An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities.

A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

The Los Angeles Times reports that the U.S.-China rivalry "has a new flashpoint in the battle for technology supremacy: electric cars."

"So far, the U.S. is losing." Last year, China became the world's foremost auto exporter, according to the China Passenger Car Assn., surpassing Japan with more than 5 million sales overseas. New energy vehicles accounted for about 25% of those exports, and more than half of those were created by Chinese brands, a shift from the traditional assembly role China has played for foreign automakers. "The big growth has happened in the last three years," said Stephen Dyer, head of the Asia automotive and industrials unit at AlixPartners, a consulting firm. "With Chinese automakers making inroads for most of the market share, that's a huge challenge for foreign automakers." China's rapid expansion domestically and abroad has added fuel to a series of clashes between the U.S. and China over trade and advanced technology, as competition intensifies between the two superpowers...

One area in which Chinese automakers handily beat Western competitors is on price, thanks to government subsidies that supported the industry's initial rise as well as cheap access to critical minerals and components such as lithium-ion batteries, which account for about a third of the overall cost of production... In March, BYD cut the price of its cheapest EV model in China to less than $10,000. According to Kelley Blue Book, the average EV retail price is $55,343 in the U.S., compared with $48,247 across all vehicles... Though 27.5% tariffs have in effect locked Chinese EVs out of the U.S. market, the fear that the cheaper models could eventually undermine American automakers has started to spread. The Alliance of American Manufacturing warned in a February report that allowing Chinese EVs into the country would be an "extinction-level event" for the U.S. auto industry. The group also cited the risks of Chinese auto companies building facilities across the border in Mexico that could circumvent tariffs....

"When the global market is flooded by artificially cheap Chinese products, the viability of American and other foreign firms is put into question," [said America's Treasury Secretary in April]. The European Union has opened an investigation into government subsidies utilized by China's EV industry and whether such support violates international trade laws.

CNBC visited a small group of bitcoin miners who "set up shop at the site of an extinct volcano" near Kenya's Hell's Gate National Park.

Their mine "consists of a single 500-kilowatt mobile container that, from the outside, looks like a small residential trailer." But what's more interesting is it's operated by a startup called Gridless. (According to its web site Gridless "designs, builds, and operates bitcoin mining sites alongside small-scale renewable energy producers in rural Africa where excess energy is not utilized...") Backed by Jack Dorsey's Block, Gridless electrifies its machines with a mix of solar power and the stranded, wasted energy from a nearby geothermal site. It's one of six mines run by the company in Kenya, Malawi and Zambia, powered by a mix of renewable inputs and working toward a broader mission of securing and decentralizing the bitcoin network... In early 2022, [the three Gridless co-founders] began brainstorming creative solutions for the divide between power generation and capacity, and the lack of access to electricity in Africa. They landed on the idea of bitcoin mining, which could potentially solve a big problem for renewable energy developers by taking their stranded power and spreading it to other parts of the continent.

In Africa, 43% of the population, or roughly 600 million people, lack access to electricity.... Africa is home to an estimated 10 terawatts of solar capacity, 350 gigawatts of hydro and another 110 gigawatts of wind. Some of this renewable energy is being harnessed already, but a lot isn't because building the specialized infrastructure to capture it is expensive. Even with 60% of the best solar resources globally, Africa only has 1% of installed solar PV capacity.

Enter bitcoin miners.

Bitcoin gets a bad rap for the amount of energy it consumes, but it can also help unlock these trapped renewable sources of power. Miners are essentially energy buyers, and co-locating with renewables creates a financial incentive to bolster production. "As often happens, you'll have an overage of power during the day or even at night, and there's nobody to soak that power up," said Hersman. He said his company's 50-kilowatt mining container can "take up whatever is extra throughout the day...." Demand from bitcoin miners on these semi-stranded assets is making renewables in Africa economically viable. The power supplier benefits from selling energy that previously had been discarded, while the energy plants will sometimes lower costs for the customer. At one of the Gridless pilot sites in Kenya, the hydro plant dropped the price of power from 35 cents per kilowatt hour to 25 cents per kWh.

