Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

A Researcher Figured Out How To Reveal Any Phone Number Linked To a Google Account (wired.com) 17

A cybersecurity researcher was able to figure out the phone number linked to any Google account, information that is usually not public and is often sensitive, according to the researcher, Google, and 404 Media's own tests. From a report: The issue has since been fixed but at the time presented a privacy issue in which even hackers with relatively few resources could have brute forced their way to peoples' personal information. "I think this exploit is pretty bad since it's basically a gold mine for SIM swappers," the independent security researcher who found the issue, who goes by the handle brutecat, wrote in an email.

[...] In mid-April, we provided brutecat with one of our personal Gmail addresses in order to test the vulnerability. About six hours later, brutecat replied with the correct and full phone number linked to that account. "Essentially, it's bruting the number," brutecat said of their process. Brute forcing is when a hacker rapidly tries different combinations of digits or characters until finding the ones they're after. Typically that's in the context of finding someone's password, but here brutecat is doing something similar to determine a Google user's phone number.

Brutecat said in an email the brute forcing takes around one hour for a U.S. number, or 8 minutes for a UK one. For other countries, it can take less than a minute, they said. In an accompanying video demonstrating the exploit, brutecat explains an attacker needs the target's Google display name. They find this by first transferring ownership of a document from Google's Looker Studio product to the target, the video says. They say they modified the document's name to be millions of characters, which ends up with the target not being notified of the ownership switch. Using some custom code, which they detailed in their write up, brutecat then barrages Google with guesses of the phone number until getting a hit.

AI

'AI Is Not Intelligent': The Atlantic Criticizes 'Scam' Underlying the AI Industry (msn.com) 175

The Atlantic makes that case that "the foundation of the AI industry is a scam" and that AI "is not what its developers are selling it as: a new class of thinking — and, soon, feeling — machines." [OpenAI CEO Sam] Altman brags about ChatGPT-4.5's improved "emotional intelligence," which he says makes users feel like they're "talking to a thoughtful person." Dario Amodei, the CEO of the AI company Anthropic, argued last year that the next generation of artificial intelligence will be "smarter than a Nobel Prize winner." Demis Hassabis, the CEO of Google's DeepMind, said the goal is to create "models that are able to understand the world around us." These statements betray a conceptual error: Large language models do not, cannot, and will not "understand" anything at all. They are not emotionally intelligent or smart in any meaningful or recognizably human sense of the word. LLMs are impressive probability gadgets that have been fed nearly the entire internet, and produce writing not by thinking but by making statistically informed guesses about which lexical item is likely to follow another.
A sociologist and linguist even teamed up for a new book called The AI Con: How to Fight Big Tech's Hype and Create the Future We Want, the article points out: The authors observe that large language models take advantage of the brain's tendency to associate language with thinking: "We encounter text that looks just like something a person might have said and reflexively interpret it, through our usual process of imagining a mind behind the text. But there is no mind there, and we need to be conscientious to let go of that imaginary mind we have constructed."

Several other AI-related social problems, also springing from human misunderstanding of the technology, are looming. The uses of AI that Silicon Valley seems most eager to promote center on replacing human relationships with digital proxies. Consider the ever-expanding universe of AI therapists and AI-therapy adherents, who declare that "ChatGPT is my therapist — it's more qualified than any human could be." Witness, too, how seamlessly Mark Zuckerberg went from selling the idea that Facebook would lead to a flourishing of human friendship to, now, selling the notion that Meta will provide you with AI friends to replace the human pals you have lost in our alienated social-media age....

The good news is that nothing about this is inevitable: According to a study released in April by the Pew Research Center, although 56 percent of "AI experts" think artificial intelligence will make the United States better, only 17 percent of American adults think so. If many Americans don't quite understand how artificial "intelligence" works, they also certainly don't trust it. This suspicion, no doubt provoked by recent examples of Silicon Valley con artistry, is something to build on.... If people understand what large language models are and are not; what they can and cannot do; what work, interactions, and parts of life they should — and should not — replace, they may be spared its worst consequences.

Biotech

'We Finally May Be Able to Rid the World of Mosquitoes. But Should We?' (yahoo.com) 150

It's no longer a hypothetical question, writes the Washington Post. "In recent years, scientists have devised powerful genetic tools that may be able to eradicate mosquitoes and other pests once and for all."

