Editor’s Pick

SAN FRANCISCO—On Tuesday, TED AI 2024 kicked off its first day at San Francisco’s Herbst Theater with a lineup of speakers that tackled AI’s impact on science, art, and society. The two-day event brought a mix of researchers, entrepreneurs, lawyers, and other experts who painted a complex picture of AI with fairly minimal hype.

The second annual conference, organized by Walter and Sam De Brouwer, marked a notable shift from last year’s broad existential debates and proclamations of AI as being “the new electricity.” Rather than sweeping predictions about, say, looming artificial general intelligence (although there was still some of that, too), speakers mostly focused on immediate challenges: battles over training data rights, proposals for hardware-based regulation, debates about human-AI relationships, and the complex dynamics of workplace adoption.

The day’s sessions covered a wide breadth: physicist Carlo Rovelli explored consciousness and time, Project CETI researcher Patricia Sharma demonstrated attempts to use AI to decode whale communication, Recording Academy CEO Harvey Mason Jr. outlined music industry adaptation strategies, and even a few robots made appearances.

Read full article

Comments

Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by sensitive customer organizations.

Fortinet representatives didn’t respond to emailed questions and have yet to release any sort of public advisory detailing the vulnerability or the specific software that’s affected. The lack of transparency is consistent with previous zero-days that have been exploited against Fortinet customers. With no authoritative source for information, customers, reporters, and others have few other avenues for information other than social media posts where the attacks are being discussed.

RCE stands for remote code execution

According to one Reddit post, the vulnerability affects FortiManager, a software tool for managing all traffic and devices on an organization’s network. Specific versions vulnerable, the post said, include FortiManager versions:

Read full article

Comments

37Signals is not a company that makes its policy or management decisions quietly.

The productivity software company was an avowedly Mac-centric shop until Apple’s move to kill home screen web apps (or Progressive Web Apps, or PWAs) led the firm and its very-public-facing co-founder, David Heinemeier Hansson, to declare a “Return to Windows,” followed by a stew of Windows/Mac/Linux. The company waged a public battle with Apple over its App Store subscription policies, and the resulting outcry helped nudge Apple a bit. 37Signals has maintained an active blog for years, its co-founders and employees have written numerous business advice books, and its blog and social media posts regularly hit the front pages of Hacker News.

So when 37Signals decided to pull its seven cloud-based apps off Amazon Web Services in the fall of 2022, it didn’t do so quietly or without details. Back then, Hansson described his firm as paying “an at times almost absurd premium” for defense against “wild swings or towering peaks in usage.” In early 2023, Hansson wrote that 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.

Read full article

Comments

On Thursday, OpenAI released an early Windows version of its first-ever ChatGPT app for Windows, following a Mac version that launched in May. Currently, it’s only available to subscribers of Plus, Team, Enterprise, and Edu versions of ChatGPT, and users can download it for free in the Microsoft Store for Windows.

OpenAI is positioning the release as a beta test. “This is an early version, and we plan to bring the full experience to all users later this year,” OpenAI writes on the Microsoft Store entry for the app. (Interestingly, ChatGPT shows up as being rated “T for Teen” by the ESRB in the Windows store, despite not being a video game.)

Upon downloading the app and running it, OpenAI requires users to log into a paying ChatGPT account, and from there, the app is basically identical to the web browser version of ChatGPT. You can currently use it to access several models: GPT-4o, GPT-4o with Canvas, 01-preview, 01-mini, GPT-4o mini, and GPT-4. Also, it can generate images using DALL-E 3 or analyze uploaded files and images.

Read full article

Comments

A few months back, I put together a big fat guide on how to configure DNS and DHCP on your LAN the old-school way, with bind and dhcpd working together to seamlessly hand out addresses to hosts on your network and also register those hosts in your LAN’s forward and reverse DNS lookup zones. The article did really well—thanks for reading it!—but one thing commenters pointed out was that my preferred dhcpd implementation, the venerable isc-dhcp-server, reached end-of-life in 2022. To replace it, ISC has for many years been working on the development of a new DHCP server named Kea.

Kea (which for this piece will refer mainly to the isc-kea-dhcp4 and isc-kea-dhcp-ddns applications) doesn’t alter the end-user experience of receiving DHCP addresses—your devices won’t much care if you’re using isc-dhcp-server or isc-kea-dhcp4. Instead, what Kea brings to the table is a new codebase that jettisons the older dhcpd’s multi-decade pile of often crufty code for a new pile of much less crufty code that will (hopefully) be easier to maintain and extend.

Many Ars readers are aware of the classic Joel on Software blog post about how rewriting your application from scratch is almost never a good idea, but something like isc-dhcp-server—whose redesign is being handled planfully by the Internet Systems Consortium—is the exception to the rule.

