jacobito - Slashdot User

Comment Re:The issue isn't the software (Score 3, Insightful) 129

by MilenCent on Wednesday August 14, 2024 @03:54AM (#64704376) Attached to: New Research Reveals AI Lacks Independent Learning, Poses No Existential Threat

I would. It's all how they're made. It's made specifically to _look like someone's thinking_ without any of the actual thought, which is why it frequently turns out to be wrong about things, often in ways that only the people who really know the subject will detect. It's the ultimate bullshitter.

Comment Re:Well duh (Score 2) 129

by MilenCent on Wednesday August 14, 2024 @03:50AM (#64704368) Attached to: New Research Reveals AI Lacks Independent Learning, Poses No Existential Threat

Yep. It was mostly hype that got us to this point. The people who made the "AIs" (because they're not really intelligent) had a financial interest in them seeming powerful and spooky, it made them seem more valuable. The more examples I see, the more it strikes me that they're really not all that different from a simple Markov text generator in ability, just with a very large corpus and a large text buffer. I've been sure that there had to be more to them than that, but geez, I keep being proven wrong.

Submission + - Modern Software Development is Mostly Junky Overhead

Submitted by theodp on Saturday July 27, 2024 @11:38AM

theodp writes: In The New Internet, a call to take back the Internet from its centralized rent-collecting cloud computing gatekeepers, Tailscale CEO and co-founder Avery Pennarun provocatively writes:

I read a post recently where someone bragged about using kubernetes to scale all the way up to 500,000 page views per month. But that’s 0.2 requests per second. I could serve that from my phone, on battery power, and it would spend most of its time asleep. In modern computing, we tolerate long builds, and then docker builds, and uploading to container stores, and multi-minute deploy times before the program runs, and even longer times before the log output gets uploaded to somewhere you can see it, all because we’ve been tricked into this idea that everything has to scale. People get excited about deploying to the latest upstart container hosting service because it only takes tens of seconds to roll out, instead of minutes. But on my slow computer in the 1990s, I could run a perl or python program that started in milliseconds and served way more than 0.2 requests per second, and printed logs to stderr right away so I could edit-run-debug over and over again, multiple times per minute.

How did we get here?

We got here because sometimes, someone really does need to write a program that has to scale to thousands or millions of backends, so it needs all that stuff. And wishful thinking makes people imagine even the lowliest dashboard could be that popular one day. The truth is, most things don’t scale, and never need to. We made Tailscale for those things, so you can spend your time scaling the things that really need it. The long tail of jobs that are 90% of what every developer spends their time on. Even developers at companies that make stuff that scales to billions of users, spend most of their time on stuff that doesn’t, like dashboards and meme generators.

As an industry, we’ve spent all our time making the hard things possible, and none of our time making the easy things easy. Programmers are all stuck in the mud. Just listen to any professional developer, and ask what percentage of their time is spent actually solving the problem they set out to work on, and how much is spent on junky overhead.

Submission + - 'Copyright Traps' Could Tell Writers If an AI Has Scraped Their Work (technologyreview.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @08:13PM

An anonymous reader writes: Since the beginning of the generative AI boom, content creators have argued that their work has been scraped into AI models without their consent. But until now, it has been difficult to know whether specific text has actually been used in a training data set. Now they have a new way to prove it: “copyright traps” developed by a team at Imperial College London, pieces of hidden text that allow writers and publishers to subtly mark their work in order to later detect whether it has been used in AI models or not. The idea is similar to traps that have been used by copyright holders throughout history—strategies like including fake locations on a map or fake words in a dictionary. [...] The code to generate and detect traps is currently available on GitHub, but the team also intends to build a tool that allows people to generate and insert copyright traps themselves.

Submission + - How a Cheap Barcode Scanner Helped Fix CrowdStrike'd Windows PCs In a Flash (theregister.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @04:58PM

An anonymous reader writes: Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike's shoddy testing software made possible. [...] The firm had the BitLocker keys for all its PCs, so Woltz and colleagues wrote a script that turned them into barcodes that were displayed on a locked-down management server's desktop. The script would be given a hostname and generate the necessary barcode and LAPS password to restore the machine.

