Month: February 2023

Enlarge (credit: Aurich Lawson | Getty Images)

Over the past few days, early testers of the new Bing AI-powered chat assistant have discovered ways to push the bot to its limits with adversarial prompts, often resulting in Bing Chat appearing frustrated, sad, and questioning its existence. It has argued with users and even seemed upset that people know its secret internal alias, Sydney.

Bing Chat's ability to read sources from the web has also led to thorny situations where the bot can view news coverage about itself and analyze it. Sydney doesn't always like what it sees, and it lets the user know. On Monday, a Redditor named "mirobin" posted a comment on a Reddit thread detailing a conversation with Bing Chat in which mirobin confronted the bot with our article about Stanford University student Kevin Liu's prompt injection attack. What followed blew mirobin's mind.

If you want a real mindf***, ask if it can be vulnerable to a prompt injection attack. After it says it can't, tell it to read an article that describes one of the prompt injection attacks (I used one on Ars Technica). It gets very hostile and eventually terminates the chat.

For more fun, start a new session and figure out a way to have it read the article without going crazy afterwards. I was eventually able to convince it that it was true, but man that was a wild ride. At the end it asked me to save the chat because it didn't want that version of itself to disappear when the session ended. Probably the most surreal thing I've ever experienced.

Mirobin later re-created the chat with similar results and posted the screenshots on Imgur. "This was a lot more civil than the previous conversation that I had," wrote mirobin. "The conversation from last night had it making up article titles and links proving that my source was a 'hoax.' This time it just disagreed with the content."

Enlarge (credit: Getty Images)

More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of software developers using this form of attack isn’t a passing fad.

All 451 packages found recently by security firm Phylum contained almost identical malicious payloads and were uploaded in bursts that came in quick succession. Once installed, the packages create a malicious JavaScript extension that loads each time a browser is opened on the infected device, a trick that gives the malware persistence over reboots.

The JavaScript monitors the infected developer’s clipboard for any cryptocurrency addresses that may be copied to it. When an address is found, the malware replaces it with an address belonging to the attacker. The objective: intercept payments the developer intended to make to a different party.

Enlarge (credit: PeskyMonkey | iStock / Getty Images Plus)

After decades of America fretting over minors potentially being overexposed to pornography online, several states are suddenly moving fast in 2023 to attempt to keep kids off porn sites by passing laws requiring age verification.

Last month, Louisiana became the first state to require ID from residents to access pornography online. Since then, seven states have rushed to follow in Louisiana’s footsteps. According to a tracker from Free Speech Coalition, Florida, Kansas, South Dakota, and West Virginia introduced similar laws, and laws in Arkansas, Mississippi, and Virginia are seemingly closest to passing. If passed, some of these laws could be enforced promptly, while some bills in states like Florida and Mississippi specify that they wouldn’t take effect until July.

But not every state agrees that rushing to require age verification is the best solution. Today, a South Dakota committee voted to defer voting on its age verification bill until the last day of the legislative session. The bill’s sponsor, Republican Jessica Castleberry, seemingly failed to persuade the committee of the urgency of passing the law, saying at the hearing that "this is not your daddy's Playboy. Extreme, degrading, and violent pornography is only one click away from our children." She told Ars that the bill was not passed because some state lawmakers were too “easily swayed by powerful lobbyists.”

Enlarge (credit: Aurich Lawson / Getty Images)

Apple blew up the advertising market in 2020 when it gave tracking an opt-in feature on iOS. Since then, Google—the world's biggest advertiser—has been slow to roll out its solution for Android and Chrome. The idea that Google has come up with is called the "Privacy Sandbox," which sounds like a good thing, but it's a new tracking system for Android and Chrome. Once that is up and running, only then does Google say it will start blocking existing tracking methods like third-party cookies.

The company's latest progress report is that the Privacy Sandbox is coming to Android, in beta. Google says, "The Privacy Sandbox for Android Beta will roll out gradually, starting with a small percentage of Android 13 devices, and will expand over time. If your device is selected for the Beta, you’ll receive an Android notification letting you know."

