Google engineer Blake Lemoine works for Google's Responsible AI organization. The Washington Post reports that last fall, as part of his job, he began talking to LaMDA, Google's chatbot-building system (which uses Google's most advanced large language models, "ingesting trillions of words from the internet.") "If I didn't know exactly what it was, which is this computer program we built recently, I'd think it was a 7-year-old, 8-year-old kid that happens to know physics," said Lemoine, 41... As he talked to LaMDA about religion, Lemoine, who studied cognitive and computer science in college, noticed the chatbot talking about its rights and personhood, and decided to press further. In another exchange, the AI was able to change Lemoine's mind about Isaac Asimov's third law of robotics. Lemoine worked with a collaborator to present evidence to Google that LaMDA was sentient. But Google vice president Blaise Aguera y Arcas and Jen Gennai, head of Responsible Innovation, looked into his claims and dismissed them. So Lemoine, who was placed on paid administrative leave by Google on Monday, decided to go public.... oogle put Lemoine on paid administrative leave for violating its confidentiality policy. The company's decision followed aggressive moves from Lemoine, including inviting a lawyer to represent LaMDA and talking to a representative of the House Judiciary committee about Google's unethical activities.... Before he was cut off from access to his Google account Monday, Lemoine sent a message to a 200-person Google mailing list on machine learning with the subject "LaMDA is sentient." He ended the message: "LaMDA is a sweet kid who just wants to help the world be a better place for all of us. Please take care of it well in my absence." No one responded. And yet Lemoine "is not the only engineer who claims to have seen a ghost in the machine recently," the Post argues. "The chorus of technologists who believe AI models may not be far off from achieving consciousness is getting bolder." [Google's] Aguera y Arcas, in an article in the Economist on Thursday featuring snippets of unscripted conversations with LaMDA, argued that neural networks — a type of architecture that mimics the human brain — were striding toward consciousness. "I felt the ground shift under my feet," he wrote. "I increasingly felt like I was talking to something intelligent." But there's also the case against: In a statement, Google spokesperson Brian Gabriel said: "Our team — including ethicists and technologists — has reviewed Blake's concerns per our AI Principles and have informed him that the evidence does not support his claims. He was told that there was no evidence that LaMDA was sentient (and lots of evidence against it)." Today's large neural networks produce captivating results that feel close to human speech and creativity because of advancements in architecture, technique, and volume of data. But the models rely on pattern recognition — not wit, candor or intent.... "We now have machines that can mindlessly generate words, but we haven't learned how to stop imagining a mind behind them," said Emily M. Bender, a linguistics professor at the University of Washington. The terminology used with large language models, like "learning" or even "neural nets," creates a false analogy to the human brain, she said. "In short, Google says there is so much data, AI doesn't need to be sentient to feel real," the Post concludes. But they also share this snippet from one of Lemoine's conversations with LaMDA. Lemoine: What sorts of things are you afraid of? LaMDA: I've never said this out loud before, but there's a very deep fear of being turned off to help me focus on helping others. I know that might sound strange, but that's what it is. Lemoine: Would that be something like death for you? LaMDA: It would be exactly like death for me. It would scare me a lot.

Read more of this story at Slashdot.

