Security

Hackers Spent 2+ Years Looting Secrets of Chipmaker NXP Before Being Detected (arstechnica.com) 19

An anonymous reader quotes a report from Ars Technica: A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported. The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to Netherlands national news outlet NRC Handelsblad, which cited "several sources" familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn't uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

NRC cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in "early Q4 2017." Some of the intrusions lasted as long as three years before coming to light. NRC said the unidentified victim was NXP. "Once nested on a first computer -- patient zero -- the spies gradually expand their access rights, erase their tracks in between and secretly sneak to the protected parts of the network," NRC reporters wrote in an English translation. "They try to secrete the sensitive data they find there in encrypted archive files via cloud storage services such as Microsoft OneDrive. According to the log files that Fox-IT finds, the hackers come every few weeks to see whether interesting new data can be found at NXP and whether more user accounts and parts of the network can be hacked."

NXP did not alert customers or shareholders to the intrusion, other than a brief reference in a 2019 annual report. It read: "We have, from time to time, experienced cyber-attacks attempting to obtain access to our computer systems and networks. Such incidents, whether or not successful, could result in the misappropriation of our proprietary information and technology, the compromise of personal and confidential information of our employees, customers, or suppliers, or interrupt our business. For instance, in January 2020, we became aware of a compromise of certain of our systems. We are taking steps to identify the malicious activity and are implementing remedial measures to increase the security of our systems and networks to respond to evolving threats and new information. As of the date of this filing, we do not believe that this IT system compromise has resulted in a material adverse effect on our business or any material damage to us. However, the investigation is ongoing, and we are continuing to evaluate the amount and type of data compromised. There can be no assurance that this or any other breach or incident will not have a material impact on our operations and financial results in the future."

Crime

Several Piracy-Related Arrests Spark Fears of High-Level Crackdown In Nordic Region (torrentfreak.com) 37

A series of arrests that began in late August and continued into last week has sparked concerns that a relatively rare 'Scene' crackdown targeting the top of the so-called 'Piracy Pyramid' may be underway in the Nordic region. TorrentFreak reports: In a statement last week, Denmark's National Unit for Special Crime (NSK) announced that as part of a long-running investigation, a man was arrested on November 22 and then charged with copyright infringement offenses. NSK said its officers searched the home of a 47-year-old man in South Zealand (Sydsjaelland) and seized IT equipment in connection with illegal file-sharing and "copyright infringement of a particularly serious nature." "The case is about an organized network that has illegally shared extremely large quantities of films and TV series via file sharing services," said NSK Police Commissioner Anders-Emil Nohr Kelbaek. While noting that NSK had no further information to offer at this time, Kelbaek said he was pleased that NSK had arrested another suspect believed to have played a 'significant role' in the unnamed network.

Last week's arrest was only the latest in a series of arrests carried out as part of the same long-running NSK investigation into the illegal distribution of movies and TV shows. In late August, NSK arrested four people on suspicion of sharing "extremely large quantities" of movies and TV shows. NSK raided addresses in South-West Jutland, North Zealand and Bornholmand. A 43-year old was arrested at the last location, but it's claimed he lives elsewhere. In common with last week's arrest, all were charged on suspicion of "particularly serious" copyright infringement offenses. In an almost identical statement to that issued last week, Commissioner Anders-Emil Nohr Kelbaek said the case was about "an organized network that shares extremely large amounts of data, presumably in the form of films and series."

TorrentFreak sources report concerns that last week's arrest may be linked to Scene groups. Terminology used by NSK doesn't instantly rule that out and does seem to suggest something potentially more significant than other arrests over the past few years. According to NSK, the August arrests took place on August 28, 2023. Using information in Scene release databases we looked for Danish Scene groups and/or groups that were releasing Denmark-focused content before that date but then made no releases afterward; while that wouldn't provide conclusive proof that a group had been targeted, the method has proven useful in the past. While activity late August suggests nothing especially out of the ordinary, activity since the arrest last week stands in contrast. TF is informed that some groups may have gone dark simply out of an abundance of caution. It's also possible that the groups have nothing to release. Furthermore, there are many other global groups with no obvious links to Danish content or Denmark that also stopped releasing on November 21. The reasons for this are unknown but holidays in the United States may play a role.

