Month: May 2024

Enlarge / I can see the code that controls the Tetri-verse! (credit: Aurich Lawson)

Earlier this year, we shared the story of how a classic NES Tetris player hit the game's "kill screen" for the first time, activating a crash after an incredible 40-minute, 1,511-line performance. Now, some players are using that kill screen—and some complicated memory manipulation it enables—to code new behaviors into versions of Tetris running on unmodified hardware and cartridges.

We've covered similar "arbitrary code execution" glitches in games like Super Mario World, Paper Mario, and The Legend of Zelda: Ocarina of Time in the past. And the basic method for introducing outside code into NES Tetris has been publicly theorized since at least 2021 when players were investigating the game's decompiled code (HydrantDude, who has gone deep on Tetris crashes in the past, also says the community has long had a privately known method for how to take full control of Tetris' RAM).

But a recent video from Displaced Gamers takes the idea from private theory to public execution, going into painstaking detail on how to get NES Tetris to start reading the game's high score tables as machine code instructions.

Enlarge (credit: Getty Images)

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.

Reading, dropping, or modifying VPN traffic

The effect of TunnelVision is “the victim's traffic is now decloaked and being routed through the attacker directly,” a video demonstration explained. “The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet.”

Enlarge / Google Fit seems like it's on the way out. (credit: Ron Amadeo / Google)

Google is killing off the Google Fit APIs. The platform originally existed to sync health data from third-party fitness devices to your Google account, but now it's being killed off. Deprecation of the APIs happened on May 1, and Google has stopped accepting new sign-ups for the API. The official shutdown date is June 30, 2025.

The Google Fit API was launched in 2014, just a few weeks after Apple announced Healthkit in iOS 8. The goal of both platforms is to be a central repository for health data from various apps and services. Instead of seeing steps in one app and weight in another, it could all be mushed together into a one-stop-shop for health metrics. Google had a lot of big-name partners at launch, like Nike+, Adidas, Withings, Asus, HTC, Intel, LG, and app makers like Runtastic and RunKeeper.

Fast-forward to 2024, and we get the familiar story of Google being unable to throw its weight behind a single solution. Today, Google has three competing fitness APIs. There is a "Comparison Guide" on the Android Developer site detailing the differences between the "Health Connect" API, the "Fitbit Web API" and the "Google Fit REST API."

Enlarge / Mustafa Suleyman, co-founder and chief executive officer of Inflection AI UK Ltd., during a town hall on day two of the World Economic Forum (WEF) in Davos, Switzerland, on Wednesday, Jan. 17, 2024. Suleyman joined Microsoft in March. (credit: Getty Images)

Microsoft is working on a new large-scale AI language model called MAI-1, which could potentially rival state-of-the-art models from Google, Anthropic, and OpenAI, according to a report by The Information. This marks the first time Microsoft has developed an in-house AI model of this magnitude since investing over $10 billion in OpenAI for the rights to reuse the startup's AI models. OpenAI's GPT-4 powers not only ChatGPT but also Microsoft Copilot.

The development of MAI-1 is being led by Mustafa Suleyman, the former Google AI leader who recently served as CEO of the AI startup Inflection before Microsoft acquired the majority of the startup's staff and intellectual property for $650 million in March. Although MAI-1 may build on techniques brought over by former Inflection staff, it is reportedly an entirely new large language model (LLM), as confirmed by two Microsoft employees familiar with the project.

With approximately 500 billion parameters, MAI-1 will be significantly larger than Microsoft's previous open source models (such as Phi-3, which we covered last month), requiring more computing power and training data. This reportedly places MAI-1 in a similar league as OpenAI's GPT-4, which is rumored to have over 1 trillion parameters (in a mixture-of-experts configuration) and well above smaller models like Meta and Mistral's 70 billion parameter models.

Enlarge / Astronauts Suni Williams (left) and Butch Wilmore (right) inside a Starliner simulator at NASA's Johnson Space Center in Houston. (credit: NASA/Robert Markowitz)

If you want to know what it's like to take a new spacecraft on its first test run in orbit, there are only three people in the Western world you can call.

That fact should drive home the rarity of debuting a new human-rated spaceship. When Boeing's Starliner capsule lifts off Monday night, this group of three will grow to five. Veteran NASA astronauts Butch Wilmore and Suni Williams, both former US Navy test pilots, will be at the controls of Starliner for the ride into low-Earth orbit atop a United Launch Alliance Atlas V rocket.

"The first crewed flight of a new spacecraft is an absolutely critical milestone," said Jim Free, NASA's associate administrator. "The lives of our crew members, Suni Williams and Butch Wilmore, are at stake. We don’t take that lightly at all."

Enlarge (credit: Getty Images | NurPhoto )

The US government has pressured telcos to rip out network gear made by Chinese companies Huawei and ZTE but has allocated only about 38 percent of the money needed to replace equipment with non-Chinese hardware, the Federal Communications Commission said.

FCC Chairwoman Jessica Rosenworcel wrote to Congress Thursday, urging lawmakers to fully fund the program. Congress allocated $1.9 billion for replacements of Chinese gear that must be removed as early as this month, but the needed reimbursements add up to nearly $5 billion, Rosenworcel wrote.

"I am writing... to emphasize again the urgent need for full funding of the Reimbursement Program," she wrote. Rural mobile carriers could have to withdraw from the reimbursement program or even shut down networks if the funding shortfall isn't closed, the letter said.