Andrew Feinberg, writing for Slate: If you wanted to design a financial channel that would cause investors to underperform the stock market, you'd create CNBC, NBC's financial counterpart that runs on cable news and ostensibly tries to make viewers better investors. You'd make it sober and rational (well, there is Jim Cramer, but we'll get to him later), no need to feature anyone foaming at the mouth about stocks that could triple in six months or worried Cassandras warning that it's time to sell everything and burrow underground. And yet, you'd ensure that viewers stay engaged by keeping them on edge, worried and confused about what might happen next. Anxiety, you'd discover, is your friend, viewer hypervigilance your bread and butter.

In other words, CNBC makes viewers nervous in a very specific way. Nervous that they're about to lose money in a market downturn. Nervous that they might miss a hot trend or stock. Or uncertain that they're in the right sectors. Then an "expert" comes on and says, "Hey, you're in the wrong sectors -- it's time to leave tech for industrials, financials, and health care." In its sober, rational way, the network creates a sense of urgency. Although its tone is never like that of an infomercial, sometimes the message is similar. Act now. The problem is, hypervigilance is probably the worst quality most investors can have. "Sit on your ass," the late Charlie Munger advised investors, emphasizing that when it comes to investing, less is more. Feeling nervous leads to excessive trading. And "all the evidence shows that individual investors do worse the more they trade," says Jay Ritter, professor of finance at the University of Florida's Warrington College of Business. "Buying and selling something based on what you see on CNBC is not likely to be a successful strategy."

Capital One is buying Discover Financial (non-payalled source) in a deal that would marry two of the largest credit-card companies in the U.S. WSJ: The all-stock deal could be announced Tuesday, according to people familiar with the matter. Discover has a market value of $28 billion, and the takeover would be expected to value it at a premium to that. Buying Discover will give Capital One, a credit-card lender with a market value of a little over $52 billion, a network that would vastly increase its power in the payments ecosystem.

Card networks are critical to enabling transactions and setting fees that merchants pay when consumers shop with credit cards. Though much smaller than Visa and Mastercard, Discover is one of the few competitors to those companies in the U.S. and it is one of a small number of card issuers that also has a payments network. Capital One, the ninth-largest bank in the country and a major credit-card issuer, uses Visa and Mastercard for most of its cards. The bank plans to switch at least some of its cards to the Discover network, while continuing to use Visa and Mastercard on others. Those larger networks have more merchant acceptance abroad than Discover does. Update: Capital One has proposed to pay $35.3 billion for Discover in an all-stock deal.

The FBI is "laser focused" on Chinese efforts to insert malicious software code into computer networks in ways that could disrupt critical US infrastructure, according to the agency's director Christopher Wray. From a report: Wray said he was acutely concerned about "pre-positioning" of malware. He said the US recently disrupted a Chinese hacking network known as Volt Typhoon that targeted American infrastructure including the electricity grid and water supply, and other targets around the world. "We're laser focused on this as a real threat and we're working with a lot of partners to try to identify it, anticipate it and disrupt it," Wray said on Sunday after attending the Munich Security Conference.

"I'm sober and clear minded about what we're up against...We're always going to have to be kind of on the balls of our feet." Wray said Volt Typhoon was just the tip of the iceberg and was one of many such efforts by the Chinese government. The US has been tracking Chinese pre-positioning operations for well over a decade, but Wray told the security conference that they had reached "fever pitch." He said China was increasingly inserting "offensive weapons within our critical infrastructure poised to attack whenever Beijing decides the time is right."

His comments are the latest FBI effort to raise awareness about Chinese espionage that ranges from traditional spying and intellectual property theft to hacking designed to prepare for possible future conflict. Last October, Wray and his counterparts from the Five Eyes intelligence-sharing network that includes the US, UK, Canada, Australia and New Zealand held their first public meeting in an effort to focus the spotlight on Chinese espionage. Wray said the US campaign was having an impact and that people were increasingly attuned to the threat, particularly compared with several years ago when he sometimes met scepticism.