Businesses

Germany To Compensate Power Users Hit by Grid Bottlenecks (bloomberg.com) 100

Germany will entice electric vehicle drivers to charge up when there's plenty of green power on the system by offering them cheap tariffs linked to wholesale prices. From a report: It's part of a push by the government to better integrate huge swings of renewable power onto the grid when it's particularly sunny or windy by ramping demand up or down to match. It's an example of the flexible tariffs that are popping up all over Europe aimed at consumers with electricity-hungry devices like heat pumps or cars that can help balance the network.

Europe's largest economy aims to produce 80% of its power from renewables by 2030, but is struggling to expand its network infrastructure. To reduce bottlenecks, consumers' network costs should be reduced by as much as $208 per year, or they can opt for a 60% reduction on their energy price and benefit from other levy exemptions for heat pumps, the regulator Bundesnetzagentur said in a statement Monday.

It's funny.  Laugh.

Cards Against Humanity's Black Friday Prank: Launching Its Own Social Media Site (adage.com) 23

Long-time Slashdot reader destinyland writes: The popular party game "Cards Against Humanity" continued their tradition of practical jokes on Black Friday. They created a new social network where users can perform only one action: posting the word "yowza."

Then announced it on their official social media accounts on Instagram, Facebook, and X...

Regardless of what words you type into the window, they're replaced with the word yowza. "For just $0.99, you'll get an exclusive black check by your name," reads an announcement on the site, "and the ability to post a new word: awooga."

It's a magical land where "yowfluencers" keep "reyowzaing" the "yowzas" of other users. And there's also a tab for trending hashtags. (Although, yes, they all seem to be "yowza".) But they've already gotten a write up in the trade industry publication Advertising Age.

"With every bad thing happening in the world, social media is always right there, making it worse," a spokesperson said.... "[W]e asked ourselves: Is there a way we could make a social network that doesn't suck? At first, the answer was 'no.' The content moderation problem is just too hard. And then we thought, why not solve the content moderation problem by having no content? That's Yowza...."

When creating your profile on the network there's a dropdown menu for specifying your age and location — although all of the choices are yowza. More details from Advertising Age:

The company said the word "yowza" was the first that came to mind when its creative teams were brainstorming—and it just stuck. "It's dumb, it's ridiculous, it means nothing. It's perfect," the rep said.

And the service is still evolving, with fresh user upgrades. The official Yowza store will now also sell you the ability to also post the word Shazam — for $29.99. (Also on sale are 100,000 followers — for 99 cents.) But there's also an official FAQ which articulates the service's deep commitment to protecting their users' privacy.

Do you promise you won't share my private information with the Chinese Communist Party, like TikTok?

Yowza.

AI

A New Way To Predict Ship-Killing Rogue Waves (economist.com) 46

AI models can find patterns and make predictions, but their reasoning is often inscrutable. This "black box" issue makes AI less reliable and less scientifically useful. However, a team led by Dion Hafner (a computer scientist at the University of Copenhagen) devised a clever neural network to predict rogue waves. By restricting inputs to meaningful wave measurements and tracing how they flowed through the network, the team extracted a simple five-part equation encapsulating the AI's logic. Economist adds: To generate a human-comprehensible equation, the researchers used a method inspired by natural selection in biology. They told a separate algorithm to come up with a slew of different equations using those five variables, with the aim of matching the neural network's output as closely as possible. The best equations were mixed and combined, and the process was repeated. The result, eventually, was an equation that was simple and almost as accurate as the neural network. Both predicted rogue waves better than existing models.

