BleepingComputer reports on "a new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols."

According to their article, the attack "can pair network services into an indefinite communication loop that creates large volumes of traffic." Devised by researchers at the CISPA Helmholtz-Center for Information Security, the attack uses the User Datagram Protocol (UDP) and impacts an estimated 300,000 host and their networks. The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification. An attacker exploiting the vulnerability creates a self-perpetuating mechanism that generates excessive traffic without limits and without a way to stop it, leading to a denial-of-service (DoS) condition on the target system or even an entire network. Loop DoS relies on IP spoofing and can be triggered from a single host that sends one message to start the communication.

According to the Carnegie Mellon CERT Coordination Center (CERT/CC) there are three potential outcomes when an attacker leverages the vulnerability:

— Overloading of a vulnerable service and causing it to become unstable or unusable.
— DoS attack on the network backbone, causing network outages to other services.
— Amplification attacks that involve network loops causing amplified DOS or DDOS attacks.

CISPA researchers Yepeng Pan and Professor Dr. Christian Rossow say the potential impact is notable, spanning both outdated (QOTD, Chargen, Echo) and modern protocols (DNS, NTP, TFTP) that are crucial for basic internet-based functions like time synchronization, domain name resolution, and file transfer without authentication... The researchers warned that the attack is easy to exploit, noting that there is no evidence indicating active exploitation at this time. Rossow and Pan shared their findings with affected vendors and notified CERT/CC for coordinated disclosure. So far, vendors who confirmed their implementations are affected by CVE-2024-2169 are Broadcom, Cisco, Honeywell, Microsoft, and MikroTik.

To avoid the risk of denial of service via Loop DoS, CERT/CC recommends installing the latest patches from vendors that address the vulnerability and replace products that no longer receive security updates. Using firewall rules and access-control lists for UDP applications, turning off unnecessary UDP services, and implementing TCP or request validation are also measures that can mitigate the risk of an attack. Furthermore, the organization recommends deploying anti-spoofing solutions like BCP38 and Unicast Reverse Path Forwarding (uRPF), and using Quality-of-Service (QoS) measures to limit network traffic and protect against abuse from network loops and DoS amplifications.
Thanks to long-time Slashdot reader schneidafunk for sharing the article.

After securing billions in federal grants and loans, Reuters reports that the company is "planning a $100-billion spending spree across four U.S. states" to build and expand its chip manufacturing factories. From the report: The centerpiece of Intel's five-year spending plan is turning empty fields near Columbus, Ohio, into what CEO Pat Gelsinger described to reporters on Tuesday as "the largest AI chip manufacturing site in the world," starting as soon as 2027. Intel's plan will also involve revamping sites in New Mexico and Oregon and expanding operations in Arizona, where longtime rival Taiwan Semiconductor Manufacturing Co is also building a massive factory that it hopes will receive funding from President Joe Biden's push to bring advanced semiconductor manufacturing back to the United States. [...]

Gelsinger said about 30% of the $100-billion plan will be spent on construction costs such as labor, piping and concrete. The remaining will go towards buying chipmaking tools from firms such as ASML, Tokyo Electron, Applied Materials and KLA, among others. Those tools will help bring the Ohio site online by 2027 or 2028, though Gelsinger warned the timeline could slip if the chip market takes a dive. Beyond grants and loans, Intel plans to make most of the purchases from its existing cash flows.

"It will still take three to five years for Intel to become a serious player in the foundry market" for cutting-edge chips, said Kinngai Chan, an analyst at Summit Insights. However, he warned more investment would be needed before Intel could overtake TSMC, adding that the Taiwanese firm could remain the leader for "some time to come." Gelsinger has previously said a second round of U.S. funding for chip factories would likely be needed to re-establish the U.S. as a leader in semiconductor manufacturing, which he reiterated on Tuesday. "It took us three-plus decades to lose this industry. It's not going to come back in three to five years of CHIPS Act" funding, said Gelsinger, who referred to the low-interest-rate funding as "smart capital."

