Author name: Paul Patrick

4chan-daily-challenge-sparked-deluge-of-explicit-ai-taylor-swift-images

4chan daily challenge sparked deluge of explicit AI Taylor Swift images

4chan daily challenge sparked deluge of explicit AI Taylor Swift images

4chan users who have made a game out of exploiting popular AI image generators appear to be at least partly responsible for the flood of fake images sexualizing Taylor Swift that went viral last month.

Graphika researchers—who study how communities are manipulated online—traced the fake Swift images to a 4chan message board that’s “increasingly” dedicated to posting “offensive” AI-generated content, The New York Times reported. Fans of the message board take part in daily challenges, Graphika reported, sharing tips to bypass AI image generator filters and showing no signs of stopping their game any time soon.

“Some 4chan users expressed a stated goal of trying to defeat mainstream AI image generators’ safeguards rather than creating realistic sexual content with alternative open-source image generators,” Graphika reported. “They also shared multiple behavioral techniques to create image prompts, attempt to avoid bans, and successfully create sexually explicit celebrity images.”

Ars reviewed a thread flagged by Graphika where users were specifically challenged to use Microsoft tools like Bing Image Creator and Microsoft Designer, as well as OpenAI’s DALL-E.

“Good luck,” the original poster wrote, while encouraging other users to “be creative.”

OpenAI has denied that any of the Swift images were created using DALL-E, while Microsoft has continued to claim that it’s investigating whether any of its AI tools were used.

Cristina López G., a senior analyst at Graphika, noted that Swift is not the only celebrity targeted in the 4chan thread.

“While viral pornographic pictures of Taylor Swift have brought mainstream attention to the issue of AI-generated non-consensual intimate images, she is far from the only victim,” López G. said. “In the 4chan community where these images originated, she isn’t even the most frequently targeted public figure. This shows that anyone can be targeted in this way, from global celebrities to school children.”

Originally, 404 Media reported that the harmful Swift images appeared to originate from 4chan and Telegram channels before spreading on X (formerly Twitter) and other social media. Attempting to stop the spread, X took the drastic step of blocking all searches for “Taylor Swift” for two days.

But López G. said that Graphika’s findings suggest that platforms will continue to risk being inundated with offensive content so long as 4chan users are determined to continue challenging each other to subvert image generator filters. Rather than expecting platforms to chase down the harmful content, López G. recommended that AI companies should get ahead of the problem, taking responsibility for outputs by paying attention to evolving tactics of toxic online communities reporting precisely how they’re getting around safeguards.

“These images originated from a community of people motivated by the ‘challenge’ of circumventing the safeguards of generative AI products, and new restrictions are seen as just another obstacle to ‘defeat,’” López G. said. “It’s important to understand the gamified nature of this malicious activity in order to prevent further abuse at the source.”

Experts told The Times that 4chan users were likely motivated to participate in these challenges for bragging rights and to “feel connected to a wider community.”

4chan daily challenge sparked deluge of explicit AI Taylor Swift images Read More »

google-and-mozilla-don’t-like-apple’s-new-ios-browser-rules

Google and Mozilla don’t like Apple’s new iOS browser rules

Surely US regulators will help us… —

Google and Mozilla want iOS’s new EU browser rules to apply worldwide.

Extreme close-up photograph of finger above Chrome icon on smartphone.

Apple is being forced to make major changes to iOS in Europe, thanks to the European Union’s “Digital Markets Act.” The act cracks down on Big Tech “gatekeepers” with various interoperability, fairness, and privacy demands, and part of the changes demanded of Apple is to allow competing browser engines on iOS. The change, due in iOS 17.4, will mean rival browsers like Chrome and Firefox get to finally bring their own web rendering code to iPhones and iPads. Despite what sounds like a big improvement to the iOS browser situation, Google and Mozilla aren’t happy with Apple’s proposed changes.

Earlier, Mozilla spokesperson Damiano DeMonte gave a comment to The Verge on Apple’s policy changes and took issue with the decision to limit the browser changes to the EU. “We are still reviewing the technical details but are extremely disappointed with Apple’s proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps,” DeMonte said. “The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations—a burden Apple themselves will not have to bear.” DeMonte added: “Apple’s proposals fail to give consumers viable choices by making it as painful as possible for others to provide competitive alternatives to Safari. This is another example of Apple creating barriers to prevent true browser competition on iOS.”

Apple’s framework that allows for alternative browser engines is called “BrowserEngineKit” and already has public documentation as part of the iOS 17.4 beta. Browser vendors will need to earn Apple’s approval to use the framework in a production app, and like all iOS apps, that approval will come with several requirements. None of the requirements jump out as egregious: Apple wants browser vendors to have a certain level of web standards support, pledge to fix security vulnerabilities quickly and protect the user’s privacy by showing the standard consent prompts for access to things like location. You’re not allowed to “sync cookies and state between the browser and any other apps, even other apps of the developer,” which seems aimed directly at Google and its preference to have all its iOS apps talk to each other. The big negative is that your BrowserEngineKit app is limited to the EU, because—surprise—the EU rules only apply to the EU.

