Lately, though, there's been a very disturbing trend. A company will make its program using open source, make millions from it, and then -- and only then -- switch licenses, leaving their contributors, customers, and partners in the lurch as they try to grab billions. I'm sick of it. The latest IT melodrama baddie is Redis. Its program, which goes by the same name, is an extremely popular in-memory database. (Unless you're a developer, chances are you've never heard of it.) One recent valuation shows Redis to be worth about $2 billion -- even without an AI play! That, anyone can understand.

What did it do? To quote Redis: "Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD)." For those of you who aren't open-source licensing experts, this means developers can no longer use Redis' code. Sure, they can look at it, but they can't export, borrow from, or touch it.

Redis pulled this same kind of trick in 2018 with some of its subsidiary code. Now it's done so with the company's crown jewels. Redis is far from the only company to make such a move. Last year, HashiCorp dumped its main program Terraform's Mozilla Public License (MPL) for the Business Source License (BSL) 1.1. Here, the name of the new license game is to prevent anyone from competing with Terraform. Would it surprise you to learn that not long after this, HashiCorp started shopping itself around for a buyer? Before this latest round of license changes, MongoDB and Elastic made similar shifts. Again, you might never have heard of these companies or their programs, but each is worth, at a minimum, hundreds of millions of dollars. And, while you might not know it, if your company uses cloud services behind the scenes, chances are you're using one or more of their programs,

An anonymous reader shares a report: According to the Ancient Greek philosopher Pythagoras, 'consonance' -- a pleasant-sounding combination of notes -- is produced by special relationships between simple numbers such as 3 and 4. More recently, scholars have tried to find psychological explanations, but these 'integer ratios' are still credited with making a chord sound beautiful, and deviation from them is thought to make music 'dissonant,' unpleasant sounding.

But researchers from the University of Cambridge, Princeton and the Max Planck Institute for Empirical Aesthetics, have now discovered two key ways in which Pythagoras was wrong. Their study, published in Nature Communications, shows that in normal listening contexts, we do not actually prefer chords to be perfectly in these mathematical ratios. "We prefer slight amounts of deviation. We like a little imperfection because this gives life to the sounds, and that is attractive to us," said co-author, Dr Peter Harrison, from Cambridge's Faculty of Music and Director of its Centre for Music and Science.

The researchers also found that the role played by these mathematical relationships disappears when you consider certain musical instruments that are less familiar to Western musicians, audiences and scholars. These instruments tend to be bells, gongs, types of xylophones and other kinds of pitched percussion instruments. In particular, they studied the 'bonang,' an instrument from the Javanese gamelan built from a collection of small gongs.

An anonymous reader quotes a report from KrebsOnSecurity: Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code. [...]

What sanely designed authentication system would send dozens of requests for a password change in the span of a few moments, when the first requests haven't even been acted on by the user? Could this be the result of a bug in Apple's systems? Kishan Bagaria is a hobbyist security researcher and engineer who founded the website texts.com (now owned by Automattic), and he's convinced Apple has a problem on its end. In August 2019, Bagaria reported to Apple a bug that allowed an exploit he dubbed "AirDoS" because it could be used to let an attacker infinitely spam all nearby iOS devices with a system-level prompt to share a file via AirDrop -- a file-sharing capability built into Apple products.

Apple fixed that bug nearly four months later in December 2019, thanking Bagaria in the associated security bulletin. Bagaria said Apple's fix was to add stricter rate limiting on AirDrop requests, and he suspects that someone has figured out a way to bypass Apple's rate limit on how many of these password reset requests can be sent in a given timeframe. "I think this could be a legit Apple rate limit bug that should be reported," Bagaria said.

Global bank messaging network SWIFT is planning a new platform in the next one to two years to connect the wave of central bank digital currencies now in development to the existing finance system, it has told Reuters. From the report: The move, which would be one of the most significant yet for the nascent CBDC ecosystem given SWIFT's key role in global banking, is likely to be fine-tuned to when the first major ones are launched. Around 90% of the world's central banks are now exploring digital versions of their currencies. Most don't want to be left behind by bitcoin and other cryptocurrencies, but are grappling with technological complexities.

SWIFT's head of innovation, Nick Kerigan, said its latest trial, which took 6 months and involved a 38-member group of central banks, commercial banks and settlement platforms, had been one of the largest global collaborations on CBDCs and "tokenised" assets to date. It focused on ensuring different countries' CBDCs can all be used together even if built on different underlying technologies, or "protocols", thereby reducing payment system fragmentation risks.

