Month: April 2024

Enlarge (credit: Getty Images)

Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet.

The unknown hackers, who may have ties to the North Korean government, pulled off this feat by performing a man-in-the-middle (MiitM) attack that replaced the genuine update with a file that installed an advanced backdoor instead, said researchers from security firm Avast today.

eScan, an AV service headquartered in India, has delivered updates over HTTP since at least 2019, Avast researchers reported. This protocol presented a valuable opportunity for installing the malware, which is tracked in security circles under the name GuptiMiner.

Enlarge (credit: Getty Images)

On Tuesday, Microsoft announced a new, freely available lightweight AI language model named Phi-3-mini, which is simpler and less expensive to operate than traditional large language models (LLMs) like OpenAI's GPT-4 Turbo. Its small size is ideal for running locally, which could bring an AI model of similar capability to the free version of ChatGPT to a smartphone without needing an Internet connection to run it.

The AI field typically measures AI language model size by parameter count. Parameters are numerical values in a neural network that determine how the language model processes and generates text. They are learned during training on large datasets and essentially encode the model's knowledge into quantified form. More parameters generally allow the model to capture more nuanced and complex language-generation capabilities but also require more computational resources to train and run.

Some of the largest language models today, like Google's PaLM 2, have hundreds of billions of parameters. OpenAI's GPT-4 is rumored to have over a trillion parameters but spread over eight 220-billion parameter models in a mixture-of-experts configuration. Both models require heavy-duty data center GPUs (and supporting systems) to run properly.

Enlarge (credit: Getty Images | Thomas Trutschel)

Grindr is facing a class action lawsuit from hundreds of users over the sharing of HIV statuses and other sensitive personal information with third-party firms.

UK law firm Austen Hays filed the claim in the High Court in London yesterday, the firm announced. The class action "alleges the misuse of private information of thousands of affected UK Grindr users, including highly sensitive information about their HIV status and latest tested date," the law firm said.

The law firm said it has signed up over 670 potential class members and "is in discussions with thousands of other individuals who are interested in joining the claim." Austen Hays said that "claimants could receive thousands in damages" from Grindr, a gay dating app, if the case is successful.

Enlarge (credit: Apple/Andrew Cunningham)

Last year, Apple introduced the ability to set multiple timers at once in the Clock app on its various platforms.

“We truly live in an age of wonders,” deadpanned Apple’s Craig Federighi in the company’s official presentation, tacitly acknowledging the gap between the apparent simplicity of the feature and the amount of time that Apple took to implement it.

The next version of iPadOS may contain another of these "age of wonders" features, an apparently simple thing that Apple has chosen never to do for reasons that the company can't or won't explain. According to MacRumors, iPadOS 18 may finally be the update that brings a version of Apple's first-party Calculator app to the iPad.

Enlarge / At critical pressures, the fluid's spheres become a mixture of different states. (credit: Adel Djellouli/Harvard SEAS)

Building a robot that could pick up delicate objects like eggs or blueberries without crushing them took lots of control algorithms that process feeds from advanced vision systems or sensors that emulate the human sense of touch. The other way was to take a plunge into the realm of soft robotics, which usually means a robot with limited strength and durability.

Now, a team of researchers at Harvard University published a study where they used a simple hydraulic gripper with no sensors and no control systems at all. All they needed was silicon oil and lots of tiny rubber balls. In the process, they’ve developed a metafluid with a programmable response to pressure.

Swimming rubber spheres

“I did my PhD in France on making a spherical shell swim. To make it swim, we were making it collapse. It moved like a [inverted] jellyfish,” says Adel Djellouli, a researcher at Bertoldi Group, Harvard University, and the lead author of the study. “I told my boss, 'hey, what if I put this sphere in a syringe and increase the pressure?' He said it was not an interesting idea and that this wouldn’t do anything,” Djellouli claims. But a few years and a couple of rejections later, Djellouli met Benjamin Gorissen, a professor of mechanical engineering at the University of Leuven, Belgium, who shared his interests. “I could do the experiments, he could do the simulations, so we thought we could propose something together,” Djellouli says. Thus, Djellouli’s rubber sphere finally got into the syringe. And results were quite unexpected.

Engineers have partially restored a 1970s-era computer on NASA's Voyager 1 spacecraft after five months of long-distance troubleshooting, building confidence that humanity's first interstellar probe can eventually resume normal operations.

Several dozen scientists and engineers gathered Saturday in a conference room at NASA's Jet Propulsion Laboratory, or connected virtually, to wait for a new signal from Voyager 1. The ground team sent a command up to Voyager 1 on Thursday to recode part of the memory of the spacecraft's Flight Data Subsystem (FDS), one of the probe's three computers.

“In the minutes leading up to when we were going to see a signal, you could have heard a pin drop in the room," said Linda Spilker, project scientist for NASA's two Voyager spacecraft at JPL. "It was quiet. People were looking very serious. They were looking at their computer screens. Each of the subsystem (engineers) had pages up that they were looking at, to watch as they would be populated."

Enlarge / The 2020 4K Chromecast with Google TV. It comes in colors. (credit: Google)

It sounds like Google is cooking up another Google TV dongle. 9to5Google's sources say a new 4K model of the Chromecast with Google TV is in the works. It would be a sequel to the aging 2020 model that was never really fit for the job in the first place. It would also sit alongside the 2022 HD model.

The report says the new device would stay at the $50 price point and come with a new remote. A new chip would be the primary motivation for a new device. The current 4K dongle has an Amlogic S905X3 (it's just for Cortex A55 CPUs), and if Google sticks with Amlogic, a good upgrade would be the upcoming Amlogic S905X5. Besides a faster CPU and GPU, it also supports the AV1 video codec, something Google has been pushing across its ecosystem because it can cut down on what must be an incredible YouTube bandwidth bill. It has made AV1 a requirement for some new devices in order to get the YouTube app, and despite forcing it on competitors like Roku, Google's best dongle doesn't have hardware support for the codec yet. Technically the S905X5 is not official yet, so we don't have a full spec sheet, but partners have been talking about it since last year.

The No. 1 thing a new Google TV dongle needs, and has needed for years, is more storage. Google Hardware is supposed to make devices that are purpose-built for Google's software, but the 4K and HD Chromecasts with Google TV have never really been up to the task thanks to the 8GB of total device storage. Back in the early Chromecast days when these dongles ran a custom OS and only showed video streams, that was fine. These new devices run full-fat Android now, complete with a Play Store, access to millions of apps, and lots of preinstalled software. 8GB is not nearly enough.