The first part of the equation rediscovered a bit of existing theory: it is an approximation of a well-known equation in wave dynamics. Other parts included some terms that the researchers suspected might be involved in rogue-wave formation but are not in standard models. There were some puzzlers, too: the final bit of the equation includes a term that is inversely proportional to how spread out the energy of the waves is. Current human theories include a second variable that the machine did not replicate. One explanation is that the network was not trained on a wide enough selection of examples. Another is that the machine is right, and the second variable is not actually necessary.

The Internet

Cloudflare Blocks Abusive Content On Its Ethereum Gateway (torrentfreak.com) 17

An anonymous reader quotes a report from TorrentFreak: Cloudflare is a content-neutral Internet infrastructure service. The company aims not to interfere with the traffic of its clients and users but, in some cases, it has to take action. This means responding to DMCA subpoenas and takedown requests for hosted content, for example. In addition, Cloudflare now reports it has blocked access to 'abusive' content on its Ethereum gateway. [...] In its most recent transparency report, Cloudflare further notes that it has implemented access restrictions on its public Ethereum gateway. The company doesn't store any content on the Ethereum network, nor can it remove any. However, it can block access through its service.

If Cloudflare receives valid abuse reports or copyright infringement complaints, it will take appropriate action. The same applies to the gateway for the decentralized IPFS network. In its previous transparency report, Cloudflare already mentioned more than 1,000 IPFS actions a figure that increased slightly in the second half of last year. At the same time, Cloudflare also restricted access to 99 'items' on the Ethereum network. Since these are 'gateway' related restrictions there's no impact on the content hosted on IPFS or Ethereum. Instead, it will only make it impossible to access content through Cloudflare's service.

It's not clear how many of these restrictions are abuse or copyright-related, as not much context is provided. The Ethereum actions are, at least in part, a response to the U.S. Department of Treasury's sanctions against the cryptocurrency tumbler Tornado Cash. "Those sanctions raise significant legal questions about the extent to which particular computer software, rather than individuals or entities that use that software, can be subject to sanctions," Cloudflare writes. "Nonetheless, to comply with legal requirements, Cloudflare has taken steps to disable access through the Cloudflare-operated Ethereum Gateway to the digital currency addresses identified in the designation."
The report notes that the volume of valid DMCA notices Cloudflare received has increased, "up from 18 to 972 in the span of a year." Meanwhile, the number of civil subpoenas it's received, including those issued under the DMCA, has decreased. "In the second half of last year, the company received 20 civil subpoenas which targeted 57 domain names," reports TorrentFreak. "That's the lowest number since Cloudflare first disclosed this statistic five years ago, signaling a downward trend."

Cloudflare's latest Transparency Report is available here (PDF).
Botnet

Thousands of Routers and Cameras Vulnerable To New 0-Day Attacks By Hostile Botnet (arstechnica.com) 18

An anonymous reader quotes a report from Ars Technica: Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday. Both of the vulnerabilities, which were previously unknown to their manufacturers and to the security research community at large, allow for the remote execution of malicious code when the affected devices use default administrative credentials, according to an Akamai post. Unknown attackers have been exploiting the zero-days to compromise the devices so they can be infected with Mirai, a potent piece of open source software that makes routers, cameras, and other types of Internet of Things devices part of a botnet that's capable of waging DDoSes of previously unimaginable sizes.

Akamai researchers said one of the zero-days under attack resides in one or more models of network video recorders. The other zero-day resides in an "outlet-based wireless LAN router built for hotels and residential applications." The router is sold by a Japan-based manufacturer, which "produces multiple switches and routers." The router feature being exploited is "a very common one," and the researchers can't rule out the possibility it's being exploited in multiple router models sold by the manufacturer. Akamai said it has reported the vulnerabilities to both manufacturers, and that one of them has provided assurances security patches will be released next month. Akamai said it wasn't identifying the specific devices or the manufacturers until fixes are in place to prevent the zero-days from being more widely exploited.

