A viral Reddit "whistleblower" post accusing a major food delivery app of systemic exploitation is "most likely AI-generated," reports the Verge. From the report: The original post by user Trowaway_whistleblow alleged that an unnamed food delivery company regularly delays customer orders, calls couriers "human assets," and exploits their "desperation" for cash, among other indefensible actions. Nearly 90,000 upvotes and four days later, it's become increasingly clear that the post's text is probably AI-generated. Considering the delivery app industry track record of exploitation of its drivers, it's easy to see why so many people believed this was the real thing.

The Verge put the original 586-word Reddit post through several free online AI detectors, in addition to Gemini, ChatGPT, and Claude. The results were mixed: Copyleaks, GPTZero, Pangram, Gemini, and Claude all pegged it as likely AI-generated, but ZeroGPT and QuillBot both reported it as human-written. ChatGPT played it down the middle. Reached by The Verge on Signal, Trowaway_whistleblow provided an image of an Uber Eats employee badge. That image was generated or edited with Google AI, according to Gemini. The image shows an Uber Eats logo above two black boxes, presumably covering an employee name and photo, and the words "senior software engineer." It's odd that an engineer's badge would have the Uber Eats logo, and not the Uber logo, according to Gemini. That, in addition to slightly misaligned words and warped coloration at the edge of the green border, are reasons Gemini thinks it's inauthentic. (Uber later confirmed that Uber Eats-branded employee badges do not exist.) "Not only are the claims fake, but they're also dead wrong," Uber spokesperson Noah Edwardsen told The Verge. Uber Eats' Andrew Macdonald wrote on X, "This post is definitively not about us. I suspect it is completely made up. Don't trust everything you read on the internet."

DoorDash CEO Tony Xu also denied the redditor's "appalling" allegations. "This is not DoorDash, and I would fire anyone who promoted or tolerated the kind of culture described in this Reddit post," Xu said in a post on X.

The glasses-shaped face computers that tech companies have been building for years now face an identity crisis, and their makers can't agree on what to call them. Meta has asked a journalist to refer to its Ray-Ban glasses as "AI glasses" to distinguish them from Google Glass. Google, whose Project Aura is a collaboration with Xreal, calls the product "wired XR glasses" because the company views it as more aligned with headsets in a glasses form factor.

Xreal's CEO Chi Xu laughed when asked about Aura's category and said the company will call all its products "AR glasses." Research firms aren't aligned either. Gartner defines smart glasses as camera- and display-free devices with Bluetooth and AI. Counterpoint Research said smart glasses without see-through displays drive volumes in the smart eyewear category. IDC uses a broader definition that includes anything glasses-shaped.

alternative_right shares a report from Phys.org: Researchers have created a microphone that listens with light instead of sound. Unlike traditional microphones, this visual microphone captures tiny vibrations on the surfaces of objects caused by sound waves and turns them into audible signals. In the journal Optics Express, the researchers describe the new approach, which applies single-pixel imaging to sound detection for the first time. Using an optical setup without any expensive components, they demonstrate that the technique can recover sound by using the vibrations on the surfaces of everyday objects such as leaves and pieces of paper. [...]

To demonstrate the new visual microphone, the researchers tested its ability to reconstruct Chinese and English pronunciations of numbers as well as a segment from Beethoven's Fur Elise. They used a paper card and a leaf as vibration targets, placing them 0.5 meters away from the objects while a nearby speaker played the audio. The system was able to successfully reconstruct clear and intelligible audio, with the paper card producing better results than the leaf. Low-frequency sounds (1 kHz) showed slight distortion that improved when a signal processing filter was applied. Tests of the system's data rate showed it produced 4 MB/s, a rate sufficiently low to minimize storage demands and allow for long-term recording. "Currently, this technology still only exists in the laboratory and can be used in special scenarios where traditional microphones fail to work," said research team leader Xu-Ri Yao from Beijing Institute of Technology in China. "We aim to expand the system into other vibration measurement applications, including human pulse and heart rate detection, leveraging its multifunctional information sensing capabilities."

