An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what's known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings "DO NOT SHIP" or "DO NOT TRUST." These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here. "It's a big problem," said Martin Smolar, a malware analyst specializing in rootkits who reviewed the Binarly research. "It's basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically... execute any malware or untrusted code during system boot. Of course, privileged access is required, but that's not a problem in many cases."

Binarly founder and CEO Alex Matrosov added: "Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?"

Satellite-to-phones service provider AST SpaceMobile announced a deal with Verizon to provide remote coverage across the United States. "Verizon's deal effectively includes a $100 million raise for AST, as well, in the form of $65 million in commercial service prepayments and $35 million in debt via convertible notes," reports CNBC. "The companies said that $45 million of the prepayments 'are subject to certain conditions' such as needed regulatory approvals and signing of a definitive commercial agreement." Shares of AST jumped 69% in trading to close at $9.02 a share -- the largest single day rise for the company's stock since it went public in 2021. From the report: AST SpaceMobile is building satellites to provide broadband service to unmodified smartphones, in the nascent "direct-to-device" communications market. [...] The Verizon partnership follows a similar pattern to AT&T's work with AST. Back in January, AT&T was a co-debt investor in the company alongside Google and Vodafone. The companies then established the commercial agreement earlier this month, which "lays out in much more detail how we will ultimately offer service together," AST's Chief Strategy Officer Scott Wisniewski said in a statement to CNBC. [...] AST expects to launch its first five commercial satellites later this year.

"Apple's done a fantastic job of really innovating on the Mac," Microsoft CEO Satya Nadella told the Wall Street Journal in a video interview this week.

. Then he said "We are gonna outperform them" with the upcoming Copilot+ laptops from Acer, ASUS, Dell, HP, Lenovo and Samsung that have been completely reengineered for AI — and begin shipping in less than four weeks. Satya Nadella: Qualcomm's got a new [ARM Snapdragon X] processor, which we've optimized Windows for. The battery lab, I've been using it now — I mean, it's 22 hours of continuous video playback... [Apple also uses ARM chips in its MacBooks]. We finally feel we have a very competitive product between Surface Pro and the Surface laptops. We have essentially the best specs when it comes to ARM-based silicon and performance or the NPU performance.

WSJ: Microsoft says the Surfaces are 58% faster than the MacBook Air with M3, and has 20% longer battery life.
The video includes a demonstration of local live translation powered by "small language models" stored on the device. ("It can translate live video calls or in-person conversations from 44 different languages into English. And it's fast.")

And in an accompanying article, the Journal's reporter also tested out the AI-powered image generator coming to Microsoft Paint.

As a longtime MS Paint stick-figure and box-house artist, I was delighted by this new tool. I typed in a prompt: "A Windows XP wallpaper with a mountain and sky." Then, as I started drawing, an AI image appeared in a new canvas alongside mine. When I changed a color in my sketch, it changed a color in the generated image. Microsoft says it still sends the prompt to the cloud to ensure content safety.
Privacy was also touched on. Discussing the AI-powered "Recall" search functionality, the Journal's reporter notes that users can stop it from taking screenshots of certain web sites or apps, or turn it off entirely... But they point out "There could be this reaction from some people that this is pretty creepy. Microsoft is taking screenshots of everything I do."

Nadella reminds them that "it's all being done locally, right...? That's the promise... That's one of the reasons why Recall works as a magical thing: because I can trust it, that it is on my computer."

Copilot will be powered by OpenAI's new GPT-4o, the Journal notes — before showing Satya Nadella saying "It's kind of like a new browser effectively." Satya Nadella: So, it's right there. It sees the screen, it sees the world, it hears you. And so, it's kind of like that personal agent that's always there that you want to talk to. You can interrupt it. It can interrupt you.
Nadella says though the laptop is optimized for Copilot, that's just the beginning, and "I fully expect Copilot to be everywhere" — along with its innovatively individualized "personal agent" interface. "It's gonna be ambient.... It'll go on the phone, right? I'll use it on WhatsApp. I'll use it on any other messaging platform. It'll be on speakers everywhere." Nadella says combining GPT-40 with Copilot's interface is "the type of magic that we wanna bring — first to Windows and everywhere else... The future I see is a computer that understands me versus a computer that I have to understand.

