Editor’s Pick

On Thursday, a large group of university and private industry researchers unveiled Genesis, a new open source computer simulation system that lets robots practice tasks in simulated reality 430,000 times faster than in the real world. Researchers can also use an AI agent to generate 3D physics simulations from text prompts.

The accelerated simulation means a neural network for piloting robots can spend the virtual equivalent of decades learning to pick up objects, walk, or manipulate tools during just hours of real computer time.

“One hour of compute time gives a robot 10 years of training experience. That’s how Neo was able to learn martial arts in a blink of an eye in the Matrix Dojo,” wrote Genesis paper co-author Jim Fan on X, who says he played a “minor part” in the research. Fan has previously worked on several robotics simulation projects for Nvidia.

Read full article

Comments

The AI-generated video scene has been hopping this year (or twirling wildly, as the case may be). This past week alone we’ve seen releases or announcements of OpenAI’s Sora, Pika AI’s Pika 2, Google’s Veo 2, and Minimax’s video-01-live. It’s frankly hard to keep up, and even tougher to test them all. But recently, we put a new open-weights AI video synthesis model, Tencent’s HunyuanVideo, to the test—and it’s surprisingly capable for being a “free” model.

Unlike the aforementioned models, HunyuanVideo’s neural network weights are openly distributed, which means they can be run locally under the right circumstances (people have already demonstrated it on a consumer 24 GB VRAM GPU) and it can be fine-tuned or used with LoRAs to teach it new concepts.

Notably, a few Chinese companies have been at the forefront of AI video for most of this year, and some experts speculate that the reason is less reticence to train on copyrighted materials, use images and names of famous celebrities, and incorporate some uncensored video sources. As we saw with Stable Diffusion 3‘s mangled release, including nudity or pornography in training data may allow these models achieve better results by providing more information about human bodies. HunyuanVideo notably allows uncensored outputs, so unlike the commercial video models out there, it can generate videos of anatomically realistic, nude humans.

Read full article

Comments

Arm and Qualcomm’s dispute over Qualcomm’s Snapdragon X Elite chips is continuing in court this week, with executives from each company taking the stand and attempting to downplay the accusations from the other side.

If you haven’t been following along, the crux of the issue is Qualcomm’s purchase of a chip design firm called Nuvia in 2021. Nuvia was originally founded by ex-Apple chip designers to create high-performance Arm chips for servers, but Qualcomm took an interest in Nuvia’s work and acquired the company to help it create high-end Snapdragon processors for consumer PCs instead. Arm claims that this was a violation of its licensing agreements with Nuvia and is seeking to have all chips based on Nuvia technology destroyed.

According to Reuters, Arm CEO Rene Haas testified this week that the Nuvia acquisition is depriving Arm of about $50 million a year, on top of the roughly $300 million a year in fees that Qualcomm already pays Arm to use its instruction set and some elements of its chip designs. This is because Qualcomm pays Arm lower royalty rates than Nuvia had agreed to pay when it was still an independent company.

Read full article

Comments

On Wednesday, OpenAI launched a 1-800-CHATGPT (1-800-242-8478) telephone number that anyone in the US can call to talk to ChatGPT via voice chat for up to 15 minutes for free. The company also says that people outside the US can send text messages to the same number for free using WhatsApp.

Upon calling, users hear a voice say, “Hello again, it’s ChatGPT, an AI assistant. Our conversation may be reviewed for safety. How can I help you?” Callers can ask ChatGPT anything they would normally ask the AI assistant and have a live, interactive conversation.

During a livestream demo of “Calling with ChatGPT” during Day 10 of “12 Days of OpenAI,” OpenAI employees demonstrated several examples of the telephone-based voice chat in action, asking ChatGPT to identify a distinctive house in California and for help in translating a message into Spanish for a friend. For fun, they showed calls from an iPhone, a flip phone, and a vintage rotary phone.

Read full article

Comments

T-Mobile today said it opened registration for the “T-Mobile Starlink” beta service that will enable text messaging via satellites in dead zones not covered by cell towers.