Speaking of Google, Google’s VP of engineering for Chrome, Parisa Tabriz, commented on DeMonte’s statement on X, saying, “Strong agree with @mozilla. @Apple isn’t serious about supporting web browser or engine choice on iOS. Their strategy is overly restrictive, and won’t meaningfully lead to real choice for browser developers.”

Today, you can download what look like “alternative” browsers on iOS, like Chrome and Firefox, but these browsers are mostly just skins overtop of Apple’s Safari engine. iOS app developers aren’t actually allowed to include their own browser engines, so everything uses Safari’s WebKit engine, with a new UI and settings and sync features layered on top. That means all of WebKit’s bugs and feature support decisions apply to every browser.

Being stuck with Safari isn’t great for users. Over the years, Safari has earned a reputation as “the new IE” from some web developers, due to lagging behind the competition in its support for advanced web features. Safari has gotten notably better lately, though. For instance, in 2023, it finally shipped support for push notifications, allowing web apps to better compete with native apps downloaded from Apple’s cash-cow App Store. Apple’s support of push notifications came seven years after Google and Mozilla rolled out the feature.

More competition would be great for the iOS browser space, but the reality is that competition will mostly be from the other big “gatekeeper” in the room: Google. Chrome is the project with the resources and reach to better compete with Safari, and working its way into iOS will bring the web close to a Chrome monoculture. Google’s browser may have better support for certain web features, but it will also come with a built-in tracking system that spies on users and serves up their interests to advertisers. Safari has a much better privacy story.

Even though only EU users will get to choose from several actually different browsers, everyone still has to compete in the EU, and that includes Safari. For the rest of the world, even they don’t get a real browser choice; competing in the EU browser wars should make the only iOS browser better for everyone. The EU rules have a compliance deadline of March 2024, so iOS 17.4 needs to be out by then. Google and Mozilla have been working on full versions of their browsers for iOS for at least a year now. Maybe they’ll be ready for launch?

Google and Mozilla don’t like Apple’s new iOS browser rules Read More »

eu-right-to-repair:-sellers-will-be-liable-for-a-year-after-products-are-fixed

EU right to repair: Sellers will be liable for a year after products are fixed

Right to repair —

Rules also ban “contractual, hardware or software related barriers to repair.”

A European Union flag blowing in the wind.

Getty Images | SimpleImages

Europe’s right-to-repair rules will force vendors to stand by their products an extra 12 months after a repair is made, according to the terms of a new political agreement.

Consumers will have a choice between repair and replacement of defective products during a liability period that sellers will be required to offer. The liability period is slated to be a minimum of two years before any extensions.

“If the consumer chooses the repair of the good, the seller’s liability period will be extended by 12 months from the moment when the product is brought into conformity. This period may be further prolonged by member states if they so wish,” a European Council announcement on Friday said.

The 12-month extension is part of a provisional deal between the European Parliament and Council on how to implement the European Commission’s right-to-repair directive that was passed in March 2023. The Parliament and Council still need to formally adopt the agreement, which would then come into force 20 days after it is published in the Official Journal of the European Union.

“Once adopted, the new rules will introduce a new ‘right to repair’ for consumers, both within and beyond the legal guarantee, which will make it easier and more cost-effective for them to repair products instead of simply replacing them with new ones,” the European Commission said on Friday.

Rules prohibit “barriers to repair”

The rules require spare parts to be available at reasonable prices, and product makers will be prohibited from using “contractual, hardware or software related barriers to repair, such as impeding the use of second-hand, compatible and 3D-printed spare parts by independent repairers,” the Commission said.

The newly agreed-upon text “requires manufacturers to make the necessary repairs within a reasonable time and, unless the service is provided for free, for a reasonable price too, so that consumers are encouraged to opt for repair,” the European Council said.

There will be required options for consumers to get repairs both before and after the minimum liability period expires, the Commission said:

When a defect appears within the legal guarantee, consumers will now benefit from a prolonged legal guarantee of one year if they choose to have their products repaired.

When the legal guarantee has expired, the consumers will be able to request an easier and cheaper repair of defects in those products that must be technically repairable (such as tablets, smartphones but also washing machines, dishwashers, etc.). Manufacturers will be required to publish information about their repair services, including indicative prices of the most common repairs.

The overarching goal as stated by the Commission is to overcome “obstacles that discourage consumers to repair due to inconvenience, lack of transparency or difficult access to repair services.” To make finding repair services easier for users, the Council said it plans a European-wide online platform “to facilitate the matchmaking between consumers and repairers.”

EU right to repair: Sellers will be liable for a year after products are fixed Read More »

windows-version-of-the-venerable-linux-“sudo”-command-shows-up-in-preview-build

Windows version of the venerable Linux “sudo” command shows up in preview build

sudo start your photocopiers —

Feature is experimental and, at least currently, not actually functional.