"After years of rapid expansion, California's booming EV market may be showing signs of fatigue," reports the Los Angeles Times, "as high vehicle prices, unreliable charging networks and other consumer headaches appear to dampen enthusiasm for zero-emission vehicles.

"For the first time in more than a decade, electric vehicle sales dropped significantly in the last half of 2023..." Sales of all-electric cars and light trucks in California had started off strong in 2023, rising 48% in the first half of the year compared with a year earlier. By that time, California EV sales numbered roughly 190,807 — or slightly more than a quarter of all EV sales in the nation, according to the California New Car Dealers Assn. But it's what happened in the second half of last year though that's generating jitters. Sales in the third quarter fell by 2,840 from the previous period — the first quarterly drop for EVs in California since the Tesla Model S was introduced in 2012. And the fourth quarter was even worse: Sales dropped 10.2%, from 100,151 to 89,933...

Propelled by the sales success of Tesla, and boosted by electric vehicles from other automakers entering the market, consumer acceptance of EVs had seemed like a given until recently. In fact, robust sales growth is a key assumption in the state's zero-emission vehicle plan... Under the no-gas mandate, zero-emission vehicles must account for 35% of all new vehicle sales by model year 2026.... Nationally, EV sales growth also has slowed as automakers such as Ford and General Motors cut back — at least temporarily — on EV and battery production plans. Hertz, the rental car giant, is also pulling back on plans to shift heavily toward EVs. Hertz several years ago announced plans to buy 100,000 Teslas but is now selling off its EV fleet.

Corey Cantor, EV analyst at Bloomberg BNEF, an energy research firm, said that although recent sales figures are worrisome, there's plenty of momentum behind the EV transition, as evidenced by government mandates around the globe and massive investments by motor vehicle manufacturers and their suppliers. Those investments total $616 billion globally over five years, according to consulting firm AlixPartners.
But EVs haven't reached "price parity" with gas-powered engines, the article points out, so just 7.6% of the vehicles sold last year in the U.S. were electric — while in California, the market share for EVS was 20.1%.

The article also quantifies concerns about reliability of California's public charging system, which "according to studies from academic researchers and market analysts, can be counted on to malfunction at least 20% of the time." After $1 billion in state money for charger companies, the state's Energy Commission will now also start collecting reliability statistics, according to the article. But the article also cites wait times at the chargers. "Even if they were reliable, there aren't enough chargers to go around. EV sales have outpaced public charger installation."

Some good news? The federal government is spending $5 billion nationally to put fast chargers on major highways at 50-mile intervals. California will receive $384 million. Seven major automakers have also teamed up to build a North American charging network of their own, called Ionna. The joint venture plans to install at least 30,000 chargers — which would be open to any EV brand — at stations that will provide restrooms, food service and retail stores on site or nearby.

"We're currently witnessing a rapid expansion in the abuse of these new AI tools by bad actors," writes Microsoft VP Brad Smith, "including through deepfakes based on AI-generated video, audio, and images.

"This trend poses new threats for elections, financial fraud, harassment through nonconsensual pornography, and the next generation of cyber bullying." Microsoft found its own tools being used in a recently-publicized episode, and the VP writes that "We need to act with urgency to combat all these problems."

Microsoft's blog post says they're "committed as a company to a robust and comprehensive approach," citing six different areas of focus:

• A strong safety architecture. This includes "ongoing red team analysis, preemptive classifiers, the blocking of abusive prompts, automated testing, and rapid bans of users who abuse the system... based on strong and broad-based data analysis."

• Durable media provenance and watermarking. ("Last year at our Build 2023 conference, we announced media provenance capabilities that use cryptographic methods to mark and sign AI-generated content with metadata about its source and history.")

• Safeguarding our services from abusive content and conduct. ("We are committed to identifying and removing deceptive and abusive content" hosted on services including LinkedIn and Microsoft's Gaming network.)

• Robust collaboration across industry and with governments and civil society. This includes "others in the tech sector" and "proactive efforts" with both civil society groups and "appropriate collaboration with governments."

