×

Submission + - Should the US Ban Chinese EVs? (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Influential US Senator Sherrod Brown (D–Ohio) has called on US President Joe Biden to ban electric vehicles from Chinese brands. Brown calls Chinese EVs "an existential threat" to the US automotive industry and says that allowing imports of cheap EVs from Chinese brands "is inconsistent with a pro-worker industrial policy." Brown's letter to the president (PDF) is the most recent to sound alarms about the threat of heavily subsidized Chinese EVs moving into established markets. Brands like BYD and MG have been on sale in the European Union for some years now, and last October, the EU launched an anti-subsidy investigation into whether the Chinese government is giving Chinese brands an unfair advantage.

The EU probe won't wrap until November, but another report published this week found that government subsidies for green technology companies are prevalent in China. BYD, which now sells more EVs than Tesla, has benefited from almost $4 billion (3.7 billion euro) in direct help from the Chinese government in 2022, according to a study by the Kiel Institute. Last month, the EU even started paying extra attention to imports of Chinese EVs, issuing a threat of retroactive tariffs that could start being imposed this summer. Chinese EV imports to the EU have increased by 14 percent since the start of its investigation, but they have yet to really begin in the US, where there are a few barriers in their way. Chinese batteries make an EV ineligible for the IRS's clean vehicle tax credit, for one thing. And Chinese-made vehicles (like the Lincoln Nautilus, Buick Envision, and Polestar 2) are already subject to a 27.5 percent import tax.

But Chinese EVs are on sale in Mexico already, and that has American automakers worried. Last year, Ford CEO Jim Farley said he saw Chinese automakers "as the main competitors, not GM or Toyota." And in January, Tesla CEO Elon Musk said he believed that "if there are no trade barriers established, they will pretty much demolish most other car companies in the world." [...] It's not just the potential damage to the US auto industry that has prompted this letter. Brown wrote that he is concerned about the risk of China having access to data collected by connected cars, "whether it be information about traffic patterns, critical infrastructure, or the lives of Americans," pointing out that "China does not allow American-made electric vehicles near their official buildings." At the end of February, the Commerce Department also warned of the security risk from Chinese-connected cars and revealed it has launched an investigation into the matter.

Submission + - House Votes to Extend—and Expand—a Major US Spy Program (wired.com)

Submitted by Anonymous Coward
An anonymous reader writes: A controversial USwiretap programdays from expiration cleared a major hurdle on its way to being reauthorized. After months of delays, false starts, and interventions by lawmakers working to preserve and expand the US intelligence community’s spy powers, the House of Representatives voted on Friday to extend Section 702 (PDF) of the Foreign Intelligence Surveillance Act (FISA) for two years. Legislation extending the program—controversial for being abused by the government—passed in the House in a 273–147 vote. The Senate has yet to pass its own bill.

Section 702 permits the US government to wiretap communications between Americans and foreigners overseas. Hundreds of millions of calls, texts, and emails are intercepted by government spies each with the “compelled assistance” of US communications providers. The government may strictly target foreigners believed to possess “foreign intelligence information,” but it also eavesdrops on the conversations of an untold number of Americans each year. (The government claims it is impossible to determine how many Americans get swept up by the program.) The government argues that Americans are not themselves being targeted and thus the wiretaps are legal. Nevertheless, their calls, texts, and emails may be stored by the government for years, and can later be accessed by law enforcement without a judge’s permission. The House bill also dramatically expands the statutory definition for communication service providers, something FISA experts,including Marc Zwillinger—one of the few people to advise the Foreign Intelligence Surveillance Court (FISC)—have publicly warned against.

The FBI’strack record of abusing the programkicked off a rare detente last fall between progressive Democrats and pro-Trump Republicans—both bothered equally by the FBI’s targeting of activists, journalists, anda sitting member of Congress. But in a major victory for the Biden administration, House members voted down an amendment earlier in the day that would’ve imposed new warrant requirements on federal agencies accessing Americans’ 702 data. The warrant amendment was passed earlier this year by the House Judiciary Committee, whose long-held jurisdiction over FISA has been challenged by friends of the intelligence community. Analysis by the Brennan Center this week found that 80 percent of the base text of the FISA reauthorization bill had been authored by intelligence committee members.