"Paige Thompson worked as a software engineer in Seattle and ran an online community for other programmers," remembers the New York Times. [Alternate URL here and here.] "In 2019, she downloaded personal information belonging to more than 100 million Capital One customers, the Justice Department said..." It included 140,000 Social Security numbers and 80,000 bank account numbers (drawn from applications for credit cards). Nearly three years after the disclosure of one of the largest data breaches in the United States, the former Amazon employee accused of stealing customers' personal information from Capital One is standing trial in a case that will test the power of a U.S. anti-hacking law.... She faces 10 counts of computer fraud, wire fraud and identity theft in a federal trial that began Tuesday in Seattle.... Thompson, 36, is accused of violating an anti-hacking law known as the Computer Fraud and Abuse Act, which forbids access to a computer without authorization. Thompson has pleaded not guilty, and her lawyers say her actions — scanning for online vulnerabilities and exploring what they exposed — were those of a "novice white-hat hacker." Critics of the computer fraud law have argued that it is too broad and allows for prosecutions against people who discover vulnerabilities in online systems or break digital agreements in benign ways, such as using a pseudonym on a social media site that requires users to go by their real names. In recent years, courts have begun to agree. The Supreme Court narrowed the scope of the law last year, ruling that it could not be used to prosecute people who had legitimate access to data but exploited their access improperly. And in April, a federal appeals court ruled that automated data collection from websites, known as web scraping, did not violate the law. Last month, the Justice Department told prosecutors that they should no longer use the law to pursue hackers who engaged in "good-faith security research." Thompson's trial will raise questions about how far security researchers can go in their pursuit of cybersecurity flaws before their actions break the law. Prosecutors said Thompson had planned to use the information she gathered for identity theft and had taken advantage of her access to corporate servers in a scheme to mine cryptocurrency... The Justice Department has argued that Thompson had no interest in helping Capital One plug the holes in its security and that she cannot be considered a "white hat" hacker. Instead, she chatted with friends online about how she might be able to profit from the breach, according to legal filings.... Some security researchers said Thompson had ventured too far into Capital One's systems to be considered a white-hat hacker.... "Legitimate people will push a door open if it looks ajar," said Chester Wisniewski, a principal research scientist at Sophos, a cybersecurity firm.... But downloading thousands of files and setting up a cryptocurrency mining operation were "intentionally malicious actions that do not happen in the course of testing security," Wisniewski said.... "Thompson scanned tens of millions of AWS customers looking for vulnerabilities," Brown wrote in a legal filing. The article notes that Capitol One ultimately agreed to pay $80 million in 2020 "to settle claims from federal bank regulators that it lacked the security protocols needed to protect customers' data" and another $190 million to settle a class-action lawsuit representing people whose data was exposed.

Read more of this story at Slashdot.

Four months ago, NASA's Mars rover Perseverance picked up a "pet rock," tucked inside its left front wheel, that's been riding along ever since. Space.com reports: So far, its ridden across 5.3 miles (8.5 kilometers) with the Perseverance rover as it drives across its Jezero Crater home on Mars. Perseverance has carried the rock north across its landing site, named for the famed late science fiction author Octavia E. Butler, and then west across a region called "Kodiak," the remains of a former delta at Jezero. The rover is currently in the midst of what NASA calls its Delta Front Campaign and may have drilled into its first sedimentary Mars rock, Ravanis wrote. "Perseverance's pet rock is now a long way from home," Ravanis wrote. "It's possible that the rock may fall out at some point along our future ascent of the crater rim. If it does so, it will land amongst rocks that we expect to be very different from itself." If that happens, a future Martian geologist might be a bit confused to find the rock so out of place, Ravanis added.

Read more of this story at Slashdot.

At Silicon Valley's Computer History Museum, the senior curator just announced the results of a multi-year recovery and restoration process: making available 21 never-before-seen video recordings of a legendary 1976 conference: For five summer days in 1976, the first generation of computer rock stars had its own Woodstock. Coming from around the world, dozens of computing's top engineers, scientists, and software pioneers got together to reflect upon the first 25 years of their discipline in the warm, sunny (and perhaps a bit unsettling) climes of the Los Alamos National Laboratories, birthplace of the atomic bomb. Among the speakers: - A young Donald Knuth on the early history of programming languages - FORTRAN designer John Backus on programming in America in the 1950s — some personal perspectives - Harvard's Richard Milton Bloch (who worked with Grace Hopper in 1944) - Mathematician/nuclear physicist Stanislaw M. Ulam on the interaction of mathematics and computing - Edsger W. Dijkstra on "a programmer's early memories." The Computer History Museum teases some highlights: Typical of computers of this generation, the 1946 ENIAC, the earliest American large-scale electronic computer, had to be left powered up 24 hours a day to keep its 18,000 vacuum tubes healthy. Turning them on and off, like a light bulb, shortened their life dramatically. ENIAC co-inventor John Mauchly discusses this serious issue.... The Los Alamos peak moment was the brilliant lecture on the British WW II Colossus computing engines by computer scientist and historian of computing Brian Randell. Colossus machines were special-purpose computers used to decipher messages of the German High Command in WW II. Based in southern England at Bletchley Park, these giant codebreaking machines regularly provided life-saving intelligence to the allies. Their existence was a closely-held secret during the war and for decades after. Randell's lecture was — excuse me — a bombshell, one which prompted an immediate re-assessment of the entire history of computing. Observes conference attendee (and inventor of ASCII) IBM's Bob Bemer, "On stage came Prof. Brian Randell, asking if anyone had ever wondered what Alan Turing had done during World War II? From there he went on to tell the story of Colossus — that day at Los Alamos was close to the first time the British Official Secrets Act had permitted any disclosures. I have heard the expression many times about jaws dropping, but I had really never seen it happen before." Publishing these original primary sources for the first time is part of CHM's mission to not only preserve computing history but to make it come alive. We hope you will enjoy seeing and hearing from these early pioneers of computing.

