ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Thousands of Linux Systems Infected By Stealthy Malware Since 2021

(Saturday October 05, 2024 @03:00AM (msmash) from the security-woes dept.)

A sophisticated malware strain has infected thousands of Linux systems since 2021, [1]exploiting over 20,000 common misconfigurations and a critical Apache RocketMQ vulnerability, researchers at Aqua Security reported. Dubbed Perfctl, the malware employs advanced stealth techniques, including rootkit installation and process name mimicry, to evade detection. It persists through system reboots by modifying login scripts and copying itself to multiple disk locations. Perfctl hijacks systems for cryptocurrency mining and proxy services, while also serving as a backdoor for additional malware. Despite some antivirus detection, the malware's ability to restart after removal has frustrated system administrators.



[1] https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/



Collapse of National Security Elites' Cyber Firm Leaves Bitter Wake (apnews.com)

(Saturday October 05, 2024 @03:00AM (msmash) from the postmortem dept.)

Cybersecurity firm IronNet, founded by former NSA director Keith Alexander, has collapsed after [1]failing to deliver on its promise to revolutionize cyber defense . The company, which went public in 2021 with a $3 billion valuation, [2]shut down in September 2023 after running out of money.

IronNet's downfall has left investors and former employees bitter, with some accusing the company of misleading them about its financial health. "I'm honestly ashamed that I was ever an executive at that company," said Mark Berly, a former IronNet vice president. He said the company's top leaders cultivated a culture of deceit "just like Theranos." Critics point to questionable business practices, subpar products, and associations that potentially exposed the firm to Russian influence. The company's board included high-profile national security figures, which helped attract investments and contracts. However, IronNet struggled to secure major deals and meet revenue projections.



[1] https://apnews.com/article/keith-alexander-ironnet-cybersecurity-nsa-bankruptcy-eddd67f3a1b312face21c29c59400e05

[2] https://it.slashdot.org/story/23/10/02/1934249/ironnet-founded-by-former-nsa-director-shuts-down



Apple Fixes Bug That Let VoiceOver Shout Your Passwords (theregister.com)

(Friday October 04, 2024 @11:30PM (msmash) from the stranger-things dept.)

Apple just fixed a duo of security bugs in iOS 18.0.1 and iPadOS 18.0.1, one of which [1]might cause users' saved passwords to be read aloud . It's hardly an ideal situation for the visually impaired. From a report:

> For those who rely on the accessibility features baked into their iGadgets, namely Apple's VoiceOver screen reader, now is a good time to apply the latest update. In typical Apple fashion, the company hasn't released much in the way of details about the first security issue, tracked as CVE-2024-44204, which makes it tougher to understand the conditions under which this vulnerability could be triggered, or how to avoid it until the update is applied. What we do know is that it was characterized as a logic issue, which Apple rectified by improving validation. The disclosure of the bug comes less than a month after iOS 18 and iPadOS 18 debuted. Ironically, this release included Apple's first native password manager, the Passwords app.



[1] https://www.theregister.com/2024/10/04/apple_voiceover_password_bug/



Antarctica is 'Greening' at Dramatic Rate as Climate Heats

(Friday October 04, 2024 @05:20PM (msmash) from the closer-look dept.)

Plant cover across the Antarctic peninsula has [1]soared more than tenfold over the last few decades, as the climate crisis heats up the icy continent. From a report:

> Analysis of satellite data found there was less than one sq kilometre of vegetation in 1986 but there was almost 12km2 of green cover by 2021. The spread of the plants, mostly mosses, has accelerated since 2016, the researchers found. The growth of vegetation on a continent dominated by ice and bare rock is a sign of the reach of global heating into the Antarctic, which is warming faster than the global average. The scientists warned that this spread could provide a foothold for alien invasive species into the pristine Antarctic ecosystem. Greening has also been reported in the Arctic, and in 2021 rain, not snow, fell on the summit of Greenland's huge ice cap for the first time on record.