The interview ends when the reporter holds up the result — their own homegrown rendition of Windows XP's default background image "Bliss."

America's Defense Department "is rushing to expand its capacity to wage war in space," reports the New York Times, "convinced that rapid advances by China and Russia in space-based operations pose a growing threat to U.S. troops and other military assets on the ground and U.S. satellites in orbit." [T]he Defense Department is looking to acquire a new generation of ground- and space-based tools that will allow it to defend its satellite network from attack and, if necessary, to disrupt or disable enemy spacecraft in orbit, Pentagon officials have said in a series of interviews, speeches and recent statements... [T]he move to enhance warfighting capacity in space is driven mostly by China's expanding fleet of military tools in space... [U.S. officials are] moving ahead with an effort they are calling "responsible counterspace campaigning," an intentionally ambiguous term that avoids directly confirming that the United States intends to put its own weapons in space. But it also is meant to reflect this commitment by the United States to pursue its interest in space without creating massive debris fields that would result if an explosive device or missile were used to blow up an enemy satellite. That is what happened in 2007, when China used a missile to blow up a satellite in orbit. The United States, China, India and Russia all have tested such missiles. But the United States vowed in 2022 not to do any such antisatellite tests again.

The United States has also long had ground-based systems that allow it to jam radio signals, disrupting the ability of an enemy to communicate with its satellites, and is taking steps to modernize these systems. But under its new approach, the Pentagon is moving to take on an even more ambitious task: broadly suppress enemy threats in orbit in a fashion similar to what the Navy does in the oceans and the Air Force in the skies.
The article notes a recent report drafted by a former Space Force colonel cited three ways to disable enemy satellite networks: cyberattacks, ground or space-based lasers, and high-powered microwaves. "John Shaw, a recently retired Space Force lieutenant general who helped run the Space Command, agreed that directed-energy devices based on the ground or in space would probably be a part of any future system. 'It does minimize debris; it works at the speed of light,' he said. 'Those are probably going to be the tools of choice to achieve our objective." The Pentagon is separately working to launch a new generation of military satellites that can maneuver, be refueled while in space or have robotic arms that could reach out and grab — and potentially disrupt — an enemy satellite. Another early focus is on protecting missile defense satellites. The Defense Department recently started to require that a new generation of these space-based monitoring systems have built-in tools to evade or respond to possible attack. "Resiliency feature to protect against directed energy attack mechanisms" is how one recent missile defense contract described it. Last month the Pentagon also awarded contracts to two companies — Rocket Lab and True Anomaly — to launch two spacecraft by late next year, one acting as a mock enemy and the other equipped with cameras, to pull up close and observe the threat. The intercept satellite will not have any weapons, but it has a cargo hold that could carry them.
The article notes that Space Force's chief of space operations has told Senate appropriators that about $2.4 billion of the $29.4 billion in Space Force's proposed 2025 budget was set aside for "space domain awareness." And it adds that the Pentagon "is working to coordinate its so-called counterspace efforts with major allies, including Britain, Canada and Australia, through a multinational operation called Operation Olympic Defender. France has been particularly aggressive, announcing its intent to build and launch by 2030 a satellite equipped with a high-powered laser." [W]hat is clear is that a certain threshold has now been passed: Space has effectively become part of the military fighting domain, current and former Pentagon officials said. "By no means do we want to see war extend into space," Lt. Gen. DeAnna Burt, deputy chief of space operations, said at a Mitchell Institute event this year. "But if it does, we have to be prepared to fight and win."

Apple's grudging accommodation of European law -- allowing third-party browser engines on its mobile devices -- apparently comes with a restriction that makes it difficult to develop and support third-party browser engines for the region. From a report: The Register has learned from those involved in the browser trade that Apple has limited the development and testing of third-party browser engines to devices physically located in the EU. That requirement adds an additional barrier to anyone planning to develop and support a browser with an alternative engine in the EU.