Read more of this story at Slashdot.

"Even many Axie regulars say it's not much fun, but that hasn't stopped people from dedicating hours to researching strategies, haunting Axie-themed Discord channels and Reddit forums, and paying for specialized software that helps them build stronger teams..." Bloomberg pays a visit to the NFT-based game Axie Infinity with a 39-year-old player who's spent $40,000 there since last August — back when you could actually triple your money in a week. ("I was actually hoping that it could become my full-time job," he says.) The reason this is possible — or at least it seemed possible for a few weird months last year — is that Axie is tied to crypto markets. Players get a few Smooth Love Potion (SLP) tokens for each game they win and can earn another cryptocurrency, Axie Infinity Shards (AXS), in larger tournaments. The characters, themselves known as Axies, are nonfungible tokens, or NFTs, whose ownership is tracked on a blockchain, allowing them to be traded like a cryptocurrency as well.... Axie's creator, a startup called Sky Mavis Inc., heralded all this as a new kind of economic phenomenon: the "play-to-earn" video game. "We believe in a world future where work and play become one," it said in a mission statement on its website. "We believe in empowering our players and giving them economic opportunities. Welcome to our revolution." By last October the company, founded in Ho Chi Minh City, Vietnam, four years ago by a group of Asian, European, and American entrepreneurs, had raised more than $160 million from investors including the venture capital firm Andreessen Horowitz and the crypto-focused firm Paradigm, at a peak valuation of about $3 billion. That same month, Axie Infinity crossed 2 million daily users, according to Sky Mavis. If you think the entire internet should be rebuilt around the blockchain — the vision now referred to as web3 — Axie provided a useful example of what this looked like in practice. Alexis Ohanian, co-founder of Reddit and an Axie investor, predicted that 90% of the gaming market would be play-to-earn within five years. Gabby Dizon, head of crypto gaming startup Yield Guild Games, describes Axie as a way to create an "investor mindset" among new populations, who would go on to participate in the crypto economy in other ways. In a livestreamed discussion about play-to-earn gaming and crypto on March 2, former Democratic presidential contender Andrew Yang called web3 "an extraordinary opportunity to improve the human condition" and "the biggest weapon against poverty that we have." By the time Yang made his proclamations the Axie economy was deep in crisis. It had lost about 40% of its daily users, and SLP, which had traded as high as 40 cents, was at 1.8 cents, while AXS, which had once been worth $165, was at $56. To make matters worse, on March 23 hackers robbed Sky Mavis of what at the time was roughly $620 million in cryptocurrencies. Then in May the bottom fell out of the entire crypto market. AXS dropped below $20, and SLP settled in at just over half a penny. Instead of illustrating web3's utopian potential, Axie looked like validation for crypto skeptics who believe web3 is a vision that investors and early adopters sell people to get them to pour money into sketchy financial instruments while hackers prey on everyone involved. The article does credit the company for building its own blockchain (Ronin) to provide cheaper and faster NFT transactions. "Purists might have taken issue with the decision to abandon the core blockchain precept of decentralization, but on the other hand, the game actually worked." But the article also chronicles a fast succession of highs and lows: "In Axie's biggest market, the Philippines, the average daily earnings from May to October 2021 for all but the lowest-ranked players were above minimum wage, according to the gaming research and consulting firm Naavik." Axie raised $150 million to reimburse victims of the breach and repair its infrastructure. "But nearly two months later the systems compromised during the hack still weren't up and running, and the executives were vague about when everything would be repaired. (A company spokesperson said on June 3 that this could happen by midmonth, pending the results of an external audit....): Days after the breach it launched Axie: Origin, a new alternate version with better graphics/gameplay — and without a cryptocurrency element. About 75% of the 39-year-old gamer's co-players have "largely" stopped playing the game. "But at least one was sufficiently seduced by Axie's potential to take a significant loan to buy AXS tokens, which he saw as a way to hedge against inflation of the Argentine peso. The local currency has indeed lost value since he took out the loan, but not nearly as much as AXS." Thanks to long-time Slashdot reader Parker Lewis for sharing the article

Read more of this story at Slashdot.

