CuBeFReNZy - Slashdot User

Submission + - Secret cellular radios discovered in Chinese-Made Solar Inverters (reuters.com)

Submitted by Kobun on Wednesday May 14, 2025 @11:21AM

Kobun writes: In what is suspected to be a prelude to further cyberattacks, Chinese solar panel power inverter manufacturing companies have been secretly installing cellular communication chips.

Submission + - Rogue Communication Devices Found In Chinese Produced Solar Panel Inverters (reuters.com) 1

Submitted by Gilmoure on Wednesday May 14, 2025 @10:55AM

Gilmoure writes: Looks like one more vector for Chinese influence on western utilities.

Reuters: "Using the rogue communication devices to skirt firewalls and switch off inverters remotely, or change their settings, could destabilise power grids, damage energy infrastructure, and trigger widespread blackouts, experts said."

Submission + - Inventwood is about to mass produce wood thats stronger than Steel. (techcrunch.com)

Submitted by ndsurvivor on Tuesday May 13, 2025 @07:38PM

ndsurvivor writes: It sounds like the stuff of science fiction, but it actually comes from a lab in Maryland.

In 2018, Liangbing Hu, a materials scientist at the University of Maryland, devised a way to turn ordinary wood into a material stronger than steel. It seemed like yet another headline-grabbing discovery that wouldn’t make it out of the lab.

“All these people came to him,” said Alex Lau, CEO of InventWood, “He’s like, OK, this is amazing, but I’m a university professor. I don’t know quite what to do about it.”

Rather than give up, Hu spent the next few years refining the technology, reducing the time it took to make the material from more than a week to a few hours. Soon, it was ready to commercialize, and he licensed the technology to InventWood.

Now, the startup’s first batches of Superwood will be produced starting this summer.

“Right now, coming out of this first-of-a-kind commercial plant — so it’s a smaller plant — we’re focused on skin applications,” Lau said. “Eventually we want to get to the bones of the building. Ninety percent of the carbon impact from buildings is concrete and steel in the construction of the building.”

To build the factory, InventWood has raised $15 million in the first close of a Series A round. The round was led by the Grantham Foundation with participation from Baruch Future Ventures, Builders Vision, and Muus Climate Partners, the company exclusively told TechCrunch.

Submission + - Republicans Try To Cram Decade-Long AI Regulation Ban Into Spending Bill (arstechnica.com)

Submitted by Anonymous Coward on Tuesday May 13, 2025 @04:32PM

An anonymous reader writes: Late last night, House Republicans introduced new language to the Budget Reconciliation bill that will immiserate the lives of millions of Americans by cutting their access to Medicaid, and making life much more difficult for millions more by making them pay higher fees when they seek medical care. While a lot of attention will be justifiably given to these cuts, the bill has also crammed in new language that attempts to entirely stop states from enacting any regulation against artificial intelligence. “...no State or political subdivision thereof may enforce any law or regulation regulating artificial intelligence models, artificial intelligence systems, or automated decision systems during the 10 year period beginning on the date of the enactment of this Act,” says the text of the bill introduced Sunday night by Congressman Brett Guthrie of Kentucky, Chairman of the House Committee on Energy and Commerce. The text of the bill will be considered by the House at the budget reconciliation markup on May 13.

That language of the bill, how it goes on to define AI and other “automated systems,” and what it considers “regulation,” is broad enough to cover relatively new generative AI tools and technology that has existed for much longer. In theory, that language will make it impossible to enforce many existing and proposed state laws that aim to protect people from and inform them about AI systems. [...] In theory none of these states will be able to enforce these laws if Republicans manage to pass the Budget Reconciliation bill with this current language.

Submission + - A Blast From The Past: The UCSD p-System and Apple Pascal

Submitted by mbessey on Saturday May 10, 2025 @03:56PM

mbessey writes: As we're coming up on the 50th anniversary of the first release of UCSD Pascal, I thought it would be interesting to poke around in it a bit, and work on some tools to bring this "portable operating system" back to life on modern hardware, in a modern language (Rust).

The series is ongoing, but it starts here:
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fmarkbessey.blog%2F2025%2F0...

Submission + - Nintendo says your Switch 2 isn't really yours even if you paid for it (betanews.com) 1

Submitted by BrianFagioli on Friday May 09, 2025 @08:19PM

BrianFagioli writes: The new Nintendo Switch 2 is almost here. Next month, eager fans will finally be able to get their hands on the highly anticipated follow-up to the wildly popular hybrid console. But before you line up (or frantically refresh your browser for a preorder), you might want to read the fine print, because Nintendo might be able to kill your console.