But along with the ability to fight malaria, dengue, West Nile virus and other serious diseases, "the development of this technology also raises a profound ethical question: When, if ever, is it okay to intentionally drive a species out of existence...?" When so many wildlife conservationists are trying to save plants and animals from disappearing, the mosquito is one of the few creatures that people argue is actually worthy of extinction. Forget about tigers or bears; it's the tiny mosquito that is the deadliest animal on Earth. The human misery caused by malaria is undeniable. Nearly 600,000 people died of the disease in 2023, according to the World Health Organization, with the majority of cases in Africa... But recently, the Hastings Center for Bioethics, a research institute in New York, and Arizona State University brought together a group of bioethicists to discuss the potential pitfalls of intentionally trying to drive a species to extinction. In a policy paper published in the journal Science last month, the group concluded that "deliberate full extinction might occasionally be acceptable, but only extremely rarely..."

It's unclear how important malaria-carrying mosquitoes are to broader ecosystems. Little research has been done to figure out whether frogs or other animals that eat the insects would be able to find their meals elsewhere. Scientists are hotly debating whether a broader "insect apocalypse" is underway in many parts of the world, which may imperil other creatures that depend on them for food and pollination... Instead, the authors said, geneticists should be able to use gene editing, vaccines and other tools to target not the mosquito itself, but the single-celled Plasmodium parasite that is responsible for malaria. That invisible microorganism — which a mosquito transfers from its saliva to a person's blood when it bites — is the real culprit.

A nonprofit research consortium called Target Malaria has genetically modified mosquitoes in their labs (which get core funding from the Gates Foundation and from Open Philanthropy, backed by Facebook co-founder Dustin Moskovitz and his wife). ), and hopes to deploy them in the wild within five years...

Comment Black mail? (Score 2) 55

either start them with some slightly sketchy but not super bad 'work from home $$$' then, once they already start to feel implicated, introduce the fact that you will also be fudging I-9s; or just open with "This is a remote working scam; if you don't like that walk away but you don't know who I am" and then use whoever doesn't walk away.

You forgot an additionnal option:

Increase the sketchiness of the task assigned.
Once the mark raise suspicion, answer "Yes, that's indeed a scam. If you don't like that, we could tell the police all the fine details of what you've done up to this point.... Or you could just shut up, abstain from asking to many question and the money will keep coming in."

Comment Entire planet (Score 4, Interesting) 37

It does not have to be solely on the back of the American taxpayer to fund everything on the planet.

It also doesn't have to be on your taxpayers' back to fund the tax cuts, subsidies and government contracts that supports the mega-corps that are most responsible for the environmental damage that needs to be investigated by said research.

i.e.: Yes, Papua New Guniea -- random example -- isn't funding that much environmental research.
On the other hand Papua New Guniea isn't either one of the biggest emitter of CO2, user of oil, hoster ExxonMobil, or supporter of conflict in the middle east to gather even more oil, etc.

Comment Re:Past examples on Linux phones (Score 1) 70

Pidgin (dunno about Linux phones, haven't seen such a beast live) worked by handling it via plugins for all available APIs.

Important: ...and exposed the result of these plugins via a standradized library (libpurple) further down wrapable in standard framework telepathy.
Making it possible to interface with those just by calling DBus.
That's the standard API I was refering too.

(e.g. on SailfishOS, before it got supported by the official distro, you could merely install Rakia and get VoIP working in the calling app).

This always worked in parts and broke often, because the APIs were incomplete and changed often.

Depends. Breakage increased as company became aggressice in trying to keep their users locked in.
At one end of the specrum I never a problem with ICQ back when Pidgin was still called GAIM.
It did work reliably back when Facebook was putting efforts in supporting XMPP to attract users into its clutches.

Skype (-QT, not web.) is one of the first that seemed to start insisting on changing its protocol whenever too many 3rd party managed to reverse engineer it.

At the other end, you have modern day Facebook Messenger (its own weird API with a f-up mix of JSON and XML), WhatsApp (bans you if it seems you're trying to reverse engineer it or try to run a 3rd party client*), and Apple is putting all their engineering efforts into fucking Beeper up.

*: ...until EU punched them in the face with DMA. Now "WhatsApp business" is a thing (it's an officially documented stable API mostly used to send corporate communications) and it's possible to register your Matrix bridge as a web client in WahtsApp.

Comment Projector vs building (Score 3, Informative) 80

There's the corner case (big auditoriums) where the projector can be upgrade, and probably has been for something that also supports HDMI.

But the wiring between the lectern in front of the auditorium and the projector pod in the ceiling is part of the building and would require tear downs and rebuilds which in turn would require complicated paperwork and expensive procedures.
So some places decide to keep the cabling in place until building renovation are due when they could piggy back the cabling upgrade.