The White House said Wednesday Intel has been awarded up to $8.5 billion in CHIPS Act funding, as the Biden administration ramps up its effort to bring semiconductor manufacturing to U.S. soil. From a report: Intel could receive an additional $11 billion in loans from the CHIPS and Science Act, which was passed in 2022. The awards will be announced by President Joe Biden in Arizona on Wednesday. The money will help "leading-edge semiconductors made in the United States" keep "America in the driver's seat of innovation," U.S. Secretary of Commerce Gina Raimondo said on a call with reporters. Intel and the White House said their agreement is nonbinding and preliminary and could change.

Intel has long been a stalwart of the U.S. semiconductor industry, developing chips that power many of the world's PCs and data center servers. However, the company has been eclipsed in revenue by Nvidia, which leads in artificial intelligence chips, and has been surpassed in market cap by rival AMD and mobile phone chipmaker Qualcomm.

xAI has opened sourced its large language model Grok. From a report: The move, which Musk had previously proclaimed would happen this week, now enables any other entrepreneur, programmer, company, or individual to take Grok's weights -- the strength of connections between the model's artificial "neurons," or software modules that allow the model to make decisions and accept inputs and provide outputs in the form of text -- and other associated documentation and use a copy of the model for whatever they'd like, including for commercial applications.

"We are releasing the base model weights and network architecture of Grok-1, our large language model," the company announced in a blog post. "Grok-1 is a 314 billion parameter Mixture-of-Experts model trained from scratch by xAI." Those interested can download the code for Grok on its Github page or via a torrent link. Parameters refers to the weights and biases that govern the model -- the more parameters, generally the more advanced, complex and performant the model is. At 314 billion parameters, Grok is well ahead of open source competitors such as Meta's Llama 2 (70 billion parameters) and Mistral 8x7B (12 billion parameters). Grok was open sourced under an Apache License 2.0, which enables commercial use, modifications, and distribution, though it cannot be trademarked and there is no liability or warranty that users receive with it. In addition, they must reproduce the original license and copyright notice, and state the changes they've made.

According to Bloomberg (paywalled), the Pentagon has reportedly scrapped its plan to allocate $2.5 billion in grants to Intel, causing the firm's stock to slip in extended-hours trading. From a report: The decision now leaves the U.S. Commerce Department, which is responsible for doling out the funds from the U.S. CHIPs and Science Act, to make up the shortfall, the news outlet said. The Commerce Dept. was initially only supposed to cover $1B of the $3.5B that Intel is slated to receive for advanced defense and intelligence-related semiconductors. The deal is slated to position Intel as the dedicated supplier for processors used for military and intelligence applications and could result in a Secure Enclave inside Intel's chip factory, the news outlet said. With the Pentagon reportedly pulling out, it could alter how much Intel and other companies receive from the CHIPs Act, the news outlet said.

Streamers narrowly avoided getting shut out at the 2024 Oscars: Netflix came away with just one trophy and Apple left empty-handed, after they garnered a total of 32 nominations. From a report: Netflix collected its one win for Wes Anderson's "The Wonderful Story of Henry Sugar," an adaptation of a Roald Dahl story, in the live action short film category. The 40-minute film, with a cast that includes Benedict Cumberbatch, Dev Patel, Ben Kingsley, and Ralph Fiennes, is the first Oscar for Anderson (who wasn't in attendance to receive the award). Heading into Sunday's 96th Academy Awards, Netflix led all studios and platforms with 19 nominations across 11 films, including seven for Bradley Cooper's "Maestro" -- which was shut out. Apple had picked up 13 nods, including 10 for Martin Scorsese's "Killers of the Flower Moon," which also drew a goose egg.

Since 2017, Netflix has now won 23 Oscars in all. But the best picture prize continues to elude the streamer as "Maestro" lost out to this year's awards powerhouse, "Oppenheimer." Nor has Netflix won in the lead actor or actress categories, coming up empty this year after four noms (Cooper and Carey Mulligan for "Maestro"; Colman Domingo for "Rustin"; and Annette Bening for "Nyad"). "Killers of the Flower Moon's" nominations included one for Scorsese in the best director category. His only Oscar to date came in 2007 for "The Departed" (for director). In 2020, his mafioso pic "The Irishman" for Netflix was shut out at the Oscars after receiving 10 nominations.