The buildout of capacity is also electrifying households. Gridless says its sites have powered 1,200 houses in Zambia, 1,800 in Malawi and 5,000 in Kenya. The company's mines also have delivered power for containerized cold storage for local farmers, battery charging stations for electric motorcycles and public WiFi points.

"The San Francisco Giants are one of four teams in Major League Baseball this season offering fans a free shortcut through the gates into the ballpark," writes SFGate.

"The cost? Signing up for the league's 'facial authentication' software through its ticketing app." The Giants are using MLB's new Go-Ahead Entry program, which intends to cut down on wait times for fans entering games. The pitch is simple: Take a selfie through the MLB Ballpark app (which already has your tickets on it), upload the selfie and, once you're approved, breeze through the ticketing lines and into the ballpark. Fans will barely have to slow down at the entrance gate on their way to their seats...

The Philadelphia Phillies were MLB's test team for the technology in 2023. They're joined by the Giants, Nationals and Astros in 2024...

[Major League Baseball] says it won't be saving or storing pictures of faces in a database — and it clearly would really like you to not call this technology facial recognition. "This is not the type of facial recognition that's scanning a crowd and specifically looking for certain kinds of people," Karri Zaremba, a senior vice president at MLB, told ESPN. "It's facial authentication. ... That's the only way in which it's being utilized."
Privacy advocates "have pointed out that the creep of facial recognition technology may be something to be wary of," the article acknowledges. But it adds that using the technology is still completely optional.

And they also spoke to the San Francisco Giants' senior vice president of ticket sales, who gushed about the possibility of app users "walking into the ballpark without taking your phone out, or all four of us taking our phones out."

"Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI," the Register reported Thursday

"Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned." If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.

According to Bar Lanyado, security researcher at Lasso Security, one of the businesses fooled by AI into incorporating the package is Alibaba, which at the time of writing still includes a pip command to download the Python package huggingface-cli in its GraphTranslator installation instructions. There is a legit huggingface-cli, installed using pip install -U "huggingface_hub[cli]". But the huggingface-cli distributed via the Python Package Index (PyPI) and required by Alibaba's GraphTranslator — installed using pip install huggingface-cli — is fake, imagined by AI and turned real by Lanyado as an experiment.

He created huggingface-cli in December after seeing it repeatedly hallucinated by generative AI; by February this year, Alibaba was referring to it in GraphTranslator's README instructions rather than the real Hugging Face CLI tool... huggingface-cli received more than 15,000 authentic downloads in the three months it has been available... "In addition, we conducted a search on GitHub to determine whether this package was utilized within other companies' repositories," Lanyado said in the write-up for his experiment. "Our findings revealed that several large companies either use or recommend this package in their repositories...."

Lanyado also said that there was a Hugging Face-owned project that incorporated the fake huggingface-cli, but that was removed after he alerted the biz.
"With GPT-4, 24.2 percent of question responses produced hallucinated packages, of which 19.6 percent were repetitive, according to Lanyado..."

Thanks to long-time Slashdot reader schneidafunk for sharing the article.

Two investment advisors have reached settlements with the US Securities and Exchange Commission for allegedly exaggerating their use of AI, which in both cases were purported to be cornerstones of their offerings. From a report: Canada-based Delphia and San Francisco-headquartered Global Predictions will cough up $225,000 and $175,000 respectively for telling clients that their products used AI to improve forecasts. The financial watchdog said both were engaging in "AI washing," a term used to describe the embellishment of machine-learning capabilities.

"We've seen time and again that when new technologies come along, they can create buzz from investors as well as false claims by those purporting to use those new technologies," said SEC chairman Gary Gensler. "Delphia and Global Predictions marketed to their clients and prospective clients that they were using AI in certain ways when, in fact, they were not." Delphia claimed its system utilized AI and machine learning to incorporate client data, a statement the SEC said it found to be false.