The Register's Simon Sharwood reports: Huawei's chairman Xu Zhijun -- aka Eric Xu -- has called out China's enormous lead in fiber-to-the-room (FTTR) installations. Speaking at last week's Mobile World Congress event in Shanghai, Xu shared his views on the telecommunications industry's future growth opportunities and said by the end of 2025 China will be home to 75 million FTTR installations -- but just 500,000 exist outside the Middle Kingdom. Xu said FTTR will benefit businesses by increasing their internet connection speeds, helping them address spotty Wi-Fi coverage, allowing them to deploy tech in more places, and therefore creating more opportunities to adopt productivity-boosting devices and services. FTTR will also help carriers to sell more expensive packages, he said. Xu also urged telecom carriers to target high-growth user groups like delivery riders and livestream influencers, citing their above-average data consumption and revenue potential. Delivery riders, who will make up 5% of the global workforce by 2030, use four times more voice minutes and double the data of average users, while influencers generate five times the data usage and four times the revenue.

He also pushed for greater collaboration between carriers and platforms to deliver more high-res video content, and called for improved efficiency in networking equipment and device power use. "Xu said Huawei is here to help carriers deliver any of the scenarios he mentioned," concludes Sharwood. "And of course it is, because the Chinese giant has a thriving business selling to telcos -- or at least to telcos beyond the liberal democracies that have largely decided Huawei's close ties with Beijing mean the company and its products represent an unacceptable threat to the operation of critical infrastructure."

British police have arrested two individuals involved in an SMS-based phishing campaign using a unique device police described as a "homemade mobile antenna," "an illegitimate telephone mast," and a "text message blaster." This first-of-its-kind device in the UK was designed to send fraudulent texts impersonating banks and other official organizations, "all while allegedly bypassing network operators' anti-SMS-based phishing, or smishing, defenses," reports The Register. From the report: Thousands of messages were sent using this setup, City of London Police claimed on Friday, with those suspected to be behind the operation misrepresenting themselves as banks "and other official organizations" in their texts. [...] Huayong Xu, 32, of Alton Road in Croydon, was arrested on May 23 and remains the only individual identified by police in this investigation at this stage. He has been charged with possession of articles for use in fraud and will appear at Inner London Crown Court on June 26. The other individual, who wasn't identified and did not have their charges disclosed by police, was arrested on May 9 in Manchester and was bailed. [...]

Without any additional information to go on, it's difficult to make any kind of assumption about what these "text message blaster" devices might be. However, one possibility, judging from the messaging from the police, is that the plod are referring to an IMSI catcher aka a Stingray, which acts as a cellphone tower to communicate with people's handhelds. But those are intended primarily for surveillance. What's more likely is that the suspected UK device is perhaps some kind of SIM bank or collection of phones programmed to spam out shedloads of SMSes at a time.

"Merged this Friday evening into the Linux 6.10 kernel is the new mseal() system call for memory sealing," reports Phoronix: The mseal system call was led by Jeff Xu of Google's Chrome team. The goal with memory sealing is to also protect the memory mapping itself against modification. The new mseal Linux documentation explains:

"Modern CPUs support memory permissions such as RW and NX bits. The memory permission feature improves security stance on memory corruption bugs, i.e. the attacker can't just write to arbitrary memory and point the code to it, the memory has to be marked with X bit, or else an exception will happen. Memory sealing additionally protects the mapping itself against modifications. This is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system... Memory sealing can automatically be applied by the runtime loader to seal .text and .rodata pages and applications can additionally seal security-critical data at runtime. A similar feature already exists in the XNU kernel with the VM_FLAGS_PERMANENT flag and on OpenBSD with the mimmutable syscall."

The mseal system call is designed to be used by the likes of the GNU C Library "glibc" while loading ELF executables to seal non-writable memory segments or by the Google Chrome web browser and other browsers for protecting security sensitive data structures.

An anonymous reader quotes a report from Ars Technica: An Arizona woman has been accused of helping generate millions of dollars for North Korea's ballistic missile program by helping citizens of that country land IT jobs at US-based Fortune 500 companies. Christina Marie Chapman, 49, of Litchfield Park, Arizona, raised $6.8 million in the scheme, federal prosecutors said in an indictment unsealed Thursday. Chapman allegedly funneled the money to North Korea's Munitions Industry Department, which is involved in key aspects of North Korea's weapons program, including its development of ballistic missiles. Part of the alleged scheme involved Chapman and co-conspirators compromising the identities of more than 60 people living in the US and using their personal information to get North Koreans IT jobs across more than 300 US companies.