Not now, but maybe soon?

Enlarge / Not now, but maybe soon?

Andrew Cunningham

Microsoft opened its arms to Linux during the Windows 10 era, inventing an entire virtualized subsystem to allow users and developers to access a real-deal Linux command line without leaving the Windows environment. Now, it looks like Microsoft may embrace yet another Linux feature: the sudo command.

Short for “superuser do” or “substitute user do” and immortalized in nerd-leaning pop culture by an early xkcd comic, sudo is most commonly used at the command line when the user needs administrator access to the system—usually to install or update software, or to make changes to system files. Users who aren’t in the sudo user group on a given system can’t run the command, protecting the rest of the files on the system from being accessed or changed.

In a post on X, formerly Twitter, user @thebookisclosed found settings for a Sudo command in a preview version of Windows 11 that was posted to the experimental Canary channel in late January. WindowsLatest experimented with the setting in a build of Windows Server 2025, which currently requires Developer Mode to be enabled in the Settings app. There’s a toggle to turn the sudo command on and off and a separate drop-down to tweak how the command behaves when you use it, though as of this writing the command itself doesn’t actually work yet.

The sudo command is also part of the Windows Subsystem for Linux (WSL), but that version of the sudo command only covers Linux software. This one seems likely to run native Windows commands, though obviously we won’t know exactly how it works before it’s enabled and fully functional. Currently, users who want a sudo-like command in Windows need to rely on third-party software like gsudo to accomplish the task.

The benefit of the sudo command for Windows users—whether they’re using Windows Server or otherwise—would be the ability to elevate the privilege level without having to open an entirely separate command prompt or Windows Terminal window. According to the options available in the preview build, commands run with sudo could be opened up in a new window automatically, or they could happen inline, but you’d never need to do the “right-click, run-as-administrator” dance again if you didn’t want to.

Microsoft regularly tests new Windows features that don’t make it into the generally released public versions of the operating system. This feature could also remain exclusive to Windows Server without making it into the consumer version of Windows. But given the command’s presence in Linux and macOS, it will be a nice quality-of-life improvement for Windows users who spend lots of time staring at the command prompt.

Microsoft is borrowing a longstanding Linux feature here, but that road goes both ways—a recent update to the Linux systemd software added a Windows-inspired “blue screen of death” designed to give users more information about crashes when they happen.

Windows version of the venerable Linux “sudo” command shows up in preview build Read More »

microsoft-in-deal-with-semafor-to-create-news-stories-with-aid-of-ai-chatbot

Microsoft in deal with Semafor to create news stories with aid of AI chatbot

a meeting-deadline helper —

Collaboration comes as tech giant faces multibillion-dollar lawsuit from The New York Times.

Cube with Microsoft logo on top of their office building on 8th Avenue and 42nd Street near Times Square in New York City.

Enlarge / Cube with Microsoft logo on top of their office building on 8th Avenue and 42nd Street near Times Square in New York City.

Microsoft is working with media startup Semafor to use its artificial intelligence chatbot to help develop news stories—part of a journalistic outreach that comes as the tech giant faces a multibillion-dollar lawsuit from the New York Times.

As part of the agreement, Microsoft is paying an undisclosed sum of money to Semafor to sponsor a breaking news feed called “Signals.” The companies would not share financial details, but the amount of money is “substantial” to Semafor’s business, said a person familiar with the matter.

Signals will offer a feed of breaking news and analysis on big stories, with about a dozen posts a day. The goal is to offer different points of view from across the globe—a key focus for Semafor since its launch in 2022.

Semafor co-founder Ben Smith emphasized that Signals will be written entirely by journalists, with artificial intelligence providing a research tool to inform posts.

Microsoft on Monday was also set to announce collaborations with journalist organizations including the Craig Newmark School of Journalism, the Online News Association, and the GroundTruth Project.

The partnerships come as media companies have become increasingly concerned over generative AI and its potential threat to their businesses. News publishers are grappling with how to use AI to improve their work and stay ahead of technology, while also fearing that they could lose traffic, and therefore revenue, to AI chatbots—which can churn out humanlike text and information in seconds.

The New York Times in December filed a lawsuit against Microsoft and OpenAI, alleging the tech companies have taken a “free ride” on millions of its articles to build their artificial intelligence chatbots, and seeking billions of dollars in damages.

Gina Chua, Semafor’s executive editor, has been involved in developing Semafor’s AI research tools, which are powered by ChatGPT and Microsoft’s Bing.

“Journalism has always used technology whether it’s carrier pigeons, the telegraph or anything else . . . this represents a real opportunity, a set of tools that are really a quantum leap above many of the other tools that have come along,” Chua said.