The Akamai post provides a host of file hashes and IP and domain addresses being used in the attacks. Owners of network video cameras and routers can use this information to see if devices on their networks have been targeted. [...] In an email, Akamai researcher Larry Cashdollar wrote: "The devices don't typically allow code execution through the management interface. This is why getting RCE through command injection is needed. Because the attacker needs to authenticate first they have to know some login credentials that will work. If the devices are using easy guessable logins like admin:password or admin:password1 those could be at risk too if someone expands the list of credentials to try." He said that both manufacturers have been notified, but only one of them has so far committed to releasing a patch, which is expected next month. The status of a fix from the second manufacturer is currently unknown. Cashdollar said an incomplete Internet scan showed there are at least 7,000 vulnerable devices. The actual number of affected devices may be higher.

Bitcoin

Massive Cryptocurrency Rig Discovered Under Polish Court's Floor, Stealing Power (arstechnica.com) 20

According to Polish news channel TVN24, a secret cryptomining rig was found under the floors of a Polish court, stealing thousands of Polish Zlotys worth of energy per month (the equivalent of roughly $250 per 1,000 Zlotys). "It's currently unknown how long the rig was running because the illegal operation went undetected, partly because the computers used were connected to the Internet through their own modems rather than through the court's network," reports Ars Technica. From the report: While no one has been charged yet with any crimes, the court seemingly has suspects. Within two weeks of finding the rig, the court terminated a contract with a company responsible for IT maintenance in the building, TVN24 reported. Before the contract ended, the company fired two employees that it said were responsible for maintenance in the parts of the building where the cryptomine was hidden. Poland's top law enforcement officials, the Internal Security Agency, have been called in to investigate. The Warsaw District Prosecutor's Office has hired IT experts to help determine exactly how much electricity was stolen from Poland's Supreme Administrative Court in Warsaw, TVN24 reported.

The Supreme Administrative Court is the last resort for sensitive business and tax disputes, but no records seem to have been compromised. Judge Sylwester Marciniak -- the chairman of the Judicial Information Department of the Supreme Administrative Court -- told TVN24 that the discovery of the cryptomine "did not result in any threat to the security of data stored" in the court.

Australia

Optus CEO Resigns After Nationwide Outage Left Millions Without Mobile and Internet Services (abc.net.au) 37

Earlier this month, the entire Optus mobile network went offline nationwide following a "routine software upgrade." According to Reuters, "More than 10 million Australians were hit by the 12-hour network blackout [...], triggering fury and frustration among customers and raising wider concerns about the telecommunications infrastructure." Now, according to the Australian Broadcasting Corporation, Optus CEO Kelly Bayer Rosmarin has resigned in the wake of the outage. From the report: She said it "had been an honour to serve" but that "now was an appropriate time to step down." During Friday's Senate hearing into the outage, Ms Bayer Rosmarin rebuffed suggestions she was under pressure to step down. "On Friday, I had the opportunity to appear before the Senate to expand on the cause of the network outage and how Optus recovered and responded," she said in a statement on Monday. "I was also able to communicate Optus's commitment to restore trust and continue to serve customers. Having now had time for some personal reflection, I have come to the decision that my resignation is in the best interest of Optus moving forward."

Ms Bayer Rosmarin will be replaced in the interim by chief financial officer Michael Venter. Yuen Kuan Moon, the chief executive of Optus's Singaporean parent company Singtel Group, said the company understood her decision to resign. Mr Yuen said Singtel recognised "the need for Optus to regain customer trust and confidence as the team works through the impact and consequences of the recent outage and continues to improve." He said Optus's priority was about "setting on a path of renewal for the benefit of the community and customers." Singtel said Optus had also created a new chief operating officer position, which would be carried out by former Optus Business Managing Director Peter Kaliaropoulos.

China

In World's Largest Disinformation Campaign Online, China Is Harassing Americans (cnn.com) 208

"The Chinese government has built up the world's largest known online disinformation operation," reports CNN, "and is using it to harass US residents, politicians, and businesses."

