Author name: Blake Jones

helene-ravaged-the-nc-plant-that-makes-60%-of-the-country’s-iv-fluid-supply

Helene ravaged the NC plant that makes 60% of the country’s IV fluid supply

Hurricane Helene’s catastrophic damage and flooding to the Southeastern states may affect the country’s medical supply chain.

Hospitals nationwide are bracing for a possible shortage of essential intravenous fluids after the cataclysmic storm inundated a vital manufacturing plant in North Carolina.

The plant is Baxter International’s North Cove manufacturing facility in Marion, which is about 35 miles northeast of Asheville. Helene unleashed unprecedented amounts of rain throughout the western part of the state, killing dozens and ravaging numerous communities, homes, and other structures, including the plant.

The North Cove plant produces 60 percent of the country’s supply of IV solutions, typically producing 1.5 million bags per day, according to the American Hospital Association. The dozens of sterile solutions Baxter makes at the facility are used for everything from intravenous rehydration and drug delivery to peritoneal dialysis used to treat kidney failure.

“Our hearts and thoughts are with all those affected by Hurricane Helene,” Baxter CEO José Almeida said in a statement on September 29. “The safety of our employees, their families, and the communities in which we operate remains our utmost concern, and we are committed to helping ensure reliable supply of products to patients. Remediation efforts are already underway, and we will spare no resource—human or financial—to resume production and help ensure patients and providers have the products they need.”

Critical supply

On October 2, Mass General Brigham, Massachusetts’ largest hospital and health care system, warned employees via email of a “serious and immediate IV fluid shortage,” according to the Boston Globe.

Helene ravaged the NC plant that makes 60% of the country’s IV fluid supply Read More »

youtube-fixes-glitch-that-wrongly-removed-accounts,-deleted-videos

YouTube fixes glitch that wrongly removed accounts, deleted videos

As a message highlighted above the thread warned YouTube users that there were “longer than normal wait times” for support requests, YouTube continually asked for “patience” and turned off the comments.

“We are very sorry for this error on our part,” YouTube said.

Unable to leave comments, thousands of users mashed a button on the support thread, confirming that they had “the same question.” On Friday morning, 8,000 users had signaled despair, and as of this writing, the number had notched up to nearly 11,000.

YouTube has not confirmed how many users were removed, so that’s likely the best estimate we have for how many users were affected.

On Friday afternoon, YouTube did update the thread, confirming that “all channels incorrectly removed for Spam & Deceptive Practices have been fully reinstated!”

While YouTube claims that all channels are back online, not all the videos mistakenly removed were reinstated, YouTube said. Although most of the users impacted were reportedly non-creators, and therefore their livelihoods were likely not disrupted by the bug, at least one commenter complained, “my two most-viewed videos got deleted,” suggesting some account holders may highly value the videos still missing on their accounts.

“We’re working on reinstating the last few videos, thanks for bearing with us!” YouTube’s update said. “We know this was a frustrating experience, really appreciate your patience while we sort this out.”

It’s unclear if paid subscribers will be reimbursed for lost access to content.

YouTube did not respond to Ars’ request to comment.

YouTube fixes glitch that wrongly removed accounts, deleted videos Read More »

openai’s-canvas-can-translate-code-between-languages-with-a-click

OpenAI’s Canvas can translate code between languages with a click

Coding shortcuts in canvas include reviewing code, adding logs for debugging, inserting comments, fixing bugs, and porting code to different programming languages. For example, if your code is JavaScript, with a few clicks it can become PHP, TypeScript, Python, C++, or Java. As with GPT-4o by itself, you’ll probably still have to check it for mistakes.

A screenshot of coding using ChatGPT with Canvas captured on October 4, 2024.

A screenshot of coding using ChatGPT with Canvas captured on October 4, 2024.

Credit: Benj Edwards

A screenshot of coding using ChatGPT with Canvas captured on October 4, 2024. Credit: Benj Edwards

Also, users can highlight specific sections to direct ChatGPT’s focus, and the AI model can provide inline feedback and suggestions while considering the entire project, much like a copy editor or code reviewer. And the interface makes it easy to restore previous versions of a working document using a back button in the Canvas interface.