For a breaking news event, Semafor journalists will use AI tools to quickly search for reporting and commentary from other news sources across the globe in multiple languages. A Signals post might include perspectives from Chinese, Indian, or Russian media, for example, with Semafor’s reporters summarizing and contextualizing the different points of view, while citing its sources.

Noreen Gillespie, a former Associated Press journalist, joined Microsoft three months ago to forge relationships with news companies. “Journalists need to adopt these tools in order to survive and thrive for another generation,” she said.

Semafor was founded by Ben Smith, the former BuzzFeed editor, and Justin Smith, the former chief executive of Bloomberg Media.

Semafor, which is free to read, is funded by wealthy individuals, including 3G capital founder Jorge Paulo Lemann and KKR co-founder Henry Kravis. The company made more than $10 million in revenue in 2023 and has more than 500,000 subscriptions to its free newsletters. Justin Smith said Semafor was “very close to a profit” in the fourth quarter of 2023.

“What we’re trying to go after is this really weird space of breaking news on the Internet now, in which you have these really splintered, fragmented, rushed efforts to get the first sentence of a story out for search engines . . . and then never really make any effort to provide context,” Ben Smith said.

“We’re trying to go the other way. Here are the confirmed facts. Here are three or four pieces of really sophisticated, meaningful analysis.”

© 2024 The Financial Times Ltd. All rights reserved. Please do not copy and paste FT articles and redistribute by email or post to the web.

Microsoft in deal with Semafor to create news stories with aid of AI chatbot Read More »

facebook-rules-allowing-fake-biden-“pedophile”-video-deemed-“incoherent”

Facebook rules allowing fake Biden “pedophile” video deemed “incoherent”

Not to be misled —

Meta may revise AI policies that experts say overlook “more misleading” content.

Facebook rules allowing fake Biden “pedophile” video deemed “incoherent”

A fake video manipulated to falsely depict President Joe Biden inappropriately touching his granddaughter has revealed flaws in Facebook’s “deepfake” policies, Meta’s Oversight Board concluded Monday.

Last year when the Biden video went viral, Facebook repeatedly ruled that it did not violate policies on hate speech, manipulated media, or bullying and harassment. Since the Biden video is not AI-generated content and does not manipulate the president’s speech—making him appear to say things he’s never said—the video was deemed OK to remain on the platform. Meta also noted that the video was “unlikely to mislead” the “average viewer.”

“The video does not depict President Biden saying something he did not say, and the video is not the product of artificial intelligence or machine learning in a way that merges, combines, replaces, or superimposes content onto the video (the video was merely edited to remove certain portions),” Meta’s blog said.

The Oversight Board—an independent panel of experts—reviewed the case and ultimately upheld Meta’s decision despite being “skeptical” that current policies work to reduce harms.

“The board sees little sense in the choice to limit the Manipulated Media policy to cover only people saying things they did not say, while excluding content showing people doing things they did not do,” the board said, noting that Meta claimed this distinction was made because “videos involving speech were considered the most misleading and easiest to reliably detect.”

The board called upon Meta to revise its “incoherent” policies that it said appear to be more concerned with regulating how content is created, rather than with preventing harms. For example, the Biden video’s caption described the president as a “sick pedophile” and called out anyone who would vote for him as “mentally unwell,” which could affect “electoral processes” that Meta could choose to protect, the board suggested.

“Meta should reconsider this policy quickly, given the number of elections in 2024,” the Oversight Board said.

One problem, the Oversight Board suggested, is that in its rush to combat AI technologies that make generating deepfakes a fast, cheap, and easy business, Meta policies currently overlook less technical ways of manipulating content.

Instead of using AI, the Biden video relied on basic video-editing technology to edit out the president placing an “I Voted” sticker on his adult granddaughter’s chest. The crude edit looped a 7-second clip altered to make the president appear to be, as Meta described in its blog, “inappropriately touching a young woman’s chest and kissing her on the cheek.”

Meta making this distinction is confusing, the board said, partly because videos altered using non-AI technologies are not considered less misleading or less prevalent on Facebook.

The board recommended that Meta update policies to cover not just AI-generated videos, but other forms of manipulated media, including all forms of manipulated video and audio. Audio fakes currently not covered in the policy, the board warned, offer fewer cues to alert listeners to the inauthenticity of recordings and may even be considered “more misleading than video content.”

Notably, earlier this year, a fake Biden robocall attempted to mislead Democratic voters in New Hampshire by encouraging them not to vote. The Federal Communications Commission promptly responded by declaring AI-generated robocalls illegal, but the Federal Election Commission was not able to act as swiftly to regulate AI-generated misleading campaign ads easily spread on social media, AP reported. In a statement, Oversight Board Co-Chair Michael McConnell said that manipulated audio is “one of the most potent forms of electoral disinformation.”

To better combat known harms, the board suggested that Meta revise its Manipulated Media policy to “clearly specify the harms it is seeking to prevent.”