In 1995 Scottish video game designer Chris Sawyer created the business simulator game Transport Tycoon Deluxe — and within four years, Wikipedia notes, work began on the first version of an open source version that's still being actively developed. "According to a study of the 61,154 open-source projects on SourceForge in the period between 1999 and 2005, OpenTTD ranked as the 8th most active open-source project to receive patches and contributions. In 2004, development moved to their own server."

Long-time Slashdot reader orudge says he's been involved for almost 25 years. "Exactly 21 years ago, I received an ICQ message (look it up, kids) out of the blue from a guy named Ludvig Strigeus (nicknamed Ludde)." "Hello, you probably don't know me, but I've been working on a project to clone Transport Tycoon Deluxe for a while," he said, more or less... Ludde made more progress with the project [written in C] over the coming year, and it looks like we even attempted some multiplayer games (not too reliable, especially over my dial-up connection at the time). Eventually, when he was happy with what he had created, he agreed to allow me to release the game as open source. Coincidentally, this happened exactly a year after I'd first spoken to him, on the 6th March 2004...

Things really got going after this, and a community started to form with enthusiastic developers fixing bugs, adding in new features, and smoothing off the rough edges. Ludde was, I think, a bit taken aback by how popular it proved, and even rejoined the development effort for a while. A read through the old changelogs reveals just how many features were added over a very short period of time. Quick wins like higher vehicle limits came in very quickly, and support for TTDPatch's NewGRF format started to be functional just four months later. Large maps, improved multiplayer, better pathfinders, improved TTDPatch compatibility, and of course, ports to a great many different operating systems, such as Mac OS X, BeOS, MorphOS and OS/2. It was a very exciting time to be a TTD fan!

Within six years, ambitious projects to create free replacements for the original TTD graphics, sounds and music sets were complete, and OpenTTD finally had its 1.0 release. And while we may not have the same frantic addition of new features we had in 2004, there have still been massive improvements to the code, with plenty of exciting new features over the years, with major releases every year since 2008. he move to GitHub in 2018 and the release of OpenTTD on Steam in 2021 have also re-energised development efforts, with thousands of people now enjoying playing the game regularly. And development shows no signs of slowing down, with the upcoming OpenTTD 14.0 release including over 40 new features!
"Personally, I would like to say thank you to everyone who has supported OpenTTD development over the past two decades..." they write, adding "Finally, of course, I'd like to thank you, the players! None of us would be here if people weren't still playing the game.

"Seeing how the first twenty years have gone, I can't wait to see what the next twenty years have in store. :)"

Roughly $138 billion in U.S. student loan debt has now been cancelled, reports CNN. "That's about one-third of the $430 billion that would've been canceled under the president's one-time forgiveness plan, which was struck down by the Supreme Court last year."

It's 9% of all outstanding federal student loan debt, according to the article, "wiping out debts for about 3.9 million borrowers — by using a number of existing programs that aim to offer debt relief for certain groups of struggling borrowers..." What President Biden has been doing — before and after the Supreme Court ruling — is using existing student loan forgiveness programs to deliver relief to certain groups of borrowers, like public-sector workers (through the Public Service Loan Forgiveness program) and borrowers who were defrauded by their college (through the borrower defense to repayment program). His administration also made discharges for borrowers who are totally and permanently disabled. None of these programs expire, meaning they will help qualifying borrowers now and in the future. In some cases, Biden's administration has expanded the reach of these programs, making more borrowers eligible.

And in other cases, it has made an effort to correct past administrative errors made to borrowers' student loan accounts by conducting a one-time recount of borrowers' past payments. This effort helps make sure people receive the loan forgiveness they may already qualify for by having made at least 20 years of payments in an income-driven plan, which calculates monthly payment amounts based on a borrower's income and family size, rather than the amount owed. The recount is expected to be completed by July...