>

> "The Antarctic landscape is still almost entirely dominated by snow, ice and rock, with only a tiny fraction colonised by plant life," said Dr Thomas Roland, at the University of Exeter, UK, and who co-led the study. "But that tiny fraction has grown dramatically -- showing that even this vast and isolated wilderness is being affected by human-caused climate change." The peninsula is about 500,000km2 in total. Roland warned that future heating, which will continue until carbon emissions are halted, could bring "fundamental changes to the biology and landscape of this iconic and vulnerable region." The study is [2]published in the journal Nature Geoscience and based on analysis of Landsat images.



[1] https://www.theguardian.com/world/2024/oct/04/antarctic-plant-cover-growing-at-dramatic-rate-as-climate-heats

[2] https://www.nature.com/articles/s41561-024-01564-5



Rivian Now Says It Will Make Fewer Electric Vehicles This Year Than It Did in 2023

(Friday October 04, 2024 @05:20PM (msmash) from the how-about-that dept.)

Rivian said it would make [1]fewer electric vehicles this year than it did in 2023, resulting from a parts shortage. From a report:

> The news came as the company reported third quarter production and delivery numbers that came in below analyst expectations. Rivian says it expects to produce between 47,000 and 49,000 vehicles this year, down from the 57,000 vehicles it originally forecast. That number was flat from the previous year, when the company produced 57,232 vehicles and delivered 50,122. Rivian said the disruption is due to "a shortage of a shared component on the R1 and RCV platforms," referencing the company's R1T and R1S vehicles, as well as its commercial van platform. "This supply shortage impact began in Q3 of this year, has become more acute in recent weeks and continues," the company added.



[1] https://www.theverge.com/2024/10/4/24261908/rivian-q3-production-delivery-forecast-supply-shortage



Tencent, Guillemot Family Mull Ubisoft Buyout Amid Share Slump (yahoo.com)

(Friday October 04, 2024 @05:20PM (msmash) from the shape-of-things-to-come dept.)

Tencent and Ubisoft's founding Guillemot family are [1]weighing a potential buyout of the French game maker, according to Bloomberg News. The move comes as Ubisoft's shares [2]plunged 54% this year , hitting decade-lows after production delays and weak sales. Tencent, which bought 49.9% of Guillemot Brothers in 2022, holds 9.2% of Ubisoft's voting rights, while the Guillemots control 20.5%.

Further reading : [3]Star Wars Outlaws Is A Crappy Masterpiece .



[1] https://finance.yahoo.com/news/tencent-guillemot-family-said-consider-134712826.html

[2] https://slashdot.org/story/24/10/01/203230/ubisoft-investors-push-for-company-sale-as-shares-hit-decade-low

[3] https://entertainment.slashdot.org/story/24/09/03/1014230/star-wars-outlaws-is-a-crappy-masterpiece



159 Employees Leave Automattic as WordPress CEO Escalates Fight With WP Engine (techcrunch.com)

(Friday October 04, 2024 @05:20PM (msmash) from the escalating-tensions dept.)

Automattic, the company behind WordPress, has [1]seen a reduction of about 8.4% to its workforce after 159 employees accepted severance packages, CEO Matt Mullenweg said. The move follows disputes over the company's direction and its [2]clash with web host WP Engine . Most departures hit the WordPress division, with some from other business units. Employees received $30,000 or six months' pay, but are ineligible for rehire, Mullenweg added.



[1] https://techcrunch.com/2024/10/04/159-employees-are-leaving-automattic-as-ceos-fight-with-wp-engine-escalates/

[2] https://yro.slashdot.org/story/24/10/03/1354214/wp-engine-sues-wordpress-for-libel-extortion



Cloudflare Defeats Patent Troll (cloudflare.com)

(Friday October 04, 2024 @05:20PM (msmash) from the major-victory dept.)

Cloudflare has [1]emerged victorious in a patent infringement lawsuit against Sable Networks, securing a $225,000 settlement and forcing the patent holder to dedicate its entire portfolio to the public domain. The case, which began in March 2021 with Sable asserting nearly 100 claims across four patents, concluded after a Texas jury found Cloudflare [2]not guilty of infringement in February 2024 .