Rather than pushing Meta to remove more content, however, the board urged Meta to use “less restrictive” methods of coping with fake content, such as relying on fact-checkers applying labels noting that content is “significantly altered.” In public comments, some Facebook users agreed that labels would be most effective. Others urged Meta to “start cracking down” and remove all fake videos, with one suggesting that removing the Biden video should have been a “deeply easy call.” Another commenter suggested that the Biden video should be considered acceptable speech, as harmless as a funny meme.

While the board wants Meta to also expand its policies to cover all forms of manipulated audio and video, it cautioned that including manipulated photos in the policy could “significantly expand” the policy’s scope and make it harder to enforce.

“If Meta sought to label videos, audio, and photographs but only captured a small portion, this could create a false impression that non-labeled content is inherently trustworthy,” the board warned.

Meta should therefore stop short of adding manipulated images to the policy, the board said. Instead, Meta should conduct research into the effects of manipulated photos and then consider updates when the company is prepared to enforce a ban on manipulated photos at scale, the board recommended. In the meantime, Meta should move quickly to update policies ahead of a busy election year where experts and politicians globally are bracing for waves of misinformation online.

“The volume of misleading content is rising, and the quality of tools to create it is rapidly increasing,” McConnell said. “Platforms must keep pace with these changes, especially in light of global elections during which certain actors seek to mislead the public.”

Meta’s spokesperson told Ars that Meta is “reviewing the Oversight Board’s guidance and will respond publicly to their recommendations within 60 days.”

Facebook rules allowing fake Biden “pedophile” video deemed “incoherent” Read More »

new-e.-coli-strain-will-accelerate-evolution-of-the-genes-of-your-choice

New E. coli strain will accelerate evolution of the genes of your choice

Making mutants —

Strain eliminates the trade-offs of a high mutation rate.

Woman holding a plate of bacteria with clusters of bacteria on it.

Genetic mutations are essential for innovation and evolution, yet too many—or the wrong ones—can be fatal. So researchers at Cambridge established a synthetic “orthogonal” DNA replication system in E. coli that they can use as a risk-free way to generate and study such mutations. It is orthogonal because it is completely separate from the system that E. coli uses to copy its actual genome, which contains the genes E. coli needs to survive.

The genes in the orthogonal system are copied with an extraordinarily error-prone DNA replication enzyme, which spurs rapid evolution by generating many random mutations. This goes on while E. coli’s genes are replicated by its normal high-fidelity DNA copying enzyme. The two enzymes work alongside each other, each doing their own thing but not interfering with the other’s genes.

Engineering rapid mutation

Such a cool idea, right? The scientists stole it from nature. Yeast already has a system like this, with a set of genes copied by a dedicated enzyme that doesn’t replicate the rest of the genome. But E. coli is much easier to work with than yeast, and its population can double in 20 minutes, so you can get a lot of rounds of replication and evolution done fast.

The researchers generated the system by pillaging a phage—a virus that infects E. coli. They took out all of the phage genes that allow the phage to grow uncontrollably until it bursts the E. coli cell it infected open. The engineering left only a cassette containing the genes responsible for copying the phage genome. Once this cassette was inserted into the E. coli genome, it could simultaneously replicate at least three different strings of genes placed next to it in the DNA, maintaining them for over a hundred generations—all while leaving the rest of the E. coli genome to be copied by other enzymes.

The scientists then tweaked the mutation rate of the orthogonal DNA-replicating enzyme, eventually enhancing it 1,000-fold. To test if the system could be used to evolve new functions, they inserted a gene for resistance to one antibiotic and saw how long it took for that gene to mutate into one conferring resistance to a different antibiotic. Within twelve days, they got 150 times more resistance to the new antibiotic. They also inserted the gene encoding green fluorescent protein and increased its fluorescence over 1,000-fold in five days.

Evolving detoxification

Not 20 pages later, in the same issue of Science, Frances Arnold’s lab has a paper that provides evidence of how powerful this approach could be. This team directed the evolution of an enzyme the old-fashioned way: through sequential rounds of random mutagenesis and selection for the desired trait. Arnold won The Nobel Prize in Chemistry 2018 for the directed evolution of enzymes, so she knows what she’s about. In this recent work, her lab generated an enzyme that can biodegrade volatile methyl siloxanes. We make megatons of these compounds every year to stick in cleaning products, shampoos and lotions, and industrial products, but they linger in the environment. They contain carbon-silicon bonds, which were never a thing until humans made them about 80 years ago; since nature never made these bonds, there is no natural way to break them, either.

“Directed evolution with siloxane was particularly challenging,” the authors note in their introduction, for various technical reasons. “We started from an enzyme we had previously engineered for other chemistry on siloxanes—that enzyme, unlike the natural enzyme, showed a tiny bit of activity for siloxane Si-C bond cleavage. The overall project, however, from initial discovery to figuring out how to measure what we wanted, took several years,” Arnold said. And it is only the first step in possibly rendering siloxanes biodegradable. The accelerated continuous evolution that the new orthologous system allows will hopefully greatly facilitate the development of enzymes and other proteins like this that will have applications in research, medicine, and industry.