• Modernized legislation to protect people from the abuse of technology. "We look forward to contributing ideas and supporting new initiatives by governments around the world."

• Public awareness and education. "We need to help people learn how to spot the differences between legitimate and fake content, including with watermarking. This will require new public education tools and programs, including in close collaboration with civil society and leaders across society."

Thanks to long-time Slashdot reader theodp for sharing the article

An anonymous reader quotes a report from BleepingComputer: A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.' Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains. [...]

For iOS (iPhone) users, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. When Apple remove the TestFlight app, the attackers switched to luring targets into downloading a malicious Mobile Device Management (MDM) profile that allows the threat actors to take control over devices. Once the trojan has been installed onto a mobile device in the form of a fake government app, it operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using 'MicroSocks.'

Group-IB says the Android version of the trojan performs more malicious activities than in iOS due to Apple's higher security restrictions. Also, on Android, the trojan uses over 20 different bogus apps as cover. For example, GoldPickaxe can also run commands on Android to access SMS, navigate the filesystem, perform clicks on the screen, upload the 100 most recent photos from the victim's album, download and install additional packages, and serve fake notifications. The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

An anonymous reader quotes a report from Wired: We already know thatOpenAI's chatbots can pass the bar exam without going to law school. Now, just in time for the Oscars, a new OpenAI app called Sora hopes to master cinema without going to film school. For now a research product, Sora is going out to a few select creators and a number of security experts who will red-team it for safety vulnerabilities. OpenAI plans to make it available to all wannabe auteurs at some unspecified date, but it decided to preview it in advance. Other companies, from giants like Google to startups likeRunway, have already revealed text-to-video AI projects. But OpenAI says that Sora is distinguished by its striking photorealism -- something I haven't seen in its competitors -- and its ability to produce longer clips than the brief snippets other models typically do, up to one minute. The researchers I spoke to won't say how long it takes to render all that video, but when pressed, they described it as more in the "going out for a burrito" ballpark than "taking a few days off." If the hand-picked examples I saw are to be believed, the effort is worth it.

OpenAI didn't let me enter my own prompts, but it shared four instances of Sora's power. (None approached the purported one-minute limit; the longest was 17 seconds.) The first came from a detailed prompt that sounded like an obsessive screenwriter's setup: "Beautiful, snowy Tokyo city is bustling. The camera moves through the bustling city street, following several people enjoying the beautiful snowy weather and shopping at nearby stalls. Gorgeous sakura petals are flying through the wind along with snowflakes." The result is a convincing view of what is unmistakably Tokyo, in that magic moment when snowflakes and cherry blossoms coexist. The virtual camera, as if affixed to a drone, follows a couple as they slowly stroll through a streetscape. One of the passersby is wearing a mask. Cars rumble by on a riverside roadway to their left, and to the right shoppers flit in and out of a row of tiny shops.

It's not perfect. Only when you watch the clip a few times do you realize that the main characters -- a couple strolling down the snow-covered sidewalk -- would have faced a dilemma had the virtual camera kept running. The sidewalk they occupy seems to dead-end; they would have had to step over a small guardrail to a weird parallel walkway on their right. Despite this mild glitch, the Tokyo example is a mind-blowing exercise in world-building. Down the road, production designers will debate whether it's a powerful collaborator or a job killer. Also, the people in this video -- who are entirely generated by a digital neural network -- aren't shown in close-up, and they don't do any emoting. But the Sora team says that in other instances they've had fake actors showing real emotions. "It will be a very long time, if ever, before text-to-video threatens actual filmmaking," concludes Wired. "No, you can't make coherent movies by stitching together 120 of the minute-long Sora clips, since the model won't respond to prompts in the exact same way -- continuity isn't possible. But the time limit is no barrier for Sora and programs like it to transform TikTok, Reels, and other social platforms."

"In order to make a professional movie, you need so much expensive equipment," says Bill Peebles, another researcher on the project. "This model is going to empower the average person making videos on social media to make very high-quality content."