Last year, the administration created a new income-driven repayment plan. Known as SAVE, the new plan offers the most generous terms for low-income borrowers. Those who originally borrowed $12,000 or less will see their remaining debt canceled after making payments for at least 10 years... [The administration] is working on implementing another path toward a broad student loan forgiveness program, this time relying on a different legal authority in hopes that this attempt holds up in court. This proposal is currently making its way through a lengthy rulemaking process and has yet to be finalized.

An anonymous reader quotes a report from TechCrunch: Google today is sharing more details about the fees that will accompany its plan to comply with Europe's new Digital Markets Act (DMA), the new regulation aimed at increasing competition across the app store ecosystem. While Google yesterday pointed to ways it already complied with the DMA -- by allowing sideloading of apps, for example -- it hadn't yet shared specifics about the fees that would apply to developers, noting that further details would come out this week. That time is now, as it turns out.

Today, Google shared that there will be two fees that apply to its External offers program, also announced yesterday. This new program allows Play Store developers to lead their users in the EEA outside their app, including to promote offers. With these fees, Google is going the route of Apple, which reduced its App Store commissions in the EU to comply with the DMA but implemented a new Core Technology Fee that required developers to pay 0.50 euros for each first annual install per year over a 1 million threshold for apps distributed outside the App Store. Apple justified the fee by explaining that the services it provides developers extend beyond payment processing and include the work it does to support app creation and discovery, craft APIs, frameworks and tools to support developers' app creation work, fight fraud and more.

Google is taking a similar tactic, saying today that "Google Play's service fee has never been simply a fee for payment processing -- it reflects the value provided by Android and Play and supports our continued investments across Android and Google Play, allowing for the user and developer features that people count on," a blog post states. It says there will now be two fees that accompany External Offers program transactions:

- An initial acquisition fee, which is 10% for in-app purchases or 5% for subscriptions for two years. Google says this fee represents the value that Play provided in facilitating the initial user acquisition through the Play Store.
- An ongoing services fee, which is 17% for in-app purchases or 7% for subscriptions. This reflects the "broader value Play provides users and developers, including ongoing services such as parental controls, security scanning, fraud prevention, and continuous app updates," writes Google.

Of note, a developer can opt out of the ongoing services and corresponding fees, if the user agrees, after two years. Users who initially installed the app believe they'll have services like parental controls, security scanning, fraud prevention and continuous app updates, which is why opting out requires user consent. Although Google allows the developer to terminate this fee, those ongoing services will no longer apply either. Developers, however, will still be responsible for reporting transactions involving those users who are continuing to receive Play Store services.

An anonymous reader quotes a report from Krebs on Security: There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. "ALPHV") as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change's network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data Change reportedly paid the group to destroy. Meanwhile, the affiliate's disclosure appears to have prompted BlackCat to cease operations entirely. [...]

The affiliate claimed BlackCat/ALPHV took the $22 million payment but never paid him his percentage of the ransom. BlackCat is known as a "ransomware-as-service" collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. And those affiliates in turn earn commissions ranging from 60 to 90 percent of any ransom amount paid. "But after receiving the payment ALPHV team decide to suspend our account and keep lying and delaying when we contacted ALPHV admin," the affiliate "Notchy" wrote. "Sadly for Change Healthcare, their data [is] still with us." [...] On the bright side, Notchy's complaint seems to have been the final nail in the coffin for the BlackCat ransomware group, which was infiltrated by the FBI and foreign law enforcement partners in late December 2023. As part of that action, the government seized the BlackCat website and released a decryption tool to help victims recover their systems. BlackCat responded by re-forming, and increasing affiliate commissions to as much as 90 percent. The ransomware group also declared it was formally removing any restrictions or discouragement against targeting hospitals and healthcare providers. However, instead of responding that they would compensate and placate Notchy, a representative for BlackCat said today the group was shutting down and that it had already found a buyer for its ransomware source code. [...] BlackCat's website now features a seizure notice from the FBI, but several researchers noted that this image seems to have been merely cut and pasted from the notice the FBI left in its December raid of BlackCat's network.