Sable, described by Cloudflare as a "patent troll," had previously sued several tech companies, including Cisco and Juniper Networks, who settled out of court. Cloudflare's aggressive defense strategy included launching Project Jengo, a crowd-sourced initiative to invalidate Sable's patents. The settlement prevents Sable from asserting these patents against any other company in the future, marking a significant blow to patent trolling practices in the tech industry. In a blog post, Cloudflare adds:

> While this $225,000 can't fully compensate us for the time, energy and frustration of having to deal with this litigation for nearly three years, it does help to even the score a bit. And we hope that it sends an important message to patent trolls everywhere to beware before taking on Cloudflare.



[1] https://blog.cloudflare.com/patent-troll-sable-pays-up/

[2] https://yro.slashdot.org/story/24/02/13/1654247/cloudflare-defeats-another-patent-troll-with-crowd-sourced-prior-art-army



AI Agent Promotes Itself To Sysadmin, Trashes Boot Sequence

(Friday October 04, 2024 @05:20PM (BeauHD) from the mind-of-its-own dept.)

The Register's Thomas Claburn reports:

> Buck Shlegeris, CEO at Redwood Research, a nonprofit that explores the risks posed by AI, recently learned an amusing but hard lesson in automation when he [1]asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine . "I expected the model would scan the network and find the desktop computer, then stop," Shlegeris explained to The Register via email. "I was surprised that after it found the computer, it decided to continue taking actions, first examining the system and then deciding to do a software update, which it then botched." Shlegeris documented the incident in a social media [2]post .

>

> He created his AI agent himself. It's a Python wrapper consisting of a few hundred lines of code that allows Anthropic's powerful large language model Claude to generate some commands to run in bash based on an input prompt, run those commands on Shlegeris' laptop, and then access, analyze, and act on the output with more commands. Shlegeris directed his AI agent to try to SSH from his laptop to his desktop Ubuntu Linux machine, without knowing the IP address [...]. As [3]a log of the incident indicates, the agent tried to open an SSH connection, and failed. So Shlegeris tried to correct the bot. [...]

>

> The AI agent responded it needed to know the IP address of the device, so it then turned to the network mapping tool nmap on the laptop to find the desktop box. Unable to identify devices running SSH servers on the network, the bot tried other commands such as "arp" and "ping" before finally establishing an SSH connection. No password was needed due to the use of SSH keys; the user buck was also a sudoer, granting the bot full access to the system. Shlegeris's AI agent, once it was able to establish a secure shell connection to the Linux desktop, then decided to play sysadmin and install a series of updates using the package manager Apt. Then things went off the rails.

>

> "It looked around at the system info, decided to upgrade a bunch of stuff including the Linux kernel, got impatient with Apt and so investigated why it was taking so long, then eventually the update succeeded but the machine doesn't have the new kernel so edited my Grub [bootloader] config," Buck explained in his post. "At this point I was amused enough to just let it continue. Unfortunately, the computer no longer boots." Indeed, the bot got as far as messing up the boot configuration, so that following a reboot by the agent for updates and changes to take effect, the desktop machine wouldn't successfully start.



[1] https://www.theregister.com/2024/10/02/ai_agent_trashes_pc/

[2] https://x.com/bshlgrs/status/1840577720465645960

[3] https://gist.github.com/bshlgrs/57323269dce828545a7edeafd9afa7e8



Cheetos Food Dye Turns Mice Transparent (nypost.com)

(Friday October 04, 2024 @05:20PM (BeauHD) from the puff-piece dept.)

Researchers have discovered that a popular food dye used in Cheetos " [1]alters the optical qualities of skin, allowing light to pass through (Source paywalled; [2]alternative source )," according to the Wall Street Journal. Larger doses of the dye used on humans could make searching veins for blood draw easier. From a report:

> Tartrazine, the yellowing agent for the "dangerously cheesy" snack, was tested on the stomachs and heads of mice -- with surprising results. Researchers were even able to see muscle pulsations and blood vessels in their brains, the Wall Street Journal reported.