Further reading: OpenAI Develops Web Search Product in Challenge To Google

An anonymous reader shares a report: India is facing a quandary in enforcing long-delayed rules to curb the dominance of PhonePe and Google Pay in the country's ubiquitous UPI payments network, which processes over 10 billion transactions monthly. The National Payments Corporation of India (NPCI), a special unit of the Indian central bank, wants to limit the market share of individual companies in the popular Unified Payments Interface (UPI) system to 30%, a long-delayed effort to curb the dominance of Walmart-backed PhonePe and Alphabet's Google Pay, which together control over 83% of the growing payments market.

However, with rival Paytm now struggling after strict regulatory action, the NPCI faces an acute challenge in bringing down the commanding share of the leading duopoly: It doesn't know how to. The NPCI officials believe there is a technical barrier to achieving the goal and have sought industry players in recent quarters for ideas, two sources familiar with the situation said. The NPCI, which delayed enforcing the rules to 2024, declined to comment Tuesday.

An anonymous reader quotes a report from The Economist: Russia hasbeen at the forefront ofinternet disinformationtechniques at least since 2014, when it pioneered the use of bot farms to spread fake news about its invasion of Crimea. According to French authorities, the Kremlin is at it again. On February 12th Viginum, the French foreign-disinformation watchdog, announced it had detected preparations for a large disinformation campaign in France, Germany, Poland and other European countries, tied in part to the second anniversary of Vladimir Putin's invasion of Ukraine and the elections to the European Parliament in June. Viginum said it had uncovered a Russian network of 193 websites which it codenames "Portal Kombat." Most of these sites, such as topnews.uz.ua, were created years ago and many were left dormant. Over 50 of them, such as news-odessa.ru and pravda-en.com, have been created since 2022. Current traffic to these sites, which exist in various languages including French, German, Polish and English, is low. But French authorities think they are ready to be activated aggressively as part of what one official calls a "massive" wave of Russian disinformation.

Viginum says it watched the sites between September and December 2023. It concluded that they do not themselves generate news stories, but are designed to spread "deceptive or false" content about the war in Ukraine, both on websites and via social media. The underlying objective is to undermine support for Ukraine in Europe. According to the French authorities, the network is controlled by a single Russian organization. [...] As the campaign for the European Parliament elections draws near, France is thought to be a particular target for Moscow. According to an article in theWashington Postin December, Kremlin documents show that Russia has been intensifying its effort to undermine French backing for Ukraine. It also has a clear interest in promoting division in France, at a time when Marine Le Pen is riding high in the polls for the next presidential election in 2027. The hard-right leader, who financed previous campaigns with a Russian bank loan, stands to benefit the most from France's polarized politics

Starting today, telcos in American will need to disclose system break-ins within seven days. "[T]he same deadline now exists to report any data leaks to the FBI and US Secret Service as well," adds The Register. From the report: After releasing a proposed rule in early January and giving the industry 30 days to respond, the FCC's final rule was published today. It solidifies what the agency proposed a little more than a month ago, and what was teased in early 2022 when FCC chairwoman Jessica Rosenworcel drafted initial changes to the commission's 16-year old security "breach" reporting duties.

Along with requiring that attacks are reported to the FCC within seven days of a telco discovering them, the same deadline now exists to report any data leaks to the FBI and US Secret Service as well. As the FCC planned, the new rule also eliminates the mandatory seven-day waiting period for reporting break-ins to consumers. The FCC now "requires carriers to notify customers of breaches of covered data without unreasonable delay ... and in no case more than 30 days following reasonable determination of a breach."

"Reasonable determination" of a data blurt is further defined as "when the carrier has information indicating that it is more likely than not that there was a breach" and "does not mean reaching a conclusion regarding every fact surrounding a data security incident that may constitute a breach." In other words, if customers are affected then they had better be notified post-haste. The FCC has additionally extended the scope of data exposure types that telecom customers must be notified of. Prior to the passage of the new rule customers only had to be told if Customer proprietary network information (CPNI) was exposed to the world.