T-Mobile’s announcement said the service using Starlink’s low-Earth orbit satellites will “provid[e] coverage for the 500,000 square miles of land in the United States not covered by earth-bound cell towers.” Starlink parent SpaceX has so far launched over 300 satellites with direct-to-cell capabilities, T-Mobile noted.

A registration page says, “We expect the beta to begin in early 2025, starting with texting and expanding to data and voice over time. The beta is open to all T-Mobile postpaid customers for free, but capacity is limited.”

Read full article

Comments

A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said.

The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. One is through packages that have been available on open source repositories for over a year. They install a professionally developed backdoor that takes pains to conceal its presence. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform.

Unusual longevity

The objectives of the threat actors are also multifaceted. One is the collection of SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices every 12 hours. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors. The malware used in the campaign also installs cryptomining software that was present on at least 68 machines as of last month.

Read full article

Comments

On Wednesday, a video from OpenAI’s newly launched Sora AI video generator went viral on social media, featuring a gymnast who sprouts extra limbs and briefly loses her head during what appears to be an Olympic-style floor routine.

As it turns out, the nonsensical synthesis errors in the video—what we like to call “jabberwockies”—hint at technical details about how AI video generators work and how they might get better in the future.

But before we dig into the details, let’s take a look at the video itself.

Read full article

Comments

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of malicious code, security researchers said.

The vulnerability, tracked as CVE-2024-11972, is found in Hunk Companion, a plugin that runs on 10,000 sites that use the WordPress content management system. The vulnerability, which carries a severity rating of 9.8 out of a possible 10, was patched earlier this week. At the time this post went live on Ars, figures provided on the Hunk Companion page indicated that less than 12 percent of users had installed the patch, meaning nearly 9,000 sites could be next to be targeted.

Significant, multifaceted threat

“This vulnerability represents a significant and multifaceted threat, targeting sites that use both a ThemeHunk theme and the Hunk Companion plugin,” Daniel Rodriguez, a researcher with WordPress security firm WP Scan, wrote. “With over 10,000 active installations, this exposed thousands of websites to anonymous, unauthenticated attacks capable of severely compromising their integrity.”

Read full article

Comments

On Thursday, OpenAI announced that ChatGPT users can now talk to a simulated version of Santa Claus through the app’s voice mode, using AI to bring a North Pole connection to mobile devices, desktop apps, and web browsers during the holiday season.

The company added Santa’s voice and personality as a preset option in ChatGPT’s Advanced Voice Mode. Users can access Santa by tapping a snowflake icon next to the prompt bar or through voice settings. The feature works on iOS and Android mobile apps, chatgpt.com, and OpenAI’s Windows and MacOS applications. The Santa voice option will remain available to users worldwide until early January.

The conversations with Santa exist as temporary chats that won’t save to chat history or affect the model’s memory. OpenAI designed this limitation specifically for the holiday feature. Keep that in mind, because if you let your kids talk to Santa, the AI simulation won’t remember what kids have told it during previous conversations.

Read full article

Comments

Russian nation-state hackers have followed an unusual path to gather intel in the country’s ongoing invasion of Ukraine—appropriating the infrastructure of fellow threat actors and using it to infect electronic devices its adversary’s military personnel are using on the front line.

On at least two occasions this year, the Russian hacking group tracked under names including Turla, Waterbug, Snake, and Venomous Bear has used servers and malware used by separate threat groups in attacks targeting front-line Ukrainian military forces, Microsoft said Wednesday. In one case, Secret Blizzard—the name Microsoft uses to track the group—leveraged the infrastructure of a cybercrime group tracked as Storm-1919. In the other, Secret Blizzard appropriated resources of Storm-1837, a Russia-based threat actor with a history of targeting Ukrainian drone operators.

The more common means for initial access by Secret Blizzard is spear phishing followed by lateral movement through server-side and edge device compromises. Microsoft said that the threat actor’s pivot here is unusual but not unique. Company investigators still don’t know how Secret Blizzard obtained access to the infrastructure.

Read full article

Comments