>

> How does this ultimate magic trick work? It has to do with how cells are comprised of membranes that hold fats in a watery style, the outlet stated. The fats and water manage light differently. In this case, when the dye is applied, it causes light to pass through when it hits their cells. Thus, ta-da! the transparent opacity of invisible mice skin.

The findings have been [3]published in the journal Science .



[1] https://www.wsj.com/science/biology/cheetos-food-coloring-turns-mice-transparent-ba3e9315

[2] https://nypost.com/2024/10/03/lifestyle/cheetos-food-coloring-turns-mice-skin-transparent-study/

[3] https://www.science.org/doi/10.1126/science.adr7935



23andMe Is On the Brink. What Happens To All Its DNA Data? (npr.org)

(Friday October 04, 2024 @11:24AM (BeauHD) from the genetic-uncertainty dept.)

The one-and-done nature of 23andMe is "indicative of a core business problem with the once high-flying biotech company that is now [1]teetering on the brink of collapse ," reports NPR. As 23andMe struggles for survival, many of its 15 million customers are left wondering [2]what the company plans to do with all the data it has collected since it was founded in 2006. An anonymous reader shares an excerpt from the report:

> Andy Kill, a spokesperson for 23andMe, would not comment on what the company might do with its trove of genetic data beyond general pronouncements about its commitment to privacy. "For our customers, our focus continues to be on transparency and choice over how they want their data to be managed," he said. When signing up for the service, about 80% of 23andMe's customers have opted in to having their genetic data analyzed for medical research. "This rate has held steady for many years," Kill added. The company has an agreement with pharmaceutical giant GlaxoSmithKline, or GSK, that allows the drugmaker to tap the tech company's customer data to develop new treatments for disease. Anya Prince, a law professor at the University of Iowa's College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist. For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm. "HIPAA does not protect data that's held by direct-to-consumer companies like 23andMe," she said.

>

> Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information. "If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws," said Prince. According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data. "I couldn't go to GSK and say, 'Hey, my sample was given to you -- I want that taken out -- if it was anonymized, right? Because they're not going to re-identify it just to pull it out of the database," Prince said.

>

> Vera Eidelman, a staff attorney with the American Civil Liberties Union who specializes in privacy and technology policy, said the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement. "Having to rely on a private company's terms of service or bottom line to protect that kind of information is troubling -- particularly given the level of interest we've seen from government actors in accessing such information during criminal investigations," Eidelman said. She points to how investigators [3]used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by [4]turning to similar databases of genetic profiles . "This has happened without people's knowledge, much less their express consent," Eidelman said.

>

> Neither case relied on 23andMe, and spokesperson Kill said the company does not allow law enforcement to search its database. The company has, however, received subpoenas to access its genetic information. According to 23andMe's transparency report, authorities have sought genetic data on 15 individuals since 2015, but the company has resisted the requests and never produced data for investigators. "We treat law enforcement inquiries, such as a valid subpoena or court order, with the utmost seriousness. We use all legal measures to resist any and all requests in order to protect our customers' privacy," Kill said. [...] In [5]a September filing to financial regulators, [23andMe CEO Anne Wojcicki] wrote: "I remain committed to our customers' privacy and pledge," meaning the company's rules requiring consent for DNA to be used for research would remain in place, as well as allowing customers to delete their data. Wojcicki added that she is no longer considering offers to buy the company after previously saying she was.