We do not (yet) have machines that can efficiently assemble long stretches of DNA or make proteins. But cells do these things extremely efficiently, and E. coli cells have long been the ones used in the lab as little factories, churning out whatever genes or proteins researchers program into them. Now E. coli can be used for one more molecular task—they can be little hotbeds of evolution.

Science, 2024.  DOI: 10.1126/science.adi5554, 10.1126/science.adk1281

New E. coli strain will accelerate evolution of the genes of your choice Read More »

andretti-cadillac-didn’t-snub-formula-1—f1’s-email-went-to-spam-folder

Andretti Cadillac didn’t snub Formula 1—F1’s email went to spam folder

go on, let them in —

Formula 1 emailed the prospective team but never followed up when it got no reply.

Close up of spam email folder on screen

Enlarge / Don’t you hate it when an important email ends up here?

Getty Images

Last week, Formula 1 formally rejected a bid by Andretti Cadillac to join the sport as an 11th team and constructor. Among the details in a lengthy justification of its decision, Formula 1 wrote that on December 12, it invited the Andretti team to an in-person meeting, “but the Applicant did not take us up on this offer.” Now, it turns out that the Andretti team never saw the email, which instead got caught by a spam filter.

Not even a follow-up?

“We were not aware that the offer of a meeting had been extended and would not decline a meeting with Formula One Management,” the team said in a statement. “An in-person meeting to discuss commercial matters would be and remains of paramount importance to Andretti Cadillac. We welcome the opportunity to meet with Formula One Management and have written to them confirming our interest.”

F1 apparently never followed up with a phone call or even subsequent email during the six weeks between that initial invitation and its announcement at the end of January. Had the two parties gotten together, it’s likely that Andretti could have cleared up some other things for F1 as well.

You just assumed 2025

As F1 noted in its justification, Formula 1 is about to go through a significant rule change in 2026. The cars will be a little narrower and lighter, and the expensive, complicated hybrid system that recovers waste heat energy (known as the MGU-H) is going away—to compensate, the hybrid system that recovers energy under braking (the MGU-K) will get far more powerful.

Designing a car to enter the 2025 season and then a completely different car to a new set of rules in 2026 would be quite the challenge. No one appears to have understood this more than Andretti, which has instead been concentrating on designing a car to those 2026 rules.

Having realized some time ago that the entire process—which began in February 2023—had dragged on so long that it would be virtually impossible to field an entry for next year, the team said it had “been operating with 2026 as the year of entry for many months now. The technicality of 2025 still being part of the application is a result of the length of this process.”

Hey, I know you!

That in-person meeting would also have allowed F1’s management to say hello to some old faces it knows well; Andretti’s chief designer John McQuilliam, head of aerodynamics Jon Tomlinson, and technical director Nick Chester have all worked under F1 technical director Pat Symonds in the past.

As many have pointed out, F1’s claim that any new team has to be competitive and able to challenge for wins doesn’t hold much water, particularly since a single team took home all but one winner’s trophy last season. But it also remains clear that F1 really doesn’t want to add an 11th team to its roster, despite how advantageous a new American team could be as the sport attempts to grow its presence here in the US.

The entry process was not opened by F1 but by the FIA (Fédération Internationale de l’Automobile), which writes the rulebook and used to have sole jurisdiction over this kind of thing until the European Union’s antitrust action forced the FIA to give up its commercial interest in the sport in 1999. At first, the commercial rights were owned by Bernie Ecclestone, then the private equity group CVC Capital Partners, and since 2018, Liberty Media. Under the current agreement between the FIA, F1, and the teams, F1 has a veto on any new addition to the sport, even if—as is the case with Andretti Cadillac—an entrant passes the FIA’s due diligence.

Now that the communications breakdown has been revealed, perhaps Andretti and F1 can get back together and have a more civilized discussion about an entry in 2026.

Andretti Cadillac didn’t snub Formula 1—F1’s email went to spam folder Read More »

someone-finally-cracked-the-“silk-dress-cryptogram”-after-10-years

Someone finally cracked the “Silk Dress cryptogram” after 10 years

page of antique paper with coded text found in silk dress

Enlarge / “Paul Ramify loamy event false new event” was one of the lines written on two sheets of paper found in a hidden pocket.

Sara Rivers Cofield

In December 2013, a curator and archaeologist purchased an antique silk dress with an unusual feature: a hidden pocket that held two sheets of paper with mysterious coded text written on them. People have been trying to crack the code ever since, and someone finally succeeded: University of Manitoba data analyst Wayne Chan. He discovered that the text is actually coded telegraph messages describing the weather used by the US Army and (later) the weather bureau. Chan outlined all the details of his decryption in a paper published in the journal Cryptologia.