It effectively geofences the development team. Browser-makers whose dev teams are located in the US will only be able to work on simulators. While some testing can be done in a simulator, there's no substitute for testing on device -- which means developers will have to work within Apple's prescribed geographical boundary. Prior to iOS 17.4, Apple required all web browsers on iOS or iPadOS to use Apple's WebKit rendering engine. Alternatives like Gecko (used by Mozilla Firefox) or Blink (used by Google and other Chromium-based browsers) were not permitted. Whatever brand of browser you thought you were using on your iPhone, under the hood it was basically Safari. Browser makers have objected to this for years, because it limits competitive differentiation and reduces the incentive for Apple owners to use non-Safari browsers.

At Google I/O on Tuesday, Google previewed a feature that will alert users to potential scams during a phone call. TechCrunch reports: The feature, which will be built into a future version of Android, uses Gemini Nano, the smallest version of Google's generative AI offering, which can be run entirely on-device. The system effectively listens for "conversation patterns commonly associated with scams" in real time. Google gives the example of someone pretending to be a "bank representative." Common scammer tactics like password requests and gift cards will also trigger the system. These are all pretty well understood to be ways of extracting your money from you, but plenty of people in the world are still vulnerable to these sorts of scams. Once set off, it will pop up a notification that the user may be falling prey to unsavory characters.

No specific release date has been set for the feature. Like many of these things, Google is previewing how much Gemini Nano will be able to do down the road sometime. We do know, however, that the feature will be opt-in.

Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It's believe that the vulnerability "may have been possible since 2002 and may already have been discovered and used in the wild since then," reports Ars Technica. From the report: The effect of TunnelVision is "the victim's traffic is now decloaked and being routed through the attacker directly," a video demonstration explained. "The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet." The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. [...]

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It's also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that's diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn't in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.

An anonymous reader quotes a report from Ars Technica: Oregon has joined the small but growing list of states that have passed right-to-repair legislation. Oregon's bill stands out for a provision that would prevent companies from requiring that official parts be unlocked with encrypted software checks before they will fully function. Bill SB 1596 passed Oregon's House by a 42 to 13 margin. Gov. Tina Kotek has five days to sign the bill into law. Consumer groups and right-to-repair advocates praised the bill as "the best bill yet," while the bill's chief sponsor, state Sen. Janeen Sollman (D), pointed to potential waste reductions and an improved second-hand market for closing a digital divide.

"Oregon improves on Right to Repair laws in California, Minnesota and New York by making sure that consumers have the choice of buying new parts, used parts, or third-party parts for the gadgets and gizmos," said Gay Gordon-Byrne, executive director of Repair.org, in a statement. Like bills passed in New York, California, and Minnesota, Oregon's bill requires companies to offer the same parts, tools, and documentation to individual and independent repair shops that are already offered to authorized repair technicians. Unlike other states' bills, however, Oregon's bill doesn't demand a set number of years after device manufacture for such repair implements to be produced. That suggests companies could effectively close their repair channels entirely rather than comply with the new requirements. California's bill mandated seven years of availability.

If signed, the law's requirements for parts, tools, and documentation would apply to devices sold after 2015, except for phones, which are covered after July 2021. The prohibition against parts pairing only covers devices sold in 2025 and later. Like other repair bills, a number of device categories are exempted, including video game consoles, HVAC and medical gear, solar systems, vehicles, and, very specifically, "Electric toothbrushes."

"Apple faces a proposed class action lawsuit alleging the company holds an illegal monopoly over digital storage for its customers," reports the Hill: The suit, filed Friday, claims "surgical" restraints prevent customers from effectively using any service except its iCloud storage system. iCloud is the only service that can host certain data from the company's phones, tablets and computers, including application data and device settings. Plaintiffs allege the practice has "unlawfully 'tied'" the devices and iCloud together... "As a result of this restraint, would-be cloud competitors are unable to offer Apple's device holders a full-service cloud-storage solution, or even a pale comparison."
The suit argues that there are "no technological or security justifications for this limitation on consumer choice," according to PC Magazine.

The class action's web site is arguing that "Consumers may have paid higher prices than they allegedly would have in a competitive market."