[1] https://slashdot.org/story/24/01/31/1532255/23andmes-fall-from-6-billion-to-nearly-0

[2] https://www.npr.org/2024/10/03/g-s1-25795/23andme-data-genetic-dna-privacy

[3] https://yro.slashdot.org/story/18/04/26/2330210/genealogy-websites-were-key-to-big-break-in-golden-state-killer-case

[4] https://www.nbcnews.com/news/crime-courts/genetic-genealogy-used-link-bryan-kohberger-suspect-idaho-slayings-cri-rcna90344

[5] https://investors.23andme.com/node/9961/html



Fly Brain Breakthrough 'Huge Leap' To Unlock Human Mind (bbc.com)

(Friday October 04, 2024 @11:24AM (BeauHD) from the technological-feats dept.)

[1]fjo3 shares a report from the BBC:

> They can walk, hover and the males can even sing love songs to woo mates -- all this with a brain that's tinier than a pinhead. Now for the first time scientists researching the brain of a fly have [2]identified the position, shape and connections of every single one of its 130,000 cells and 50 million connections . It's the most detailed analysis of the brain of an adult animal ever produced. One leading brain specialist independent of the new research described the breakthrough as a "huge leap" in our understanding of our own brains. One of the research leaders said it would shed new light into âoethe mechanism of thought." [...]

>

> The images the scientists have produced, which have been [3]published in the journal Nature , show a tangle of wiring that is as beautiful as it is complex. Its shape and structure holds the key to explaining how such a tiny organ can carry out so many powerful computational tasks. Developing a computer the size of a poppy seed capable of all these tasks is way beyond the ability of modern science. Dr Mala Murthy, another of the projectâ(TM)s co-leaders, from Princeton University, said the new wiring diagram, known scientifically as a connectome, would be âoetransformative for neuroscientists." [...] The researchers have been able to identify separate circuits for many individual functions and show how they are connected. The wires involved with movement for example are at the base of the brain, whereas those for processing vision are towards the side. There are many more neurons involved in the latter because seeing requires much more computational power. While scientists already knew about the separate circuits they did not know how they were connected together.

Anyone can view and download the fly connectome [4]here .



[1] https://slashdot.org/~fjo3

[2] https://www.bbc.com/news/articles/c0lw0nxw71po

[3] https://www.nature.com/articles/s41586-024-07686-5

[4] https://flywire.ai/



OpenAI Launches New 'Canvas' ChatGPT Interface Tailored To Writing and Coding Projects

(Friday October 04, 2024 @11:24AM (BeauHD) from the new-and-improved dept.)

OpenAI has introduced " [1]canvas ," a new interface for ChatGPT that [2]provides a separate workspace for writing and coding projects . "Canvas is rolling out in beta to ChatGPT Plus and Teams users on Thursday, and Enterprise and Edu users next week," reports TechCrunch. "Once canvas is out of beta, OpenAI says it plans to offer the feature to free users as well." From the report:

> In our demo, [OpenAI product manager Daniel Levine] had to select "GPT-4o with canvas" from ChatGPT's model picker drop down window. However, OpenAI says canvas windows will just pop out when ChatGPT detects a separate workspace could be helpful, say for longer outputs or complex coding tasks. You can also just write "use canvas" to automatically open a project window. Levine showed TechCrunch how ChatGPT's new features could help write an email. Users can prompt ChatGPT to generate an email, which will then pop out in the canvas window. Then users can toggle a slider to adjust the length of the writing to be shorter or longer. You can also highlight specific sentences, and ask ChatGPT to make changes such as "make this sound friendlier," or add emojis. Users can also ask ChatGPT to rewrite the whole email as-is in another language.

>

> The features for the coding canvas are slightly different. Levine prompted ChatGPT to create an API web server in Python, which spawned in the canvas window. By pressing an "add comments" button, ChatGPT will add in-line documentation to explain the code in plain English. Further, if you highlight a section of code that ChatGPT created, you can ask the chatbot to explain it to you, or ask questions about it. ChatGPT is also getting a new "review code" button, which will suggest specific edits for the code in the window, whether generated or user-written, for them to approve, edit themselves, or decline. If they press approve, ChatGPT will take a stab at fixing the bugs itself.