CNN reports that disinformation operation is even "at times threatening its targets with violence, a CNN review of court documents and public disclosures by social media companies has found." The onslaught of attacks — often of a vile and deeply personal nature — is part of a well-organized, increasingly brazen Chinese government intimidation campaign targeting people in the United States, documents show. The U.S. State Department says the tactics are part of a broader multi-billion-dollar effort to shape the world's information environment and silence critics of Beijing that has expanded under President Xi Jinping... Victims face a barrage of tens of thousands of social media posts that call them traitors, dogs, and racist and homophobic slurs.

They say it's all part of an effort to drive them into a state of constant fear and paranoia. Often, these victims don't know where to turn. Some have spoken to law enforcement, including the FBI — but little has been done. While tech and social media companies have shut down thousands of accounts targeting these victims, they're outpaced by a slew of new accounts emerging virtually every day. Known as "Spamouflage" or "Dragonbridge," the network's hundreds of thousands of accounts spread across every major social media platform have not only harassed Americans who have criticized the Chinese Communist Party, but have also sought to discredit U.S. politicians, disparage American companies at odds with China's interests and hijack online conversations around the globe that could portray the CCP in a negative light.

Some numbers from the article:
  • Meta "announced in August it had taken down a cluster of nearly 8,000 accounts attributed to this group in the second quarter of 2023 alone."
  • YouTube owner Google "told CNN it had shut down more than 100,000 associated accounts in recent years."
  • X "has blocked hundreds of thousands of China 'state-backed' or "state-linked" accounts, according to company blogs."

Cellphones

FCC Tightens Telco Rules To Combat SIM-Swapping (securityweek.com) 21

An anonymous reader quotes a report from SecurityWeek: Moving to clamp down on the growing scourge of SIM-swapping and port-out fraud, the Federal Communications Commission (FCC) has unveiled new rules mandating telcos to give consumers greater control of their mobile phone accounts. Under the new rules, wireless carriers are required to notify customers of any SIM transfer requests, a measure designed to thwart fraudulent attempts by cybercriminals. The FCC has also revised its customer proprietary network information and local number portability rules, making it more challenging for scammers to access sensitive subscriber information.

The new protective measures (PDF) are meant to address SIM-swapping and port-out attacks widely documented in cybercriminal attacks against businesses and consumers. The attack technique is used to hijack mobile accounts, change and steal passwords, bypass MFA roadblocks and raid bank accounts. Studies have found that major mobile carriers in the US are vulnerable to SIM-swapping with the Federal Bureau of Investigation (FBI) receiving thousands of consumer complaints every year.

Network

Ethernet is Still Going Strong After 50 Years (ieee.org) 81

The technology has become the standard LAN worldwide. From a report: Ethernet became commercially available in 1980 and quickly grew into the industry LAN standard. To provide computer companies with a framework for the technology, in June 1983 Ethernet was adopted as a standard by the IEEE 802 Local Area Network Standards Committee. Currently, the IEEE 802 family consists of 67 published standards, with 49 projects under development. The committee works with standards agencies worldwide to publish certain IEEE 802 standards as international guidelines.

A plaque recognizing the technology is displayed outside the PARC facility. It reads: "Ethernet wired LAN was invented at Xerox Palo Alto Research Center (PARC) in 1973, inspired by the ALOHAnet packet radio network and the ARPANET. In 1980 Xerox, DEC, and Intel published a specification for 10 Mbps Ethernet over coaxial cable that became the IEEE 802.3-1985 Standard. Later augmented for higher speeds, and twisted-pair, optical, and wireless media, Ethernet became ubiquitous in home, commercial, industrial, and academic settings worldwide."

Security

Ransomware Group Reports Victim It Breached To SEC Regulators (arstechnica.com) 32

One of the world's most active ransomware groups has taken an unusual -- if not unprecedented -- tactic to pressure one of its victims to pay up: reporting the victim to the US Securities and Exchange Commission. From a report: The pressure tactic came to light in a post published on Wednesday on the dark web site run by AlphV, a ransomware crime syndicate that's been in operation for two years. After first claiming to have breached the network of the publicly traded digital lending company MeridianLink, AlphV officials posted a screenshot of a complaint it said it filed with the SEC through the agency's website. Under a recently adopted rule that goes into effect next month, publicly traded companies must file an SEC disclosure within four days of learning of a security incident that had a "material" impact on their business.

