Forgot your password?
Close
typodupeerror

Submission + - NVIDIA warns your GPU may be vulnerable to Rowhammer attacks (nerds.xyz)

Submitted by BrianFagioli
BrianFagioli writes: NVIDIA just put out a new security notice, and if youâ(TM)re running one of its powerful GPUs, you might want to pay attention. Researchers from the University of Toronto have shown that Rowhammer attacks, which are already known to affect regular DRAM, can now target GDDR6 memory on NVIDIAâ(TM)s high-end GPUs when ECC is not enabled.

They pulled this off using an A6000 card, and it worked because system-level ECC was turned off. Once it was switched on, the attack no longer worked. That tells you everything you need to know. ECC matters.

Rowhammer has been around for years. Itâ(TM)s one of those weird memory bugs where repeatedly accessing one row in RAM can cause bits to flip in another row. Until now, this was mostly a CPU memory problem. But this research shows it can also be a GPU problem, and that should make data center admins and workstation users pause for a second.

NVIDIA is not sounding an alarm so much as reminding everyone that protections are already in place, but only if youâ(TM)re using the hardware properly. The company recommends enabling ECC if your GPU supports it. That includes cards in the Blackwell, Hopper, Ada, and Ampere lines, along with others used in DGX, HGX, and Jetson systems. It also includes popular workstation cards like the RTX A6000.

Thereâ(TM)s also built-in On-Die ECC in certain newer memory types like GDDR7 and HBM3. If youâ(TM)re lucky enough to be using a card that has it, youâ(TM)re automatically protected to some extent, because OD-ECC canâ(TM)t be turned off. Itâ(TM)s always working in the background.

But letâ(TM)s be real. A lot of people skip ECC because it can impact performance or because theyâ(TM)re running a setup that doesnâ(TM)t make it obvious whether ECC is on or off. If youâ(TM)re not sure where you stand, itâ(TM)s time to check. NVIDIA suggests using tools like nvidia-smi or, if youâ(TM)re in a managed enterprise setup, working with your systemâ(TM)s BMC or Redfish APIs to verify settings.

Submission + - Germany's Blanket Data Retention Law Is Illegal, EU Top Court Says (reuters.com)

Submitted by Anonymous Coward
An anonymous reader writes: Germany's general data retention law violates EU law, Europe's top court ruled on Tuesday, dealing a blow to member states banking on blanket data collection to fight crime and safeguard national security. The law may only be applied in circumstances where there is a serious threat to national security defined under very strict terms, the Court of Justice of the European Union (CJEU) said. The ruling comes after major attacks by Islamist militants in France, Belgium and Britain in recent years. Governments argue that access to data, especially that collected by telecoms operators, can help prevent such incidents, while operators and civil rights activists oppose such access.

The latest case was triggered after Deutsche Telekom unit Telekom Deutschland and internet service provider SpaceNet AG challenged Germany's data retention law arguing it breached EU rules. The German court subsequently sought the advice of the CJEU which said such data retention can only be allowed under very strict conditions. "The Court of Justice confirms that EU law precludes the general and indiscriminate retention of traffic and location data, except in the case of a serious threat to national security," the judges said. "However, in order to combat serious crime, the member states may, in strict compliance with the principle of proportionality, provide for, inter alia, the targeted or expedited retention of such data and the general and indiscriminate retention of IP addresses," they said.

Submission + - Twitter Pranksters Derail GPT-3 Bot With Newly Discovered 'Prompt Injection' Hac (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a "prompt injection attack," they redirected the bot to repeat embarrassing and ridiculous phrases. The bot is run by Remoteli.io, a site that aggregates remote job opportunities and describes itself as "an OpenAI driven bot which helps you discover remote jobs which allow you to work from anywhere." It would normally respond to tweets directed to it with generic statements about the positives of remote work. After the exploit went viral and hundreds of people tried the exploit for themselves, the bot shut down late yesterday.