As another part of the alleged conspiracy, Chapman operated a "laptop farm" at one of her residences to give the employers the impression the North Korean IT staffers were working from within the US; the laptops were issued by the employers. By using proxies and VPNs, the overseas workers appeared to be connecting from US-based IP addresses. Chapman also received employees' paychecks at her home, prosecutors said. Federal prosecutors said that Chapman and three North Korean IT workers -- using the aliases of Jiho Han, Chunji Jin, Haoran Xu, and others -- had been working since at least 2020 to plan a remote-work scheme. In March of that year, prosecutors said, an individual messaged Chapman on LinkedIn and invited her to "be the US face" of their company. From August to November of 2022, the North Korean IT workers allegedly amassed guides and other information online designed to coach North Koreans on how to write effective cover letters and resumes and falsify US Permanent Resident Cards.

Under the alleged scheme, the foreign workers developed "fictitious personas and online profiles to match the job requirements" and submitted fake documents to the Homeland Security Department as part of an employment eligibility check. Chapman also allegedly discussed with co-conspirators about transferring the money earned from their work. Chapman was arrested Wednesday. It wasn't immediately known when she or Didenko were scheduled to make their first appearance in court. If convicted, Chapman faces 97.5 years in prison, and Didenko faces up to 67.5 years.

An anonymous reader quotes a report from The Register: Huawei plans to expand its native HarmonyOS smartphone platform worldwide, despite coming under US-led sanctions that have deprived it of access to key technologies. "We will work hard to build up the HarmonyOS app ecosystem in the China market first, then, from country to country, we will start gradually pushing it out to other parts of the world," Huawei's rotating chairman Erik Xu told attendees at its 21st Analyst Summit in Shenzhen last week. Part of this process will involve porting apps to HarmonyOS and encouraging other app developers to code for the platform.

"In the China market, Huawei smartphone users spend 99 percent of their time on about 5,000 apps. So we decided to spend 2024 porting these apps over to HarmonyOS first in our drive to truly unify the OS and the app ecosystem. We are also encouraging other apps to be ported over to HarmonyOS," Xu said. According to Huawei's rotating chairman, more than 4,000 of those apps are already in the process of being transferred, and the company is "communicating with developers" on the 1,000 or so apps that remain. "This is a massive undertaking, but we have broad support in the industry and from many app developers," he claimed. "Once we have these first 5,000 Android apps -- and thousands of other apps -- up and running on HarmonyOS, we will have a real HarmonyOS: a third mobile operating system for the world," Xu said. That number could reach up to 1 million apps in the future, he claimed. According to Counterpoint Research, HarmonyOS accounted for 4 percent of global market share in the fourth quarter of 2023, and exceeded 16 percent market share in China. That makes it the third largest mobile OS by handset sales, behind Android and iOS.

It remains to be seen whether there will be much of a market for HarmonyOS outside of China, given the current sanctions and sour US/EU-China relations.

Microsoft Research Asia earlier this week unveiled VASA-1, an AI model that can create a synchronized animated video of a person talking or singing from a single photo and an existing audio track. ArsTechnica: In the future, it could power virtual avatars that render locally and don't require video feeds -- or allow anyone with similar tools to take a photo of a person found online and make them appear to say whatever they want. "It paves the way for real-time engagements with lifelike avatars that emulate human conversational behaviors," reads the abstract of the accompanying research paper titled, "VASA-1: Lifelike Audio-Driven Talking Faces Generated in Real Time." It's the work of Sicheng Xu, Guojun Chen, Yu-Xiao Guo, Jiaolong Yang, Chong Li, Zhenyu Zang, Yizhong Zhang, Xin Tong, and Baining Guo.

The VASA framework (short for "Visual Affective Skills Animator") uses machine learning to analyze a static image along with a speech audio clip. It is then able to generate a realistic video with precise facial expressions, head movements, and lip-syncing to the audio. It does not clone or simulate voices (like other Microsoft research) but relies on an existing audio input that could be specially recorded or spoken for a particular purpose.