“When I first thought I cracked it, I did feel really excited,” Chan told the New York Times. “It is probably one of the most complex telegraphic codes that I’ve ever seen.”

Sara Rivers-Cofield purchased the bronze-colored silk bustle dress with striped rust velvet accents for $100 at an antique shop in Maine, noting on her blog that it was in a style that was fashionable in the mid-1880s among middle-class or well-off women. There wasn’t any fitted boning in the bodice, so the dress was meant to be worn with a corset. It had a draped skirt and bustle with metal buttons decorated with an “Ophelia motif.” While the dress had been machine-stitched, the original buttons had been sewn by hand. A tag with the name “Bennett” was sewn into the bodice.

Sara Rivers-Cofield purchased the dress at an antique shop in Maine.

Enlarge / Sara Rivers-Cofield purchased the dress at an antique shop in Maine.

Sara Rivers Cofield

Rivers-Cofield also noted the ingenious structure of the bustle, which used built-in channels for flexible wires to achieve just the right amount of puff, combined with strategic tacking to keep “the bustle bunched in all the right places.” One bustle pin was still in place, and Rivers-Cofield thought it was used to pull up a layer of the overskirt to expose a bit of the hem ruffle “for a little peek-a-boo with onlookers.” Such pins often show up during excavations of 19th century sites, so she was delighted to find one in situ. “There is one Baltimore laundry site in particular where drainage pipes were found absolutely clogged with pins, buttons, and other clothing attachments—as if launderers put the clothes through a rough washing process … even if removable pins were still on them,” she wrote.

But an even more intriguing discovery awaited. When Rivers-Cofield turned the dress inside-out, she found a small hidden pocket. Many women’s dresses of the era had pockets, but this one would only be accessible by hiking up the overskirt. She puzzled over why anyone would make a pocket so inaccessible and thought it might have been used to smuggle messages. Hidden inside, she found two sheets of wadded-up translucent paper measuring about 7.5 inches by 11 inches. The text on each sheet consisted of 12 lines of recognizable common English words—except they made no sense. “Bismark omit leafage buck bank”? “Paul Ramify loamy event false new event”?

No wonder Rivers-Cofield’s blogged reaction was a simple “What the—?”  She thought it might be some kind of list or a writing exercise and posted all the details on her blog, hoping that “there’s some decoding prodigy out there looking for a project.” It became known as the “Silk Dress cryptogram.” German cryptoblogger Klaus Schmeh noted in 2017 that he considered it to be among the top 50 such coded messages yet unsolved.

Hidden pocket of dress.

Enlarge / Hidden pocket of dress.

Sarah Rovers-Cofield

Schmeh first wrote about the Silk Dress cryptogram in 2014 and invited readers to weigh in. By 2017, he had concluded that the text was probably a telegram—possibly several telegrams—and that the words were chosen from an 1880s code book. There was a numeral at the start of most lines that seemed to indicate the number of words, and each sheet had what appeared to be the time of day written at the top.

Chan started working on the code in the summer of 2018 but didn’t initially make much progress and abandoned the project a few months later. He picked up the challenge again toward the end of 2022 and thought it might be a telegraphic code. With the invention of the telegraph, “For the first time in history, observations from distant locations could be rapidly disseminated, collated, and analyzed to provide a synopsis of the state of weather across an entire nation,” Chan wrote in his paper. But it was expensive to send telegrams since companies charged by the word, so codes were developed to condense as much information into as few words as possible.

Someone finally cracked the “Silk Dress cryptogram” after 10 years Read More »

youtube-tv-starts-testing-customizable-2×2-multiview-options

YouTube TV starts testing customizable 2×2 multiview options

Just in time for football to end —

YouTube TV has been promising customizable multiview for 10 months.

For the NBA YouTube launched

Enlarge / For the NBA YouTube launched “Multiview,” which is coming to Sunday Ticket. It’s four games in a split screen.

YouTube

YouTube TV may finally get a configurable split-screen mode. Google’s cable TV replacement service launched a 2×2 “multiview” feature in 2023, but it relied on pre-made choices cooked up by some person (or maybe AI) inside Google. It’s 10 months later, and now some users on Reddit are seeing a “Build a multiview” option that would let you pick which four channels you want to watch. Cord Cutters News got confirmation from Google that the feature is now being tested.

The current multiview is a fun way to stay on top of multiple games, but getting the games you want is an awkward experience. I’ve been watching NFL Sunday Ticket through YouTube TV this year, and there will be times when there are nine games on simultaneously, and you get only a handful of pre-made multiview options to sift through. Is your desired combination of four games in one of those multiview options? You’d better hope so! The canned combinations only get more awkward as the day goes on: one game ends early, and the station cuts to coverage of another game, and now two of your four windows have duplicate games. If an early game runs long and you want to watch the end next to an already-started late game, that was never an option either. The canned options were always four NFL games, too. If you wanted to watch the NFL and some non-NFL content, you were out of luck. You were easily looking at hundreds of multiview possibilities, so canned selections don’t scale well at all.