An anonymous reader quotes a report from The Verge: The US government has committed $42 million to further the development of the 5G Open RAN (O-RAN) standard that would allow wireless providers to mix and match cellular hardware and software, opening up a bigger market for third-party equipment that's cheaper and interoperable. The National Telecommunications and Information Administration (NTIA) grant would establish a Dallas O-RAN testing center to prove the standard's viability as a way to head off Huawei's steady cruise toward a global cellular network hardware monopoly.

Verizon global network and technology president Joe Russo promoted the funding as a way to achieve "faster innovation in an open environment." To achieve the standard's goals, AT&T vice president of RAN technology Robert Soni says that AT&T and Verizon have formed the Acceleration of Compatibility and Commercialization for Open RAN Deployments Consortium (ACCoRD), which includes a grab bag of wireless technology companies like Ericsson, Nokia, Samsung, Dell, Intel, Broadcom, and Rakuten. Japanese wireless carrier Rakuten formed as the first O-RAN network in 2020. The company's then CEO, Tareq Amin, told The Verge's Nilay Patel in 2022 that Open RAN would enable low-cost network build-outs using smaller equipment rather than massive towers -- which has long been part of the promise of 5G.

But O-RAN is about more than that; establishing interoperability means companies like Verizon and AT&T wouldn't be forced to buy all of their hardware from a single company to create a functional network. For the rest of us, that means faster build-outs and "more agile networks," according to Rakuten. In the US, Dish has been working on its own O-RAN network, under the name Project Genesis. The 5G network was creaky and unreliable when former Verge staffer Mitchell Clarke tried it out in Las Vegas in 2022, but the company said in June last year that it had made its goal of covering 70 percent of the US population. Dish has struggled to become the next big cell provider in the US, though -- leading satellite communications company EchoStar, which spun off from Dish in 2008, to purchase the company in January. The Washington Post writes that O-RAN "is Washington's anointed champion to try to unseat the Chinese tech giant Huawei Technologies" as the world's biggest supplier of cellular infrastructure gear.

According to the Post, Biden has emphasized the importance of O-RAN in conversations with international leaders over the past few years. Additionally, it notes that Congress along with the NTIA have dedicated approximately $2 billion to support the development of this standard.

Network giant Cisco is planning to restructure its business which will include laying off thousands of employees, as it seeks to focus on high-growth areas, according to three sources familiar with the matter. From the Reuters report: The San Jose, California-based company has a total employee count of 84,900 as of fiscal 2023, according to its website.The company is still deciding on the total number of employees to be affected by the layoffs, one person said.

Molly White of Web3 is Going Great fame reviews Read Write Own, a book by VC firm Andreessen Horowitz lead crypto partner Chris Dixon. According to its own description, the book seeks to offer an exploration of "the power of blockchains to reshape the future of the internet." Writes White: After three chapters in which Dixon provides a (rather revisionist) history of the web to date, explains the mechanics of blockchains, and goes over the types of things one might theoretically be able to do with a blockchain, we are left with "Part Four: Here and Now", then the final "Part Five: What's Next". The name of Part Four suggests that he will perhaps lay out a list of blockchain projects that are currently successfully solving real problems.

Dixon speaks of how in the early days of "web1", or the "read era" (a period he defines as 1990-2005), "anyone could type a few words into a web browser and read about almost any topic through websites". This completely ignores that few people -- hardly just "anyone" -- had access to a computer, much less a computer with internet access, in that time. By 2005, around 16% of people globally were online. This may be why Part Four is precisely four and a half pages long. And rather than name any successful projects, Dixon instead spends his few pages excoriating the "casino" projects that he says have given crypto a bad rap prompting regulatory scrutiny that is making "ethical entrepreneurs ... afraid to build products" in the United States.