[1] https://openai.com/index/introducing-canvas/

[2] https://techcrunch.com/2024/10/03/openai-launches-new-canvas-chatgpt-interface-tailored-to-writing-and-coding-projects/



Mystery Creator of Bitcoin Identified, New HBO Documentary Claims (politico.eu)

(Friday October 04, 2024 @11:24AM (BeauHD) from the here-we-go-again dept.)

A new HBO documentary directed by Emmy-nominated filmmaker Cullen Hoback claims to have [1]revealed the true identity of the pseudonymous creator of Bitcoin , Satoshi Nakamoto. As Politico notes, Hoback "drew critical acclaim for his series 'Q: Into the Storm' that exposed the authors of the QAnon conspiracy theory." The bitcoin documentary is scheduled to air next Wednesday at 2 a.m. CET (Tuesday at 9 p.m. EST). From the report:

> [T]he exposure of Satoshi as its alleged creator threatens to raise some huge questions, not least his potential complicity in crimes that have featured Bitcoin use. It could also establish him as one of the world's richest people: Satoshi himself is estimated to control about 1.1 million Bitcoin, but it's unclear if he still has access to the cryptographic keys to the fortune. If he did, this would put his net worth at $66 billion at current valuations. Intriguingly, as the date for the airing of the documentary has drawn near, a number of high-value wallets from the "Satoshi era" have become active for the first time since 2009.

>

> According to Bitcoin Magazine, around 250 bitcoins -- worth approximately $15 million at Thursday's bitcoin rate of $60,754 to the dollar -- were drained from wallets in the past two weeks. While the coins are not officially linked to wallets used by Satoshi Nakamoto, they have been dormant since the earliest days of Bitcoin, when the cryptocurrency was worth almost nothing. The wallets' creators would certainly have been Satoshi's earliest collaborators. Satoshi Nakamoto's [2]true identity remains one of the biggest mysteries of recent years.



[1] https://politico.eu/article/mystery-creator-bitcoin-identified-new-hbo-documentary-satoshi-nakamoto-crypto-currency/

[2] https://slashdot.org/story/20/11/24/1510213/new-research-suggests-satoshi-nakamoto-lived-in-london-while-working-on-bitcoin



A Single Cloud Compromise Can Feed an Army of AI Sex Bots (krebsonsecurity.com)

(Friday October 04, 2024 @11:24AM (BeauHD) from the behind-the-scenes dept.)

An anonymous reader quotes a report from KrebsOnSecurity:

> Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: [1]Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services . Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub.

>

> Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. But they also soon discovered none of these AWS users had enabled logging (it is off by default), and thus they lacked any visibility into what attackers were doing with that access. So Permiso researchers decided to leak their own test AWS key on GitHub, while turning on logging so that they could see exactly what an attacker might ask for, and what the responses might be. Within minutes, their bait key was scooped up and used in a service that offers AI-powered sex chats online.

>

> "After reviewing the prompts and responses it became clear that the attacker was hosting an AI roleplaying service that leverages common jailbreak techniques to get the models to accept and respond with content that would normally be blocked," Permiso researchers wrote in a report [2]released today. "Almost all of the roleplaying was of a sexual nature, with some of the content straying into darker topics such as child sexual abuse," they continued. "Over the course of two days we saw over 75,000 successful model invocations, almost all of a sexual nature."



[1] https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/

[2] https://permiso.io/blog/exploiting-hosted-models



Cloudflare Blocks Largest Recorded DDoS Attack Peaking At 3.8Tbps (bleepingcomputer.com)

(Friday October 04, 2024 @11:24AM (BeauHD) from the nice-job dept.)

BleepingComputer's Ionut Ilascu reports:

> During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks [1]peaked at 3.8 terabits per second , the largest publicly recorded to date. The assault consisted of a "month-long" barrage of more than 100 hyper-volumetric DDoS attacks flooding the network infrastructure with garbage data. In a volumetric DDoS attack, the target is overwhelmed with large amounts of data to the point that they consume the bandwidth or exhaust the resources of applications and devices, leaving legitimate users with no access.