High-capacity DNA data storage "is closer than you think," Slashdot wrote in 2019.

Now IEEE Spectrum brings an update on where we're at — and where we're headed — by a participant in the DNA storage collaboration between Microsoft and the Molecular Information Systems Lab of the Paul G. Allen School of Computer Science and Engineering at the University of Washington. "Organizations around the world are already taking the first steps toward building a DNA drive that can both write and read DNA data," while "funding agencies in the United States, Europe, and Asia are investing in the technology stack required to field commercially relevant devices." The challenging part is learning how to get the information into, and back out of, the molecule in an economically viable way... For a DNA drive to compete with today's archival tape drives, it must be able to write about 2 gigabits per second, which at demonstrated DNA data storage densities is about 2 billion bases per second. To put that in context, I estimate that the total global market for synthetic DNA today is no more than about 10 terabases per year, which is the equivalent of about 300,000 bases per second over a year. The entire DNA synthesis industry would need to grow by approximately 4 orders of magnitude just to compete with a single tape drive. Keeping up with the total global demand for storage would require another 8 orders of magnitude of improvement by 2030. But humans have done this kind of scaling up before. Exponential growth in silicon-based technology is how we wound up producing so much data. Similar exponential growth will be fundamental in the transition to DNA storage...

Companies like DNA Script and Molecular Assemblies are commercializing automated systems that use enzymes to synthesize DNA. These techniques are replacing traditional chemical DNA synthesis for some applications in the biotechnology industry... [I]t won't be long before we can combine the two technologies into one functional device: a semiconductor chip that converts digital signals into chemical states (for example, changes in pH), and an enzymatic system that responds to those chemical states by adding specific, individual bases to build a strand of synthetic DNA. The University of Washington and Microsoft team, collaborating with the enzymatic synthesis company Ansa Biotechnologies, recently took the first step toward this device... The path is relatively clear; building a commercially relevant DNA drive is simply a matter of time and money...

At the same time, advances in DNA synthesis for DNA storage will increase access to DNA for other uses, notably in the biotechnology industry, and will thereby expand capabilities to reprogram life. Somewhere down the road, when a DNA drive achieves a throughput of 2 gigabases per second (or 120 gigabases per minute), this box could synthesize the equivalent of about 20 complete human genomes per minute. And when humans combine our improving knowledge of how to construct a genome with access to effectively free synthetic DNA, we will enter a very different world... We'll be able to design microbes to produce chemicals and drugs, as well as plants that can fend off pests or sequester minerals from the environment, such as arsenic, carbon, or gold. At 2 gigabases per second, constructing biological countermeasures against novel pathogens will take a matter of minutes. But so too will constructing the genomes of novel pathogens. Indeed, this flow of information back and forth between the digital and the biological will mean that every security concern from the world of IT will also be introduced into the world of biology...

The future will be built not from DNA as we find it, but from DNA as we will write it.
The article makes an interesting point — that biology labs around the world already order chemically-synthesized ssDNA, "delivered in lengths of up to several hundred bases," and sequence DNA molecules up to thousands of bases in length.

"In other words, we already convert digital information to and from DNA, but generally using only sequences that make sense in terms of biology."

Nvidia has throttled the performance of its GeForce RTX 4090 GPU by roughly 11%, allowing it to comply with U.S. sanctions and be sold in China. The Register reports: Dubbed the RTX 4090D, the device appeared on Nvidia's Chinese-market website Thursday and boasts performance roughly 10.94 percent lower than the model Nvidia announced in late 2022. This shows up in the form of lower core count, 14,592 CUDA cores versus 16,384 on versions sold outside of China. Nvidia also told The Register today the card's tensor core count has also been been cut down by a similar margin from 512 to 456 on the 4090D variant. Beyond this the card is largely unchanged, with peak clock speeds rated at 2.52 GHz, 24 GB of GDDR6x memory, and a fat 384-bit memory bus.