A new AI model

OpenAI says its research team developed new core behaviors for GPT-4o to support Canvas, including triggering the canvas for appropriate tasks, generating certain content types, making targeted edits, rewriting documents, and providing inline critique.

An image of OpenAI's Canvas in action.

An image of OpenAI’s Canvas in action.

An image of OpenAI’s Canvas in action. Credit: OpenAI

One key challenge in development, according to OpenAI, was defining when to trigger a canvas. In an example on the Canvas blog post, the team says it taught the model to open a canvas for prompts like “Write a blog post about the history of coffee beans” while avoiding triggering Canvas for general Q&A tasks like “Help me cook a new recipe for dinner.”

Another challenge involved tuning the model’s editing behavior once canvas was triggered, specifically deciding between targeted edits and full rewrites. The team trained the model to perform targeted edits when users specifically select text through the interface, otherwise favoring rewrites.

The company noted that canvas represents the first major update to ChatGPT’s visual interface since its launch two years ago. While canvas is still in early beta, OpenAI plans to improve its capabilities based on user feedback over time.

OpenAI’s Canvas can translate code between languages with a click Read More »

apple-couldn’t-tell-fake-iphones-from-real-ones,-lost-$2.5m-to-scammers

Apple couldn’t tell fake iPhones from real ones, lost $2.5M to scammers

Two men involved in an elaborate scheme duping Apple into replacing about 6,000 counterfeit iPhones with genuine iPhones were sentenced to prison this week, the US Department of Justice announced Thursday.

Together with their co-conspirators, the 34-year-old scammers, Haotian Sun and Pengfei Xue, squeezed Apple for about $2.5 million, as employees for years failed to detect what the DOJ described as a rather “sophisticated” scheme between 2017 and 2019.

Now Sun has been sentenced to 57 months in prison and must pay more than $1 million to Apple in restitution. For his part, Xue was sentenced to 54 months and ordered to pay $397,800 in restitution, the DOJ said. Additionally, both men must also serve three years of supervised release and forfeit thousands more following the judgment.

The scheme depended on tricking Apple into accepting bogus phones during returns by spoofing serial numbers or International Mobile Equipment Identity (IMEI) numbers linked to real customers’ iPhones that were still under warranty. (Apple provides a one-year warranty for new iPhones discovered to have defects and sells insurance plans to extend the warranties.)

The scammers were caught and convicted of mail fraud and conspiracy to commit mail fraud after an Apple investigator tipped law enforcement off, a 2019 affidavit from postal inspector Stephen Cohen said.

Law enforcement intercepted packages and confirmed that thousands of counterfeit phones were being shipped from China, then submitted to Apple for repairs either by mail or in person. These counterfeit phones, Cohen said, were either out of warranty or contained counterfeit parts, but Apple “wrongly” believed that they were real phones under real warranties, often replacing dozens of fake phones fraudulently returned in a single shipment, Cohen said.

Apple couldn’t tell fake iPhones from real ones, lost $2.5M to scammers Read More »

human-case-of-h5n1-suspected-in-california-amid-rapid-dairy-spread

Human case of H5N1 suspected in California amid rapid dairy spread

California’s infections bring the country’s total number of affected herds to 255 in 14 states, according to the USDA.

In a new release Thursday, California health officials worked to ease alarm about the human case, emphasizing that the risk to the general public remains low.

“Ongoing health checks of individuals who interact with potentially infected animals helped us quickly detect and respond to this possible human case. Fortunately, as we’ve seen in other states with human infections, the individual has experienced mild symptoms,” Tomás Aragón, director of California’s Department of Public Health, said. “We want to emphasize that the risk to the general public is low, and people who interact with potentially infected animals should take prevention measures.”

The release noted that in the past four months, the health department has distributed more than 340,000 respirators, 1.3 million gloves, 160,000 goggles and face shields, and 168,000 bouffant caps to farm workers. The state has also received 5,000 doses of seasonal flu vaccine earmarked for farm workers and is working to distribute those vaccines to local health departments.