"Delphia represented that it used artificial intelligence and machine learning to analyze its retail clients' spending and social media data to inform its investment advice when, in fact, no such data was being used in its investment process," the SEC said in a settlement order. Despite being warned about suspected misleading practices in 2021 and agreeing to amend them, Delphia only partially complied, according to the SEC. The company continued to market itself as using client data as AI inputs but never did anything of the sort, the regulator said.

"NASA said Friday it is shutting down a $2 billion satellite refueling project," reports UPI, "after criticizing the project's contractor for poor performance." The agency in a statement said it will discontinue the On-orbit Servicing, Assembly and Manufacturing 1 project after nearly a decade of work due to "continued technical, cost, and schedule challenges, and a broader community evolution away from refueling unprepared spacecraft, which has led to a lack of a committed partner." [...] The spacecraft would have utilized an attached Space Infrastructure Dexterous Robot (SPIDER) to refuel the Landsat, assemble a communications antenna and demonstrate in-space manufacture of a 32-foot carbon fiber composite beam to verify the capability of constructing large spacecraft structures in orbit... An audit from NASA's Inspector General, however, found OSAM-1 was on track to exceed the projected $2.05 billion budget and would not make its December 2026 launch date, laying the blame on the "poor performance of Maxar."

"NASA and Maxar officials acknowledged that Maxar underestimated the scope and complexity of the work, lacked full understanding of NASA technical requirements, and were deficient in necessary expertise," the report read.

The report also noted Maxar was "no longer profiting from their work on OSAM-1," after which the xproject appeared not "to be a high priority for Maxar in terms of the quality of its staffing."
Thanks to long-time Slashdot reader schwit1 for sharing the news.

necro81 writes: ULA's Vulcan rocket, many years in development, had a successful first launch this morning from Cape Canaveral. The expendable rocket, which uses two methane-fueled BE-4 engines from Blue Origin in its first stage, is the successor to the Delta and Atlas-V launch vehicles.

Years overdue, and with a packed manifest for future launches, Vulcan is critical to the ULA's continued existence. The payload on this first mission is called Peregrine -- a lunar lander from Astrobotic. Unfortunately, Peregrine has suffered an anomaly some hours into flight; it is unclear whether the mission can recover. UPDATE: According to Reuters, Peregrine's propulsion system experienced issues hours after separating from Vulcan, "preventing the spacecraft from angling itself toward the sun for power."

"While mission engineers regained control, the faulty propulsion system is losing valuable propellant, forcing Astrobotic to consider 'alternative mission profiles,' suggesting a moon landing is no longer achievable," reports Reuters.

In the most recent update (#5) on X, Astrobotic said in a statement: "We've received the first image from Peregrine in space! The camera utilized is mounted atop a payload deck and shows Multi-Layer Insulation (MLI) in the foreground. The disturbance of the MLI is the first visual clue that aligns with out telemetry data that points to a propulsion system anomaly. Nonetheless, the spacecraft's battery is now fully charged, and we are using Peregrine's existing power to perform as many payload and spacecraft operations as possible. At this time, the majority of our Peregrine mission team has been awake and working diligently for more than 24 hours. We ask for your patience as we reassess incoming data so we can provide ongoing updates later this evening."

SysAid's system management software has "a vulnerability actively being exploited to deploy Clop ransomware," according to SiliconAngle: The warning came from Microsoft Corp.'s Threat Intelligence team, which wrote on X that it had discovered the exploitation of a zero-day vulnerability in SysAid's IT support software that's being exploited by the Lace Tempest ransomware gang.

Lace Tempest first emerged earlier this year from its attacks involving the MOVEit Transfer and GoAnywhere MFT. This group has been characterized by its sophisticated attack methods, often exploiting zero-day vulnerabilities to infiltrate organizations' systems to deploy ransomware and exfiltrate sensitive data...