Woltz went to an office supplies store and acquired an off-the-shelf barcode scanner for AU$55 ($36). At the point when rebooting PCs asked for a BitLocker key, pointing the scanner at the barcode on the server's screen made the machines treat the input exactly as if the key was being typed. That's a lot easier than typing it out every time, and the server's desktop could be accessed via a laptop for convenience. Woltz, Watson, and the team scaled the solution – which meant buying more scanners at more office supplies stores around Australia. On Monday, remote staff were told to come to the office with their PCs and visit IT to connect to a barcode scanner. All PCs in the firm's Australian fleet were fixed by lunchtime – taking only three to five minutes for each machine. Watson told us manually fixing servers needed about 20 minutes per machine.

Submission + - Automakers Sold Driver Data for Pennies, Senators Say (nytimes.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @04:27PM

An anonymous reader writes: If you drive a car made by General Motors and it has an internet connection, your car’s movements and exact location are being collected and shared anonymously with a data broker. This practice, disclosed in a letter (PDF) sent by Senators Ron Wyden of Oregon and Edward J. Markey of Massachusetts to the Federal Trade Commission on Friday, is yet another way in which automakers are tracking drivers, often without their knowledge. Previous reporting in The New York Times, which the letter cited, revealed how automakers including G.M., Honda and Hyundai collected information about drivers’ behavior, such as how often they slammed on the brakes, accelerated rapidly and exceeded the speed limit. It was then sold to the insurance industry, which used it to help gauge individual drivers’ riskiness.

The two Democratic senators, both known for privacy advocacy, zeroed in on G.M., Honda and Hyundai because all three had made deals, The Times reported, with Verisk, an analytics company that sold the data to insurers. In the letter, the senators urged the F.T.C.’s chairwoman, Lina Khan, to investigate how the auto industry collects and shares customers’ data. One of the surprising findings of an investigation by Mr. Wyden’s office was just how little the automakers made from selling driving data. According to the letter, Verisk paid Honda $25,920 over four years for information about 97,000 cars, or 26 cents per car. Hyundai was paid just over $1 million, or 61 cents per car, over six years. G.M. would not reveal how much it had been paid, Mr. Wyden’s office said. People familiar with G.M.’s program previously told The Times that driving behavior data had been shared from more than eight million cars, with the company making an amount in the low millions of dollars from the sale. G.M. also previously shared data with LexisNexis Risk Solutions.

Submission + - If Congress probes CrowdStrike, they'll likely examine management oversight (techtarget.com)

Submitted by dcblogs on Friday July 26, 2024 @08:56AM

dcblogs writes: Congress is unlikely to settle for a simple technical explanation from CrowdStrike regarding the root cause of its failure. Lawmakers have asked CrowdStrike officials to appear before a U.S. House committee. They will likely ask whether management issues, inadequate oversight, employee turnover, training, processes, communications, resource allocation, and tool investment contributed to this outage. They will also examine the remedies detailed on Wednesday by Crowdstrike, which included basic Q&A practices such as local developer testing. Local developer testing, or basic unit testing, involves testing software on a single, isolated machine or environment, explained Jim Johnson, who recently retired as the longtime chair of the Standish Group, a research organization that studies software failures. "I do not see anything in their response that would prevent future issues," Johnson said after reviewing CrowdStrike's "software resiliency and testing" prevention plans. Owners of systems that were disabled will also have much to explain. For instance, it crashed 911 systems in several states but not in NYC, which uses a sandbox for updates. Herb Krasner, an advisory board member and author of the 2022 Consortium for Information and Software Quality's report on "The Cost of Poor Software Quality in the U.S.," noted that the issue is generally one of "organizational willpower in the C-Suite to do better than they currently are doing." He added, "Meaning specifically that quality is not usually an organizational goal—which is now coming home to roost."

CrowdStrike preliminary review: https://www.crowdstrike.com/wp...

Submission + - Secure Boot Is Completely Broken On 200+ Models From 5 Big Device Makers (arstechnica.com)

Submitted by Anonymous Coward on Thursday July 25, 2024 @04:25PM

An anonymous reader writes: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings “DO NOT SHIP” or “DO NOT TRUST.” These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here.

Submission + - Project 2025 could escalate US cybersecurity risks, endanger more Americans (csoonline.com)

Submitted by snydeq on Thursday July 25, 2024 @11:25AM

snydeq writes: The conservative think tank blueprint for how Donald Trump should govern the US if he wins in November calls for dismantling CISA, among many cyber-related measures. Experts say this would increase cybersecurity risks, undermine critical infrastructure, and put more Americans in danger. CSO's Cynthia Brumfield takes a look at what could become of US cybersecurity policy under a Trump administration in 2025 and beyond.