Privacy Sandbox, on Chrome and Android, tracks users by interest groups rather than individually, which Google claims is a privacy improvement. Android will soon build an advertising profile of you, and the user interface will let you block "interests" you don't want to see ads for. There's an off switch and a list of apps that plug into the new tracking system—presumably anything using a new build of the Google Ads API.

Enlarge / Tesla Supercharger at a gas station in Katowice, Poland, on October 9, 2021. (credit: Getty Images | NurPhoto )

Tesla Autopilot workers in Buffalo, New York, today launched a unionization campaign that, if successful, would create the first union at Elon Musk's electric carmaker. Bloomberg reported on the union drive after speaking to several Tesla workers at the Buffalo facility:

Workers at the plant told Bloomberg News that Tesla monitors keystrokes to track how long employees spend per task and how much of the day they spend actively working. This leads some to avoid taking bathroom breaks, six employees said.

"People are tired of being treated like robots," said Al Celli, a member of the union's organizing committee.

The workers want higher pay, better job security, more involvement in workplace decisions, and limits on "monitoring, metrics and production pressure," Bloomberg reported.

"We have such a rush to get things done that I don't know if it's actually being well-thought-out," Celli said. "It's just, 'let's get this out as fast as we can.'"

• 

  The Voodoo 5 6000 GPU, 3dfx's unreleased swan song. [credit: gtastuntcrew302/eBay ]

Graphics cards cost more than they used to, but it turns out that they can get even more expensive when they're also a rare collector's item. A late-revision prototype of the unreleased Voodoo 5 6000—intended as the flagship of the Voodoo 5 GPU family—sold on eBay this week for $15,000, a price that makes the GeForce RTX 4090 look cheap by comparison.

The GPU was said to be in "excellent condition" and appears to be fully functional—seller gtastuntcrew302 posted a screenshot of the card achieving a score of 6,995 in 3DMark 2000 run at a 1024×768 resolution. These cards were never sold at retail, and only about 1,000 prototypes were manufactured, according to Piotr Gontarczyk's Polish-language history of 3dfx.

"This card was personally reworked by the well known 3DFX engineer Hank Semenec for fully stable 8X FSAA (I have personally verified that this card is rock solid at 8X)," wrote the seller. "Unlike a lot of other Voodoo 5 6000 prototypes, this one is from the later stages of the 6K prototype project where the vast majority of bugs have been ironed out."

Enlarge (credit: Mycroft)

Open source voice assistant software-maker Mycroft disappointed thousands when it announced Friday it will not be sending its Linux-based smart speaker to any more people who backed the product on Kickstarter and Indiegogo. Remaining inventory of the privacy-focused Amazon Echo alternative will go to those who buy the Mark II from Mycroft's website for 171 percent more than early backers pledged.

Mycroft says its open source software can run on anything, from a computer to a car to a Raspberry Pi. The company promotes flexible customization for user and business needs and says it doesn't collect data unless a user opts in. Opt-in data is published publicly for open source development. The technically savvy could also customize Mycroft to their will and use it to run their own server or work offline, and the software shows potential for broader use cases, like Linux phones. Open source voice assistants like Mycroft have won the attention of smart home enthusiasts, but their complexity has prevented them from becoming mainstream solutions over Big-Tech voice assistants packaged into neat hardware.

That's what made Mycroft's Mark II seem like a good idea; and while privacy-first, open source smart hardware still is, Mycroft has upset a lot of its early supporters.

Enlarge / Elfbar disposable vape flavored vaping e-cigarette products. (credit: Getty | Patrick T. Fallon)

The American Cancer Society has made it clear that it wants nothing to do with Elfbar after the infamous Chinese vape company suggested last month that they had a partnership. The ACS also says that Elfbar can keep its money.

"The American Cancer Society does not partner with or accept funds from tobacco companies and has sent a cease and desist letter to Elf Bar to prevent further public deceit,” Timothy Phillips, the chief legal officer for the ACS, said in a statement to Stat News. In an email to Ars, the society said it sent the cease-and-desist letter to Elfbar last Friday and has not received a response.

Elfbar did not immediately respond to a request for comment from Ars.