As we reported at the time, the RTX 4090 was the only consumer graphics card barred from sale in the Middle Kingdom following the October publication of the Biden Administration's most restrictive set of export controls. The problem was the card narrowly exceeded the performance limits on consumer cards with a total processing performance (TPP) of more than 4,800. That number is calculated by doubling the max number of dense tera-operations per second -- floating point or integer -- and multiplying by the bit length of the operation.

The original 4090 clocked a TPP of 5,285 performance, which meant Nvidia needed a US government-issued license to sell the popular gaming card in China. Note, consumer cards aren't subject to the performance density metric that restricts the sale of much less powerful datacenter cards like the Nvidia L4. As it happens, cutting performance by 10.94 percent is enough to bring the card under the metrics that trigger the requirement for the USA's Bureau of Industry and Security (BIS) to consider an export license. Nvidia notes that the 4090D can be overclocked by end users, effectively allowing customers to recover some performance lost by the lower core count. "In 4K gaming with ray tracing and deep-learning super sampling (DLSS), the GeForce RTX 4090D is about five percent slower than the GeForce RTX 4090 and it operates like every other GeForce GPU, which can be overclocked by end users," an Nvidia spokesperson said in an email.

Longtime Slashdot reader FudRucker quotes a report from Study Finds: Researchers from Northwestern University, Boston College, and the Massachusetts Institute of Technology (MIT) have developed a new synaptic transistor that works just like the human brain. This advanced device, capable of both processing and storing information simultaneously, marks a notable shift from traditional machine-learning tasks to performing associative learning -- similar to higher-level human cognition. This study introduces a device that operates effectively at room temperatures, a notable improvement over previous brain-like computing devices that required extremely cold conditions to keep their circuits from overheating. With its fast operation, low energy consumption, and ability to retain information without power, the new transistor is well-suited for real-world applications.

"The brain has a fundamentally different architecture than a digital computer," says study co-author Mark Hersam, the Walter P. Murphy Professor of Materials Science and Engineering at Northwestern's McCormick School of Engineering, in a university release. "In a digital computer, data move back and forth between a microprocessor and memory, which consumes a lot of energy and creates a bottleneck when attempting to perform multiple tasks at the same time. On the other hand, in the brain, memory and information processing are co-located and fully integrated, resulting in orders of magnitude higher energy efficiency. Our synaptic transistor similarly achieves concurrent memory and information processing functionality to more faithfully mimic the brain."

Hersam and his team employed a novel strategy involving moire patterns, a type of geometric design formed when two patterns are overlaid. By stacking two-dimensional materials like bilayer graphene and hexagonal boron nitride and twisting them to form a moire pattern, they could manipulate the electronic properties of the graphene layers. This manipulation allowed for the creation of a synaptic transistor with enhanced neuromorphic functionality at room temperature. The device's testing involved training it to recognize patterns and similarities, a form of associative learning. For instance, if trained to identify a pattern like "000," the transistor could distinguish that "111" is more similar to "000" than "101," demonstrating a higher level of cognitive function. This ability to process complex and imperfect inputs has significant implications for real-world AI applications, such as improving the reliability of self-driving vehicles in challenging conditions. The study has been published in the journal Nature.

Airbus has launched an innovative "detumbler" device designed to mitigate the risks posed by tumbling satellites in space. Space Daily reports: The Detumbler, a brainchild of Airbus and supported by the French Space Agency CNES under their Tech4SpaceCare initiative, was unveiled on Saturday, November 11. This magnetic damping device, weighing approximately 100 grams, is engineered to be attached to satellites nearing the end of their operational lives. Its purpose is to prevent these satellites from tumbling, a common issue in orbital flight dynamics, especially in LEO. The device features a central rotor wheel and magnets that interact with the Earth's magnetic field, effectively damping unwanted motion.

Airbus' development of the Detumbler commenced in 2021. Its operational principle is simple yet innovative. When a satellite functions normally, the rotor behaves akin to a compass, aligning with the Earth's magnetic field. However, if the satellite begins to tumble, the movement of the rotor induces eddy currents, creating a friction torque that dampens this motion. The design of the Detumbler involves a stator housing, complete with a bottom plate and top cover, along with the rotor comprising the central axle, rotor wheel, and magnets.