Still, herd infections and human cases continue to tick up. Influenza researchers and other health experts are anxiously following the unusual dairy outbreak—the first time an avian influenza is known to have spilled over to and caused an outbreak in cattle. The more opportunities the virus has to spread and adapt to mammals, the more chances it could begin spreading among humans, potentially sparking an outbreak or even a pandemic.

Human case of H5N1 suspected in California amid rapid dairy spread Read More »

strange-“biotwang”-id’d-as-bryde’s-whale-call

Strange “biotwang” ID’d as Bryde’s whale call

In 2014, researchers monitoring acoustic recordings from the Mariana Archipelago picked up an unusual whale vocalization with both low- and high-frequency components. It seemed to be a whale call, but it sounded more mechanical than biological and has since been dubbed a “biotwang.”

Now a separate team of scientists has developed a machine-learning model to scan a dataset of recordings of whale vocalizations from various species to help identify the source of such calls. Combining that analysis with visual observations allowed the team to identify the source of the biotwang: a species of baleen whales called Bryde’s (pronounced “broodus”) whales. This should help researchers track populations of these whales as they migrate to different parts of the world, according to a recent paper published in the journal Frontiers in Marine Science.

Marine biologists often rely on a powerful tool called passive acoustic monitoring for long-term data collection of the ocean’s acoustic environment, including whale vocalizations. Bryde’s whale calls tend to be regionally specific, per the authors. For instance, calls in the eastern North Pacific are pretty well documented, with frequencies typically falling below 100 Hz, augmented by harmonic frequencies as high as 400 Hz. Far less is known about the sounds made by Bryde’s whales in the western and central North Pacific, since for many years there were only three known recordings of those vocalizations—including a call dubbed “Be8” (starting at 45 Hz with multiple harmonics) and mother-calf calls.

That changed with the detection of the biotwang in 2014. It’s quite a distinctive, complex call that typically lasts about 3.5 seconds, with five stages, starting at around 30 Hz and ending with a metallic sound that can reach as high as 8,000 Hz. “It’s a real weird call,” co-author Ann Allen, a scientist at NOAA Fisheries, told Ars. “Anybody who wasn’t familiar with whales would think it was some sort of artificial sound, made by a naval ship.” The 2014 team was familiar with whale vocalizations and originally attributed the strange sound to baleen whales. But that particular survey was autonomous, and without accompanying visual observations, the scientists could not definitively confirm their hypothesis.

Strange “biotwang” ID’d as Bryde’s whale call Read More »

ants-learned-to-farm-fungi-during-a-mass-extinction

Ants learned to farm fungi during a mass extinction

Timing is everything

Tracing the lineages of agricultural ants to their most recent common ancestor revealed that the ancestor probably lived through the end-Cretaceous mass extinction—the one that killed off the dinosaurs. The researchers argue that the two were almost certainly related. Current models suggest that there was so much dust in the atmosphere after the impact that set off the mass extinction that photosynthesis shut down for nearly two years, meaning minimal plant life. By contrast, the huge amount of dead material would allow fungi to flourish. So, it’s not surprising that ants started to adapt to use what was available to them.

That explains the huge cluster of species that cooperate with fungi. However, most of the species that engage in organized farming don’t appear until roughly 35 million years after the mass extinction, at the end of the Eocene (that’s about 33 million years before the present period). The researchers suggest that the climate changes that accompanied the transition to the Oligocene included a drying out of the tropical Americas, where the fungus-farming ants had evolved. This would cut down on the availability of fungi in the wild, potentially selecting for the ability of species that could propagate fungal species on their own.

This also corresponds to the origins of the yeast strains used by farming ants, as well as the most specialized agricultural fungal species. But it doesn’t account for the origin of coral fungus farmers, which seems to have occurred roughly 10 million years later.

The work gives us a much clearer picture of the origin of agriculture in ants and some reasonable hypotheses regarding the selective pressures that might have led to its evolution. In the long term, however, the biggest advance here may be the resources generated during this study. Ultimately, we’d like to understand the genetic basis for the changes in the ants’ behavior, as well as how the fungi have adapted to better provide for their farmers. To do that, we’ll need to compare the genomes of agricultural species with their free-living relatives. The DNA gathered for this study will ultimately be needed to pursue those questions.