Submission + - AI Video Generator Runway Trained on 1000s of YouTube Videos Without Permission (404media.co)

Submitted by samleecole on Thursday July 25, 2024 @10:02AM

samleecole writes: A leaked document obtained by 404 Media shows company-wide effort at generative AI company Runway, where employees collected thousands of YouTube videos and pirated content for training data for its Gen-3 Alpha model.

The model—initially codenamed Jupiter and released officially as Gen-3—drew widespread praise from the AI development community and technology outlets covering its launch when Runway released it in June. Last year, Runway raised $141 million from investors including Google and Nvidia, at a $1.5 billion valuation.

The spreadsheet of training data viewed by 404 Media and our testing of the model indicates that part of its training data is popular content from the YouTube channels of thousands of media and entertainment companies, including The New Yorker, VICE News, Pixar, Disney, Netflix, Sony, and many others. It also includes links to channels and individual videos belonging to popular influencers and content creators, including Casey Neistat, Sam Kolder, Benjamin Hardman, Marques Brownlee, and numerous others.

Submission + - The Kremlin Jails the Father of Russia's Internet (cepa.org)

Submitted by Anonymous Coward on Tuesday July 23, 2024 @04:44PM

An anonymous reader writes: Alexey Soldatov, a Russian Internet pioneer and a founder of the first Internet provider in the country, has been sentenced by a court to two years in a labor colony on charges of “abuse of power.” Soldatov, 72, had been detained by a court in Moscow. He is terminally ill. Very few in Russia believe in the government charges against a man widely known as a Father of the Russian Internet — and who is less well known as the father of Andrei Soldatov, one of this article’s authors. Soldatov was accused of abuse of power when managing a pool of IP-addresses by an organization he had no position at. This legal absurdity was enough to see him imprisoned even though the court knew of Soldatov’s illness, which meant the court had no legal right to pass a custodial sentence. His family believes that the decision is essentially a death sentence.

Submission + - Nvidia RTX 40-series GPUs hampered by low quality thermal paste (pcgamer.com)

Submitted by smooth wombat on Monday July 22, 2024 @09:12AM

smooth wombat writes: Anyone who is into gaming knows your graphics card is under strain trying to display modern graphics. This results in increased power usage which is then turned into heat. Keeping your card cool is a must to get the best performance possible. However, hardware tester Igor's Lab found that vendors for Nvidia RTX 40-series cards are using cheap, poorly applied thermal paste which is leading to high temperatures and consequently performance degradation over time. This penny pinching has been confirmed by Nick Evanson at PC Gamer.

I have four RTX 40-series cards in my office (RTX 4080 Super, 4070 Ti, and two 4070s) and all of them have quite high hotspots—the highest temperature recorded by an individual thermal sensor in the die. In the case of the 4080 Super, it's around 11 C higher than the average temperature of the chip. I took it apart to apply some decent quality thermal paste and discovered a similar situation to that found by Igor's Lab.

In the space of a few months, the factory-applied paste had separated and spread out, leaving just an oily film behind, and a few patches of the thermal compound itself. I checked the other cards and found that they were all in a similar state.

Igor's Lab examined the thermal paste used on a brand-new RTX 4080 and found it to be quite thin in nature, due to large quantities of cheap silicone oil being used, along with zinc oxide filler. There was lots of ground aluminium oxide (the material that provides the actual thermal transfer) but it was quite coarse, leading to the paste separating quite easily.

Removing the factory-installed paste from another RTX 4080 graphics card, Igor's Lab applied a more appropriate amount of a high-quality paste and discovered that it lowered the hotspot temperature by nearly 30 C.

Submission + - Legendary Comedian and Commodore PET Owner Bob Newhart Dead at 94

Submitted by theodp on Saturday July 20, 2024 @01:23AM

theodp writes: Bob Newhart, whose stammering, deadpan unflappability carried him to stardom as a standup comedian and later in television and movies, has died at age 94. He remains best known for the television shows, "The Bob Newhart Show" (1972-78) and "Newhart" (1982-90), both of which were built around his persona as a reasonable man put-upon by crazies. A younger crowd may remember Newhart from his roles in the movie "Elf" (2003) and TV's "The Big Bang Theory" (2013-18).