Yes, really. That’s not just speculation, folks. According to its newly updated user agreement, Nintendo has granted itself the right to make your Switch 2 “permanently unusable” if you break certain rules. Yes, the company might literally brick your device.

Buried in the legalese is a clause that says if you try to bypass system protections, modify software, or mess with the console in a way that’s not approved, Nintendo can take action. And that action could include completely disabling your system. The exact wording makes it crystal clear: Nintendo may “render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part.”

Comment Re:The issue isn't the software (Score 3, Insightful) 129

by MilenCent on Wednesday August 14, 2024 @03:54AM (#64704376) Attached to: New Research Reveals AI Lacks Independent Learning, Poses No Existential Threat

I would. It's all how they're made. It's made specifically to _look like someone's thinking_ without any of the actual thought, which is why it frequently turns out to be wrong about things, often in ways that only the people who really know the subject will detect. It's the ultimate bullshitter.

Comment Re:Well duh (Score 2) 129

by MilenCent on Wednesday August 14, 2024 @03:50AM (#64704368) Attached to: New Research Reveals AI Lacks Independent Learning, Poses No Existential Threat

Yep. It was mostly hype that got us to this point. The people who made the "AIs" (because they're not really intelligent) had a financial interest in them seeming powerful and spooky, it made them seem more valuable. The more examples I see, the more it strikes me that they're really not all that different from a simple Markov text generator in ability, just with a very large corpus and a large text buffer. I've been sure that there had to be more to them than that, but geez, I keep being proven wrong.

Submission + - Modern Software Development is Mostly Junky Overhead

Submitted by theodp on Saturday July 27, 2024 @11:38AM

theodp writes: In The New Internet, a call to take back the Internet from its centralized rent-collecting cloud computing gatekeepers, Tailscale CEO and co-founder Avery Pennarun provocatively writes:

I read a post recently where someone bragged about using kubernetes to scale all the way up to 500,000 page views per month. But that’s 0.2 requests per second. I could serve that from my phone, on battery power, and it would spend most of its time asleep. In modern computing, we tolerate long builds, and then docker builds, and uploading to container stores, and multi-minute deploy times before the program runs, and even longer times before the log output gets uploaded to somewhere you can see it, all because we’ve been tricked into this idea that everything has to scale. People get excited about deploying to the latest upstart container hosting service because it only takes tens of seconds to roll out, instead of minutes. But on my slow computer in the 1990s, I could run a perl or python program that started in milliseconds and served way more than 0.2 requests per second, and printed logs to stderr right away so I could edit-run-debug over and over again, multiple times per minute.

How did we get here?

We got here because sometimes, someone really does need to write a program that has to scale to thousands or millions of backends, so it needs all that stuff. And wishful thinking makes people imagine even the lowliest dashboard could be that popular one day. The truth is, most things don’t scale, and never need to. We made Tailscale for those things, so you can spend your time scaling the things that really need it. The long tail of jobs that are 90% of what every developer spends their time on. Even developers at companies that make stuff that scales to billions of users, spend most of their time on stuff that doesn’t, like dashboards and meme generators.

As an industry, we’ve spent all our time making the hard things possible, and none of our time making the easy things easy. Programmers are all stuck in the mud. Just listen to any professional developer, and ask what percentage of their time is spent actually solving the problem they set out to work on, and how much is spent on junky overhead.

Submission + - 'Copyright Traps' Could Tell Writers If an AI Has Scraped Their Work (technologyreview.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @08:13PM

An anonymous reader writes: Since the beginning of the generative AI boom, content creators have argued that their work has been scraped into AI models without their consent. But until now, it has been difficult to know whether specific text has actually been used in a training data set. Now they have a new way to prove it: “copyright traps” developed by a team at Imperial College London, pieces of hidden text that allow writers and publishers to subtly mark their work in order to later detect whether it has been used in AI models or not. The idea is similar to traps that have been used by copyright holders throughout history—strategies like including fake locations on a map or fake words in a dictionary. [...] The code to generate and detect traps is currently available on GitHub, but the team also intends to build a tool that allows people to generate and insert copyright traps themselves.

Submission + - How a Cheap Barcode Scanner Helped Fix CrowdStrike'd Windows PCs In a Flash (theregister.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @04:58PM

An anonymous reader writes: Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike's shoddy testing software made possible. [...] The firm had the BitLocker keys for all its PCs, so Woltz and colleagues wrote a script that turned them into barcodes that were displayed on a locked-down management server's desktop. The script would be given a hostname and generate the necessary barcode and LAPS password to restore the machine.