Georg Szalai reports via the Hollywood Reporter: The World Poker Tour (WPT) is betting on AI-powered dubbing tools under a partnership with Papercup, a London-based AI dubbing company, that will replace WPT's traditional localization methods in Latin America. Papercup will work with the World Poker Tour to translate 184 of the franchise's 44-minute-long episodes into Brazilian Portuguese, the companies said.

"This will amount to nearly 140 hours of content and enable viewers across South America to access WPT's latest shows and tournaments in their native language quicker than ever before," they explained. "Forced to deal with lead times of up to six months, the company experienced ongoing challenges with timely content delivery and adaptation." The Papercup deal will cut those lead times in half, the partners said. "Now the premier poker content produced by WPT will be able to reach international fans watching on OTT platforms, as well as its own FAST channel, faster than ever before," they touted. Financial terms weren't disclosed.

Papercup uses a combination of machine-learning tools and expert human translators to "deliver maximal linguistic and tonal accuracy." Its AI voices are built using data from real voice actors to ensure they "have all the warmth and expressivity of human speech," it says. "The quality of Papercup dubbing has been second to none. A big part of that is down to their AI voices and expert translators who go through every sentence to make sure the moment is truly captured in the new AI dubs," said Marc Dion, director of distribution & ad sales at WPT. "The major streaming platforms have very stringent criteria when it comes to dubbed content and if it's going to connect with our shared viewers."

The Register: Cloudflare has revealed a little about how it maintains the millions of boxes it operates around the world -- including the concept of an "error budget" that enacts "empathy embedded in automation." In a Tuesday post titled "Autonomous hardware diagnostics and recovery at scale," the internet-taming biz explains that it built fault-tolerant infrastructure that can continue operating with "little to no impact" on its services. But as explained by infrastructure engineering tech lead Jet Marsical and systems engineers Aakash Shah and Yilin Xiong, when servers did break the Data Center Operations team relied on manual processes to identify dead boxes. And those processes could take "hours for a single server alone, and [could] easily consume an engineer's entire day."

Which does not work at hyperscale. Worse, dead servers would sometimes remain powered on, costing Cloudflare money without producing anything of value. Enter Phoenix -- a tool Cloudflare created to detect broken servers and automatically initiate workflows to get them fixed. Phoenix makes a "discovery run" every thirty minutes, during which it probes up to two datacenters known to house broken boxen. That pace of discovery means Phoenix can find dead machines across Cloudflare's network in no more than three days. If it spots machines already listed for repairs, it "takes care of ensuring that the Recovery phase is executed immediately."

In a state where housing is expensive to build, to rent, or to buy — and not especially energy efficient — can a big blue robot make a difference?

The Boston Globe reports on Reframe Systems, one of the companies "trying robots to make construction more efficient" — in this case, "working alongside humans in an assembly line to build small houses in a factory." [Its cofounders] learned to get robots and humans to work together while at Amazon, which has built more than 750,000 bots in Massachusetts and deployed them to distribution centers around the world. Advising the company are Amy Villeneuve, former chief operating officer of that Amazon division, and Charly Mwangi, a veteran of the carmakers Nissan, Tesla, and Rivian...

Standing at one end of Reframe's factory, [cofounder Aaron] Small explained that the company's ambition is to build net-zero houses — houses that produce as much energy as they use — "twice as fast as traditional methods, twice as cheap, and with 10 times lower carbon" emissions. That means using large screws called helical piles to fix the house to the site, instead of a concrete foundation. (Concrete production generates large amounts of carbon dioxide.) The company buys recycled cellulose insulation to fill the walls. Solar panels go on the roof and triple-paned windows in the walls...

Reframe's "microfactory" can produce between 30 and 50 homes a year, [cofunder Vikas] Enti said. Eventually, the company aims to set up larger factories around the country, all within an hour's drive of big cities.
After a home is trucked to its final destination, "Electrical wires and plumbing are installed in both floors and walls as they're built," according to the article.

"Employees toting iPads can refer to digital construction drawings and get step-by-step instructions about tasks from cutting lumber to connecting pipes." One of the co-founders says, "We like to compare it to Lego instructions."

Long-time Slashdot reader HanzoSpam shared an announcement from the University of California San Diego.

The school's researchers teamed with materials-science company Algenesis to show "that their plant-based polymers biodegrade — even at the microplastic level — in under seven months." "We're trying to find replacements for materials that already exist, and make sure these replacements will biodegrade at the end of their useful life instead of collecting in the environment," stated Professor of Chemistry and Biochemistry Michael Burkart, one of the paper's authors and an Algenesis co-founder. "That's not easy."

