Editor’s Pick

Enlarge (credit: Getty Images)

Ivanti, the remote-access company whose remote-access products have been battered by severe exploits in recent months, has pledged a “new era,” one that “fundamentally transforms the Ivanti security operating model” backed by “a significant investment” and full board support.

CEO Jeff Abbott’s open letter promises to revamp “core engineering, security, and vulnerability management,” make all products “secure by design,” formalize cyber-defense agency partnerships, and “sharing information and learning with our customers.” Among the details is the company’s promise to improve search abilities in Ivanti’s security resources and documentation portal, “powered by AI,” and an “Interactive Voice Response system” for routing calls and alerting customers about security issues, also “AI-powered.”

Ivanti and Abbott seem to have been working on this presentation for a while, so it’s unlikely they could have known it would arrive just days after four new vulnerabilities were disclosed for its Connect Secure and Policy Secure gateway products, two of them rated for high severity. Those vulnerabilities came two weeks after two other vulnerabilities, rated critical, with remote code execution. And those followed “a three-week spree of non-stop exploitation” in early February, one that left security directors scrambling to patch and restore services or, as federal civilian agencies did, rebuild their servers from scratch.

Enlarge / A person made of many parts, similar to the attorney who handles both severe criminal law and copyright takedowns for an Arizona law firm. (credit: Getty Images)

If you run a personal or hobby website, getting a copyright notice from a law firm about an image on your site can trigger some fast-acting panic. As someone who has paid to settle a news service-licensing issue before, I can empathize with anybody who wants to make this kind of thing go away.

Which is why a new kind of angle-on-an-angle scheme can seem both obvious to spot and likely effective. Ernie Smith, the prolific, ever-curious writer behind the newsletter Tedium, received a “DMCA Copyright Infringement Notice” in late March from “Commonwealth Legal,” representing the “Intellectual Property division” of Tech4Gods.

The issue was with a photo of a keyfob from legitimate photo service Unsplash used in service of a post about a strange Uber ride Smith once took. As Smith detailed in a Mastodon thread, the purported firm needed him to “add a credit to our client immediately” and said it should be “addressed in the next five business days.” Removing the image “does not conclude the matter,” and should Smith have not taken action, the putative firm would have to “activate” its case, relying on DMCA 512(c) (which, in many readings, actually does grant relief should a website owner, unaware of infringing material, “act expeditiously to remove” said material). The email unhelpfully points to the main page of the Internet Archive so that Smith might review “past usage records.”

Enlarge (credit: Getty Images)

Depending on who you ask about AI (and how you define it), the technology may or may not be useful, but one thing is for certain: AI hype is dominating corporate marketing these days—even in fast food. According to a report in The Wall Street Journal, corporate fast food giant Yum Brands is embracing an “AI-first mentality” across its restaurant chains, including Taco Bell, Pizza Hut, KFC, and Habit Burger Grill. The company’s chief digital and technology officer, Joe Park, told the WSJ that AI will shape nearly every aspect of how these restaurants operate.

“Our vision of [quick-service restaurants] is that an AI-first mentality works every step of the way,” Park said in an interview with the outlet. “If you think about the major journeys within a restaurant that can be AI-powered, we believe it’s endless.”

As we’ve discussed in the past, artificial intelligence is a nebulous term. It can mean many different things depending on the context, including computer-controlled ghosts in Pac-Man, algorithms that play checkers, or large language models that give terrible advice on major city websites. But most of all in this tech climate, it means money, because even talking about AI tends to make corporate share prices go up.

Enlarge (credit: Getty Images)

A federal Cyber Safety Review Board has issued its report on what led to last summer’s capture of hundreds of thousands of emails by Chinese hackers from cloud customers, including federal agencies. It cites “a cascade of security failures at Microsoft” and finds that “Microsoft’s security culture was inadequate” and needs to adjust to a “new normal” of cloud provider targeting.

The report, mandated by President Biden in the wake of the far-reaching intrusion, details the steps that Microsoft took before, during, and after the breach and in each case finds critical failure. The breach was “preventable,” even though it cites Microsoft as not knowing precisely how Storm-0558, a “hacking group assessed to be affiliated with the People’s Republic of China,” got in.

“Throughout this review, the board identified a series of Microsoft operational and strategic decisions that collectively points to a corporate culture that deprioritized both enterprise security investments and rigorous risk management,” the report reads.

Enlarge / TSMC’s headquarters, seen here, are in Hsinchu, Taiwan. (credit: Sam Yeh via Getty Images)

Chipmaking operations at Taiwan Semiconductor Manufacturing Co. (TSMC) were briefly paused today following a 7.4-magnitude earthquake hit Taiwan, according to a company statement provided to Bloomberg and others.

TSMC says that workers were evacuated as part of its earthquake safety protocols and that they have already returned to work. Bloomberg reports that the company is still “examining impact” to its operations, but it “expects to resume production overnight.”