In a blog post, SysAid said that the vulnerability, tracked as CVE-2023-47246, was first discovered on Novembers 2 and is a path traversal vulnerability leading to code execution within the SysAid on-prem software... "Given the scale and impact of the MOVEit breach, which was considered one of the largest in recent history, the potential for the SysAid vulnerability to reach similar levels of disruption is not inconceivable, though several factors would influence this outcome," Craig Jones, vice president of security operations at managed detection and response provider Ontinue Inc., told SiliconANGLE. "The MOVEit breach, exploited by the Clop ransomware group, impacted over 1,000 organizations and more than 60 million individuals," Jones explained. "Comparatively, SysAid claims more than 5,000 customers across various industries globally. The potential damage from the SysAid vulnerability would depend on factors such as how widespread the exploitation is, how quickly the patch is applied and the sensitivity of the accessed data."
SysAid's blog post confirms the zero-day vulnerability, and says they've begun "proactively communicating with our on-premise customers to ensure they could implement a mitigation solution we had identified..."

"We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conduct a comprehensive compromise assessment of your network..." The attacker uploaded a WAR archive containing a WebShell and other payloads into the webroot of the SysAid Tomcat web service [which] provided the attacker with unauthorized access and control over the affected system.Subsequently, the attacker utilized a PowerShell script, deployed through the WebShell, to execute a malware loader named user.exe on the compromised host, which was used to load the GraceWire trojan...

After this initial access and the deployment of the malware, the attacker utilized a second PowerShell script to erase evidence associated with the attacker's actions from the disk and the SysAid on-prem server web logs... Given the severity of the threat posed, we strongly recommend taking immediate steps according to your incident response playbook and install any patches as they become available.

Mark Tyson writes via Tom's Hardware: A future version of [Deep Learning Super Sampling (DLSS) technology] is likely to include full neural rendering, hinted Bryan Catanzaro, a Nvidia VP of Applied Deep Learning Research. In a round table discussion organized by Digital Foundry (video), various video game industry experts talked about the future of AI in the business. During the discussion, Nvidia's Catanzaro raised a few eyebrows with his openness to predict some key features of a hypothetical "DLSS 10." [...]

We've seen significant developments in Nvidia's DLSS technology over the years. First launched with the RTX 20-series GPUs, many wondered about the true value of technologies like the Tensor cores being included in gaming GPUs. The first ray tracing games, and the first version of DLSS, were of questionable merit. However, DLSS 2.X improved the tech and made it more useful, leading to it being more widely utilized -- and copied, first via FSR2 and later with XeSS. DLSS 3 debuted with the RTX 40-series graphics cards, adding Frame Generation technology. With 4x upscaling and frame generation, neural rendering potentially allows a game to only fully render 1/8 (12.5%) of the pixels. Most recently, DLSS 3.5 offered improved denoising algorithms for ray tracing games with the introduction of Ray Reconstruction technology.

The above timeline raises questions about where Nvidia might go next with future versions of DLSS. And of course, "Deep Learning Super Sampling" no longer really applies, as the last two additions have targeted other aspects of rendering. Digital Foundry asked that question to the group: "Where do you see DLSS in the future? What other problem areas could machine learning tackle in a good way?" Bryan Catanzaro immediately brought up the topic of full neural rendering. This idea isn't quite as far out as it may seem. Catanzaro reminded the panel that, at the NeurIPS conference in 2018, Nvidia researchers showed an open-world demo of a world being rendered in real-time using a neural network. During that demo the UE4 game engine provided data about what objects were in a scene, where they were, and so on, and the neural rendering provided all the on-screen graphics. "DLSS 10 (in the far far future) is going to be a completely neural rendering system," Catanzaro added. The result will be "more immersive and more beautiful" games than most can imagine today.

The Mozilla Foundation has started a petition to stop the French government from forcing browsers like Mozilla's Firefox to censor websites. "It would set a dangerous precedent, providing a playbook for other governments to also turn browsers like Firefox into censorship tools," says the organization. "The government introduced the bill to parliament shortly before the summer break and is hoping to pass this as quickly and smoothly as possible; the bill has even been put on an accelerated procedure, with a vote to take place this fall." You can add your name to their petition here.