Longtime Slashdot reader ahbond shares a report from VentureBeat: Today, Cognition, a recently formed AI startup backed by Peter Thiel's Founders Fund and tech industry leaders including former Twitter executive Elad Gil and Doordash co-founder Tony Xu, announced a fully autonomous AI software engineer called "Devin." While there are multiple coding assistants out there, including the famous Github Copilot, Devin is said to stand out from the crowd with its ability to handle entire development projects end-to-end, right from writing the code and fixing the bugs associated with it to final execution. This is the first offering of this kind and even capable of handling projects on Upwork, the startup has demonstrated. [...]

In a blog post today on Cognition's website, Scott Wu, the founder and CEO of Cognition and an award-winning sports coder, explained Devin can access common developer tools, including its own shell, code editor and browser, within a sandboxed compute environment to plan and execute complex engineering tasks requiring thousands of decisions. The human user simply types a natural language prompt into Devin's chatbot style interface, and the AI software engineer takes it from there, developing a detailed, step-by-step plan to tackle the problem. It then begins the project using its developer tools, just like how a human would use them, writing its own code, fixing issues, testing and reporting on its progress in real-time, allowing the user to keep an eye on everything as it works. [...]

According to demos shared by Wu, Devin is capable of handling a range of tasks in its current form. This includes common engineering projects like deploying and improving apps/websites end-to-end and finding and fixing bugs in codebases to more complex things like setting up fine-tuning for a large language model using the link to a research repository on GitHub or learning how to use unfamiliar technologies. In one case, it learned from a blog post how to run the code to produce images with concealed messages. Meanwhile, in another, it handled an Upwork project to run a computer vision model by writing and debugging the code for it. In the SWE-bench test, which challenges AI assistants with GitHub issues from real-world open-source projects, the AI software engineer was able to correctly resolve 13.86% of the cases end-to-end -- without any assistance from humans. In comparison, Claude 2 could resolve just 4.80% while SWE-Llama-13b and GPT-4 could handle 3.97% and 1.74% of the issues, respectively. All these models even required assistance, where they were told which file had to be fixed. Currently, Devin is available only to a select few customers. Bloomberg journalist Ashlee Vance wrote a piece about his experience using it here.

"The Doom of Man is at hand," captions Slashdot reader ahbond. "It will start with the low-hanging Jira tickets, and in a year or two, able to handle 99% of them. In the short term, software engineers may become like bot farmers, herding 10-1000 bots writing code, etc. Welcome to the future."

An anonymous reader shares a report: "Do you think that every fingerprint is actually unique? "It's a question that a professor asked Gabe Guo during a casual chat while he was stuck at home during the Covid-19 lockdowns, waiting to start his freshman year at Columbia University. "Little did I know that conversation would set the stage for the focus of my life for the next three years," Guo said. Guo, now an undergraduate senior in Columbia's department of computer science, led a team that did a study on the subject, with the professor, Wenyao Xu of the University of Buffalo, as one of his coauthors. Published this week in the journal Science Advances, the paper seemingly upends a long-accepted truth about fingerprints: They are not, Guo and his colleagues argue, all unique.

In fact, journals rejected the work multiple times before the team appealed and eventually got it accepted at Science Advances. "There was a lot of pushback from the forensics community initially," recalled Guo, who had no background in forensics before the study. "For the first iteration or two of our paper, they said it's a well-known fact that no two fingerprints are alike. I guess that really helped to improve our study, because we just kept putting more data into it, (increasing accuracy) until eventually the evidence was incontrovertible," he said.

Stephen Harrison, an Englishman living in Thailand who posed as chief executive Steven Reece Lewis for the launch of the HyperVerse crypto scheme, told the Guardian Australia that he was paid to play the role of chief executive but denies having 'pocketed' any of the money lost. He says he received 180,000 Thai baht (about $7,500) over nine months and a free suit, adding that he was "shocked" to learn the company had presented him as having fake credentials to promote the scheme. From the report: He said he felt sorry for those who had lost money in relation to the scheme -- which he said he had no role in -- an amount Chainalysis estimates at US$1.3 billion in 2022 alone. "I am sorry for these people," he said. "Because they believed some idea with me at the forefront and believed in what I said, and God knows what these people have lost. And I do feel bad about this. "I do feel deeply sorry for these people, I really do. You know, it's horrible for them. I just hope that there is some resolution. I know it's hard to get the money back off these people or whatever, but I just hope there can be some justice served in all of this where they can get to the bottom of this." He said he wanted to make clear he had "certainly not pocketed" any of the money lost by investors.