Tumbling satellites, particularly those in LEO, pose a significant challenge for future active debris removal missions. Dead satellites naturally tend to tumble due to orbital flight dynamics. The introduction of the Airbus Detumbler could revolutionize this scenario, making satellites easier to capture during debris-clearing missions and enhancing the overall safety and sustainability of space operations. Airbus is expected to perform an in-orbit demonstration of the Detumbler in early 2024.

At its fall hardware event Wednesday, Amazon revealed an all-new Alexa voice assistant powered by its new Alexa large language model. The Verge reports: According to Dave Limp, Amazon's current SVP of devices and services, this new Alexa can understand conversational phrases and respond appropriately, interpret context more effectively, and complete multiple requests from one command. In an interview with The Verge ahead of the event, Limp explained that the new Alexa LLM "is a true generalizable large language model that's very optimized for the Alexa use case; it's not what you find with a Bard or ChatGPT or any of these things."

However, this all-new Alexa isn't being unleashed everywhere, on everyone, all at once. The company is rolling it out slowly through a preview program "in the coming months" -- and only in the US. Clearly, there have been lessons learned from the missteps of Microsoft and Google, and Amazon is proceeding with caution. "When you connect an LLM to the real world, you want to minimize hallucinations -- and while we think we have the right systems in place ... there is no substitute for putting it out in the real world," says Limp. If you want to be notified when you can join the preview, tell your Echo device, "Alexa, let's chat," and your interest will be registered.

Unsurprisingly, this superpowered Alexa may not always be free. Limp said that while Alexa, as it is today, will remain free, "the idea of a superhuman assistant that can supercharge your smart home, and more, work complex tasks on your behalf, could provide enough utility that we will end up charging something for it down the road."

When it comes to reducing American dependence on Taiwan, the TSMC Arizona chip plant will be little more than a useless paperweight, says an analyst at one chip research firm. "The TSMC Arizona fab is effectively a paperweight in any geopolitical tension or war [with China over Taiwan] due to the fact that it still requires sending the chips back to Taiwan for packaging," said Dylan Patel, chief analyst at SemiAnalysis. 9to5Mac reports: A new report in The Information says while Apple chips may be made in the U.S., they will still need to be sent back to Taiwan before they get anywhere near an Apple device: "The Arizona factory -- which has been a focal point of the Biden plan and will cost $40 billion to build -- will do little to make the U.S. self-reliant in chips. That's because many advanced chips made in Arizona for Apple or other customers such as Nvidia, AMD and Tesla will still require assembly in Taiwan in a process known as packaging, according to interviews with multiple TSMC engineers and former Apple employees."

Given that TSMC has been struggling even to build a chip fab for older tech, there seems no prospect that it would ever attempt to set up chip packaging facilities in the U.S. "Building this type of facility is a huge expenditure of [capital], time, and effort, and it does not seem likely that TSMC will want to do this anytime soon in the desert in Arizona, particularly given all the problems the firm has encountered with construction, costs and personnel so far," said Paul Triolo, senior vice president for China at consultancy DGA-Albright Stonebridge Group.

The Justice Department sought on Wednesday to show how Google did all it could to get people to use its search engine and build itself into a $1 trillion search and advertising giant on the second day of a once-in-a-generation antitrust trial. From a report: First out of the gate, the government questioned a former Google executive, Chris Barton, about billion-dollar deals with mobile carriers and others that helped make Google the default search engine. Barton, who was at Google from 2004 to 2011, said the number of Google executives working to win default status with mobile carriers grew dramatically when he was with the company, recognizing the potential growth of handheld devices and early versions of smartphones.

Google's clout in search, the government argues, has helped Google build monopolies in some aspects of online search advertising. Since search is free, Google makes money through advertising. The government says the Alphabet unit paid $10 billion annually to wireless companies like AT&T, device makers like Apple and browser makers like Mozilla to fend off rivals and keep its search engine market share near 90%. In revenue-sharing deals with mobile carriers and Android smartphone makers, Google pressed for its search to be the default and exclusive. If Microsoft's search engine Bing was the default on an Android phone, Barton said, then users would have a "difficult time finding or changing to Google."

