Forgot your password?
typodupeerror

Comment If the government does push back... (Score 1) 1

... expect the solution to be no more movies "sales," just rentals with a fixed time limit, either "until [date master license expires/is up for renewal]" or "some number of weeks/years".

Another solution will be to shift to a "library access" model, which is already common. At least that will be understandable by the general public: Most people know that brick-and-mortar public libraries retire old books to make way for newer ones.

As for existing complaints, the best hope consumers have is that some law firm will successfully argue that the fine print is too buried to create an enforceable contract, then reach a settlement that gives consumers some partial credit depending on how long they had access to their purchase, with vanishingly-low credit if the purchase was more than a few years ago.

Comment Sentience != legal rights (Score 1) 1

When it comes to AI, I expect there will be many years between any credible, widely-recognized claim of sentience and the time when more than a few countries recognize "human rights" for them, if it happens at all.

Having sentience is not required for most people to say "this person/entity deserves human rights," and such rights are routinely granted to non-sentient individuals or entities:

We rightfully give legal human rights to people with medical conditions that render them not self-aware and not intelligent in any meaningful way (e.g. newborns with severe anencephaly, who may only have a brain stem and may only live a few minutes), because they part of a larger class (people) who by definition are supposed to have human rights.

We give limited "person rights" to corporations and other legal entities, but they only exist as legal fiction.

We do not give "basic human rights" to primates, dogs, dolphins, octopuses, and other animals even though there are examples of each that are arguably smarter and more self-aware than a typical 4 year old child. Even in the USA, dogs - "Man's best friend" - are routinely killed (albeit humanely) in some animal shelters for no reason other than the shelter they are in is too full.

In some countries and periods of history, we don't even give "basic human rights" to all healthy adults (e.g. repressed political minorities, children, the ill, the elderly, slaves, women, etc.).

In short, being sentient doesn't mean you get legally-protected human rights, and you (rightfully) may get legally-protected human rights even if you, as an individual, are not self-aware and show no signs of being intelligent.

Comment Re:Good news comrad! (Score 1) 37

I guess they could have it, after an appropriate time without comms, key up on the ICAO emergency frequency and start broadcasting its intentions. "Thank you for jamming the satellite communications! This satellite will self-destruct in two minutes and 45 seconds."

"I'm a 30 second bomb! I'm a 30 second bomb! 29... 28... 27..."

Comment Re:Parent's phone gets dialog to approve .... (Score 1) 120

If that's true, why are they typing my driver's license number into the cash register?

Some states require that, ironically, Texas doesn't.

I'm aware, but unless they're piping the input to /dev/null (which they of course are not) the data is almost certainly going to a "centralized purchase record database" which the grandparent has blithely assured us is not happening.

Submission + - Fundamental architectural flaw in cryptographic trust

An anonymous reader writes: Confidential computing's core trust mechanism is broken. The fix may not exist

“Attested TLS: the handshake that can't prove who's on the other end”

“Muhammad Usama Sardar, a researcher at TU Dresden, has spent the past two years formally verifying whether that protocol, known as attested TLS, actually does what it claims. Using ProVerif, a tool for the symbolic security analysis of protocols, he and his co-authors discovered that it largely does not.”

Submission + - AI Agent Executes 'First' End-To-End Ransomware Attack (theregister.com)

An anonymous reader writes: They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented agentic ransomware infection with an LLM — not a human — driving the entire extortion operation, from gaining initial access to compromising a production database server and destroying data. The security shop’s research team named the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248, and then ran a fully automated attack. “The most striking characteristic, however, was the LLM's behavior,” Sysdig director of threat research Michael Clark said in a blog about the agentic ransomware and extortion operation.

JadePuffer’s “self-narrating” payloads “contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively,” Clark added. “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials “with explicit coverage of Chinese providers” including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker’s infrastructure every 30 minutes. JadePuffer’s intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we’re told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider’s microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn’t know how the attacker obtained them. These credentials weren’t stolen from the victim’s environment.

JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can’t recover the encrypted data, even if they paid the ransom demand, because the agent escalated “from row-level deletion to dropping entire database schemas, narrating its own targeting rationale,” without backing up any of the encrypted data.

Comment Obligatory religious joke (Score 3, Funny) 59

After discovering how to clone humans, two scientists challenged God:

"We don't need you anymore," they said. "We can make life by ourselves now."

"Okay," God replied, "let's have a man-making contest."

"All right," said the scientists. "We'll do it like you did in the beginning." Then they reached down to grab a handful of dirt to begin to form a man.

Then they heard God's voice from heaven: "Hold it - get your own dirt!"

--
Credit: Not sure who created this joke, but I 8th-commandmented it from here.

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Working...