Harrison, who at the time was a freelance television presenter engaged in unpaid football commentary, said he had been approached and offered the HyperVerse work by a friend of a friend. He said he was new to the industry and had been open to picking up more work and experience as a corporate "presenter." "I was told I was acting out a role to represent the business and many people do this," Harrison said. He said he trusted his agent and accepted that. After reading through the scripts he said he was initially suspicious about the company he was hired to represent because he was unfamiliar with the crypto industry, but said he had been reassured by his agent that the company was legitimate. He said he had also done some of his own online research into the organization and found articles about the Australian blockchain entrepreneur and HyperTech chairman Sam Lee. "I went away and I actually looked at the company because I was concerned that it could be a scam," Harrison said. "So I looked online a bit and everything seemed OK, so I rolled with it." The HyperVerse crypto scheme was promoted by Lee and his business partner Ryan Xu, both of which were founders of the collapsed Australian bitcoin company Blockchain Global. "Blockchain Global owes creditors $58 million and its liquidator has referred Xu and Lee to the Australian Securities and Investments Commission for alleged possible breaches of the Corporations Act," reports The Guardian. "Asic has said it does not intend to take action at this time."

Rodney Burton, known as "Bitcoin Rodney," was arrested and charged in the U.S on Monday for his alleged role in promoting the HyperVerse crypto scheme. The IRS alleges Burton was "part of a network that made 'fraudulent' presentations claiming high returns for investors based on crypto-mining operations that did not exist," reports The Guardian.

An anonymous reader quotes a report from The Guardian: A chief executive officer whose claimed qualifications appear to have no basis in fact was used to promote the HyperVerse crypto fund, alongside celebrity messages of support, as part of a push to recruit new investors into the scheme. A Guardian Australia investigation last month revealed thousands of people have lost millions of dollars to the HyperVerse crypto scheme, which was promoted by the Australian entrepreneur Sam Lee and his business partner, Ryan Xu, two of the founders of the collapsed Australian bitcoin company Blockchain Global. Blockchain Global owes creditors $58 million and its liquidator has referred Xu and Lee to the Australian Securities and Investments Commission for alleged possible breaches of the Corporations Act. Asic has said it does not intend to take action at this time. The HyperVerse investment scheme is among those that appear to have escaped scrutiny in Australia despite being flagged by regulators overseas, by one as a possible "scam" and another as a "suspected pyramid scheme." Lee has denied HyperVerse was a scam and disputes being its founder.

A man named Steven Reece Lewis was introduced as the chief executive officer of HyperVerse at an online global launch event in December 2021, with video messages of support from a clutch of celebrities released on Twitter the following month, including from the Apple co-founder Steve Wozniak and actor Chuck Norris. Promotional material released for HyperVerse, which was linked to a previous scheme called HyperFund, said Reece Lewis was a graduate of the University of Leeds and held a master's degree from the University of Cambridge. A brief career summary of Reece Lewis, which was presented in a video launch for potential investors, said he had worked for Goldman Sachs, sold a web development company to Adobe and launched an IT start-up firm, before being recruited to head up HyperVerse by the HyperTech group. This was the umbrella organization for a range of Hyper-branded crypto schemes.

Lee spoke at the launch event as "chairman" of the HyperTech group, while Xu was introduced as the group's "founder." The company praised Reece Lewis's "strong performance and drive," citing his credentials as the reason for his recruitment. Guardian Australia has confirmed that neither the University of Leeds nor the University of Cambridge has any record of someone by the name Steven Reece Lewis on their databases. No records exist of Steven Reece Lewis on the UK companies register, Companies House, or on the US Securities and Exchange Commission. Adobe, a publicly listed company since 1986, has no record of any acquisition of a company owned by a Steven Reece Lewis in any of its public SEC filings. It is understood that Goldman Sachs could find no record of Reece Lewis having worked for the company. Guardian Australia was unable to find a LinkedIn profile for Reece Lewis or any internet presence other than HyperVerse promotional material. A Twitter account in Reece Lewis's name was set up a month before he appeared in the HyperVerse video launch and was used to promote the scheme on the platform for just six months before the account became inactive.

Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices. The Register reports: The research team -- Guenevere Chen, an associate professor at the University of Texas at San Antonio, her doctoral student Qi Xia, and Shouhuai Xu, a professor at the University of Colorado Colorado Springs -- found Apple's Siri, Google's Assistant, Microsoft's Cortana, and Amazon's Alexa are all vulnerable to NUIT attacks, albeit to different degrees. In an interview with The Register this month, Chen and Xia demonstrated two separate NUIT attacks: NUIT-1, which emits sounds to exploit a victim's smart speaker to attack the same victim's microphone and voice assistant on the same device, and NUIT-2, which exploits a victim's speaker to attack the same victim's microphone and voice assistant on a different device. Ideally, for the attacker, these sounds should be inaudible to humans.

The attacks work by modulating voice commands into near-ultrasound inaudible signals so that humans can't hear them but the voice assistant will still respond to them. These signals are then embedded into a carrier, such as an app or YouTube video. When a vulnerable device picks up the carrier, it ends up obeying the hidden embedded commands. Attackers can use social engineering to trick the victim into playing the sound clip, Xia explained. "And once the victim plays this clip, voluntarily or involuntarily, the attacker can manipulate your Siri to do something, for example, open your door."

For NUIT-1 attacks, using Siri, the answer is yes. The boffins found they could control an iPhone's volume so that a silent instruction to Siri generates an inaudible response. The other three voice assistants -- Google's, Cortana, and Alexa -- are still susceptible to the attacks, but for NUIT-1, the technique can't silence devices' response so the victim may notice shenanigans are afoot. It's also worth noting that the length of malicious commands must be below 77 milliseconds -- that's the average reaction time for the four voice assistants across multiple devices.

In a NUIT-2 attack, the attacker exploits the speaker on one device to attack the microphone and associated voice assistant of a second device. These attacks aren't limited by the 77-millisecond window and thus give the attacker a broader range of possible action commands. An attacker could use this scenario during Zooms meeting, for example: if an attendee unmutes themself, and their phone is placed next to their computer, an attacker could use an embedded attack signal to attack that attendees phone. The researchers will publish their research and demonstrate the NUIT attacks at the USENIX Security Symposium in August.

An anonymous reader quotes a report from CNBC: China's chip industry will be "reborn" as a result of U.S. sanctions, a top boss at Huawei said Friday, as the Chinese telecommunications giant confirmed a breakthrough in semiconductor design technology. Eric Xu, rotating chairman at Huawei, issued fighting words against Washington's tech export restrictions on China. "I believe China's semiconductor industry will not sit idly by, but take efforts around ... self-strengthening and self reliance," according to an official translation of Xu's comments during a press conference. "For Huawei, we will render our support to all such self-saving, self-strengthening and self reliance efforts of the Chinese semiconductor industry."

The U.S. is concerned that China could use advanced semiconductors for military purposes. Huawei's Xu said these developments could boost, rather than hamper China's domestic semiconductor industry. "I believe China's semiconductor industry will get reborn under such sanctions and realize a very strong and self-reliant industry," Xu said. Last week, Huawei claimed to have completed work on electronic design automation tools for laying out and making chips down to 14nm process nodes.

"But Huawei ideally needs chips of a much smaller nanometer size for more advanced applications, which they are currently finding it difficult to obtain," adds Reuters. "The company is still reeling from the effects of U.S. sanctions -- on Friday, it said net profit dropped 69% year-on-year in 2022, marking the biggest decline on record."

Huawei has reportedly completed work on electronic design automation (EDA) tools for laying out and making chips down to 14nm process nodes. The Register reports: Chinese media said the platform is one of 78 being developed by the telecoms equipment giant to replace American and European chip design toolkits that have become subject to export controls by the US and others. Huawei's EDA platform was reportedly revealed by rotating Chairman Xu Zhijun during a meeting in February, and later confirmed by media in China. [...] Huawei's focus on EDA software for 14nm and larger chips reflects the current state of China's semiconductor industry. State-backed foundry operator SMIC currently possesses the ability to produce 14nm chips at scale, although there have been some reports the company has had success developing a 7nm process node.

Today, the EDA market is largely controlled by three companies: California-based Synopsys and Cadence, as well as Germany's Siemens. According to the industry watchers at TrendForce, these three companies account for roughly 75 percent of the EDA market. And this poses a problem for Chinese chipmakers and foundries, which have steadily found themselves cut off from these tools. Synopsys and Cadence's EDA tech is already subject to several of these export controls, which were stiffened by the US Commerce Department last summer to include state-of-the-art gate-all-around (GAA) transistors. This January, the White House also reportedly stopped issuing export licenses to companies supplying the likes of Huawei.