"We want to bring to your attention a concerning issue regarding MeridianLink's compliance with the recently adopted cybersecurity incident disclosure rules," AlphV officials wrote in the complaint. "It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under item 1.05 of form 8-K within the stipulated four business days, as mandated by the new SEC rules." The violation category selected in the online report was "Material misstatement or omission in a company's filings or financial statements or a failure to file."

Government

FCC Can Now Punish Telecom Providers For Charging Customers More For Less (theverge.com) 75

An anonymous reader quotes a report from The Verge: The Federal Communications Commission has approved (PDF) a new set of rules aiming to prevent "digital discrimination." It means the agency can hold telecom companies accountable for digitally discriminating against customers -- or giving certain communities poorer service (or none at all) based on income level, race, or religion. The new rules come as part of the Biden Administration's 2021 Bipartisan Infrastructure Law, which requires the FCC to develop and adopt anti-digital discrimination rules. "Many of the communities that lack adequate access to broadband today are the same areas that suffer from longstanding patterns of residential segregation and economic disadvantage," FCC Chairwoman Jessica Rosenworcel said following today's vote. "It shows that minority status and income correlate with broadband access."

Under the new rules, the FCC can fine telecom companies for not providing equal connectivity to different communities "without adequate justification," such as financial or technical challenges of building out service in a particular area. The rules are specifically designed to address correlations between household income, race, and internet speed. Last year, a joint report from The Markup and the Associated Press found that AT&T, Verizon, and other internet service providers offer different speeds depending on the neighborhood in cities throughout the US. The report revealed neighborhoods with lower incomes and fewer white people get stuck with slower internet while still having to pay the same price as those with faster speeds. At the time, USTelecom, an organization that represents major telecom providers, blamed the higher price on having to maintain older equipment in certain communities.

The FCC was nearly divided on the new set of rules, as it passed with a 3-2 vote. Critics of the new policy argue the rules are an overextension of the FCC's power. Jonathan Spalter, the CEO of USTelecom, says the FCC is "taking overly intrusive, unworkably vague, and ultimately harmful steps in the wrong direction." Spalter adds the framework "is counter" to Congress' goal of giving customers equal access to the internet. Still, supporters of the new rules believe they can go a long way toward improving fractured broadband coverage throughout the US. The FCC will also establish an "improved" customer portal, where the agency will field and review complaints about digital discrimination. It will take things like broadband deployment, network upgrades, and maintenance across communities into account when evaluating providers for potential rule violations, giving it the authority to hopefully finally address the disparities in internet access throughout the US.

China

China Claims World's Fastest Internet With 1.2 Terabit-Per-Second Network (bloomberg.com) 45

Huawei and China Mobile have built a 3,000 kilometer (1,860-mile) internet network linking Beijing to the south, which the country is touting as its latest technological breakthrough. From a report: The two firms teamed up with Tsinghua University and research provider Cernet.com to build what they claim is the world's first internet network to achieve a "stable and reliable" bandwidth of 1.2 terabits per second, several times faster than typical speeds around the world. Trials began July 31 and it's since passed various tests verifying that milestone, the university said in a statement.

Tsinghua, Chinese President Xi Jinping's alma mater, is plugging the project as an industry-first built entirely on homegrown technology, and credits Huawei prominently in its statement. The Chinese firm in August made waves when it released a 5G smartphone with a sophisticated made-in-China processor, inspiring celebration in Chinese state and social media. That event also spurred debate in Washington about whether the Biden administration has gone far enough in attempts to contain Chinese technological achievement.

Programming

A Coder Considers the Waning Days of the Craft (newyorker.com) 158

Programmer and writer James Somers, writing for New Yorker: Yes, our jobs as programmers involve many things besides literally writing code, such as coaching junior hires and designing systems at a high level. But coding has always been the root of it. Throughout my career, I have been interviewed and selected precisely for my ability to solve fiddly little programming puzzles. Suddenly, this ability was less important.