Submission + - Google Threatens To Cut Off News After California Proposes Paying Media Outlets (theverge.com)

Submitted by Anonymous Coward
An anonymous reader writes: Google says it will start removing links to California news websites in a “short term test for a small percentage of California users.” The move is in response to the pending California Journalism Preservation Act (CJPA), which would require Google to pay a fee for linking Californians to news articles. “If passed, CJPA may result in significant changes to the services we can offer Californians and the traffic we can provide to California publishers,” Jaffer Zaidi, Google VP of global news partnerships, wrote in a blog post announcing the decision. “The testing process involves removing links to California news websites, potentially covered by CJPA, to measure the impact of the legislation on our product experience.” Zaidi adds that Google will also pause “further investments in the California news ecosystem,” referring to initiatives like Google News Showcase, product and licensing programs for news organizations, and the Google News Initiative.

Submission + - Canadian legislators accused of using AI to produce 20,000 amendments (www.cbc.ca)

Submitted by sinij
sinij writes:

The amendments are what's left of nearly 20,000 changes the Conservatives proposed to Bill C-50 last fall at a House of Commons committee. Liberals now contend the Conservatives came up with the amendments using artificial intelligence in order to gum up the government's agenda.

These amendments is a filibustering strategy, as each has to be voted on.

Submission + - Huawei building vast chip equipment R&D centre in Shanghai (nikkei.com)

Submitted by AmiMoJo
AmiMoJo writes: Huawei Technologies is building a massive semiconductor equipment research and development centre in Shanghai as the Chinese tech titan continues to beef up its chip supply chain to counter a U.S. crackdown. The centre's mission includes building lithography machines, vital equipment for producing cutting-edge chips. To staff the new center, Huawei is offering salary packages worth up to twice as much as local chipmakers, industry executives and sources briefed on the matter told Nikkei Asia. The company has already hired numerous engineers who have worked with top global chip tool builders like Applied Materials, Lam Research, KLA and ASML, they said, adding that chip industry veterans with more than 15 years of experience at leading chipmakers like TSMC, Intel and Micron are also among recent and potential hires.

Submission + - DOJ-Collected Information Exposed in Data Breach Affecting 340,000 (securityweek.com)

Submitted by Anonymous Coward
An anonymous reader writes: Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach.

The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals.

Submission + - Code Execution Flaws in Multiple Adobe Software Products (securityweek.com)

Submitted by Anonymous Coward
An anonymous reader writes: Software maker Adobe on Tuesday rolled out urgent security updates for multiple enterprise-facing products and warned that hackers could exploit these bugs to launch code execution attacks.

Submission + - Elon Musk says the next-generation Grok 3 model will require 100,000 Nvidia H100 (tomshardware.com) 1

Submitted by Anonymous Coward
An anonymous reader writes: Elon Musk, CEO of Tesla and founder of xAI, made some bold predictions about the development of artificial general intelligence (AGI) and discussed the challenges facing the AI industry. He predicts that AGI could surpass human intelligence as soon as next year or by 2026, but that it will take an extreme number of processors to train, which in turn requires huge amounts of electricity, reports Reuters.

Submission + - Apple To Expand Presence In Florida With New Miami Office (9to5mac.com)

Submitted by Anonymous Coward
An anonymous reader writes: Following moves of other tech giants like Amazon and Microsoft, Apple is reportedly set to open a new office space in a Miami suburb. This won’t be the first corporate space for Apple in the city, but it will be larger than the existing office. Reported by Bloomberg, anonymous sources close to the matter say that Apple’s new Miami office will be 45,000 square feet in the affluent Coral Gables suburb of Miami. It’s not clear yet what part of Apple’s business the new office will focus on but it will be larger than its existing small Miami office that handles Latin America and advertising operations. The specific property of the new Apple offices will be at The Plaza Coral Gables.

Submission + - Why CISA is Warning CISOs About a Breach at Sisense (krebsonsecurity.com)

Submitted by Anonymous Coward
An anonymous reader writes: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)” In its alert, CISA said it was working with private industry partners to respond to a recent compromise discovered by independent security researchers involving Sisense.

Sisense declined to comment when asked about the veracity of information shared by two trusted sources with close knowledge of the breach investigation. Those sources said the breach appears to have started when the attackers somehow gained access to the company’s code repository at Gitlab, and that in that repository was a token or credential that gave the bad guys access to Sisense’s Amazon S3 buckets in the cloud. Both sources said the attackers used the S3 access to copy and exfiltrate several terabytes worth of Sisent customer data, which apparently included millions of access tokens, email account passwords, and even SSL certificates.

The incident raises questions about whether Sisense was doing enough to protect sensitive data entrusted to it by customers, such as whether the massive volume of stolen customer data was ever encrypted while at rest in these Amazon cloud servers. It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards. The breach also makes clear that Sisense is somewhat limited in the clean-up actions that it can take on behalf of customers, because access tokens are essentially text files on your computer that allow you to stay logged in for extended periods of time — sometimes indefinitely. And depending on which service we’re talking about, it may be possible for attackers to re-use those access tokens to authenticate as the victim without ever having to present valid credentials. Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they’ve previously entrusted to Sisense.