Woltz went to an office supplies store and acquired an off-the-shelf barcode scanner for AU$55 ($36). At the point when rebooting PCs asked for a BitLocker key, pointing the scanner at the barcode on the server's screen made the machines treat the input exactly as if the key was being typed. That's a lot easier than typing it out every time, and the server's desktop could be accessed via a laptop for convenience. Woltz, Watson, and the team scaled the solution – which meant buying more scanners at more office supplies stores around Australia. On Monday, remote staff were told to come to the office with their PCs and visit IT to connect to a barcode scanner. All PCs in the firm's Australian fleet were fixed by lunchtime – taking only three to five minutes for each machine. Watson told us manually fixing servers needed about 20 minutes per machine.

Submission + - Automakers Sold Driver Data for Pennies, Senators Say (nytimes.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @04:27PM

An anonymous reader writes: If you drive a car made by General Motors and it has an internet connection, your car’s movements and exact location are being collected and shared anonymously with a data broker. This practice, disclosed in a letter (PDF) sent by Senators Ron Wyden of Oregon and Edward J. Markey of Massachusetts to the Federal Trade Commission on Friday, is yet another way in which automakers are tracking drivers, often without their knowledge. Previous reporting in The New York Times, which the letter cited, revealed how automakers including G.M., Honda and Hyundai collected information about drivers’ behavior, such as how often they slammed on the brakes, accelerated rapidly and exceeded the speed limit. It was then sold to the insurance industry, which used it to help gauge individual drivers’ riskiness.

The two Democratic senators, both known for privacy advocacy, zeroed in on G.M., Honda and Hyundai because all three had made deals, The Times reported, with Verisk, an analytics company that sold the data to insurers. In the letter, the senators urged the F.T.C.’s chairwoman, Lina Khan, to investigate how the auto industry collects and shares customers’ data. One of the surprising findings of an investigation by Mr. Wyden’s office was just how little the automakers made from selling driving data. According to the letter, Verisk paid Honda $25,920 over four years for information about 97,000 cars, or 26 cents per car. Hyundai was paid just over $1 million, or 61 cents per car, over six years. G.M. would not reveal how much it had been paid, Mr. Wyden’s office said. People familiar with G.M.’s program previously told The Times that driving behavior data had been shared from more than eight million cars, with the company making an amount in the low millions of dollars from the sale. G.M. also previously shared data with LexisNexis Risk Solutions.

Submission + - If Congress probes CrowdStrike, they'll likely examine management oversight (techtarget.com)

Submitted by dcblogs on Friday July 26, 2024 @08:56AM

dcblogs writes: Congress is unlikely to settle for a simple technical explanation from CrowdStrike regarding the root cause of its failure. Lawmakers have asked CrowdStrike officials to appear before a U.S. House committee. They will likely ask whether management issues, inadequate oversight, employee turnover, training, processes, communications, resource allocation, and tool investment contributed to this outage. They will also examine the remedies detailed on Wednesday by Crowdstrike, which included basic Q&A practices such as local developer testing. Local developer testing, or basic unit testing, involves testing software on a single, isolated machine or environment, explained Jim Johnson, who recently retired as the longtime chair of the Standish Group, a research organization that studies software failures. "I do not see anything in their response that would prevent future issues," Johnson said after reviewing CrowdStrike's "software resiliency and testing" prevention plans. Owners of systems that were disabled will also have much to explain. For instance, it crashed 911 systems in several states but not in NYC, which uses a sandbox for updates. Herb Krasner, an advisory board member and author of the 2022 Consortium for Information and Software Quality's report on "The Cost of Poor Software Quality in the U.S.," noted that the issue is generally one of "organizational willpower in the C-Suite to do better than they currently are doing." He added, "Meaning specifically that quality is not usually an organizational goal—which is now coming home to roost."

CrowdStrike preliminary review: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.crowdstrike.com%2Fwp...

Submission + - Secure Boot Is Completely Broken On 200+ Models From 5 Big Device Makers (arstechnica.com)

Submitted by Anonymous Coward on Thursday July 25, 2024 @04:25PM

An anonymous reader writes: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fgithub.com%2Fraywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings “DO NOT SHIP” or “DO NOT TRUST.” These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here.

Submission + - Project 2025 could escalate US cybersecurity risks, endanger more Americans (csoonline.com)

Submitted by snydeq on Thursday July 25, 2024 @11:25AM

snydeq writes: The conservative think tank blueprint for how Donald Trump should govern the US if he wins in November calls for dismantling CISA, among many cyber-related measures. Experts say this would increase cybersecurity risks, undermine critical infrastructure, and put more Americans in danger. CSO's Cynthia Brumfield takes a look at what could become of US cybersecurity policy under a Trump administration in 2025 and beyond.

Slashdot Top Deals