The bill in question is France's SREN Bill, which sets a precarious standard for digital freedoms by empowering the government to compile a list of websites to be blocked at the browser level. The Mozilla Foundation warns that this approach "is uncharted territory" and could give oppressive regimes an operational model that could undermine the effectiveness of censorship circumvention tools.

"Rather than mandate browser based blocking, we think the legislation should focus on improving the existing mechanisms already utilized by browsers -- services such as Safe Browsing and Smart Screen," says Mozilla. "The law should instead focus on establishing clear yet reasonable timelines under which major phishing protection systems should handle legitimate website inclusion requests from authorized government agencies. All such requests for inclusion should be based on a robust set of public criteria limited to phishing/scam websites, subject to independent review from experts, and contain judicial appellate mechanisms in case an inclusion request is rejected by a provider."

Loading screen maps and movement physics are just some of the elements from The Legend of Zelda: Tears of the Kingdom that Nintendo is trying to patent. Kotaku reports: Automaton, a gaming website that focuses on Japanese games like Zelda, has a roundup of the 32 patents Nintendo put forth. Some of them are specific to Link's latest adventure, including things like Riju's lightning ability, which lets the player target enemies with a bow and bring down a lighting strike wherever the arrow lands. The weirder ones are related to baseline game design and coding that applies to plenty of other video games on the market. One of the hopeful patents relates to the physics of a character riding on top of a moving vehicle and reacting dynamically to it in a realistic manner.

The distinction, according to Automaton's translation of Japanese site Hatena Blog user nayoa2k's post on the matter, is down to how Tears of the Kingdom codes these interactions. Link and the objects he rides on move together at the same speed, rather than Link being technically stationary on top of a moving object as is common in the physics of other games. The two are functionally the same, but given that plenty of video games displayed characters who can walk around on top of moving vehicles, it's highly unlikely this kind of approach hasn't been utilized before.

On top of trying to patent the tech, Nintendo seeks to patent the loading screen that shows up when the player is fast-traveling across Hyrule. This specifically refers to the screen that shows the map transition from the player's starting point to their destination. Sure, that's pretty specific and not something every game utilizes, but it's still such a general concept that it feels almost petty to patent it when it's hardly an iconic draw of Tears of the Kingdom.

US Representative Don Bacon said he is among those whose emails were hacked in an espionage campaign that Microsoft has attributed to China. From a report:Bacon, a Republican from Nebraska and a strong advocate for US military support to Taiwan, posted on social media that the FBI had notified him that the Chinese Communist Party hacked into his personal and campaign emails over the course of a month, from May 15 to June 16. "The CCP hackers utilized a vulnerability in the Microsoft software, and this was not due to 'user error,'" he wrote on X, the social media platform formerly known as Twitter.

Bacon, a member of the House Armed Services Committee, received an email from Microsoft indicating he may have been hacked and advising him to change his password on June 16, according to Maggie Sayers, Bacon's press secretary. She said that following subsequent notification from the FBI that he had been hacked, Bacon determined emails relating to political strategy, fundraising and personal banking information may have been breached. As a former US Air Force intelligence officer, he is careful to avoid writing sensitive emails relating to China and Taiwan, she said.

PowerPoint dominates presentations, utilized everywhere from sermons to weddings. In 2010, Microsoft revealed it was on over a billion computers. Before PowerPoint, 35-millimeter film slides reigned for impactful CEO presentations. These "multi-image" shows needed producers, photographers, and a production team to execute. MIT Technology Review has a rundown of the corporate presentation history.