Barton said on his LinkedIn profile that he was responsible for leading Google's partnerships with mobile carriers like Verizon and AT&T, estimating that the deals "drive hundreds of millions in revenue." Hal Varian, Google's chief economist, told the court that scale, or the number of search queries Google received, was important, but pushed back during questioning on how important. He also acknowledged giving a speech in which he said certain search queries, for instance for a tennis racquet, were important in effectively advertising to the person who made the query and to subsequent ad revenues.

You now have a new way to connect your Windows PC to an Android device to share files: Nearby Share, an app Google released Wednesday and which will be bundled with upcoming PCs. From a report: As the name suggests, Nearby Share allows you to share files back and forth between Android devices and PCs. It's similar to Apple's AirDrop, with the key difference being that Nearby Share connects devices from two different companies, rather than iPhones and Macs. Google released the beta version of Nearby Share earlier this year.

Nearby Share connects your phone to your PC, but it can also be used for you to send files and photos to nearby Android phones that you don't use, as well as to nearby PCs. That makes it handy for simply sharing a photo at a concert, or dropping a file onto a friend's PC without hassle. You'll just need to be within about 16 feet to do so, Google says. Why use Nearby Share? Google's unspoken argument is that it's simpler to do so. There are already numerous ways to view and transfer files and photos from Android phones to PCs, from the tried-and-true sneakerware to uploading and downloading from the cloud, to more modern approaches like Microsoft's Your Phone, now called Phone Link. Device makers like Samsung also have released their own specific versions for Galaxy devices. Google, though, made its mark with Gmail and search, both functions that worked more simply and effectively than other solutions.

An anonymous reader shared this report from the Washington Post: Nearly any material can be used to turn the energy in air humidity into electricity, scientists found in a discovery that could lead to continuously producing clean energy with little pollution. The research, published in a paper in Advanced Materials, builds on 2020 work that first showed energy could be pulled from the moisture in the air using material harvested from bacteria. The new study shows nearly any material can be used, like wood or silicon, as long as it can be smashed into small particles and remade with microscopic pores...

The air-powered generator, known as an "Air-gen," would offer continuous clean electricity since it uses the energy from humidity, which is always present, rather than depending on the sun or wind... The device, the size of a fingernail and thinner than a single hair, is dotted with tiny holes known as nanopores. The holes have a diameter smaller than 100 nanometers, or less than a thousandth of the width of a strand of human hair. The tiny holes allow the water in the air to pass through in a way that would create a charge imbalance in the upper and lower parts of the device, effectively creating a battery that runs continuously. "We are opening up a wide door for harvesting clean electricity from thin air," Xiaomeng Liu, another author and a UMass engineering graduate student, said in a statement.

While one prototype only produces a small amount of energy — almost enough to power a dot of light on a big screen — because of its size, Yao said Air-gens can be stacked on top of each other, potentially with spaces of air in between. Storing the electricity is a separate issue, he added. Yao estimated that roughly 1 billion Air-gens, stacked to be roughly the size of a refrigerator, could produce a kilowatt and partly power a home in ideal conditions. The team hopes to lower both the number of devices needed and the space they take up by making the tool more efficient...

It could be embedded in wall paint in a home, made at a larger scale in unused space in a city or littered throughout an office's hard-to-get-to spaces. And because it can use nearly any material, it could extract less from the environment than other renewable forms of energy. "The entire earth is covered with a thick layer of humidity," Yao said. "It's an enormous source of clean energy. This is just the beginning in making use of that."
More information from the Boston Globe.

Thanks to long-time Slashdot reader SpzToid for sharing the article.

A writer for the Atlantic complains that their HP printer is shaking them down like a loan shark. I discovered an error message on my computer indicating that my HP OfficeJet Pro had been remotely disabled by the company. When I logged on to HP's website, I learned why: The credit card I had used to sign up for HP's Instant Ink cartridge-refill program had expired, and the company had effectively bricked my device in response....