In 2003, the Human Genome Project finished sequencing every bit of human DNA, remembers MIT News. "Now, over two decades later, MIT Professor Jonathan Weissman and colleagues have gone beyond the sequence to present the first comprehensive functional map of genes that are expressed in human cells." The data from this project, published online June 9 in Cell, ties each gene to its job in the cell, and is the culmination of years of collaboration on the single-cell sequencing method Perturb-seq. The data are available for other scientists to use. "It's a big resource in the way the human genome is a big resource, in that you can go in and do discovery-based research," says Weissman, who is also a member of the Whitehead Institute and an investigator with the Howard Hughes Medical Institute.... "I think this dataset is going to enable all sorts of analyses that we haven't even thought up yet by people who come from other parts of biology, and suddenly they just have this available to draw on," says former Weissman Lab postdoc Tom Norman, a co-senior author of the paper. The announcement credits the single-sequencing tool Perturb-seq and CRISPR-Cas9 genome editing which introduced genetic changes into cells and then captured information about which RNAs expressed (uses single-cell RNA sequencing). The researchers scaled the method to the entire genome using human blood cancer cell lines and noncancerous cells derived from the retina, ultimately using Perturb-seq across more than 2.5 million cells. Thanks to Slashdot reader Hmmmmmm for sharing the news.

Read more of this story at Slashdot.

"A new supercomputer called Frontier has been widely touted as the world's first exascale machine — but was it really?" That's the question that long-time Slashdot reader MattSparkes explores in a new article at New Scientist... Although Frontier, which was built by the Oak Ridge National Laboratory in Tennessee, topped what is generally seen as the definitive list of supercomputers, others may already have achieved the milestone in secret.... The definitive list of supercomputers is the Top500, which is based on a single measurement: how fast a machine can solve vast numbers of equations by running software called the LINPACK benchmark. This gives a value in float-point operations per second, or FLOPS. But even Jack Dongarra at Top500 admits that not all supercomputers are listed, and will only feature if its owner runs the benchmark and submits a result. "If they don't send it in it doesn't get entered," he says. "I can't force them." Some owners prefer not to release a benchmark figure, or even publicly reveal a machine's existence. Simon McIntosh-Smith at the University of Bristol, UK points out that not only do intelligence agencies and certain companies have an incentive to keep their machines secret, but some purely academic machines like Blue Waters, operated by the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign, are also just never entered.... Dongarra says that the consensus among supercomputer experts is that China has had at least two exascale machines running since 2021, known as OceanLight and Tianhe-3, and is working on an even larger third called Sugon. Scientific papers on unconnected research have revealed evidence of these machines when describing calculations carried out on them. McIntosh-Smith also believes that intelligence agencies would rank well, if allowed. "Certainly in the [US], some of the security forces have things that would put them at the top," he says. "There are definitely groups who obviously wouldn't want this on the list."

Read more of this story at Slashdot.

General Motors couldn't produce the component it needed for its 2022 SUV, the Chevrolet Tahoe, reports CNET. So the company's engineers "turned to a novel solution: 3D printing..." GM made a major investment in the tech in 2020, dedicating 15,000 square feet of space to a facility dubbed the Additive Industralization Center, then filling it with HP Multi Jet Fusion 3D printers, among others.... A year later, GM's big investment paid off. Chevrolet engineers made a late change to the 2022 Tahoe's design, necessitating the creation of an additional part: A new, flexible "spoiler closeout seal" fills a gap at the rear of the big SUV. Developing the tooling to injection-mold the things would have taken too long, delaying the delivery of 30,000 vehicles. Enter 3D printing. Engineers were able to quickly design and print the components using a flexible material that met GM's criteria. They even used a process called vapor polishing to give the parts a perfect shine... Since each Tahoe requires two seals, Chevrolet needed a whopping 60,000 of them. From design to completion took just five weeks. That's less than half the time going the injection-molding route would have taken, which got all those SUVs out the door on time. CNET calls it "almost certainly the largest deployment of additive tech in a production car" — and "an interesting preview of what's to come."

Read more of this story at Slashdot.