Less known about Newhart is that he was an early Commodore PET owner, recalling for the LA Times in 2001: "I remember leafing through a copy of Popular Science magazine and seeing an ad for a Commodore computer that had 8- or 16 kilobytes. It had an awful-looking screen, and it was $795. I thought I’d better get one because I had sons who were going to be in high school and might want to know about computers. Later, I moved up to the 64 KB model and thought that was silly because it was more memory than I would ever possibly need. I got them for the kids and then found I was fascinated by them. The first ones had tape drives. You would get a program like a word processor, put the tape in and then walk away for about a half an hour while the computer loaded it. But the first time I used a spell checker and it corrected a word, I thought, 'We are getting close to God here."

Submission + - The Data That Powers AI Is Disappearing Fast (nytimes.com)

Submitted by Anonymous Coward on Friday July 19, 2024 @04:49PM

An anonymous reader writes: For years, the people building powerful artificial intelligence systems have used enormous troves of text, images and videos pulled from the internet to train their models. Now, that data is drying up. Over the past year, many of the most important web sources used for training A.I. models have restricted the use of their data, according to a study published this week by the Data Provenance Initiative, an M.I.T.-led research group. The study, which looked at 14,000 web domains that are included in three commonly used A.I. training data sets, discovered an “emerging crisis in consent,” as publishers and online platforms have taken steps to prevent their data from being harvested.

The researchers estimate that in the three data sets — called C4, RefinedWeb and Dolma — 5 percent of all data, and 25 percent of data from the highest-quality sources, has been restricted. Those restrictions are set up through the Robots Exclusion Protocol, a decades-old method for website owners to prevent automated bots from crawling their pages using a file called robots.txt. The study also found that as much as 45 percent of the data in one set, C4, had been restricted by websites’ terms of service. “We’re seeing a rapid decline in consent to use data across the web that will have ramifications not just for A.I. companies, but for researchers, academics and noncommercial entities,” said Shayne Longpre, the study’s lead author, in an interview.

Submission + - FCC Blasts T-Mobile's 365-Day Phone Locking, Proposes 60-Day Unlock Rule (arstechnica.com)

Submitted by Anonymous Coward on Friday July 19, 2024 @04:26PM

An anonymous reader writes: Citing frustration with mobile carriers enforcing different phone-unlocking policies that are bad for consumers, the Federal Communications Commission is proposing a 60-day unlocking requirement that would apply to all wireless providers. The industry's "confusing and disparate cell phone unlocking policies" mean that "some consumers can unlock their phones with relative ease, while others face significant barriers," Commissioner Geoffrey Starks said at yesterday's FCC meeting. "It also means certain carriers are subject to mandatory unlocking requirements while others are free to dictate their own. This asymmetry is bad for both consumers and competition."

The FCC is "proposing a uniform 60-day unlocking policy" so that "consumers can choose the carrier that offers them the best value," Starks said. Unlocking a phone allows it to be used on a different carrier's network as long as the phone is compatible. The FCC approved the Notice of Proposed Rulemaking (NPRM) in a 5-0 vote. That begins a public comment period that could lead to a final rulemaking. A draft of the NPRM said the FCC "propose[s] to require all mobile wireless service providers to unlock handsets 60 days after a consumer's handset is activated with the provider, unless within the 60-day period the service provider determines the handset was purchased through fraud."

"You bought your phone, you should be able to take it to any provider you want," Rosenworcel said. "Some providers already operate this way. Others do not. In fact, some have recently increased the time their customers must wait until they can unlock their device by as much as 100 percent." Rosenworcel apparently was referring to a prepaid brand offered by T-Mobile. The NPRM draft said that "T-Mobile recently increased its locking period for one of its brands, Metro by T-Mobile, from 180 days to 365 days." The 365-day rule brought Metro into line with other T-Mobile prepaid phones that already came with the year-long lock. We reached out to T-Mobile and will update this article if it provides a comment. A merger condition imposed on T-Mobile's purchase of Sprint merely requires that it unlock prepaid phones within one year. T-Mobile imposes different unlocking policies on prepaid and postpaid phones. For postpaid devices, T-Mobile says it will unlock phones that have been active for at least 40 days, but only if any associated financing or leasing agreement has been paid in full.

Slashdot Top Deals