Fabian Wosar, head of ransomware research at the security firm Emsisoft, said it appears BlackCat leaders are trying to pull an "exit scam" on affiliates by withholding many ransomware payment commissions at once and shutting down the service. "ALPHV/BlackCat did not get seized," Wosar wrote on Twitter/X today. "They are exit scamming their affiliates. It is blatantly obvious when you check the source code of their new takedown notice." Dmitry Smilyanets, a researcher for the security firm Recorded Future, said BlackCat's exit scam was especially dangerous because the affiliate still has all the stolen data, and could still demand additional payment or leak the information on his own. "The affiliates still have this data, and they're mad they didn't receive this money, Smilyanets told Wired.com. "It's a good lesson for everyone. You cannot trust criminals; their word is worth nothing."

Long-time Slashdot reader Greymane shared this article from Wired: [I]n a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers has created one of what they claim are the first generative AI worms — which can spread from one system to another, potentially stealing data or deploying malware in the process. "It basically means that now you have the ability to conduct or to perform a new kind of cyberattack that hasn't been seen before," says Ben Nassi, a Cornell Tech researcher behind the research. Nassi, along with fellow researchers Stav Cohen and Ron Bitton, created the worm, dubbed Morris II, as a nod to the original Morris computer worm that caused chaos across the Internet in 1988. In a research paper and website shared exclusively with WIRED, the researchers show how the AI worm can attack a generative AI email assistant to steal data from emails and send spam messages — breaking some security protections in ChatGPT and Gemini in the process...in test environments [and not against a publicly available email assistant]...

To create the generative AI worm, the researchers turned to a so-called "adversarial self-replicating prompt." This is a prompt that triggers the generative AI model to output, in its response, another prompt, the researchers say. In short, the AI system is told to produce a set of further instructions in its replies... To show how the worm can work, the researchers created an email system that could send and receive messages using generative AI, plugging into ChatGPT, Gemini, and open source LLM, LLaVA. They then found two ways to exploit the system — by using a text-based self-replicating prompt and by embedding a self-replicating prompt within an image file.

In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which "poisons" the database of an email assistant using retrieval-augmented generation (RAG), a way for LLMs to pull in extra data from outside its system. When the email is retrieved by the RAG, in response to a user query, and is sent to GPT-4 or Gemini Pro to create an answer, it "jailbreaks the GenAI service" and ultimately steals data from the emails, Nassi says. "The generated response containing the sensitive user data later infects new hosts when it is used to reply to an email sent to a new client and then stored in the database of the new client," Nassi says. In the second method, the researchers say, an image with a malicious prompt embedded makes the email assistant forward the message on to others. "By encoding the self-replicating prompt into the image, any kind of image containing spam, abuse material, or even propaganda can be forwarded further to new clients after the initial email has been sent," Nassi says.

In a video demonstrating the research, the email system can be seen forwarding a message multiple times. The researchers also say they could extract data from emails. "It can be names, it can be telephone numbers, credit card numbers, SSN, anything that is considered confidential," Nassi says.
The researchers reported their findings to Google and OpenAI, according to the article, with OpenAI confirming "They appear to have found a way to exploit prompt-injection type vulnerabilities by relying on user input that hasn't been checked or filtered." OpenAI says they're now working to make their systems "more resilient."

Google declined to comment on the research.

An anonymous Slashdot reader shared this report from The Washington Post: A YouTube contractor was addressing the Austin City Council on Thursday, calling on them to urge Google to negotiate with his union, when a colleague interrupted him with jaw-dropping news: His 43-person team of contractors had all been laid off...

The YouTube workers, who work for Google and Cognizant, unanimously voted to unionize under the Alphabet Workers Union-CWA in April 2023. Since then, the workers say that Google has refused to bargain with them. Thursday's layoff signifies continued tensions between Google and its workers, some of whom in 2021 formed a union...

Workers had about 20 minutes to gather their belongings and leave the premises before they were considered trespassing.
Video footage of the moment is embedded at the top of the article. "I was speechless, shocked," said the contractor who'd been speaking. He told the Washington Post "I didn't know what to do. But angered, that was the main feeling." The council meeting was streaming live online and has since spread on social media. The contractors view the layoff as retaliation for unionizing, but Google and information technology subcontractor Cognizant said it was the normal end of a business contract.