I had gathered as much from Ben (friend of the author), who kept telling me about the spectacular successes he'd been having with GPT-4. It turned out that it was not only good at the fiddly stuff but also had the qualities of a senior engineer: from a deep well of knowledge, it could suggest ways of approaching a problem. For one project, Ben had wired a small speaker and a red L.E.D. light bulb into the frame of a portrait of King Charles, the light standing in for the gem in his crown; the idea was that when you entered a message on an accompanying Web site the speaker would play a tune and the light would flash out the message in Morse code. (This was a gift for an eccentric British expat.) Programming the device to fetch new messages eluded Ben; it seemed to require specialized knowledge not just of the microcontroller he was using but of Firebase, the back-end server technology that stored the messages. Ben asked me for advice, and I mumbled a few possibilities; in truth, I wasn't sure that what he wanted would be possible. Then he asked GPT-4. It told Ben that Firebase had a capability that would make the project much simpler. Here it was -- and here was some code to use that would be compatible with the microcontroller.

Afraid to use GPT-4 myself -- and feeling somewhat unclean about the prospect of paying OpenAI twenty dollars a month for it -- I nonetheless started probing its capabilities, via Ben. We'd sit down to work on our crossword project, and I'd say, "Why don't you try prompting it this way?" He'd offer me the keyboard. "No, you drive," I'd say. Together, we developed a sense of what the A.I. could do. Ben, who had more experience with it than I did, seemed able to get more out of it in a stroke. As he later put it, his own neural network had begun to align with GPT-4's. I would have said that he had achieved mechanical sympathy. Once, in a feat I found particularly astonishing, he had the A.I. build him a Snake game, like the one on old Nokia phones. But then, after a brief exchange with GPT-4, he got it to modify the game so that when you lost it would show you how far you strayed from the most efficient route. It took the bot about ten seconds to achieve this. It was a task that, frankly, I was not sure I could do myself.

In chess, which for decades now has been dominated by A.I., a player's only hope is pairing up with a bot. Such half-human, half-A.I. teams, known as centaurs, might still be able to beat the best humans and the best A.I. engines working alone. Programming has not yet gone the way of chess. But the centaurs have arrived. GPT-4 on its own is, for the moment, a worse programmer than I am. Ben is much worse. But Ben plus GPT-4 is a dangerous thing.

Earth

Delhi Plans To Unleash Cloud Seeding in Its Battle Against Deadly Smog (wired.com) 35

India's capital, New Delhi, is preparing a new weapon in the fight against deadly air pollution: cloud seeding. From a report: The experiment, which could take place as early as next week, would introduce chemicals like silver iodide into a cloudy sky to create rain and, it's hoped, wash away the fine particulate matter hovering over one of the world's largest cities. The need is desperate. Delhi has already tried traffic restriction measures, multimillion-dollar air filtration towers, and the use of fleets of water-spraying trucks to dissolve the particulate matter in the air -- but to no avail.

The use of cloud seeding, if it goes ahead, would be controversial. "It's not at all a good use of resources because it's not a solution, it's like a temporary relief," says Avikal Somvanshi, a researcher at the Center for Science and Environment in New Delhi. Environmentalists and scientists worry that most of the government's response is focused on mitigating the pollution rather than trying to cut off its source. "There is just no political intent to solve this, that is one of the biggest problems," says Bhavreen Kandhari, an activist and cofounder of Warrior Moms, a network of mothers demanding clean air.

[...] Now, Delhi officials are seeking permission from federal agencies in India to try cloud seeding. The technique involves flying an aircraft to spray clouds with salts like silver or potassium iodide or solid carbon dioxide, also known as dry ice, to induce precipitation. The chemical molecules attach to moisture already in the clouds to form bigger droplets that then fall as rain. China has used artificial rain to tackle air pollution in the past -- but for cloud seeding to work properly, you need significant cloud cover with reasonable moisture content, which Delhi generally lacks during the winter. If weather conditions are favorable, scientists leading the project at the Indian Institute of Technology in Kanpur plan to carry out cloud seeding around November 20.