Instant Ink is a monthly subscription program that purports to monitor one's printer usage and ink levels and automatically send new cartridges when they run low. The name is misleading, because the monthly fee is not for the ink itself but for the number of pages printed. (The recommended household plan is $5.99 a month for 100 pages). Like others, I signed up in haste during the printer-setup process, only slightly aware of what I was purchasing. Getting ink delivered when I need it sounded convenient enough to me....

The monthly fee is incurred whether you print or not, and the ink cartridges occupy some liminal ownership space. You possess them, but you are, in essence, renting both them and your machine while you're enrolled in the program.... Here was a piece of technology that I had paid more than $200 for, stocked with full ink cartridges. My printer, gently used, was sitting on my desk in perfect working order but rendered useless by Hewlett-Packard, a tech corporation with a $28 billion market cap at the time of writing, because I had failed to make a monthly payment for a service intended to deliver new printer cartridges that I did not yet need....

There are tales of woe across HP's customer-support site, in Reddit threads, and on Twitter. A pending class-action lawsuit in California alleges that the Instant Ink program has "significant catches" and does not deliver new cartridges on time or allow those enrolled to use cartridges purchased outside the subscription service, rendering the consumer frequently unable to print. Parker Truax, a spokesperson for HP, told me, "Instant Ink cartridges will continue working until the end of the current billing cycle in which [a customer cancels]. To continue printing after they discontinue their Instant Ink subscription and their billing cycle ends, they can purchase and use HP original Standard or XL cartridges."
"Nobody told me that if I canceled, then all those cartridges would stop working," complains another owner of an HP printer cited in the article. "I guess this is our future, where your printer ink spies on you."

But the article ultimately concludes that the printer's shakedown is "just one example of how digital subscriptions have permeated physical tech so thoroughly that they are blurring the lines of ownership. Even if I paid for it, can I really say that I own my printer if HP can flip a switch and make it inert?"

2-year-old MacBooks with Apple's T2 security chip are being turned into parts because recyclers have no way to login and factory reset the machines, reports Motherboard. "It's a boon for security and privacy and a plague on the second hard market." From the report: "How many of you out there would like a 2-year-old M1 MacBook? Well, too bad, because your local recycler just took out all the Activation Locked logic boards and ground them into carcinogenic dust," John Bumstead, a MacBook refurbisher and owner of the RDKL INC repair store, said in a recent tweet. First introduced in 2018, the laptop makes it impossible for anyone who isn't the original owner to log into the machine. "Like it has been for years with recyclers and millions of iPhones and iPads, it's pretty much game over with MacBooks now -- there's just nothing to do about it if a device is locked," Bumstead told Motherboard. "Even the jailbreakers/bypassers don't have a solution, and they probably won't because Apple proprietary chips are so relatively formidable." When Apple released its own silicon with the M1, it integrated the features of the T2 into those computers.

"The functionality of T2 is built into Apple silicon, so it's the same situation. But whereas T2 with activation lock is basically impossible to overcome, bypass developers are finding the m1/m2 chips with activation lock even more difficult," Bumstead said. "Many bypassers have claimed solutions to T2 macs (I have not tried or confirmed they work... I am skeptical) but they admit they have had no success with M1. Regardless, a bypassed Mac is a hacked machine, which reverts to the lock if wiped and reset, so it is not ethical to sell bypassed macs in the retail environment."

Responsible recyclers and refurbishers wipe the data from used devices before selling them on. In these cases, the data is wiped, but cannot be assigned to a new user, making them effectively worthless. Instead of finding these machines a second home, Bumstead and others are dismantling them and selling the parts. These computers often end up at recycling centers after corporations go out of business or buy all new machines. [...] Motherboard first reported on this problem in 2020, but Bumstead said it's gotten worse recently. "Now we're seeing quantity come through because companies with internal 3-year product cycles are starting to dump their 2018/2019s, and inevitably a lot of those are locked," he said. "When we come upon a locked machine that was legally acquired, we should be able to log into our Apple account, enter the serial and any given information, then click a button and submit the machine to Apple for unlocking," Bumstead said. "Then Apple could explore its records, query the original owner if it wants, but then at the end of the day if there are no red flags and the original owner does not protest within 30 days, the device should be auto-unlocked."