One solution that some go for is to keep VGA as the standard even if the projector could do better, and add converters at the lectern (a large collection of what-ever-to-VGA dongles attached on a keychain).

A different solution is to keep the wiring but carry a more modern signal over it (some projector even support getting HDMI or so signals over their VGA port so you don't need to put a wiring adapter at the projector's side). It surprisingly works (lot of place have over-specced their VGA wiring and it's mostly good enough for HDMI signals). This is also the origin of the reason why passive HDMI-to-VGA cables are a thing on AliExpress (and Amazon I guess?)

Comment Past examples on Linux phones (Score 1) 70

And the users might have a problem with it too: if the phone comes preloaded with every app that any market sector might want to use {...} and if I can't install weird niche stuff

The way this class of problem has been solved in the past on Linux phones is by trying to handle accounts with a standardised API.

Palm/HP's WebOS had the very advanced Synergy, and Jolla's SailfishOS has a simplified version as Accounts.

It's these system's job to handle logging into servers on one side (Google Account, etc.), and exposing standard APIs to apps on the phone on the other side (mail, contact list, messages, upload of photos, etc.) Phone used to come with a set of standard account plugin (Google, Facebook back when they used to have an API, Microsoft Exchange for business settings), and a couple of standard apps (Mail, Camera, Chat, etc.).
The user can install additional plugins to handle additional type of accounts (e.g. anything with a libpurple and/or telepathy plugin can be added as a chat provider to the system chat app).

The main problem of this approach is that most online platforms have aggressively moved away from having open API and on locking you to only be able to perform actions from whithin their APP (e.g.: Facebook shut down their XMPP access, you MUST chat only exclusively from their Messenger app; Slack doesn't expose anything useful), and Android is geared heavily toward this type of interaction (the camera app doesn't handle "Upload to an arbitrary account", instead it opens a list of apps which can use JPEGs).

Efforts like EU's Digital Market Act might help tip the tendency back toward more open platforms.

Comment Dropshipping (Score 3, Insightful) 72

Some of the more brazen Western resellers just source their stuff from the Shein, Temu and AliExpress web sites from the comfort of their home office, sell it to you at a huge markup and don't even bother to take the item out of the Chinese packaging before forwarding it to you.

Dropshipping doesn't involve forwarding parcels.
The parcel never went through the reseller's hand.
It went straight from the Chinese dispatcher to the buyer.

The western reseller is merely a customized front-end shop.

At best, the Chinese themselves could relying on a parcel forwarding service that can split or joins shipment for various taxation reasons.
(e.g.: stuff bought from AliExpress often transits through the Netherlands here in Europe).

Open Source

SerenityOS Creator Is Building an Independent, Standards-First Browser Called 'Ladybird' (thenewstack.io) 40

A year ago, the original creator of SerenityOS posted that "for the past two years, I've been almost entirely focused on Ladybird, a new web browser that started as a simple HTML viewer for SerenityOS." So it became a stand-alone project that "aims to render the modern web with good performance, stability and security." And they're also building a new web engine.

"We are building a brand-new browser from scratch, backed by a non-profit..." says Ladybird's official web site, adding that they're driven "by a web standards first approach." They promise it will be truly independent, with "no code from other browsers" (and no "default search engine" deals).

"We are targeting Summer 2026 for a first Alpha version on Linux and macOS. This will be aimed at developers and early adopters." More from the Ladybird FAQ: We currently have 7 paid full-time engineers working on Ladybird. There is also a large community of volunteer contributors... The focus of the Ladybird project is to build a new browser engine from the ground up. We don't use code from Blink, WebKit, Gecko, or any other browser engine...

For historical reasons, the browser uses various libraries from the SerenityOS project, which has a strong culture of writing everything from scratch. Now that Ladybird has forked from SerenityOS, it is no longer bound by this culture, and we will be making use of 3rd party libraries for common functionality (e.g image/audio/video formats, encryption, graphics, etc.) We are already using some of the same 3rd party libraries that other browsers use, but we will never adopt another browser engine instead of building our own...

We don't have anyone actively working on Windows support, and there are considerable changes required to make it work well outside a Unix-like environment. We would like to do Windows eventually, but it's not a priority at the moment.