"Researchers at MIT have discovered an unfixable vulnerability in Apple Silicon that could allow attackers to bypass a chip's 'last line of defense'," writes the Apple Insider blog, "but most Mac users shouldn't be worried." More specifically, the team at MIT's Computer Science & Artificial Intelligence Laboratory found that Apple's implementation of pointer authentication in the M1 system-on-chip can be overcome with a specific hardware attack they've dubbed "PACMAN." Pointer authentication is a security mechanism in Apple Silicon that makes it more difficult for attackers to modify pointers in memory. By checking for unexpected changes in pointers, the mechanism can help defend a CPU if attackers gain memory access.... The flaw comes into play when an attacker successfully guesses the value of a pointer authentication code and disables it. The researchers found that they could use a side-channel attack to brute-force the code. PACMAN echoes similar speculative execution attacks like Spectre and Meltdown, which also leveraged microarchitectural side channels. Because it's a flaw in the hardware, it can't be fixed with a software patch. [A]ctually carrying out the PACMAN attack requires physical access to a device, meaning the average Mac user isn't going to be at risk of exploit. The flaw affects all kinds of ARM-based chips — not just Apple's. The vulnerability is more of a technological demonstration of a wider issue with pointer authentication in ARM chips, rather than an issue that could lead to your Mac getting hacked. MIT has made more information available at the site PACMANattack.com — including answers to frequently asked questions. Q: Is PACMAN being used in the wild? A: No. Q: Does PACMAN have a logo? A: Yeah! The MIT team says their discovery represents "a new way of thinking about how threat models converge in the Spectre era." But even then, MIT's announcement warns the flaw "isn't a magic bypass for all security on the M1 chip." PACMAN can only take an existing bug that pointer authentication protects against, and unleash that bug's true potential for use in an attack by finding the correct PAC. There's no cause for immediate alarm, the scientists say, as PACMAN cannot compromise a system without an existing software bug.... The team showed that the PACMAN attack even works against the kernel, which has "massive implications for future security work on all ARM systems with pointer authentication enabled," says Ravichandran. "Future CPU designers should take care to consider this attack when building the secure systems of tomorrow. Developers should take care to not solely rely on pointer authentication to protect their software." TechCrunch obtained a comment from Apple: Apple spokesperson Scott Radcliffe provided the following: "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own."

Read more of this story at Slashdot.

Ars Technica reports: Researchers have unearthed a discovery that doesn't occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation. On Thursday, researchers and the BlackBerry Threat Research & Intelligence Team said that the previously undetected backdoor combines high levels of access with the ability to scrub any sign of infection from the file system, system processes, and network traffic. Dubbed Symbiote, it targets financial institutions in Brazil and was first detected in November. Researchers for Intezer and BlackBerry wrote: "What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object (SO) library that is loaded into all running processes using LD_PRELOAD (T1574.006), and parasitically infects the machine. Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability...." So far, there's no evidence of infections in the wild, only malware samples found online. It's unlikely this malware is widely active at the moment, but with stealth this robust, how can we be sure? "When hooked functions are called, the malware first dynamically loads libc and calls the original function..." according to Blackberry's blog post. "If the calling application is trying to access a file or folder under /proc, the malware scrubs the output from process names that are on its list.... If the calling application is not trying to access something under /proc, the malware instead scrubs the result from a file list.... "Symbiote also has functionality to hide network activity on the infected machine."

Read more of this story at Slashdot.

"Ethereum creator Vitalik Buterin believes that unfriendly artificial intelligence poses the biggest risk to humanity..." reports a recent article from Benzinga: [In a tweet] Buterin shared a paper by AI theorist and writer Eliezer Yudkowsky that made a case for why the current research community isn't doing enough to prevent a potential future catastrophe at the hands of artificially generate intelligence. [The paper's title? "AGI Ruin: A List of Lethalities."] When one of Buterin's Twitter followers suggested that World War 3 is likely a bigger risk at the moment, the Ethereum co-founder disagreed. "Nah, WW3 may kill 1-2b (mostly from food supply chain disruption) if it's really bad, it won't kill off humanity. A bad AI could truly kill off humanity for good."

Read more of this story at Slashdot.