Submission + - Hackable Intel, Lenovo Hardware That Went Undetected For 5 Years Won't Be Fixed (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly have confirmed that the lapse has resulted in Intel, Lenovo, and Supermicro shipping server hardware that contains a vulnerability that can be exploited to reveal security-critical information. The researchers, however, went on to warn that any hardware that incorporates certain generations of baseboard management controllers made by Duluth, Georgia-based AMI or Taiwan-based AETN are also affected.

BMCs are tiny computers soldered into the motherboard of servers that allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of servers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system—even when it's turned off. BMCs provide what’s known in the industry as “lights-out” system management. AMI and AETN are two of several makers of BMCs. For years, BMCs from multiple manufacturers have incorporated vulnerable versions of open source software known as lighttpd. Lighttpd is a fast, lightweight web server that’s compatible with various hardware and software platforms. It’s used in all kinds of wares, including in embedded devices like BMCs, to allow remote administrators to control servers remotely with HTTP requests. [...] “All these years, [the lighttpd vulnerability] was present inside the firmware and nobody cared to update one of the third-party components used to build this firmware image,” Binarly researchers wrote Thursday. “This is another perfect example of inconsistencies in the firmware supply chain. A very outdated third-party component present in the latest version of firmware, creating additional risk for end users. Are there more systems that use the vulnerable version of lighttpd across the industry?”

The vulnerability makes it possible for hackers to identify memory addresses responsible for handling key functions. Operating systems take pains to randomize and conceal these locations so they can’t be used in software exploits. By chaining an exploit for the lighttpd vulnerability with a separate vulnerability, hackers could defeat this standard protection, which is known as address space layout randomization. The chaining of two or more exploits has become a common feature of hacking attacks these days as software makers continue to add anti-exploitation protections to their code. Tracking the supply chain for multiple BMCs used in multiple server hardware is difficult. So far, Binarly has identified AMI’s MegaRAC BMC as one of the vulnerable BMCs. The security firm has confirmed that the AMI BMC is contained in the Intel Server System M70KLP hardware. Information about BMCs from ATEN or hardware from Lenovo and Supermicro aren’t available at the moment. The vulnerability is present in any hardware that uses lighttpd versions 1.4.35, 1.4.45, and 1.4.51.

Submission + - US Lawmaker Proposes a Public Database of All AI Training Material (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Amid a flurry of lawsuits over AI models' training data, US Representative Adam Schiff (D-Calif.) has introduced (PDF) a bill that would require AI companies to disclose exactly which copyrighted works are included in datasets training AI systems. The Generative AI Disclosure Act "would require a notice to be submitted to the Register of Copyrights prior to the release of a new generative AI system with regard to all copyrighted works used in building or altering the training dataset for that system," Schiff said in a press release.

The bill is retroactive and would apply to all AI systems available today, as well as to all AI systems to come. It would take effect 180 days after it's enacted, requiring anyone who creates or alters a training set not only to list works referenced by the dataset, but also to provide a URL to the dataset within 30 days before the AI system is released to the public. That URL would presumably give creators a way to double-check if their materials have been used and seek any credit or compensation available before the AI tools are in use. All notices would be kept in a publicly available online database.

Currently, creators who don't have access to training datasets rely on AI models' outputs to figure out if their copyrighted works may have been included in training various AI systems. The New York Times, for example, prompted ChatGPT to spit out excerpts of its articles, relying on a tactic to identify training data by asking ChatGPT to produce lines from specific articles, which OpenAI has curiously described as "hacking." Under Schiff's law, The New York Times would need to consult the database to ID all articles used to train ChatGPT or any other AI system. Any AI maker who violates the act would risk a "civil penalty in an amount not less than $5,000," the proposed bill said.

Submission + - Code.org Launches AI Teaching Assistant for Grades 6-10 in Stanford Partnership 2

Submitted by theodp
theodp writes: From a Wednesday press release: "Code.org, in collaboration with The Piech Lab at Stanford University, launched today its AI Teaching Assistant, ushering in a new era of computer science instruction to support teachers in preparing students with the foundational skills necessary to work, live and thrive in an AI world. [...] Launching as a part of Code.org's leading Computer Science Discoveries (CSD) curriculum [for grades 6-10], the tool is designed to bolster teacher confidence in teaching computer science." EdWeek reports that in a limited pilot project involving twenty teachers nationwide, the AI computer science grading tool cut one middle school teacher's grading time in half. Code.org is now inviting an additional 300 teachers to give the tool a try. "Many teachers who lead computer science courses," EdWeek notes, "don’t have a degree in the subject—or even much training on how to teach it—and might be the only educator in their school leading a computer science course."