The ability for layoffs to spread over social media highlights how the painful experience of a job loss is frequently being made public, from employees sharing recordings of Zoom meetings to posting about their unemployment. The increasing tension between YouTube's contractors and Google comes as massive layoffs continue to hit the tech industry — leaving workers uneasy and companies emboldened. Google already has had rounds of cuts the past two years.

Google has been in a long-running battle with many of its contractors as they seek the perks and high pay that full-time Google workers are accustomed to. The company has tens of thousands of contractors doing everything from food service to sales to writing code... Google maintains that Cognizant is responsible for the contractors' employment and working conditions, and therefore isn't responsible for bargaining with them. Cognizant said it is offering the workers seven weeks of paid time to explore other roles at the company and use its training resources.

Last year, the National Labor Relations Board ruled that Cognizant and Google are joint employers of the contractors. In January, the NLRB sent a cease-and-desist letter to both employers for failing to bargain with the union. Since then the issue of joint employment, which would ultimately determine which company is responsible for bargaining, has landed in an appeals court and has yet to be ruled on.
"Workers say they don't have sick pay, receive minimal benefits and are paid as little as $19 an hour," according to the article, "forcing some to work multiple jobs to make ends meet." Sam Regan, a data analyst contractor for YouTube Music, told the Washington Post that he was one of the last workers to leave the meeting where the layoffs were announced.

"Upon leaving, he heard one of the security guards call the non-emergency police line to report trespassers."

Google is cracking down on rooted Android devices, blocking multiple people from using the RCS message feature in Google Messages. From a report: Users with rooted phones -- a process that unlocks privileged access to the Android operating system, like jailbreaking iPhones -- have made several reports on the Google Messages support page, Reddit, and XDA's web forum over the last few months, finding they're suddenly unable to send or receive RCS messages. One example from Reddit user u/joefuf shows that RCS messages would simply vanish after hitting the send button. Several reports also mention that Google Messages gave no indication that RCS chat was no longer working, and was still showing as connected and working in Google Messages. In a statement sent to the Verge where we asked if Google is blocking rooted devices from using RCS, Google communications manager Ivy Hunt said the company is "ensuring that message-issuing/receiving devices are following the operating measures defined by the RCS standard" in a bid to prevent spam and abuse on Google Messages. In other words, yes, Google is blocking RCS on rooted devices.

An anonymous reader quotes a report from Ars Technica: The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they've been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses.

"In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns," FBI officials wrote in an advisory Tuesday. APT28 -- one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU -- has been doing just for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices.

On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. "The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers," they warned. "However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises."

Those actions include:

- Perform a hardware factory reset to remove all malicious files
- Upgrade to the latest firmware version
- Change any default usernames and passwords
- Implement firewall rules to restrict outside access to remote management services

Emanuel Maiberg reports via 404 Media: Dozens of Ghost kitchens, restaurants that serve food exclusively by delivery on apps like DoorDash and Grubhub, are selling food that they promote to customers with AI-generated images. It's common for advertisements to stage or edit pictures of food to make it look more enticing, but in these cases the ghost kitchens are showing people pictures of food that literally doesn't exist, and looks nothing like the actual items they're selling, sometimes because the faulty AI is producing physically impossible food items. [...] Some ghost kitchens exist as unmarked commercial kitchens with no actual restaurant you can visit that simply fulfill orders for a variety of brands that only exist on the food delivery services. Other ghost kitchens piggyback on existing, real restaurant kitchens to fulfill orders for those brands that exist only on food delivery apps.

[The food from a business on DoorDash called Pasta Lovers] actually comes from Tony's Pizzeria in North Brooklyn, which also fulfills orders for a cheesesteak brand called Philly Cheez, a hero sandwich brand called Hero Mania, and a wrap brand called That's A Wrap. All of these brands deliver food from different ghost kitchens across the country, and all of them feature the same type of AI-generated images to promote their food, some of which looks ridiculous. [...]