This is particularly troublesome for Huawei, foundry operator SMIC, and memory vendor YMTC to name a few on the US Entity List, a roster of companies Uncle Sam would prefer you not to do business with. It leaves them unable to access recent and latest technologies, at the very least. So the development of a homegrown EDA platform for 14nm chips serves as insurance in case broader access to Western production platforms is cut off entirely.

The New York Times magazine tells the story of an innocuous-seeming message on LinkedIn in 2017 from Qu Hui, the deputy director of the China-based Provincial Association for International Science and Technology Development.

Federal agents eventually obtained search warrants for two Gmail addresses the official was using, and "In what would prove to be a lucky break, the investigators found that each email address was the Apple ID used for an iPhone, linked to an iCloud account where data from the phones was periodically backed up. The agents were later able to obtain search warrants for the two iCloud accounts [that] opened a treasure trove." This included confirmation of what they had suspected all along: that Qu worked for Chinese intelligence. His real name was Xu Yanjun. He had worked at the Ministry of State Security since 2003, earning six promotions to become a deputy division director of the Sixth Bureau in the Jiangsu Province M.S.S. Like so many of us, he had taken pictures of important documents using his iPhone — his national ID card, pay stubs, his health insurance card, an application for vacation — which is how they ended up in his iCloud account. There, investigators also found an audio recording of a 2016 conversation with a professor at N.U.A.A. in which Xu had talked about his job in intelligence and the risks associated with traveling. "The leadership asks you to get the materials of the U.S. F-22 fighter aircraft," he told the professor. "You can't get it by sitting at home." The discovery of evidence of Xu's identity in an iCloud account makes for a kind of delicious reversal. The ubiquitous use of iPhones around the world — a result of America's technological prowess — was helping to fight back against a rival nation's efforts to steal technology.
Qu scheduled a meeting in Brussels with one American target — where he was arrested and extradited to America, becoming the first-ever Chinese intelligence official convicted on U.S. soil on charges of economic espionage. The prosecution contended that Xu had been systematically going after intellectual property at aerospace companies in the United States and Europe through cyberespionage and the use of human sources. It's not often that prosecutors find a one-stop shop for much of their evidence, but that's what Xu's iCloud account was — a repository of the spy's personal and professional life. That's because often Xu used his iPhone calendar as a diary, documenting not just the day's events but also his thoughts and feelings.... The messages in Xu's iCloud account enabled investigators to make another damning discovery. Xu had helped coordinate a cyberespionage campaign that targeted several aviation technology companies....

At the end of the trial, Xu was convicted of conspiring and attempting to commit economic espionage and theft of trade secrets.... According to Timothy Mangan, who led the prosecution, the evidence laid out during Xu's trial goes far beyond merely proving his guilt — it uncovers the systematic nature of China's vast economic espionage. The revelation of Xu's activities lifts the veil on how pervasive China's economic espionage is, according to the F.B.I. agent. If just one provincial officer can do what he did, the agent suggests, you can imagine how big the country's overall operations must be.
The article notes that the Chinese government "also offers financial incentives to help Chinese expats start their own businesses in China using trade secrets stolen from their American employers." It also cites a 2019 report from a congressional committee's security review that found "myriad ways in which Chinese companies, often backed by their government, help transfer strategic know-how from the United States to China." The maneuvers range from seemingly benign (acquiring American firms with access to key intellectual property) to notoriously coercive (compelling American companies to form joint ventures with Chinese firms and share trade secrets with them in return for access to the Chinese market) to outright theft. Cyberattacks have become an increasingly common tactic because they can't always be linked directly to the Chinese government. Over the past few years, however, federal agents and cybersecurity experts in the U.S. have identified the digital footprints left along the trails of these attacks — malware and I.P. addresses among them — and traced this evidence back to specific groups of hackers with proven ties to the Chinese government.
One 2020 indictment blamed five "computer hackers" in China for breaching more than 100 organizations.

Thanks to Slashdot reader schwit1 for sharing the article.