Read full article

Comments

Recently, AI researcher Simon Willison wanted to add up his charges from using a cloud service, but the payment values and dates he needed were scattered among a dozen separate emails. Inputting them manually would have been tedious, so he turned to a technique he calls “video scraping,” which involves feeding a screen recording video into an AI model, similar to ChatGPT, for data extraction purposes.

What he discovered seems simple on its surface, but the quality of the result has deeper implications for the future of AI assistants, which may soon be able to see and interact with what we’re doing on our computer screens.

“The other day I found myself needing to add up some numeric values that were scattered across twelve different emails,” Willison wrote in a detailed post on his blog. He recorded a 35-second video scrolling through the relevant emails, then fed that video into Google’s AI Studio tool, which allows people to experiment with several versions of Google’s Gemini 1.5 Pro and Gemini 1.5 Flash AI models.

Read full article

Comments

Federal authorities have charged two Sudanese nationals with running an operation that performed tens of thousands of distributed denial of service (DDoS) attacks against some of the world’s biggest technology companies, as well as critical infrastructure and government agencies.

The service, branded as Anonymous Sudan, directed powerful and sustained DDoSes against Big Tech companies, including Microsoft, OpenAI, Riot Games, PayPal, Steam, Hulu, Netflix, Reddit, GitHub, and Cloudflare. Other targets included CNN.com, Cedars-Sinai Medical Center in Los Angeles, the US departments of Justice, Defense and State, the FBI, and government websites for the state of Alabama. Other attacks targeted sites or servers located in Europe.

Two brothers, Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were both charged with one count of conspiracy to damage protected computers. Ahmed Salah was also charged with three counts of damaging protected computers. Among the allegations is that one of the brothers attempted to “knowingly and recklessly cause death.” If convicted on all charges, Ahmed Salah would face a maximum of life in federal prison, and Alaa Salah would face a maximum of five years in federal prison.

Read full article

Comments

On Tuesday, Google announced that it had made a power purchase agreement for electricity generated by a small modular nuclear reactor design that hasn’t even received regulatory approval yet. Today, it’s Amazon’s turn. The company’s Amazon Web Services (AWS) group has announced three different investments, including one targeting a different startup that has its own design for small, modular nuclear reactors and one that has not yet received regulatory approval.

Unlike Google’s deal, which is a commitment to purchase power should the reactors ever be completed, Amazon will lay out some money upfront as part of the agreements. We’ll take a look at the deals and technology that Amazon is backing before analyzing why companies are taking a risk on unproven technologies.

Money for utilities and a startup

Two of Amazon’s deals are with utilities that serve areas where it already has a significant data center footprint. One of these is Energy Northwest, which is an energy supplier that sends power to utilities in the Pacific Northwest. Amazon is putting up the money for Energy Northwest to study the feasibility of adding small modular reactors to its Columbia Generating Station, which currently houses a single, large reactor. In return, Amazon will get the right to purchase power from an initial installation of four small modular reactors. The site could potentially support additional reactors, which Energy Northwest would be able to use to meet demands from other users.

Read full article

Comments

On Monday, Hong Kong police announced the arrest of 27 people involved in a romance scam operation that used AI face-swapping techniques to defraud victims of $46 million through fake cryptocurrency investments, reports the South China Morning Post. The scam ring created attractive female personas for online dating, using unspecified tools to transform their appearances and voices.

Those arrested included six recent university graduates allegedly recruited to set up fake cryptocurrency trading platforms. An unnamed source told the South China Morning Post that five of the arrested people carry suspected ties to Sun Yee On, a large organized crime group (often called a “triad”) in Hong Kong and China.

“The syndicate presented fabricated profit transaction records to victims, claiming substantial returns on their investments,” said Fang Chi-kin, head of the New Territories South regional crime unit.

Read full article

Comments

In the beginning, North Korean hackers compromised the banking infrastructure running AIX, IBM’s proprietary version of Unix. Next, they hacked infrastructure running Windows. Now, the state-backed bank robbers have expanded their repertoire to include Linux.

The malware, tracked under the name FASTCash, is a remote access tool that gets installed on payment switches inside compromised networks that handle payment card transactions. The US Cybersecurity and Infrastructure Security Agency first warned of FASTCash in 2018 in an advisory that said the malware was infecting AIX-powered switches inside retail payment networks. In 2020, the agency updated its guidance to report FASTCash was now infecting switches running Windows as well. Besides embracing Windows, FASTCash had also expanded its net to include not just switches for retail payments but those handled by regional interbank payment processors as well.

Tampering with transaction messages on the fly

Over the weekend, a researcher reported finding two samples of FASTCash for switches running on Linux. One sample is compiled for Ubuntu Linux 20.04 and was likely developed sometime after April 21, 2022. The other sample was likely not used. As of the time this post went live, only four anti-malware engines detected each sample. The number of detections as of Sunday was zero. The Linux version was uploaded to VirusTotal in June 2023.

Read full article

Comments