"We don't allow the use of AI-generated images and if we find a merchant is using any, we will remove those images from their menu," Grubhub, which also operates Seamless, told me in an email. However, at the time of writing the AI-generated images on Seamless I sent the company are still live on its site. "We know how important it is for diners to have realistic expectations of what they are ordering and should expect to receive, which is why we share image guidelines with our partners and our system reviews image submissions before they're allowed on our platform." "DoorDash is committed to showcasing realistic representations of meals that customers would receive when ordering online," DoorDash told me in an email. "Showcasing high-quality, accurate, and realistic menu images is crucial for maintaining customer trust and generating sales through DoorDash Marketplace." "This is all incredibly depressing," concludes Maiberg. "A local pizzeria can't get by unless it makes sandwiches for ghost kitchen brands, the people who make a living taking photographs of food are being displaced by AI tools, and gigantic food delivery apps are still making money by taking a cut from restaurants and screwing over gig delivery drivers."

"AI-generated images of food that people can order and eat finally brings us to a shockingly literal manifestation of Jean Baudrillard's Simulacra. Baudrillard would say the Spicy Philly Cheese from Philly Cheez is "never that which conceals the truth -- it is the truth which conceals that there is none."

Apple has filed a lawsuit against the U.S. Patent and Trademark Office for refusing to grant trademarks covering the company's augmented-reality software development tools "Reality Composer" and "Reality Converter." Reuters reports: Apple, whose augmented-reality technology is a centerpiece of its newly released Vision Pro headset, asked the court (PDF) on Friday to reverse the USPTO's decision that the phrases were not distinctive enough to receive federal trademark protection. "Consumers must exercise imagination to understand how the nonsensical phrases 'reality composer' and 'reality converter' -- which sound like science fiction impossibilities -- relate to Apple's products," the complaint said. "They are suggestive, just as Burger King is a fast-food chain, not an actual monarch."

Apple's Reality Composer and Reality Converter allow developers to create and alter 3-D augmented-reality content for Apple apps. The content is compatible with Apple devices including the Vision Pro mixed-reality headset, which the tech giant began selling earlier this month. Turkish visual-effects company ZeroDensity challenged Apple's trademark applications at the USPTO, arguing that the phrases could not receive federal trademarks because they merely describe what the software does. ZeroDensity also said Apple's trademarks would cause confusion with its own "Reality"-related marks.

ZeroDensity, the named defendant in the case, said in a statement on Monday that it was "surprised and concerned by [Apple's] misinterpretation and misrepresentation of our company" and is "resolute in defending our 'Reality' trademarks." A USPTO tribunal agreed with ZeroDensity that Apple's marks were descriptive without addressing whether they would confuse consumers. Apple said in Friday's complaint that its phrases were "made-up terms coined by Apple that do not describe the underlying software development tools." "In contrast, descriptive terms like Raisin Bran or American Airlines straightforwardly describe the goods and services offered under the brand name," Apple said. "As innovative as Apple is, it cannot 'compose' or 'convert' reality." Apple argued that its marks would not cause consumer confusion and accused ZeroDensity of trying to "claim broad rights in the word 'reality,' which no one entity can monopolize."

Since 2010, billionaire tech investor Peter Thiel has offered to pay about 20 students $100,000 to drop out of school each year "to start companies or nonprofits," reports the Wall Street Journal. His program has now backed 271 people, and this year the applicant pool "is bigger than ever."

So how's it going? Some big successes include Vitalik Buterin, co-founder of Ethereum, the blockchain network; Laura Deming, a key figure in venture investing in aging and longevity; Austin Russell, who runs self-driving technologies company Luminar Technologies; and Paul Gu, co-founder of consumer lending company Upstart...

Thiel and executives of the fellowship acknowledge they have learned painful lessons along the way. Some applicants pursued ambitious ideas that turned out to be unrealistic, for example. "Asteroid mining is great for press releases but maybe we should have pushed back early on," he says. Others were better at applying to be Thiel fellows than they were starting businesses, it turned out... They've also learned that lone geniuses with brilliant ideas aren't usually the kinds of people who can build organizations. "It's a team sport to get something going and build on it, you can't just be a mad genius, you have to have some social skills and emotional intelligence," says Michael Gibson, an early leader of the organization who is co-founder of a venture fund that invests primarily in those who don't have a college degree...