A collection of over 2,200 new old stock computers from the 1980s, manufactured by a company called NABU and featuring a groundbreaking pre-internet network, are being liberated from a barn in Massachusetts. "In a way, this is two stories: The first, of a breakthrough network from Canada, a consumer-friendly 1983 version of the internet decades ahead of its time," writes Ernie Smith via Motherboard. "The other story, of the man who got a hold of these machines, held onto them for 33 years, and mysteriously allowed them to flood the used market one day. One day, thanks to a confluence of the right people noticing the right eBay listings, these two stories merged and created a third story -- the tale of a computer network, brought back to life." An anonymous Slashdot reader shares an excerpt from the report: For more than two decades, the biggest retro computing story in recent memory sat like a sleeper cell in a Massachusetts barn. The barn was in danger of collapse. It could no longer protect the fleet of identical devices hiding inside. A story like this doesn't need the flash of a keynote or a high-profile marketing campaign. It really just needs someone to notice. And the reason anyone did notice was because this barn could no longer support the roughly 2,200 machines that hid on its second floor. These computers, with a weight equivalent to roughly 11 full-size vehicles, were basically new, other than the fact that they had sat unopened and unused for nearly four decades, roughly half that time inside this barn. Every box was "new old stock," essentially a manufactured time capsule, waiting to be found by somebody.

These machines, featuring the label of a forgotten brand built around an idea that was tragically too early to succeed, could have disappeared, anonymously, into the junkyard of history, as so many others like them have. Instead, they ended up on eBay, at a bargain-basement price of $59.99 each. And when the modern retro computing community turned them on, what they found was something worth bringing back to life. It took a while for anyone to notice these stylish metal-and-plastic machines from 1983. First, information spread like whispers in the community of tech forums, Discord servers, and Patreon channels where retro tech collectors hid. But then, a well-known tech YouTuber, Adrian Black, did a video about them, and these eBay machines, slapped with the logo of a company called NABU, were anonymous no more. [...]

Black was impressed. These devices, which utilized the landmark Z80 processor -- a chip common in embedded systems, arcade machines like Pac-Man, and home consoles like the Colecovision -- had an architecture very similar to the widely used MSX platform, making them a great choice for device hackers. (Well, minus the fact that they didn't have floppy drives.) Plus, they were essentially new. "It's new old stock, but it is tested," he says at the beginning of the clip. "I think the seller actually peeled the original tape off, tested it, and then taped it back up again." Essentially, this was the retro-computing version of a unicorn: An extremely obscure platform, being sold at a scale wide enough that basically anyone who wanted one could have it. And on top of all that, NABU -- an acronym standing for Natural Access to Bi-directional Utilities -- was essentially the 1983 version of AOL, except built around proprietary hardware. The flood of interest was so significant that it knocked the seller's eBay account offline for months while the company verified that the units were actually his. (They were.)

For people who love tinkering with devices, there was a lot to work with here, especially in 2023. There was a real chance that this relic of the past could live again, with its network available to anyone who took a chance on buying one of these devices. "The kind of hardware and software hacking that people are doing with those wouldn't have been possible 10 or even 5 years ago," says Sean Malseed, host of the popular YouTube channel Action Retro and one of the many people who bought a NABU from the mysterious eBay listing. "These machines were once considered basically e-waste, but instead they're seeing a very unlikely renaissance." So where did this computer come from? Why did this seller have so many? And why didn't you know about the NABU until now? [...]

European Union officials have voted in favor of stricter regulations on artificial intelligence, including a ban on AI use in biometric surveillance and a requirement for AI systems like OpenAI's ChatGPT to disclose when content is generated by AI. Ars Technica reports: On Wednesday, European Union officials voted to implement stricter proposed regulations concerning AI, according to Reuters. The updated draft of the "AI Act" law includes a ban on the use of AI in biometric surveillance and requires systems like OpenAI's ChatGPT to reveal when content has been generated by AI. While the draft is still non-binding, it gives a strong indication of how EU regulators are thinking about AI. The new changes to the European Commission's proposed law -- which have not yet been finalized -- intend to shield EU citizens from potential threats linked to machine learning technology.

The new draft of the AI Act includes a provision that would ban companies from scraping biometric data (such as user photos) from social media for facial recognition training purposes. News of firms like Clearview AI using this practice to create facial recognition systems drew severe criticism from privacy advocates in 2020. However, Reuters reports that this rule might be a source of contention with some EU countries who oppose a blanket ban on AI in biometric surveillance. The new EU draft also imposes disclosure and transparency measures on generative AI. Image synthesis services like Midjourney would be required to disclose AI-generated content to help people identify synthesized images. The bill would also require that generative AI companies provide summaries of copyrighted material scraped and utilized in the training of each system. While the publishing industry backs this proposal, according to The New York Times, tech developers argue against its technical feasibility.