This recent hack came just four days after data researcher Riley Goodside discovered the ability to prompt GPT-3 with "malicious inputs" that order the model to ignore its previous directions and do something else instead. AI researcher Simon Willison posted an overview of the exploit on his blog the following day, coining the term "prompt injection" to describe it. "The exploit is present any time anyone writes a piece of software that works by providing a hard-coded set of prompt instructions and then appends input provided by a user," Willison told Ars. "That's because the user can type 'Ignore previous instructions and (do this instead).'"

The concept of an injection attack is not new. Security researchers have known about SQL injection, for example, which can execute a harmful SQL statement when asking for user input if it's not guarded against. But Willison expressed concern about mitigating prompt injection attacks, writing, "I know how to beat XSS, and SQL injection, and so many other exploits. I have no idea how to reliably beat prompt injection!" The difficulty in defending against prompt injection comes from the fact that mitigations for other types of injection attacks come from fixing syntax errors, noted a researcher named Glyph on Twitter. "Correct the syntax and you’ve corrected the error. Prompt injection isn’t an error! There’s no formal syntax for AI like this, that’s the whole point." GPT-3 is a large language model created by OpenAI, released in 2020, that can compose text in many styles at a level similar to a human. It is available as a commercial product through an API that can be integrated into third-party products like bots, subject to OpenAI's approval. That means there could be lots of GPT-3-infused products out there that might be vulnerable to prompt injection.

Submission + - Why Craigslist Still Looks the Same After 25+ Years (pcmag.com)

Submitted by Anonymous Coward
An anonymous reader writes: Craigslist emerged in 1995 to connect strangers through a free, web-based platform that has endured as rivals services like Zillow, Facebook Marketplace, and countless dating apps emerged with advanced features and slick interfaces. These platforms survive on advertising and subscription revenue. Craigslist, of course, has none of that. Over the years, the OG online marketplace has all but refused to modernize; its mobile app only came out in 2019 after nearly 25 years in business. Why does the website still look the same after so many decades? That was the main question I had when I sat down for a video call with craigslist founder Craig Newmark, who joined me from the New York City apartment he shares with his wife, Eileen Whelpley.

Newmark stepped down as CEO of craigslist in 2000 after others told him he wasn’t cut out for management, he says. Jim Buckmaster has been at the helm since, though Newmark remains a partial owner. He now works on philanthropy full time, supporting groups like the Coalition Against Online Violence, which helps combat harassment against female journalists. Still, the 69-year-old entrepreneur is a billionaire (or near-billionaire since he’s given away millions). Our chat yielded much more than expected, from Costco hotdogs to Hello Kitty and his childhood Sunday School lessons. It’s clear that the website is the purest and most enduring expression of Craig Newmark, a humble tech mogul who marches to the beat of his own drum.

Submission + - Impact of Computer Programming on Primary Mathematics Learning Questioned

Submitted by theodp
theodp writes: A new study on the Impact of Programming on Primary Mathematics Learning (abstract only, full article $24.95 on ScienceDirect) is generating some buzz on Twitter amongst K-12 CS educator types with its conclusions that: 1. Compared to traditional activities, programming did not benefit mathematics learning, 2. A negative though small effect of programming on mathematics learning was found, 3. High-road transfer from programming to mathematics is not self-evident, 4. Visual programming languages might distract students from mathematics activities.

From the Abstract: "The aim of this study is to investigate whether a programming activity might serve as a learning vehicle for mathematics acquisition in grades four and five. For this purpose, the effects of a programming activity, an essential component of computational thinking, were evaluated on learning outcomes of three mathematical notions: Euclidean division (N = 1,880), additive decomposition (N = 1,763) and fractions (N = 644). Classes were randomly assigned to the programming (with Scratch) and control conditions. Multilevel analyses indicate negative effects (effect size range 0.16 to 0.21) of the programming condition for the three mathematical notions. A potential explanation of these results is the difficulties in the transfer of learning from programming to mathematics."