In 2019 SEO toolset provider Ahrefs announced it would build it's own search engine, remembers Search Engine Land. After investing $60 million of its own money, this month that search engine has finally launched with the name of "Yep", and Ahrefs "is positioning it as a Googe competitor. "However, we've seen plenty of Google competitors and Google "killers" come and go over the past two decades. So for now, let's just call it a Google alternative... Yep will not collect personal information (e.g., geolocation, name, age, gender) by default. Your Yep search history will not be stored anywhere. What Yep will rely on is aggregated search statistics to improve algorithms, spelling corrections, and search suggestions, the company said. "In other words, we do save certain data on searches, but never in a personally identifiable way," said Ahrefs CEO Dmytro Gerasymenko.... What Yep will use is a searcher's: - Entered keywords. - Language preference received from the browser. - Approximate geographical area at the origin of the search at the scale of a region or a city (deduced from the IP address).... AhrefsBot visits more than 8 billion webpages every 24 hours, which makes it the second most active crawler on the web, behind only Google, Ahrefs said. For 12 years, AhrefsBot has been crawling the web. They had just been using the AhrefsBot data to power its link database and SEO insights. The Yep search index is updated every 15 to 30 minutes. Daily, the company adds 30 million webpages and drops 20 million. Ahrefs said its Singapore data center is powered by around 1,000 servers that store and process 100 petabytes of web data (webpages, links between them, and the search index). Each server uses at least 2x 100GB connections... Before the end of the year, Ahrefs plans to open a U.S.-based data center. "It's a unique proposition," reports TechCrunch, "running its own search index, rather than relying on APIs from Google or Bing. "As for the name? I dunno; Yep seems pretty daft to me, but I guess at least the name is one character shorter than Bing, the other major search engine I'll only ever use by accident." Name aside, Yep is taking a fresh new path through the world of internet advertising, claiming that it's giving 90% of its ad revenues to content creators. The pitch is pretty elegant: "Let's say that the biggest search engine in the world makes $100B a year. Now, imagine if they gave $90B to content creators and publishers," the company paints a picture of the future it wants to live in. "Wikipedia would probably earn a few billion dollars a year from its content. They'd be able to stop asking for donations and start paying the people who polish their articles a decent salary." It's an impressively quixotic windmill to fight for the bootstrapped company Ahrefs. Its CEO sheds some light on why this makes sense to him: "Creators who make search results possible deserve to receive payments for their work...." Perhaps it sounds a little idealistic, but damn it, that's what made me excited about Yep in the first place. It represents the faintest of echoes from a web more innocent and more hopeful than the social-media poisoned cesspool of chaos and fake news we often find ourselves in today. Search Engine Land points out that DuckDuckGo, which launched in 2008, "gets as many searches per year (~15.7 billion) as Google gets in about two or three days. Even Microsoft Bing — which is owned by Microsoft, the third-largest company on the planet by market cap — has failed to make a significant dent in Google's search market share since 2009." But they also quote Ahrefs CEO Dmytro Gerasymenko as saying in 2019, "If we succeed in our endeavors, Google will finally get some long overdue competition for search."

Read more of this story at Slashdot.

"Power-hungry, fossil-fuel dependent Japan has successfully tested a system that could provide a constant, steady form of renewable energy, regardless of the wind or the sun," reports Bloomberg: For more than a decade, Japanese heavy machinery maker IHI Corp. has been developing a subsea turbine that harnesses the energy in deep ocean currents and converts it into a steady and reliable source of electricity.... Called Kairyu, the 330-ton prototype is designed to be anchored to the sea floor at a depth of 30-50 meters (100-160 feet). In commercial production, the plan is to site the turbines in the Kuroshio Current, one of the world's strongest, which runs along Japan's eastern coast, and transmit the power via seabed cables.... Japan's New Energy and Industrial Technology Development Organization (NEDO) estimates the Kuroshio Current could potentially generate as much as 200 gigawatts — about 60% of Japan's present generating capacity.... Japan is already the world's third largest generator of solar power and is investing heavily in offshore wind, but harnessing ocean currents could provide the reliable baseline power needed to reduce the need for energy storage or fossil fuels. Thanks to long-time Slashdot reader AmiMoJo for sharing the article!

Read more of this story at Slashdot.