Science, 2024. DOI: 10.1126/science.adn7179  (About DOIs).

Ants learned to farm fungi during a mass extinction Read More »

elon-musk-claims-victory-after-judge-blocks-calif.-deepfake-law

Elon Musk claims victory after judge blocks Calif. deepfake law

“Almost any digitally altered content, when left up to an arbitrary individual on the Internet, could be considered harmful,” Mendez said, even something seemingly benign like AI-generated estimates of voter turnouts shared online.

Additionally, the Supreme Court has held that “even deliberate lies (said with ‘actual malice’) about the government are constitutionally protected” because the right to criticize the government is at the heart of the First Amendment.

“These same principles safeguarding the people’s right to criticize government and government officials apply even in the new technological age when media may be digitally altered: civil penalties for criticisms on the government like those sanctioned by AB 2839 have no place in our system of governance,” Mendez said.

According to Mendez, X posts like Kohls’ parody videos are the “political cartoons of today” and California’s attempt to “bulldoze over the longstanding tradition of critique, parody, and satire protected by the First Amendment” is not justified by even “a well-founded fear of a digitally manipulated media landscape.” If officials find deepfakes are harmful to election prospects, there is already recourse through privacy torts, copyright infringement, or defamation laws, Mendez suggested.

Kosseff told Ars that there could be more narrow ways that government officials looking to protect election integrity could regulate deepfakes online. The Supreme Court has suggested that deepfakes spreading disinformation on the mechanics of voting could possibly be regulated, Kosseff said.

Mendez got it “exactly right” by concluding that the best remedy for election-related deepfakes is more speech, Kosseff said. As Mendez described it, a vague law like AB 2839 seemed to only “uphold the State’s attempt to suffocate” speech.

Parody is vital to democratic debate, judge says

The only part of AB 2839 that survives strict scrutiny, Mendez noted, is a section describing audio disclosures in a “clearly spoken manner and in a pitch that can be easily heard by the average listener, at the beginning of the audio, at the end of the audio, and, if the audio is greater than two minutes in length, interspersed within the audio at intervals of not greater than two minutes each.”

Elon Musk claims victory after judge blocks Calif. deepfake law Read More »

bazzite-is-the-next-best-thing-to-steamos-while-we-wait-on-valve

Bazzite is the next best thing to SteamOS while we wait on Valve

I was on vacation last week, the kind of vacation in which entire days had no particular plan. I had brought the ROG Ally X with me, and, with the review done and Windows still annoying me, I looked around at the DIY scene, wondering if things had changed since my last foray into DIY Steam Deck cloning.

Things had changed for the better. I tried out Bazzite, and after dealing with the typical Linux installation tasks—activating the BIOS shortcut, turning off Secure Boot, partitioning—I had the Steam Deck-like experience I had sought on this more powerful handheld. Since I installed Bazzite, I have not had to mess with drivers, hook up to a monitor and keyboard for desktop mode, or do anything other than play games.

Until Valve officially makes SteamOS available for the ROG Ally and (maybe) other handhelds, Bazzite is definitely worth a look for anyone who thinks their handheld could do better.

A laptop and handheld running Bazzite, with an SD card pulled out of the handheld.

Bazzite says that you can swap an SD card full of games between any two systems running Bazzite. This kind of taunting possibility is very effective on people like me. Credit: Bazzite

More game platforms, more customization, same Steam-y feel

There are a few specific features for the ROG Ally X tossed into Bazzite, and the Linux desktop is Fedora, not Arch. Beyond that, it is like SteamOS but better, especially if you want to incorporate non-Steam games. Bazzite bakes in apps like Lutris, Heroic, and Junk Store, which Steam Deck owners often turn to for loading in games from Epic, GOG, itch.io, and other stores, as well as games with awkward Windows-only launchers.