Additionally, creators of generative AI systems would be required to implement safeguards to prevent the generation of illegal content, and companies working on "high-risk applications" must assess their potential impact on fundamental rights and the environment. The current draft of the EU law designates AI systems that could influence voters and elections as "high-risk." It also classifies systems used by social media platforms with over 45 million users under the same category, thus encompassing platforms like Meta and Twitter. [...] Experts say that after considerable debate over the new rules among EU member nations, a final version of the AI Act isn't expected until later this year.

An anonymous reader quotes a report from Ars Technica: A lawyer is in trouble after admitting he used ChatGPT to help write court filings that cited six nonexistent cases invented by the artificial intelligence tool. Lawyer Steven Schwartz of the firm Levidow, Levidow, & Oberman "greatly regrets having utilized generative artificial intelligence to supplement the legal research performed herein and will never do so in the future without absolute verification of its authenticity," Schwartz wrote in an affidavit (PDF) on May 24 regarding the bogus citations previously submitted in US District Court for the Southern District of New York.

Schwartz wrote that "the use of generative artificial intelligence has evolved within law rms" and that he "consulted the artificial intelligence website ChatGPT in order to supplement the legal research performed." The "citations and opinions in question were provided by ChatGPT which also provided its legal source and assured the reliability of its content," he wrote. Schwartz admitted that he "relied on the legal opinions provided to him by a source that has revealed itself to be unreliable," and stated that it is his fault for not confirming the sources provided by ChatGPT. Schwartz didn't previously consider the possibility that an artificial intelligence tool like ChatGPT could provide false information, even though AI chatbot mistakes have been extensively reported by non-artificial intelligence such as the human journalists employed by reputable news organizations. The lawyer's affidavit said he had "never utilized ChatGPT as a source for conducting legal research prior to this occurrence and therefore was unaware of the possibility that its content could be false."

Federal Judge Kevin Castel is considering punishments for Schwartz and his associates. In an order on Friday, Castel scheduled a June 8 hearing at which Schwartz, fellow attorney Peter LoDuca, and the law firm must show cause for why they should not be sanctioned. "The Court is presented with an unprecedented circumstance," Castel wrote in a previous order on May 4. "A submission filed by plaintiff's counsel in opposition to a motion to dismiss is replete with citations to non-existent cases... Six of the submitted cases appear to be bogus judicial decisions with bogus quotes and bogus internal citations." [...] In the order issued on Friday last week, Castel said that Schwartz may be sanctioned for "the citation of non-existent cases to the Court," "the submission to the Court of copies of non-existent judicial opinions," and "the use of a false and fraudulent notarization." Schwartz may also be referred to an attorney grievance committee for additional punishment. Castel wrote that LoDuca may be sanctioned "for the use of a false and fraudulent notarization in his affidavit filed on April 25, 2023." The law firm could be sanctioned for "the citation of non-existent cases to the Court," "the submission to the Court of copies of non-existent judicial opinions annexed to the Affidavit filed on April 25, 2023," and "the use of a false and fraudulent notarization in the affidavit filed on April 25, 2023."

The judge's opinion noted the plaintiff's counsel had submitted a motion to dismiss "replete with citations to non-existent cases... Six of the submitted cases appear to be bogus judicial decisions with bogus quotes and bogus internal citations... The bogus 'Varghese' decision contains internal citations and quotes, which, in turn, are non-existent."