Stanford's Piech Lab is headed by assistant professor of CS Chris Piech, who also runs the wildly-successful free Code in Place MOOC (30,000+ learners and counting), which teaches fundamentals from Stanford’s flagship introduction to Python course. Prior to coming up with the new AI teaching assistant, which automatically assesses Code.org students' JavaScript game code, Piech worked on a Stanford Research team that partnered with Code.org nearly a decade ago to create algorithms to generate hints for K-12 students trying to solve Code.org's Hour of Code block-based programming puzzles (2015 paper). And several years ago, Piech's lab again teamed with Code.org on Play-to-Grade, which sought to "provide scalable automated grading on all types of coding assignments" by analyzing the game play of Code.org students' projects. Play-to-Grade, a 2022 paper noted, was "supported in part by a Stanford Hoffman-Yee Human Centered AI grant" for AI Tutors to Help Prepare Students for the 21st Century Workforce. That project also aimed to develop a "Super Teaching Assistant" for Piech's Code in Place MOOC. LinkedIn co-founder Reid Hoffman, who was present for the presentation of the 'AI Tutors' work he and his wife funded, is a Code.org Diamond Supporter ($1+ million).

Submission + - Boeing whistleblower raises new concerns about the 787, and the FAA investigates (npr.org)

Submitted by Anonymous Coward
An anonymous reader writes: Federal regulators are investigating a whistleblower's claims about flaws in the assembly of Boeing's 787 Dreamliner.

Longtime Boeing engineer Sam Salehpour went public Tuesday with claims that he observed problems with how parts of the plane's fuselage were fastened together. Salehpour warns that production "shortcuts" could significantly shorten the lifespan of the plane, eventually causing the fuselage to fall apart in mid-flight.

"It can cause a catastrophic failure," Salehpour said Tuesday during a press briefing to discuss his claims.

A spokesman for the FAA confirmed that the agency is investigating those allegations, which were first reported by the New York Times, but declined to comment further on them.

Boeing immediately pushed back.

"These claims about the structural integrity of the 787 are inaccurate and do not represent the comprehensive work Boeing has done to ensure the quality and long-term safety of the aircraft," Boeing spokeswoman Jessica Kowal said in a statement. "We are fully confident in the 787 Dreamliner."

Submission + - UK Considers Banning Smartphone Sales To Children Under 16 (theguardian.com)

Submitted by Anonymous Coward
An anonymous reader writes: Ministers are considering banning the sale of smartphones to children under the age of 16 after a number of polls have shown significant public support for such a curb. The government issued guidance on the use of mobile phones in English schools two months ago, but other curbs are said to have been considered to better protect children after a number of campaigns. [...] A March survey by Parentkind, of 2,496 parents of school-age children in England, found 58% of parents believe the government should ban smartphones for under-16s. It also found more than four in five parents said they felt smartphones were “harmful” to children and young people.

Another survey by More in Common revealed 64% of people thought that a ban on selling smartphones to under-16s would be a good idea, compared with 20% who said it was a bad idea. The curb was even popular among 2019 Tory voters, according to the thinktank, which found 72% backed a ban, as did 61% of Labour voters. But the thought of another ban has left some Conservatives uneasy. One Tory government source described the idea as "out of touch," noting: “It’s not the government’s role to step in and microparent; we’re meant to make parents more aware of the powers they have like restrictions on websites, apps and even the use of parental control apps." They said only in extreme cases could the government “parent better than actual parents and guardians."

Submission + - Saudi Arabia 'Forced To Scale Back' Plans For Desert Megacity (theguardian.com)

Submitted by Anonymous Coward
An anonymous reader writes: It was billed as a glass-walled city of the future, an ambitious centerpiece of the economic plan backed by Crown Prince Mohammed bin Salman to transition Saudi Arabia away from oil dependency. Now, however, plans for the mirror-clad desert metropolis called the Line have been scaled down and the project, which was envisaged to stretch 105 miles (170km) is expected to reach just a mile and a half by 2030. Dreamed up as a linear city that would eventually be home to about 9 million people on a footprint of just 13 sq miles, the Line is part of a wider Neom project. Now at least one contractor has begun dismissing workers. The scaling down of Prince Mohammed’s most grandiose project was reported by Bloomberg, which said it had seen documents relating to the project.

Slashdot Top Deals