You don’t even need to ditch Windows, really. If you’re using a handheld like the ROG Ally X, with its 1TB of storage, you can dual-boot Bazzite and Windows with some crafty partition shrinking. By all means, check that your game saves are backed up first, but you can, with some guide-reading, venture into Bazzite without abandoning the games for which you need Windows.

Perhaps most useful to the type of person who owns a gaming handheld and also will install Linux on it, Bazzite gives you powerful performance customization at the click of a button. Tap the ROG Ally’s M1 button on the back, and you can mess with Thermal Design Power (TDP), set a custom fan curve, change the charge limit, tweak CPU and GPU parameters, or even choose a scheduler. I most appreciated this for the truly low-power indie games I played, as I could set the ROG Ally below its standard 13 W “Silent” profile down to a custom 7 W without heading deep into Asus’ Armoury Crate.

Bazzite is the next best thing to SteamOS while we wait on Valve Read More »

attackers-exploit-critical-zimbra-vulnerability-using-cc’d-email-addresses

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn.

The vulnerability, tracked as CVE-2024-45519, resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable the postjournal service, attackers can execute commands by sending maliciously formed emails to an address hosted on the server. Zimbra recently patched the vulnerability. All Zimbra users should install it or, at a minimum, ensure that postjournal is disabled.

Easy, yes, but reliable?

On Tuesday, Security researcher Ivan Kwiatkowski first reported the in-the-wild attacks, which he described as “mass exploitation.” He said the malicious emails were sent by the IP address 79.124.49[.]86 and, when successful, attempted to run a file hosted there using the tool known as curl. Researchers from security firm Proofpoint took to social media later that day to confirm the report.

On Wednesday, security researchers provided additional details that suggested the damage from ongoing exploitation was likely to be contained. As already noted, they said, a default setting must be changed, likely lowering the number of servers that are vulnerable.

Security researcher Ron Bowes went on to report that the “payload doesn’t actually do anything—it downloads a file (to stdout) but doesn’t do anything with it.” He said that in the span of about an hour earlier Wednesday a honey pot server he operated to observe ongoing threats received roughly 500 requests. He also reported that the payload isn’t delivered through emails directly, but rather through a direct connection to the malicious server through SMTP, short for the Simple Mail Transfer Protocol.

“That’s all we’ve seen (so far), it doesn’t really seem like a serious attack,” Bowes wrote. “I’ll keep an eye on it, and see if they try anything else!”

In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details:

  • While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts
  • Based on what we have researched and observed, exploitation of this vulnerability is very easy, but we do not have any information about how reliable the exploitation is
  • Exploitation has remained about the same since we first spotted it on Sept. 28th
  • There is a PoC available, and the exploit attempts appear opportunistic
  • Exploitation is geographically diverse and appears indiscriminate
  • The fact that the attacker is using the same server to send the exploit emails and host second-stage payloads indicates the actor does not have a distributed set of infrastructure to send exploit emails and handle infections after successful exploitation. We would expect the email server and payload servers to be different entities in a more mature operation.
  • Defenders protecting  Zimbra appliances should look out for odd CC or To addresses that look malformed or contain suspicious strings, as well as logs from the Zimbra server indicating outbound connections to remote IP addresses.

Proofpoint has explained that some of the malicious emails used multiple email addresses that, when pasted into the CC field, attempted to install a webshell-based backdoor on vulnerable Zimbra servers. The full cc list was wrapped as a single string and encoded using the base64 algorithm. When combined and converted back into plaintext, they created a webshell at the path: /jetty/webapps/zimbraAdmin/public/jsp/zimbraConfig.jsp.

Attackers exploit critical Zimbra vulnerability using cc’d email addresses Read More »

despite-stricter-regulations,-europe-has-issues-with-tattoo-ink-ingredients

Despite stricter regulations, Europe has issues with tattoo ink ingredients

Swierk et al. use various methods, including Raman spectroscopy, nuclear magnetic resonance spectroscopy, and electron microscopy, to analyze a broad range of commonly used tattoo inks. This enables them to identify specific pigments and other ingredients in the various inks.