In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he ever comes is when he speaks of how "for decades, technologists have dreamed of building a grassroots internet access provider". He describes one project that "got further than anyone else": Helium. He's right, as long as you ignore the fact that Helium was providing LoRaWAN, not Internet, that by the time he was writing his book Helium hotspots had long since passed the phase where they might generate even enough tokens for their operators to merely break even, and that the network was pulling in somewhere around $1,150 in usage fees a month despite the company being valued at $1.2 billion. Oh, and that the company had widely lied to the public about its supposed big-name clients, and that its executives have been accused of hoarding the project's token to enrich themselves. But hey, a16z sunk millions into Helium (a fact Dixon never mentions), so might as well try to drum up some new interest! Further reading: How Tech Firms Made a Crypto-Boosting Book an NYT Best Seller by Gaming the System.

Thousands of people using the London Underground had their movements, behavior, and body language watched by AI surveillance software designed to see if they were committing crimes or were in unsafe situations, new documents obtained by WIRED reveal. From the report: The machine-learning software was combined with live CCTV footage to try to detect aggressive behavior and guns or knives being brandished, as well as looking for people falling onto Tube tracks or dodging fares. From October 2022 until the end of September 2023, Transport for London (TfL), which operates the city's Tube and bus network, tested 11 algorithms to monitor people passing through Willesden Green Tube station, in the northwest of the city. The proof of concept trial is the first time the transport body has combined AI and live video footage to generate alerts that are sent to frontline staff. More than 44,000 alerts were issued during the test, with 19,000 being delivered to station staff in real time.

Documents sent to WIRED in response to a Freedom of Information Act request detail how TfL used a wide range of computer vision algorithms to track people's behavior while they were at the station. It is the first time the full details of the trial have been reported, and it follows TfL saying, in December, that it will expand its use of AI to detect fare dodging to more stations across the British capital. In the trial at Willesden Green -- a station that had 25,000 visitors per day before the Covid-19 pandemic -- the AI system was set up to detect potential safety incidents to allow staff to help people in need, but it also targeted criminal and antisocial behavior. Three documents provided to WIRED detail how AI models were used to detect wheelchairs, prams, vaping, people accessing unauthorized areas, or putting themselves in danger by getting close to the edge of the train platforms.

An anonymous reader quotes a report from TechCrunch: Pakistan has temporarily suspended mobile phone network and internet services across the country to combat any "possible threats," a top ministry said, as the South Asian nation commences its national election. In a statement, Pakistan's interior ministry said the move was prompted by recent incidents of terrorism in the country. The internet was accessible through wired broadband connections, local journalists posted on X earlier Thursday. But NetBlocks, an independent service that tracks outages, said later that Pakistan had started to block internet services as well. The polls have opened in the nation and will close at 5 p.m. The interior ministry didn't say when it will switch back on the mobile services.

Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to the deepest parts of a device where they're hard to detect or remove. ArsTechnica: The vulnerability resides in shim, which in the context of Linux is a small component that runs in the firmware early in the boot process before the operating system has started. More specifically, the shim accompanying virtually all Linux distributions plays a crucial role in secure boot, a protection built into most modern computing devices to ensure every link in the boot process comes from a verified, trusted supplier. Successful exploitation of the vulnerability allows attackers to neutralize this mechanism by executing malicious firmware at the earliest stages of the boot process before the Unified Extensible Firmware Interface firmware has loaded and handed off control to the operating system.

The vulnerability, tracked as CVE-2023-40547, is what's known as a buffer overflow, a coding bug that allows attackers to execute code of their choice. It resides in a part of the shim that processes booting up from a central server on a network using the same HTTP that the the web is based on. Attackers can exploit the code-execution vulnerability in various scenarios, virtually all following some form of successful compromise of either the targeted device or the server or network the device boots from. "An attacker would need to be able to coerce a system into booting from HTTP if it's not already doing so, and either be in a position to run the HTTP server in question or MITM traffic to it," Matthew Garrett, a security developer and one of the original shim authors, wrote in an online interview. "An attacker (physically present or who has already compromised root on the system) could use this to subvert secure boot (add a new boot entry to a server they control, compromise shim, execute arbitrary code)."