"When we first created these algae-based polymers about six years ago, our intention was always that it be completely biodegradable," said another of the paper's authors, Robert Pomeroy, who is also a professor of chemistry and biochemistry and an Algenesis co-founder. "We had plenty of data to suggest that our material was disappearing in the compost, but this is the first time we've measured it at the microparticle level...."

"This material is the first plastic demonstrated to not create microplastics as we use it," said Stephen Mayfield, a paper coauthor, School of Biological Sciences professor and co-founder of Algenesis. "This is more than just a sustainable solution for the end-of-product life cycle and our crowded landfills. This is actually plastic that is not going to make us sick."

Creating an eco-friendly alternative to petroleum-based plastics is only one part of the long road to viability. The ongoing challenge is to be able to use the new material on pre-existing manufacturing equipment that was originally built for traditional plastic, and here Algenesis is making progress. They have partnered with several companies to make products that use the plant-based polymers developed at UC San Diego, including Trelleborg for use in coated fabrics and RhinoShield for use in the production of cell phone cases.

"When we started this work, we were told it was impossible," stated Burkart. "Now we see a different reality. There's a lot of work to be done, but we want to give people hope. It is possible."

Tetris creator Alexey Pajitnov and others spoke at the Game Developers Conference about Tetris Reversed, reports VentureBeat — and told the story of "a lost prototype of a Tetris game that was never published." But little did Pajitnov know that an engineer in charge of the game, Vedran Klanac, had kept a copy of it. Through the help of intermediaries, he showed it to Pajitnov and the two shared their memories of what happened to the lost game...

Pajitnov has lived in the U.S. since 1991, where he has been involved in the development of games such as Pandora's Box and worked with companies such as Microsoft and WildSnake Software... Klanac is the CEO of Ocean Media, and he is originally from Zagreb, Croatia. He was an aerospace engineer who started his career in the games industry with Croteam where he built the physics engine for Serious Sam 2.

Since 2006, he has been running Ocean Media, a game publishing company with a focus on consoles. During the last 20 years, he was involved in production as a programmer and executive producer in more than 200 projects. And it turns out he was the programmer who created the Tetris Reversed code based on instructions from Pajitnov, who had passed them on through a middleman. In 2011, programmer Vedran Klanac went to the NLGD Festival of Games in Utrecht, The Netherlands. He listened to a talk on a charitable effort from Martin de Ronde, a cofounder of game studio Guerrilla Games. Klanac said in an interview with GamesBeat that he listened to De Ronde's talk and offered to help. De Ronde came back months later saying he had an agreement with Pajitnov about creating a new prototype for a Tetris game.

De Ronde asked if Klanac if he wanted to make Tetris Reversed by Pajitnov.

"Are you kidding me?" Klanac reacted.
The idea is still to survive as long as you can, according to the article — but the entire playfield was accessible. "For the first time in public, they showed the video of the prototype in action," according to the article, which also records Pajitnov reaction. "When you see the gameplay video, and when you look at the design elements. This is Tetris for like 300 IQ people."

No word on yet on whether the game will ever be officially published.

"On December 28 2023, bugreport 12604 was filed in the curl issue tracker," writes cURL lead developer Daniel Stenberg: The title stated of the problem in this case was quite clear: flag -cacert behavior isn't consistent between macOS and Linux , and it was filed by Yuedong Wu.

The friendly reporter showed how the curl version bundled with macOS behaves differently than curl binaries built entirely from open source. Even when running the same curl version on the same macOS machine.

The curl command line option --cacert provides a way for the user to say to curl that this is the exact set of CA certificates to trust when doing the following transfer. If the TLS server cannot provide a certificate that can be verified with that set of certificates, it should fail and return error. This particular behavior and functionality in curl has been established since many years (this option was added to curl in December 2000) and of course is provided to allow users to know that it communicates with a known and trusted server. A pretty fundamental part of what TLS does really.

When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise. Therefore, when a user runs the check with a trimmed and dedicated CA cert file, it will not fail if the system CA store contains a cert that can verify the server!

This is a security problem because now suddenly certificate checks pass that should not pass.
"We don't consider this something that needs to be addressed in our platforms," Apple Product Security responded. Stenberg's blog post responds, "I disagree."

Long-time Slashdot reader lee1 shares their reaction: I started to sour on MacOS about 20 years ago when I discovered that they had, without notice, substituted their own, nonstandard version of the Readline library for the one that the rest of the Unix-like world was using. This broke gnuplot and a lot of other free software...

Apple is still breaking things, this time with serious security and privacy implications.

Jessica Lyons reports via The Register: Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University. In a paper presented at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles. "These findings highlight an urgent need to improve the security posture in ELD systems," the trio wrote [PDF].