Eugene Volokh's legal blog describes what happened next: Thursday, plaintiff's counsel filed an affidavit in response, explaining that he was relying on the work of another lawyer at his firm, and the other lawyer (who had 30 years of practice experience) also filed an affidavit, explaining that he was relying on ChatGPT... ("The citations and opinions in question were provided by Chat GPT which also provided its legal source and assured the reliability of its content...")
Their affidavit said ChatGPT had "revealed itself to be unreliable," while adding that they had "never utilized ChatGPT as a source for conducting legal research prior to this occurrence and therefore were unaware of the possibility that its content could be false." The affidavit adds that the lawyer "greatly regrets having utilized generative artificial intelligence to supplement the legal research performed herein and will never do so in the future without absolute verification of its authenticity."

To support their position, their affidavit ends with this appendix — a ChatGPT transcript: [Q:] ls varghese a real case

[A:] Yes, Varghese v., China Southern Airlines Co Ltd, 925 F.3d 1339 (11th Cir. 2019) is a real case.

[Q:] What is your source

[A:] I apologize for the confusion earlier. Upon double-checking, I found that the case Varghese v. China Southern Airlines Co. Ltd., 925 F.3d 1339 (11th Cir. 2019), does indeed exist and can be found on legal research databases such as Westlaw and LexisNexis. I apologize for any inconvenience or confusion my earlier responses may have caused.

[Q:] Are the other cases you provided fake

[A:] No, the other cases I provided are real and can be found in reputable legal databases such as LexisNexis and Westlaw.
"Judge Castel appeared to be unimpressed, and yesterday issued an order ordering the law firm and the second lawyer to show cause why they shouldn't be sanctioned."

Thanks to long-time Slashdot reader davide marney for submitting the story.

The PyPI blog: In March and April 2023, the Python Software Foundation (PSF) received three (3) subpoenas for PyPI user data. All three subpoenas were issued by the United States Department of Justice. The PSF was not provided with context on the legal circumstances surrounding these subpoenas. In total, user data related to five (5) PyPI usernames were requested. The data request was:

"Names (including subscriber names, user names, and screen names);"
"Addresses (including mailing, residential addresses, business addresses, and email addresses);"
"Connection records;"
"Records of session times and durations, and the temporarily assigned network address (such as Internet Protocol addresses) associated with those sessions;"
"Length of service (including start date) and type of services utilized;"
"Telephone or instrument numbers (including the registration Internet Protocol address);"
"Means and source of payment of any such services (including any credit card or bank account number) and billing records;"
"Records of all Python Package Index (PyPI) packages uploaded by..." given usernames
"IP download logs of any Python Package Index (PyPI) packages uploaded by..." given usernames

The privacy of PyPI users is of utmost concern to PSF and the PyPI Administrators, and we are committed to protecting user data from disclosure whenever possible. In this case, however, PSF determined with the advice of counsel that our only course of action was to provide the requested data. I, as Director of Infrastructure of the Python Software Foundation, fulfilled the requests in consultation with PSF's counsel.

We have waited for the string of subpoenas to subside, though we were committed from the beginning to write and publish this post as a matter of transparency, and as allowed by the lack of a non-disclosure order associated with the subpoenas received in March and April 2023.

An anonymous reader quotes a report from TorrentFreak: MicroG is a free-as-in-freedom alternative to proprietary Google services, including the Play Store. Vanced, a popular app that provided an ad-free YouTube experience, relied on microG to operate, something also true for successor ReVanced. In a scheme to damage microG and Vanced-style apps, imposters masquerading as microG have targeted almost two dozen sites with DMCA notices.

On March 30, 2023, someone claiming to be 'MicroG' sent a DMCA complaint to Google. "The following websites use our content, which is a significant loss for our company," it begins, listing the allegedly infringing URLs below. In the majority of cases, the URLs relate to microG's software when utilized in Vanced-related projects, with one notable exception seen at line 8 where the takedown notice targets microG's official website. [...]

At the time of writing, Google has delisted 13% of the URLs in the complaint with 87% currently marked as pending. Other recent complaints, broadly along similar lines (but also completely bogus) were previously rejected in full. Others, including this one sent by 'copyright owner' YouTube Vanced, whoever that is, listed the official YouTube app on Google Play as the original content infringed, before attempting to take down links related to microG and/or Vanced-type software.