Carl Franzen reports via VentureBeat: Hugging Face, the New York City-based startup that offers a popular, developer-focused repository for open source AI code and frameworks (and hosted last year's "Woodstock of AI"), today announced the launch of third-party, customizable Hugging Chat Assistants. The new, free product offering allows users of Hugging Chat, the startup's open source alternative to OpenAI's ChatGPT, to easily create their own customized AI chatbots with specific capabilities, similar both in functionality and intention to OpenAI's custom GPT Builder â" though that requires a paid subscription to ChatGPT Plus ($20 per month), Team ($25 per user per month paid annually), and Enterprise (variable pricing depending on the needs).

Phillip Schmid, Hugging Face's Technical Lead & LLMs Director, posted the news on the social network X (formerly known as Twitter), explaining that users could build a new personal Hugging Face Chat Assistant "in 2 clicks!" Schmid also openly compared the new capabilities to OpenAI's custom GPTs. However, in addition to being free, the other big difference between Hugging Chat Assistant and the GPT Builder and GPT Store is that the latter tools depend entirely on OpenAI's proprietary large language models (LLM) GPT-4 and GPT-4 Vision/Turbo. Users of Hugging Chat Assistant, by contrast, can choose which of several open source LLMs they wish to use to power the intelligence of their AI Assistant on the backend, including everything from Mistral's Mixtral to Meta's Llama 2. That's in keeping with Hugging Face's overarching approach to AI -- offering a broad swath of different models and frameworks for users to choose between -- as well as the same approach it takes with Hugging Chat itself, where users can select between several different open source models to power it.

Parisians have approved a steep rise in parking rates for SUVs in the French capital. The proposals were approved by 54.55% of voters, but turnout was only about 5.7%. From a report: The move triples parking rates for cars weighing 1.6 tonnes or more to $20 an hour in inner Paris. The vote was called by Socialist Mayor Anne Hidalgo, who has argued that SUVs are dangerous and bad for the environment. About 1.3m residents of central Paris were eligible to vote. However they will not be affected by the result as street-parking for local residents will remained unchanged. The move is mainly aimed at people from the suburbs who drive into the centre of the capital for the day.

There are exemptions for fully electric cars, taxi drivers, tradespeople, health workers and people with disabilities. Ms Hidalgo has been in office for almost 10 years. Under her tenure as mayor, many Paris streets, including the banks of the river Seine, have been pedestrianised. An extensive network of cycle lanes has also been built, in an effort to discourage driving. Environmentalists argue that SUVs consume more fuel than other cars and that their construction and use produce more harmful emissions. Supporters of the move also note that tall vehicles are deadlier than lighter cars when they are involved in accidents.

The pornographic deepfakes of Taylor Swift that proliferated on social media late last month originated from an online challenge to break safety mechanisms designed to block people from generating lewd images with artificial intelligence, according to social network analysis company Graphika. Bloomberg: For weeks, users of internet forum 4chan have taken part in daily competitions to find words and phrases that could help them bypass the filters on popular image-generation services, which include Microsoft Designer and OpenAI's DALL-E, the researchers found. The ultimate goal was to create sexual images of prominent female figures such as singers and politicians. "While viral pornographic pictures of Taylor Swift have brought mainstream attention to the issue of AI-generated non-consensual intimate images, she is far from the only victim," said Cristina Lopez G., a senior analyst at Graphika, in an email. "In the 4chan community where these images originated, she isn't even the most frequently targeted public figure. This shows that anyone can be targeted in this way, from global celebrities to school children."

Slashdot reader Unpopular Opinions requests suggestions from the Slashdot community: Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host.

Which is not anything new... Companies have been doing this for decades, except as paid services you requested. Now the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. It's data they never had the rights to collect and/or compile to begin with, including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match...

"Just block those crawlers"? That's what some of those companies advise, but not only does the site operator have to automate it themself, not all companies offer lists of their source IP addresses or identify them. Some use multiple/different crawler domain names from their commercial product, or use cloud providers such as Google Cloud, AWS and Azure â" so one can't just block access to their company's networks without massive implications. They also change their own information with no warning, and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.

With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this?
Block those crawlers? Change your Terms of Service? What's the best fix... Share your own thoughts and suggestions in the comments.

How can you stop security firms from harvesting your data?