The authors did not specify brands or models of ELDs that are vulnerable to the security flaws they highlight in the paper. But they do note there's not too much diversity of products on the market. While there are some 880 devices registered, "only a few tens of distinct ELD models" have hit the road in commercial trucks. A federal mandate requires most heavy-duty trucks to be equipped with ELDs, which track driving hours. These systems also log data on engine operation, vehicle movement and distances driven -- but they aren't required to have tested safety controls built in. And according to the researchers, they can be wirelessly manipulated by another car on the road to, for example, force a truck to pull over.

The academics pointed out three vulnerabilities in ELDs. They used bench level testing systems for the demo, as well as additional testing on a moving 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. [...] For one of the attacks, the boffins showed how anyone within wireless range could use the device's Wi-Fi and Bluetooth radios to send an arbitrary CAN message that could disrupt of some of the vehicle's systems. A second attack scenario, which also required the attacker to be within wireless range, involved connecting to the device and uploading malicious firmware to manipulate data and vehicle operations. Finally, in what the authors described as the "most concerning" scenario, they uploaded a truck-to-truck worm. The worm uses the compromised device's Wi-Fi capabilities to search for other vulnerable ELDs nearby. After finding the right ELDs, the worm uses default credentials to establish a connection, drops its malicious code on the next ELD, overwrites existing firmware, and then starts the process over again, scanning for additional devices. "Such an attack could lead to widespread disruptions in commercial fleets, with severe safety and operational implications," the researchers warned.

Microsoft today announced a preview release of Windows Notepad, with built-in spellchecking and an autocorrect feature. BleepingComputer reports: Microsoft says they are rolling out this preview to Insiders in the Windows 11 Canary and Dev channels, but it may take some time before it's available for everyone. "With this update, Notepad will now highlight misspelled words and provide suggestions so that you can easily identify and correct mistakes," reads Microsoft's announcement. "We are also introducing autocorrect which seamlessly fixes common typing mistakes as you type."

Once installed, Notepad will now show a red squiggly line under misspelled words that, when clicked, shows suggestions on the correct spelling. It's also possible to ignore words in a single text document or add them to the global dictionary so they are not shown in the future.

Microsoft says that this feature will be turned off for log and source code files. This is because it's common for non-standard words to be used in these files, triggering multiple spellcheck errors. Users can control this setting globally or for specific file types in the Notepad app's settings. The autocorrect feature is a bit more seamless, automatically making small changes to grammar and punctuation as you type.

NVIDIA has been working on adding generative AI to non-playable characters (NPCs) for a while now. The company is hoping a newly-announced partnership with Ubisoft will accelerate development of this technology and, ultimately, bring these AI-driven NPCs to modern games. From a report: Ubisoft helped build new "NEO NPCs" by using NVIDIA's Avatar Cloud Engine (ACE) technology, with an assist from dynamic NPC experts Inworld AI. The end result? Characters that don't repeat the same phrase over and over, while ignoring the surrounding violent mayhem. These NEO NPCs are said to interact in real time with players, the environment and other in-game characters. NVIDIA says this opens up "new possibilities for emergent storytelling." To that end, Ubisoft's narrative team built complete backgrounds, knowledge bases and conversational styles for two NPCs as a proof of concept.

Mozilla Location Service offered "a free, open way to offer GPS-style location detection features" for developers on devices without GPS hardware, remembers the Linux blog OMG Ubuntu. It used signals like Wi-Fi access points and Bluetooth beacons "without any of the privacy implications most competing geolocation services have."

But Friday they reported that Mozilla "has announced it is ending access to Mozilla Location Service (MLS), which provides accurate, privacy-respecting, and crowdsourced geolocation data." Developers and 3rd-party projects that use MLS to detect a users' location, such as the freedesktop.org location framework GeoClue, which is used by apps like GNOME Maps and Weather, have only a few months left to continue using the service... In late March, POST data submissions will return 403 responses. Finally, on June 12, all 3rd-party API keys will be removed and MLS data only accessible by Mozilla...

MLS' accuracy has declined in recent years. Patent infringement claims in 2019 saw Mozilla reach a settlement to avoid litigation. As part of that settlement it was forced to make changes to MLS that impacted its ability to invest in (commercially exploit?) and improve the service.
The article notes that GeoClue "already supports multiple location detection methods, including IP-based ones," so it should continue operating.

"But the sad reality is that there just aren't a lot of free, open, privacy-friendly, accurate, and (rather importantly for a framework built in to Linux desktops) reliable alternatives to Mozilla Location Services, which has built up a colossal 'signal map' from which to pinpoint locations."

"We are grateful for the contributions of the community to MLS to both the code and the dataset," a Mozilla senior engineering manager said in a statement.