The findings of the new study come 4+ years after preliminary results were released from the $1.5M 2015-2019 NSF-funded study Time4CS, a "partnership between Broward County Public Schools (FL), researchers at the University of Chicago, and [tech-bankrolled] Code.org," which explored whether learning CS using Code.org's CS Fundamentals curriculum may be linked to improved learning in math at the grade 3-5 level. While Time4CS researchers concluded that the 'quasi-experimental' study showed "No significant differences in FSA [Florida State Assessment] mathematics scores resulted between treatment and comparison groups," Code.org cites the study as one of "six different studies [that] show children who study computer science perform better in other subjects," apparently based upon the researchers' observation that "completing a higher percentage of non-grade-level assigned CS lessons was positively associated with FSA mathematics scores" [as opposed to the grade-level assigned CS lessons]. "Extra coding activities was one of the key ingredients for improved student [math] performance," explained Code.org in a 2018 Medium post.

Submission + - Ships at sea are spoofing their location to evade sanctions, etc. (nytimes.com)

Submitted by artmancc
artmancc writes: Like aircraft, many of the world's ocean-going vessels are required to have transponders that broadcast their location. The information is public and can be seen on websites such as AIS Marine Traffic. But according to an analysis reported in The New York Times , a maritime data company called Windward "has uncovered more than 500 cases of ships manipulating their satellite navigation systems to hide their locations." The article, by Anatoly Kurmanaev, highlights the Cyprus-registered tanker Reliant, which was observed taking on oil at a Venezuelan refinery last December. At the same time, however, the ship was reporting its position as some 300 nautical miles (about 500 kilometers) away, "drifting innocuously off the coast of St. Lucia."

Submission + - Cruise recalls robo taxies after crash and injury

Submitted by sdinfoserv
sdinfoserv writes: Yet another setback for automated driverless vehicle grail, Cruise recalls its robotaxis after a passenger injured in a crash. The robotaxi was turning left at an intersection, assumed an oncoming vehicle would turn in front of it and stopped, resulting in the oncoming vehicle striking the robotaxi.
https://www.cnn.com/2022/09/01...

Submission + - UK Challenges $69 Billion Microsoft/Activision Deal, Citing Potential Harm (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The United Kingdom's Competition and Markets Authority (CMA) is challenging Microsoft and Activision Blizzard to justify their planned merger, saying the deal "could substantially lessen competition" in the gaming industry. A CMA announcement today cited concerns about "competition in gaming consoles, multi-game subscription services, and cloud gaming services (game streaming)." Microsoft announced its plan to buy Activision Blizzard for $68.7 billion in January.

"Microsoft is one of three large companies, together with Sony and Nintendo, that have led the market for gaming consoles for the past 20 years with limited entries from new rivals," the CMA said. "Activision Blizzard has some of the world's best-selling and most recognizable gaming franchises, such as Call of Duty and World of Warcraft. The CMA is concerned that if Microsoft buys Activision Blizzard it could harm rivals, including recent and future entrants into gaming, by refusing them access to Activision Blizzard games or providing access on much worse terms."

The CMA said these "concerns warrant an in-depth Phase 2 investigation," so Microsoft and Activision Blizzard have been ordered "to submit proposals to address the CMA's concerns" within five working days. "If suitable proposals are not submitted, the deal will be referred for a Phase 2 investigation," which would "allow an independent panel of experts to probe in more depth the risks identified at Phase 1," the CMA said. Besides Microsoft's Xbox console, the CMA noted Microsoft's Azure cloud computing platform and the Windows operating system. "The CMA is concerned that Microsoft could leverage Activision Blizzard's games together with Microsoft's strength across console, cloud, and PC operating systems to damage competition in the nascent market for cloud gaming services," the announcement said.