The BBC reports: It was an innocuous-looking photograph that turned out to be the downfall of Zheng Xiaoqing, a former employee with energy conglomerate General Electric Power. According to a Department of Justice indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself. It was a technique called steganography, a means of hiding a data file within the code of another data file. Mr Zheng utilised it on multiple occasions to take sensitive files from GE....

The information Zheng stole was related to the design and manufacture of gas and steam turbines, including turbine blades and turbine seals. Considered to be worth millions, it was sent to his accomplice in China. It would ultimately benefit the Chinese government, as well as China-based companies and universities. Zheng was sentenced to two years in prison earlier this month. It is the latest in a series of similar cases prosecuted by US authorities. In November Chinese national Xu Yanjun, said to be a career spy, was sentenced to 20 years in prison for plotting to steal trade secrets from several US aviation and aerospace companies — including GE.

It is part of a broader struggle as China strives to gain technological knowhow to power its economy and its challenge to the geopolitical order, while the US does its best to prevent a serious competitor to American power from emerging.... Last July FBI director Christopher Wray told a gathering of business leaders and academics in London that China aimed to "ransack" the intellectual property of Western companies so it can speed up its own industrial development and eventually dominate key industries. He warned that it was snooping on companies everywhere "from big cities to small towns — from Fortune 100s to start-ups, folks that focus on everything from aviation, to AI, to pharma".

At the time, China's then foreign ministry spokesman Zhao Lijian said Mr Wray was "smearing China" and had a "Cold War mentality".
Thanks to long-time Slashdot reader schwit1 for sharing the article.

DoorDash is reducing its corporate staff by about 1,250, or 6% of the company, as the food-delivery platform works to rein in costs after a pandemic-fueled growth spurt, according to an internal memo from Chief Executive Tony Xu. WSJ: DoorDash is the latest among a swath of technology companies to cut staff to pare back costs as rising interest rates and economic uncertainty spur investors to focus more on profitability. DoorDash, like many companies, is also navigating shifting consumer habits as trends normalize from pandemic disruptions. The company's food-delivery competitors, such as Uber face their slowest growth in years.

"We were not as rigorous as we should have been in managing our team growth," Mr. Xu said in the memo, which was viewed by The Wall Street Journal. "That's on me. As a result, operating expenses grew quickly." Growth has tapered from pandemic highs, Mr. Xu said, and operating costs would continue to outpace sales growth if left unaddressed. Since its 2020 initial public offering, DoorDash has struggled to turn a profit, though it did post a profitable quarter at the start of the pandemic. Earlier in November, DoorDash posted a wider-than-expected loss of $296 million for the third quarter as costs surged 46% to over $2 billion.

This month Road & Track looked at "increased cybersecurity measures" automakers are adding to car systems — and how it's affecting the vendors of "aftermarket" enhancements: As our vehicles start to integrate more complex systems such as Advanced Driver Assist Systems and over-the-air updates, automakers are growing wary of what potential bad actors could gain access to by way of hacking. Whether those hacks come in an attempt to retrieve personal customer data, or to take control of certain aspects of these integrated vehicles, automakers want to leave no part of that equation unchecked. "I think there are very specific reasons why the OEMs are taking encryption more seriously," HP Tuners director of marketing Eddie Xu told R&T. "There's personal identifiable data on vehicles, there's more considerations now than just engine control modules controlling the engine. It's everything involved."

In order to prevent this from becoming a potential safety or legal issue, companies like Ford have moved to heavily encrypt their vehicle's software. S650 Mustang chief engineer Ed Krenz specifically noted that the new FNV architecture can detect when someone attempts to modify any of the vehicle's coding, and that it can respond by shutting down an individual vehicle system or the vehicle entirely if that's what is required.

That sort of total lockout presents an interesting challenge for [car performance] tuners who rely on access to things like engine and transmission control modules to create their products.
Last month Ford acknowledged tuners would find the S650 Mustang "much more difficult," the article points out. And they add that Dodge also "intends to lock down the Engine Control Units of its upcoming electric muscle car offerings, though it will offer performance upgrades via its own over-the-air network."

"We don't want to lock the cars and say you can't modify them," Dodge CEO Kuniskis told Carscoops. "We just want to lock them and say modify them through us so that we know it's done right."

Thanks to long-time Slashdot reader schwit1 for submitting the article.