>

> Many of the attacks aimed at the target's network infrastructure (network and transport layers L3/4) exceeded two billion packets per second (pps) and three terabits per second (Tbps). According to researchers at internet infrastructure company Cloudflare, the infected devices were spread across the globe but many of them were located in Russia, Vietnam, the U.S., Brazil, and Spain. The threat actor behind the campaign leveraged multiple types of compromised devices, which included a large number of Asus home routers, Mikrotik systems, DVRs, and web servers. Cloudflare mitigated all the DDoS attacks autonomously and [2]noted that the one peaking at 3.8 Tbps lasted 65 seconds.



[1] https://www.bleepingcomputer.com/news/security/cloudflare-blocks-largest-recorded-ddos-attack-peaking-at-38tbps/

[2] https://blog.cloudflare.com/how-cloudflare-auto-mitigated-world-record-3-8-tbps-ddos-attack/



Senator Calls Out John Deere For Clean Air Act Violations, Blocking Farmer Repairs (substack.com)

(Friday October 04, 2024 @11:24AM (BeauHD) from the called-out dept.)

"The Fight to Repair Newsletter is reporting that U.S. Senator Elizabeth Warren is calling out agricultural equipment giant John Deere for [1]possible violations of the federal Clean Air Act and a years-long pattern of thwarting owners' ability to repair their farm equipment ," writes longtime Slashdot reader [2]chicksdaddy . From the report:

> Deere "appears to be evading its responsibilities under the Clean Air Act to grant customers the right to repair their own agricultural equipment." That is costing farmers an estimated $4.2 billion annually "causing them to miss key crop windows on which their businesses and livelihoods rely," Warren wrote in a letter (https://www.theverge.com/2024/10/3/24260513/john-deere-right-to-repair-elizabeth-warren-clean-air-act) dated October 2nd. The [3]letter from Warren (PDF), a Senator from Massachusetts and strong repair advocate, is just the latest volley lobbed at Illinois-based Deere, an iconic American brand and the largest supplier of agricultural equipment to farms in the U.S. Deere controls [4]an estimated 53 percent of the U.S. market for large tractors and 60 percent of the U.S. market for farm combines.

>

> In recent weeks, Deere faced criticism, [5]including from Republican presidential candidate Donald Trump , after [6]laying off close to 2,000 U.S. based employees at facilities in Iowa and Illinois, moving many of those jobs to facilities in Mexico. The company has also been [7]repeatedly called out for complicating repair and service of its farm equipment -- often relying on software locks and digital rights management to force farmers to use Deere dealers and authorized service providers for even the simplest repairs.



[1] https://fighttorepair.substack.com/p/senator-calls-out-deere-for-clean?triedRedirect=true

[2] https://slashdot.org/~chicksdaddy

[3] https://cdn.vox-cdn.com/uploads/chorus_asset/file/25655376/Final___Warren_Letter_to_John_Deere_re._Right_to_Repair.pdf

[4] https://www.economicliberties.us/our-work/cheat-to-win-the-john-deere-story

[5] https://www.reddit.com/r/LouisRossmann/comments/1ft37fj/1_minute_ago_trump_just_destroyed_john_deere_again/

[6] https://www.dtnpf.com/agriculture/web/ag/equipment/article/2024/07/24/deere-lays-undisclosed-number

[7] https://pirg.org/arizona/resources/deere-in-the-headlights-ii-2/



Judge Blocks California's New AI Law In Case Over Kamala Harris Deepfake (techcrunch.com)

(Friday October 04, 2024 @11:24AM (BeauHD) from the green-light-red-light dept.)

An anonymous reader quotes a report from TechCrunch:

> A federal judge [1]blocked one of California's new AI laws on Wednesday , less than two weeks after it was signed by Governor Gavin Newsom. Shortly after signing AB 2839, Newsom suggested it could be used to force Elon Musk to take down an AI deepfake of Vice President Kamala Harris he had reposted (sparking a petty online battle between the two). However, a California judge just ruled the state can't force people to take down election deepfakes -- not yet, at least. AB 2839 targets the distributors of AI deepfakes on social media, specifically if their post resembles a political candidate and the poster knows it's a fake that may confuse voters. The law is unique because it does not go after the platforms on which AI deepfakes appear, but rather those who spread them. AB 2839 empowers California judges to order the posters of AI deepfakes to take them down or potentially face monetary penalties.