Thiel hasn't attempted to build a better education system, which program officials acknowledge has made it harder to develop talent in the program... Thiel fellows say they don't receive much more than funding from the program and have limited contact with Thiel, though access to a network of former Thiel fellows can be useful. "Meeting some of the other members inspires you to think bigger," says Boyan Slat, a 2016 Thiel fellow who is chief executive of The Ocean Cleanup, a Netherlands-based nonprofit developing technologies to remove plastic from oceans. Slat says he has spoken to Thiel "three or four times."

As a result, Thiel and other staffers have concluded they can't grow beyond the 20 or so young people chosen as fellows each year. "If you scale the program," Thiel says, "you will have a lot more people who aren't quite ready, you would then have to be super-confident you can develop them" — which Thiel and his colleagues say they aren't skilled at doing... About a quarter of the Thiel fellows eventually returned to college to finish their degrees, suggesting that even the dropouts see enduring value in higher education.

Thiel says they "got way more out of it by going back" after launching their businesses.

"The other 75% didn't need a college degree," he says.

Google is shutting down the Google Pay app, as the standalone app has largely been replaced by Google Wallet. According to TechCrunch, Google Pay "will only be available in Singapore and India" after its shuts down in the United States. From the report: Users can continue to access the app's most popular features right from Google Wallet, which Google says is used five times more than the Google Pay app in the United States. After June 4, users will no longer be able to send, request or receive money through the U.S. version of the Google Pay app. Users have until that date to view and transfer their Google Pay balance to their bank account via the app. If you still have funds in your account after that date, you can view and transfer your funds to your bank from the Google Pay website.

Users who used the Google Pay app to find offers and deals can still so do using the new deals destination on Google Search, the company says. Google Wallet is the company's primary place for mobile payments in the United States, and will likely remain so. The app lets you use your phone to pay in stores, board a plane, ride transit, store loyalty cards, save driver's licenses and start your car via a digital key.

The Supreme Court's conservative majority seemed skeptical Wednesday as the Environmental Protection Agency sought to continue enforcing an anti-air-pollution rule in 11 states while separate legal challenges proceed around the country. From a report: The EPA's "good neighbor" rule is intended to restrict smokestack emissions from power plants and other industrial sources that burden downwind areas with smog-causing pollution. Three energy-producing states -- Ohio, Indiana and West Virginia -- challenged the rule, along with the steel industry and other groups, calling it costly and ineffective. The rule is on hold in a dozen states because of the court challenges.

The Supreme Court, with a 6-3 conservative majority, has increasingly reined in the powers of federal agencies, including the EPA, in recent years. The justices have restricted EPA's authority to fight air and water pollution -- including a landmark 2022 ruling that limited EPA's authority to regulate carbon dioxide emissions from power plants that contribute to global warming. The court also shot down a vaccine mandate and blocked President Joe Biden's student loan forgiveness program.

The court is currently weighing whether to overturn its 40-year-old Chevron decision, which has been the basis for upholding a wide range of regulations on public health, workplace safety and consumer protections. A lawyer for the EPA said the "good neighbor" rule was important to protect downwind states that receive unwanted air pollution from other states. Besides the potential health impacts, the states face their own federal deadlines to ensure clean air, said Deputy U.S. Solicitor General Malcolm Stewart, representing the EPA.

An anonymous reader shares a report: When Google Wallet launched in 2022, Google kept the "GPay" app around in a handful of countries. The company announced today that the old Google Pay app is soon going away in the US. That app, which appears as "GPay" on your Android homescreen, was Google's previous vision for mobile payments and finance.

It was "designed around your relationships with people and businesses" with conversation-like threads serving as a purchase history, while keeping track of your spending was another big aspect. GPay will stop working in the US from June 4, 2024. It will remain available for users in India and Singapore as Google continues to "build for the unique needs in those countries." As part of the app going away, Google is shutting down peer-to-peer payments that let you send, request, or receive money from others in the US. Google's P2P offering never really took off.