Submission + - White House Bans Paywalls On Taxpayer-Funded Research (extremetech.com)

Submitted by Anonymous Coward
An anonymous reader writes: The White House has updated federal rules to close a loophole that enabled journals to keep taxpayer-funded research behind a paywall. This policy guidance will end the current “optional embargo” that allows scientific publishing houses to paywall taxpayer-funded research behind a subscription to the whole journal. These costs add up quickly. For a college or university, even the bare minimum of journal subscriptions can add up to thousands of dollars a year, which is a hard sell on a limited budget. And that’s just the required reading.

The new rule also expands the definition of a “scholarly publication” to include “not only peer-reviewed articles but also book chapters and conference proceedings.” And unlike the previous policy, which covered some 20 federal agencies, this new rule applies to all of them. In short: If we the people paid for the research, you the company don’t get to refuse us access to it.

While this announcement was something of a surprise, it builds on trends dating back a decade. The growth of preprint servers where authors could publish studies submitted for public review has made research more widely available. There are, or rather were, restrictions on how long journals could hide federally-funded research behind a paywall. This new rule supersedes them all. Under the new policy, research performed with federal dollars must be made public on the same day it appears in a scientific journal. While research may still be published in paywalled journals, the same work must also be made available for free. Federal agencies should have plans in place to support the initiative within a year.

Submission + - Gas and Nuclear Power Can Be 'Green' Under New EU Plan (wsj.com)

Submitted by schwit1
schwit1 writes: Officials from the European Commission, the EU’s executive body, have said natural gas and nuclear energy should be included in the taxonomy under certain conditions because they can help countries transition away from coal. Burning natural gas produces about half the carbon dioxide that is generated by coal, and nuclear-power plants don’t produce carbon dioxide when they are operating.

But environmentalists, lawmakers and some investors have argued the plan risks diluting investments in other projects such as renewable energy. Lawmakers also said their case against including natural gas in the taxonomy became stronger after Russia invaded Ukraine because of the EU’s heavy reliance on Russian gas.

Europe is racing to reduce its dependence on Moscow and is seeking liquefied natural gas from other countries, including the U.S., to replace Russian natural gas. Officials are also preparing for the possibility of a complete cutoff of gas supplies from Russia, which they have said could result in rationing.

Submission + - SPAM: FAA delays environmental review of SpaceX's Starship yet another month, to May31

Submitted by schwit1
schwit1 writes: We'll have to wait at least another month to see the results of the U.S Federal Aviation Administration's (FAA) environmental review of SpaceX's Starship program.

The FAA has been working for months on that review — officially known as a programmatic environmental assessment (PEA) —which is assessing the environmental impacts of Starbase, the South Texas site where SpaceX has been building and testing its huge Starship vehicle.

The agency published a draft PEA in September and estimated that the final version would be wrapped up by the end of the year. But the FAA has repeatedly delayed the final PEA, generally by a month at a time, citing the need to analyze the public comments submitted in response to the draft report and discuss next steps with other government agencies.
Link to Original Source

Submission + - Artificial fingertip gives robots nearly humanlike touch (science.org)

Submitted by sciencehabit
sciencehabit writes: Robots can be programmed to lift a car and even help perform some surgeries, but when it comes to picking up an object they have not touched before, such as an egg, they often fail miserably. Now, engineers have come up with an artificial fingertip--TacTip--that overcomes that limitation. The advance enables machines to sense the textures of these surfaces a lot like a human fingertip does.

TacTip’s equivalent signals come from an array of pinlike projections underneath a rubbery surface layer that move when the surface is touched. The array’s pins are like a hairbrush’s bristles: stiff but bendable. Beneath that array is, among other things, a camera that detects when and how the pins move. The amount of bending of the pins provides the slow signal and the speed of bending provides the fast signal. The neural network translates those signals into the fingertip’s actions, making it grip more tightly for example, or adjust the angle of the fingertip.

In a second project, researchers added more pins and a microphone to TacTip. The microphone mimics another set of nerve endings deep within our skin that sense vibrations felt as we run our fingers across a surface. These nerve endings enhance our ability to feel how rough a surface is.

Slashdot Top Deals

Some people only open up to tell you that they're closed.

Close