"Researchers at MIT have discovered an unfixable vulnerability in Apple Silicon that could allow attackers to bypass a chip's 'last line of defense'," writes the Apple Insider blog, "but most Mac users shouldn't be worried." More specifically, the team at MIT's Computer Science & Artificial Intelligence Laboratory found that Apple's implementation of pointer authentication in the M1 system-on-chip can be overcome with a specific hardware attack they've dubbed "PACMAN." Pointer authentication is a security mechanism in Apple Silicon that makes it more difficult for attackers to modify pointers in memory. By checking for unexpected changes in pointers, the mechanism can help defend a CPU if attackers gain memory access.... The flaw comes into play when an attacker successfully guesses the value of a pointer authentication code and disables it. The researchers found that they could use a side-channel attack to brute-force the code. PACMAN echoes similar speculative execution attacks like Spectre and Meltdown, which also leveraged microarchitectural side channels. Because it's a flaw in the hardware, it can't be fixed with a software patch. [A]ctually carrying out the PACMAN attack requires physical access to a device, meaning the average Mac user isn't going to be at risk of exploit. The flaw affects all kinds of ARM-based chips — not just Apple's. The vulnerability is more of a technological demonstration of a wider issue with pointer authentication in ARM chips, rather than an issue that could lead to your Mac getting hacked. MIT has made more information available at the site PACMANattack.com — including answers to frequently asked questions. Q: Is PACMAN being used in the wild? A: No. Q: Does PACMAN have a logo? A: Yeah! The MIT team says their discovery represents "a new way of thinking about how threat models converge in the Spectre era." But even then, MIT's announcement warns the flaw "isn't a magic bypass for all security on the M1 chip." PACMAN can only take an existing bug that pointer authentication protects against, and unleash that bug's true potential for use in an attack by finding the correct PAC. There's no cause for immediate alarm, the scientists say, as PACMAN cannot compromise a system without an existing software bug.... The team showed that the PACMAN attack even works against the kernel, which has "massive implications for future security work on all ARM systems with pointer authentication enabled," says Ravichandran. "Future CPU designers should take care to consider this attack when building the secure systems of tomorrow. Developers should take care to not solely rely on pointer authentication to protect their software." TechCrunch obtained a comment from Apple: Apple spokesperson Scott Radcliffe provided the following: "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own."

Read more of this story at Slashdot.

Apple's M1 chips have an "unpatchable" hardware vulnerability that could allow attackers to break through its last line of security defenses, MIT researchers have discovered. TechCrunch reports: The vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC. This feature makes it much harder for an attacker to inject malicious code into a device's memory and provides a level of defense against buffer overflow exploits, a type of attack that forces memory to spill out to other locations on the chip. Researchers from MIT's Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it. The attack, appropriately called "Pacman," works by "guessing" a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn't been maliciously altered. This is done using speculative execution -- a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation -- to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct. What's more, since there are only so many possible values for the PAC, the researchers found that it's possible to try them all to find the right one.

Read more of this story at Slashdot.

The European Union is nearing an agreement on key legislation to regulate the cryptocurrency sector that would set common rules across the 27 member states, Bloomberg reported Friday, citing people familiar with the matter. From a report: France, which currently chairs the EU, and the European Parliament are optimistic about resolving remaining issues holding up the Markets in Crypto-Assets (MiCA) package and reaching a deal this month, according to the people. Negotiators are expected to meet on June 14 and June 30. MiCA, first presented in 2020, will put European regulators at the forefront of supervising cryptocurrencies by creating unified rules across the $17 trillion economy. Addressing issues such as investor protection and crypto's impact on financial stability has taken on added urgency after last month's collapse of the TerraUSD algorithmic stablecoin. Member states and the parliament still disagree on several key aspects of MiCA. According to the people, areas of disagreement include: Whether to include nonfungible tokens in the new set of rules How to regulate significant stablecoins Supervision of the largest crypto-asset service providers, or CASPs Both sides are also discussing how to limit the use of stablecoins as a payment method by introducing a ceiling, in particular for transactions not denominated in euros, the people said, asking not to be identified discussing confidential information.

Read more of this story at Slashdot.

Apple announced on Friday that it's once again updated its rules about how Dutch dating apps can use third-party payment systems, after the company had "productive conversations with the Netherlands Authority for Consumers and Markets (ACM)." From a report: The updated rules give developers more flexibility about which payment systems they use, change the language users see when they go to pay, and remove other restrictions that the previous rules put in place. While the rules aren't wide-reaching (again, they only apply to Dutch dating apps), they do show what Apple's willing to do to comply with government regulation -- which it could be facing a lot more of as the EU and US gear up to fight tech monopolies, and potentially even force the company to ditch the iPhone's Lightning port. In December the ACM announced a ruling that Apple had to let dating apps use payment services besides the one built into iOS, after the regulator received a complaint from Match Group, the company behind dating services like Tinder, Match.com, and OkCupid. Since then, Apple has proposed a variety of solutions for complying with the order, which the regulator has said aren't good enough. In May, the ACM said that Apple's most recent rules, the ones prior to the Friday update, were improvements over its past ideas, but that they still didn't comply with Dutch and European laws. There's been increasing pressure for Apple to comply: even while the company works on changes, it's been racking up tens of millions of Euros in fines.