AI

Google DeepMind's Weather AI Can Forecast Extreme Weather Faster and More Accurately 40

In research published in Science today, Google DeepMind's model, GraphCast, was able to predict weather conditions up to 10 days in advance, more accurately and much faster than the current gold standard. From a report: GraphCast outperformed the model from the European Centre for Medium-Range Weather Forecasts (ECMWF) in more than 90% of over 1,300 test areas. And on predictions for Earth's troposphere -- the lowest part of the atmosphere, where most weather happens -- GraphCast outperformed the ECMWF's model on more than 99% of weather variables, such as rain and air temperature. Crucially, GraphCast can also offer meteorologists accurate warnings, much earlier than standard models, of conditions such as extreme temperatures and the paths of cyclones. In September, GraphCast accurately predicted that Hurricane Lee would make landfall in Nova Scotia nine days in advance, says Remi Lam, a staff research scientist at Google DeepMind. Traditional weather forecasting models pinpointed the hurricane to Nova Scotia only six days in advance.

[...] Traditionally, meteorologists use massive computer simulations to make weather predictions. They are very energy intensive and time consuming to run, because the simulations take into account many physics-based equations and different weather variables such as temperature, precipitation, pressure, wind, humidity, and cloudiness, one by one. GraphCast uses machine learning to do these calculations in under a minute. Instead of using the physics-based equations, it bases its predictions on four decades of historical weather data. GraphCast uses graph neural networks, which map Earth's surface into more than a million grid points. At each grid point, the model predicts the temperature, wind speed and direction, and mean sea-level pressure, as well as other conditions like humidity. The neural network is then able to find patterns and draw conclusions about what will happen next for each of these data points.
The Almighty Buck

Zelle Begins Refunds For Imposter Scams After Government Pressure (reuters.com) 24

According to Reuters, banks on the payment app Zelle have begun refunding victims of imposter scams to address consumer protection concerns raised by U.S. lawmakers and the federal consumer watchdog. From the report: The 2,100 financial firms on Zelle, a peer-to-peer network owned by seven banks including JPMorgan Chase and Bank of America, began reversing transfers as of June 30 for customers duped into sending money to scammers claiming to be from a government agency, bank or existing service provider, said Early Warning Services (EWS), the banks' company that owns Zelle. That's "well above existing legal and regulatory requirements," Ben Chance, chief fraud risk officer at EWS, told Reuters.

Federal rules require banks to reimburse customers for payments made without their authorization, such as by hackers, but not when customers themselves make the transfer. While Zelle disclosed Aug. 30 that it had introduced a new reimbursement benefit for "specific scam types," it has not previously provided details on its new imposter scam refund policy due to worries doing so might encourage criminals to make false scam claims, a spokesperson said. The new policy marks a major shift from last year when bankers, including JPMorgan CEO Jamie Dimon, told lawmakers worried about rising scams that it was unreasonable to require banks to refund transfers that customers were tricked into approving.

IT

Optus Says Massive Australia Outage Was After Software Upgrade (reuters.com) 33

Australian telecoms provider Optus said on Monday that a massive outage which effectively cut off 40% of the country's population and triggered a political firestorm was caused by "changes to routing information" after a "routine software upgrade." From a report: More than 10 million Australians were hit by the 12-hour network blackout at the Singapore Telecommunications-owned telco on Nov. 8, triggering fury and frustration among customers and raising wider concerns about the telecommunications infrastructure.

Optus said in a statement that an initial investigation found the company's network was affected by "changes to routing information from an international peering network" early that morning, "following a routine software upgrade." It added: "These routing information changes propagated through multiple layers in our network and exceeded preset safety levels on key routers which could not handle these. This resulted in those routers disconnecting from the Optus IP Core network to protect themselves." The project to reconnect the routers was so large that "in some cases (it) required Optus to reconnect or reboot routers physically, requiring the dispatch of people across a number of sites in Australia", it added.

Slashdot Top Deals