>

> Perhaps unsurprisingly, the original poster of that AI deepfake -- an X user named Christopher Kohls -- [2]filed a lawsuit to block California's new law as unconstitutional just a day after it was signed. Kohls' lawyer wrote in a complaint that the deepfake of Kamala Harris is satire that should be protected by the First Amendment. On Wednesday, United States district judge John Mendez sided with Kohls. Mendez ordered a preliminary injunction to temporarily block California's attorney general from enforcing the new law against Kohls or anyone else, with the exception of audio messages that fall under AB 2839. [...] In essence, he ruled the law is simply too broad as written and could result in serious overstepping by state authorities into what speech is permitted or not.



[1] https://techcrunch.com/2024/10/02/judge-blocks-californias-new-ai-law-in-case-over-kamala-harris-deepfake-musk-reposted/

[2] https://yro.slashdot.org/story/24/09/19/2128243/creator-of-kamala-harris-parody-video-sues-california-over-election-deepfake-ban



Microsoft Pulls Plug on Mixed Reality in New Windows 11 Update

(Friday October 04, 2024 @11:24AM (msmash) from the reality-check dept.)

Microsoft has [1]discontinued Windows Mixed Reality support in its [2]latest Windows 11 update , rendering a number of VR headsets obsolete. The move, reported by UploadVR, affects devices from major manufacturers. An estimated 80,000 users will lose access to their headsets upon upgrading to Windows 11 24H2. UploadVR adds:

> Despite the name, all Windows MR headsets were actually VR-only, and are compatible with most SteamVR content via Microsoft's SteamVR driver. The first Windows MR headsets arrived in late 2017 from Acer, Asus, Dell, HP, Lenovo, and Samsung, aiming to compete with the Oculus Rift and HTC Vive that had launched a year earlier. They were the first consumer VR products to deliver inside-out positional tracking, for both the headset and controllers.

>

> All the original Windows MR OEMs except Samsung used the same cheap fixed panels LCD design with fixed lenses, while the Samsung Odyssey had IPD adjustment and OLED panels - the same OLED panels that would be featured in HTC Vive Pro and Oculus Quest a year and a half later. Even though the LCD headsets were sold for as low as $200 at times, and even though Samsung offered (for the time) high-resolution OLED panels, Windows MR headsets failed to ever reach widespread adoption amongst PC VR gamers. On the Steam Hardware Survey Windows MR peaked at around 10% of SteamVR usage share in 2019, and now sits around 3.5%.

The move follows Microsoft recently [3]discontinuing the HoloLens 2 .



[1] https://www.uploadvr.com/windows-11-24h2-kills-windows-mr-support/

[2] https://tech.slashdot.org/story/24/10/01/1834231/windows-11-24h2-the-biggest-update-in-two-years-starts-rolling-out

[3] https://tech.slashdot.org/story/24/10/01/1716229/microsoft-is-discontinuing-hololens-2-with-no-replacement



Mozilla Releases Firefox 131 With Tab Preview and Text-Specific Links

(Friday October 04, 2024 @06:00AM (msmash) from the moving-forward dept.)

Mozilla has [1]released Firefox 131 for multiple platforms, addressing security vulnerabilities and introducing some new features. The update fixes at least seven high-risk security issues, none reportedly exploited in the wild. New features include Tab Preview, which displays thumbnails and details when hovering over background tabs, and temporary location permission storage. Firefox now also supports URL fragment text directives, allowing users to link to specific text passages on web pages.



[1] https://www.mozilla.org/en-US/firefox/131.0/releasenotes/



More

Yow! Did something bad happen or am I in a drive-in movie??