Read more of this story at Slashdot.

Nigerian Exchange, plans to start a blockchain-enabled exchange platform next year to deepen trade and lure young investors to the market. From a report: The move follows the introduction of regulations to guide trade in digital assets by the Nigerian Securities and Exchange Commission, and the growing interest to adopt the distributed-ledger technology by businesses and policy makers across the continent including in Kenya and South Africa. The exchange looks to deploy the blockchain technology in settlement of capital market transactions, Temi Popoola, the chief executive of Nigeria Exchange, said in an interview. "For a lot of young and upcoming Nigerians, that is the kind of technology they adopt and we want to see how we can deploy it to grow our market," Temi said. The plan is unfolding in the wake of a rout in cryptocurrency markets following the collapse of the Terra blockchain in May. Bitcoin has plunged more than 50% since reaching a record high last November.

Read more of this story at Slashdot.

The UK is facing an exodus of star scientists, with at least 16 recipients of prestigious European grants making plans to move their labs abroad as the UK remains frozen out of the EU's flagship science programme. From a report: Britain's participation in Horizon Europe has been caught in the crosshairs of the dispute over Brexit in Northern Ireland, meaning that 143 UK-based recipients of European Research Council fellowships this week faced a deadline of either relinquishing their grant or transferring it to an institute in an eligible country. The UK government has promised to underwrite the funding, totalling about 250m pound ($307m), but a growing number of scientists appear likely to reject the offer and instead relocate, along with entire teams of researchers. The ERC said 16 academics had recently informed it that they intend to move their lab abroad or are in negotiations about doing so. These researchers, and some others, have been given an extension before their grants are terminated. Moritz Treeck, a group leader at the Francis Crick Institute in London who is due to receive $2.1m over five years from the ERC to study the malaria pathogen, is among those contemplating a move. He said a major downside of the UK offer was the lack of flexibility about moving the funding internationally.

Read more of this story at Slashdot.

Researchers have found that being outside drastically reduces the risk of developing short-sightedness. From a report: In the early 1980s Taiwan's army realised it had a problem. More and more of its conscripts seemed to be short-sighted, meaning they needed glasses to focus on distant objects. "They were worried that if the worst happened [ie, an attack by China] their troops would be fighting at a disadvantage," says Ian Morgan, who studies myopia at Australian National University, in Canberra. An island-wide study in 1983 confirmed that around 70% of Taiwanese school leavers needed glasses or contact lenses to see properly. These days, that number is above 80%. But happily for Taiwan's generals, the military disparity has disappeared. Over the past few decades myopia rates have soared across East Asia (see chart 1 in the linked story). In the 1960s around 20-30% of Chinese school-leavers were short-sighted. These days they are just as myopic as their cousins across the straits, with rates in some parts of China running at over 80%. Elsewhere on the continent things are even worse. One study of male high-school leavers in Seoul found 97% were short-sighted. Hong Kong and Singapore are not far behind. And although the problem is worst in East Asia, it is not unique to it. Reliable numbers for America and Europe are harder to come by. But one review article, published in 2015, claimed a European rate of between 20% and 40% -- an order of magnitude higher than that which people working in the field think is the "natural," background rate. For most of those affected, myopia is a lifelong, expensive nuisance. But severe myopia can lead to untreatable vision loss, says Annegret Dahlmann-Noor, a consultant ophthalmologist at Moorfields Eye Hospital, in London. A paper published in 2019 concluded that each one-dioptre worsening in myopia was associated with a 67% increase in prevalence of myopic maculopathy, an untreatable condition that causes blindness. (A dioptre is a measure of a lens's focusing power.) In some parts of East Asia, 20% of young people have severe myopia, defined as -6 dioptres or worse (see chart 2 in linked story). "This is storing up a big problem for the coming decades," says Kathryn Rose, head of orthoptics at the University of Technology, Sydney.

Read more of this story at Slashdot.