"Ladybird's founder Andreas Kling has a solid background in WebKit-based C++ development with both Apple and Nokia,," writes software developer/author David Eastman: "You are likely reading this on a browser that is slightly faster because of my work," he wrote on his blog's introduction page. After leaving Apple, clearly burnt out, Kling found himself in need of something to healthily occupy his time. He could have chosen to learn needlepoint, but instead he opted to build his own operating system, called Serenity. Ladybird is a web project spin-off from this, to which Kling now devotes his time...

[B]eyond the extensive open source politics, the main reason for supporting other independent browser projects is to maintain diverse alternatives — to prevent the web platform from being entirely captured by one company. This is where Ladybird comes in. It doesn't have any commercial foundation and it doesn't seem to be waiting to grab a commercial opportunity. It has a range of sponsors, some of which might be strategic (for example, Shopify), but most are goodwill or alignment-led. If you sponsor Ladybird, it will put your logo on its webpage and say thank you. That's it. This might seem uncontroversial, but other nonprofit organisations also give board seats to high-paying sponsors. Ladybird explicitly refuses to do this...

The Acid3 Browser test (which has nothing whatsoever to do with ACID compliance in databases) is an old method of checking compliance with web standards, but vendors can still check how their products do against a battery of tests. They check compliance for the DOM2, CSS3, HTML4 and the other standards that make sure that webpages work in a predictable way. If I point my Chrome browser on my MacBook to http://acid3.acidtests.org/, it gets 94/100. Safari does a bit better, getting to 97/100. Ladybird reportedly passes all 100 tests.

"All the code is hosted on GitHub," says the Ladybird home page. "Clone it, build it, and join our Discord if you want to collaborate on it!"

Comment The US is not the world (Score 1) 102

You forgot that the US is not the entire world.

Do you have enough lobbying money to keep things like this indefinitely? No?
And the mega-corporation that would benefit the most from having AI-content copyrightable, do they have billions of dollars to throw into lobbying until their wishes become true? Yes?

Not every countries politics boils down to who can throw the most money to a few select oligarchs.

Unlike the US, some countries which call themselves democrarcies ARE actual democracies, in the sense that it's the people (demos) who take decision and exercices power (cratos).
I happen to live in one of those countries which don't limite the entirety of the population influence onto politicis to playing a round of "who wants to be an oligarch" every couple of years, and there are several others around which complements the so called "representative democracy" with various levels actual popular influence.
(see the petition system that exists EU-wide)

That's it then. AI-content WILL become copyrightable. It's not a matter of if, but of when.

Yes, the US might suddenly decide that AI output is copyrightable if the few oligopoly media mega corps throw enough money into politics while at the same time holding against the massive strike which are very likely to errupt against such effort. Everything seems to be on sale to the highest bidder in your country, including politicians.

The rest of the planet will most likely NOT follow this trend.

The only reason that the US has managed in the past to export its very weird copyright laws (such as DMCA) is by bullying the rest of the world under threats of tarrif: signing similar laws was the only way to access free market with the US.
Given that nowadays stupidly high tarrifs with the US will happen anyway, the US lost its only bargaining chip to push completely stupid copyright law onto the rest of the world.

Submission + - Microsoft's cut access to accouts related to the International Criminal Court (techzine.eu)

denisbergeron writes: In February, the United States imposed sanctions on the International Criminal Court (ICC) in The Hague. As a result, Chief Prosecutor Karim Khan has no access to the emails on his Microsoft account. The incident once again demonstrates the risks of dependence on US IT services.

To make matters worse, Khan’s bank accounts have also been frozen, according to the Associated Press. If he takes a flight to the US, he will likely be arrested upon arrival. According to the Associated Press, the ICC has been paralyzed by the forced Microsoft blockade. The conflict between the ICC and the US arose in November, when the former issued an arrest warrant for Israeli Prime Minister Benjamin Netanyahu.

Comment Piracy. (Score 1) 102

When AI can outright replace you, all a strike does is speed up the replacement process.
It is only a matter of time before AI tools replace 99% of the production process. Maybe 99.9%.

And this means that you'll be able to happily torrent, all these without any (copyright) legal recourse from those companies.
Remember: only the output of members of the H. sapiens specie is copyrightable. Not even selfies by apes are. And AI output certainly is NOT.

It means that today you can rip out this sound-bytes and share them freely and remix them. Nobody can sue you for copyright infringement.

When 999% or 99.9% of the production process is AI, it means that more than 90% of a movie or videogame is torrentable without any possibility of being successfully sued for copyright infringement.

Slashdot Top Deals

A businessman is a hybrid of a dancer and a calculator. -- Paul Valery

Working...