Earlier this year, Swierk’s team identified 45 out of 54 inks (90 percent) with major labeling discrepancies in the US. Allergic reactions to the pigments, especially red inks, have already been documented. For instance, a 2020 study found a connection between contact dermatitis and how tattoos degrade over time. But additives can also have adverse effects. More than half of the tested inks contained unlisted polyethylene glycol—repeated exposure could cause organ damage—and 15 of the inks contained a potential allergen called propylene glycol.

Meanwhile, across the pond…

That’s a major reason why the European Commission has recently begun to crack down on harmful chemicals in tattoo ink, including banning two widely used blue and green pigments (Pigment Blue 15 and Pigment Green 7), claiming they are often of low purity and can contain hazardous substances. (US regulations are less strict than those adopted by the EU.) Swierk’s team has now expanded its chemical analysis to include 10 different tattoo inks from five different manufacturers supplying the European market.

According to Swierk et al., nine of those 10 inks did not meet EU regulations; five simply failed to list all the components, but four contained prohibited ingredients. The other main finding was that Raman spectroscopy is not very reliable for figuring out which of three common structures of Pigment Blue 15 has been used. (Only one has been banned.) Different instruments failed to reliably distinguish between the three forms, so the authors concluded that the current ban on Pigment Blue 15 is simply unenforceable.

“There are regulations on the book that are not being complied with, at least in part because enforcement is lagging,” said Swierk. “Our work cannot determine whether the issues with inaccurate tattoo ink labeling is intentional or unintentional, but at a minimum, it highlights the need for manufacturers to adopt better manufacturing standards. At the same time, the regulations that are on the books need to be enforced and if they cannot be enforced, like we argue in the case of Pigment Blue 15, they need to be reevaluated.”

Analyst, 2024. DOI: 10.1039/D4AN00793J  (About DOIs).

Despite stricter regulations, Europe has issues with tattoo ink ingredients Read More »

amazon-illegally-refused-to-bargain-with-drivers’-union,-nlrb-alleges

Amazon illegally refused to bargain with drivers’ union, NLRB alleges

The National Labor Relations Board (NLRB) has filed charges against Amazon, alleging that the e-commerce giant has illegally refused to bargain with a union representing drivers who are frustrated by what they claim are low wages and dangerous working conditions.

Back in August, drivers celebrated what they considered a major win when the NLRB found that Amazon was a joint employer of sub-contracted drivers, cheering “We are Amazon workers!” At that time, Amazon seemed to be downplaying the designation, telling Ars that the union was trying to “misrepresent” a merit determination that the NLRB confirmed was only “the first step in the NLRB’s General Counsel litigating the allegations after investigating an unfair labor practice charge.”

But this week, the NLRB took the next step, signing charges soon after Amazon began facing intensifying worker backlash, not just from drivers but also from disgruntled office and fulfillment workers. According to Reuters, the NLRB accused Amazon of “a series of illegal tactics to discourage union activities” organized by drivers in a Palmdale, California, facility.

Amazon has found itself in increasingly hot water ever since the Palmdale drivers joined the International Brotherhood of Teamsters union in 2021. The NLRB’s complaint called out Amazon for terminating its contract with the unionized drivers without ever engaging in bargaining.

The tech company could have potentially avoided the NLRB charges if Amazon had settled with drivers, who claimed that rather than negotiate, Amazon had intimidated employees with security guards and illegally retaliated against workers unionizing.

Although Amazon recently invested $2.1 billion—its “biggest investment yet”—to improve driver safety and increase drivers’ wages, Amazon apparently did not do enough to settle drivers’ complaints.

The NLRB said in a press release sent to Ars that the complaint specifically alleged that “Amazon failed and refused to bargain” with Teamsters “and that it did not afford the union the opportunity to bargain over the effects of terminating” the Palmdale drivers’ contract, “increasing inspections, reducing and termination routes, and terminating employees in the bargaining unit.” Additionally, “the complaint further alleged that Amazon made unlawful threats and promises, held captive audience meetings, delayed employee start times and increased vehicle inspections to discourage union activities, and failed and refused to furnish information to the union.”

Amazon illegally refused to bargain with drivers’ union, NLRB alleges Read More »