The quake’s epicenter was on Taiwain’s east coast and has prompted tsunami warnings in Japan, China, and the Philippines, according to The New York Times. The quake was followed by a long series of over 200 aftershocks, including one 6.5-magnitude aftershock. It’s the strongest earthquake to affect Taiwan since the 7.7-magnitude Jiji earthquake in 1999. As of this writing, the NYT reports that at least nine people have died, and 1,011 have reported injuries.

Enlarge / With these tips, you too can prompt people successfully.

In a break from our normal practice, Ars is publishing this helpful guide to knowing how to prompt the “human brain,” should you encounter one during your daily routine.

While AI assistants like ChatGPT have taken the world by storm, a growing body of research shows that it’s also possible to generate useful outputs from what might be called “human language models,” or people. Much like large language models (LLMs) in AI, HLMs have the ability to take information you provide and transform it into meaningful responses—if you know how to craft effective instructions, called “prompts.”

Human prompt engineering is an ancient art form dating at least back to Aristotle’s time, and it also became widely popular through books published in the modern era before the advent of computers.

Enlarge / Downtown Kansas City, Missouri, which is part of Jackson County. (credit: Eric Rogers)

Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable.

“Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack,” officials wrote Tuesday. “Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal.”

The systems confirmed inoperable include tax and online property payments, issuance of marriage licenses, and inmate searches. In response, the Assessment, Collection and Recorder of Deeds offices at all county locations are closed until further notice.

Enlarge / Billie Eilish attends the 2024 Vanity Fair Oscar Party hosted by Radhika Jones at the Wallis Annenberg Center for the Performing Arts on March 10, 2024, in Beverly Hills, California. (credit: Getty Images)

On Tuesday, the Artist Rights Alliance (ARA) announced an open letter critical of AI signed by over 200 musical artists, including Pearl Jam, Nicki Minaj, Billie Eilish, Stevie Wonder, Elvis Costello, and the estate of Frank Sinatra. In the letter, the artists call on AI developers, technology companies, platforms, and digital music services to stop using AI to “infringe upon and devalue the rights of human artists.” A tweet from the ARA added that AI poses an “existential threat” to their art.

Visual artists began protesting the advent of generative AI after the rise of the first mainstream AI image generators in 2022, and considering that generative AI research has since been undertaken for other forms of creative media, we have seen that protest extend to professionals in other creative domains, such as writers, actors, filmmakers—and now musicians.

“When used irresponsibly, AI poses enormous threats to our ability to protect our privacy, our identities, our music and our livelihoods,” the open letter states. It alleges that some of the “biggest and most powerful” companies (unnamed in the letter) are using the work of artists without permission to train AI models, with the aim of replacing human artists with AI-created content.

Enlarge (credit: Broadcom)

Broadcom has made controversial changes to VMware since closing its acquisition of the virtualization brand in late November. Broadcom executives are trying to convince VMware customers and partners that they’ll eventually see the subscription-fueled light. But discontent remains, as illustrated by industry groups continuing to urge regulators to rein-in what they claim are unfair business practices.

Since Broadcom announced that it would no longer sell perpetual VMware licenses as of December 2023, there have been complaints about rising costs associated with this model. In March, a VMware User Group Town Hall saw attendees complaining of price jumps of up to 600 percent, The Register reported. Small managed service providers that had worked with VMware have reported seeing the price of business rising tenfold, per a February ServeTheHome report.

Broadcom execs defend subscription model

However, Sylvain Cazard, president of Broadcom Software for Asia-Pacific, reportedly told The Register that complaints about higher prices are unwarranted since customers using at least two components of VMware’s flagship Cloud Foundation will end up paying less and because the new pricing includes support, which VMware didn’t include before.

Enlarge (credit: Benj Edwards)

On Monday, OpenAI announced that visitors to the ChatGPT website in some regions can now use the AI assistant without signing in. Previously, the company required that users create an account to use it, even with the free version of ChatGPT that is currently powered by the GPT-3.5 AI language model. But as we have noted in the past, GPT-3.5 is widely known to provide more inaccurate information compared to GPT-4 Turbo, available in paid versions of ChatGPT.

Since its launch in November 2022, ChatGPT has transformed over time from a tech demo to a comprehensive AI assistant, and it’s always had a free version available. The cost is free because “you’re the product,” as the old saying goes. Using ChatGPT helps OpenAI gather data that will help the company train future AI models, although free users and ChatGPT Plus subscription members can both opt out of allowing the data they input into ChatGPT to be used for AI training. (OpenAI says it never trains on inputs from ChatGPT Team and Enterprise members at all).

Opening ChatGPT to everyone could provide a frictionless on-ramp for people who might use it as a substitute for Google Search or potentially gain new customers by providing an easy way for people to use ChatGPT quickly, then offering an upsell to paid versions of the service.