The Reddit user claims to have access to the feature and says that, during NBA games, the feature is limited to only selecting other NBA games, but at least that is better than scrolling through random pre-made combinations.

YouTube told Cord Cutters News that the feature would roll out to all devices that currently support multiview, but YouTube did not say when that would happen. YouTube has been promising customizable multiview since the feature launched last March. It also promised mixing and matching content types back in June, but that feature hasn’t widely launched, either. Testing is a good sign, at least.

The calls for customizable multiview have been so loud that the feature request once made it into a Deadline interview with YouTube Chief Business Officer Mary Ellen Coe. Without explaining too much, Coe called the feature “a very hard thing to do technically.”

YouTube TV starts testing customizable 2×2 multiview options Read More »

ars-technica-used-in-malware-campaign-with-never-before-seen-obfuscation

Ars Technica used in malware campaign with never-before-seen obfuscation

WHEN USERS ATTACK —

Vimeo also used by legitimate user who posted booby-trapped content.

Ars Technica used in malware campaign with never-before-seen obfuscation

Getty Images

Ars Technica was recently used to serve second-stage malware in a campaign that used a never-before-seen attack chain to cleverly cover its tracks, researchers from security firm Mandiant reported Tuesday.

A benign image of a pizza was uploaded to a third-party website and was then linked with a URL pasted into the “about” page of a registered Ars user. Buried in that URL was a string of characters that appeared to be random—but were actually a payload. The campaign also targeted the video-sharing site Vimeo, where a benign video was uploaded and a malicious string was included in the video description. The string was generated using a technique known as Base 64 encoding. Base 64 converts text into a printable ASCII string format to represent binary data. Devices already infected with the first-stage malware used in the campaign automatically retrieved these strings and installed the second stage.

Not typically seen

“This is a different and novel way we’re seeing abuse that can be pretty hard to detect,” Mandiant researcher Yash Gupta said in an interview. “This is something in malware we have not typically seen. It’s pretty interesting for us and something we wanted to call out.”

The image posted on Ars appeared in the about profile of a user who created an account on November 23. An Ars representative said the photo, showing a pizza and captioned “I love pizza,” was removed by Ars staff on December 16 after being tipped off by email from an unknown party. The Ars profile used an embedded URL that pointed to the image, which was automatically populated into the about page. The malicious base 64 encoding appeared immediately following the legitimate part of the URL. The string didn’t generate any errors or prevent the page from loading.

Pizza image posted by user.

Enlarge / Pizza image posted by user.

Malicious string in URL.

Enlarge / Malicious string in URL.

Mandiant researchers said there were no consequences for people who may have viewed the image, either as displayed on the Ars page or on the website that hosted it. It’s also not clear that any Ars users visited the about page.

Devices that were infected by the first stage automatically accessed the malicious string at the end of the URL. From there, they were infected with a second stage.

The video on Vimeo worked similarly, except that the string was included in the video description.

Ars representatives had nothing further to add. Vimeo representatives didn’t immediately respond to an email.

The campaign came from a threat actor Mandiant tracks as UNC4990, which has been active since at least 2020 and bears the hallmarks of being motivated by financial gain. The group has already used a separate novel technique to fly under the radar. That technique spread the second stage using a text file that browsers and normal text editors showed to be blank.

Opening the same file in a hex editor—a tool for analyzing and forensically investigating binary files—showed that a combination of tabs, spaces, and new lines were arranged in a way that encoded executable code. Like the technique involving Ars and Vimeo, the use of such a file is something the Mandiant researchers had never seen before. Previously, UNC4990 used GitHub and GitLab.

The initial stage of the malware was transmitted by infected USB drives. The drives installed a payload Mandiant has dubbed explorerps1. Infected devices then automatically reached out to either the malicious text file or else to the URL posted on Ars or the video posted to Vimeo. The base 64 strings in the image URL or video description, in turn, caused the malware to contact a site hosting the second stage. The second stage of the malware, tracked as Emptyspace, continuously polled a command-and-control server that, when instructed, would download and execute a third stage.

Mandiant

Mandiant has observed the installation of this third stage in only one case. This malware acts as a backdoor the researchers track as Quietboard. The backdoor, in that case, went on to install a cryptocurrency miner.

Anyone who is concerned they may have been infected by any of the malware covered by Mandiant can check the indicators of compromise section in Tuesday’s post.

Ars Technica used in malware campaign with never-before-seen obfuscation Read More »

lawsuit:-citibank-refused-to-reimburse-scam-victims-who-lost-“life-savings”

Lawsuit: Citibank refused to reimburse scam victims who lost “life savings”

Online banking fraud —

Citibank’s poor security helped scammers steal millions, NY AG’s lawsuit says.

A large Citibank logo on the outside of a bank building.

Enlarge / The Citibank logo on a bank in New York City in January 2024.

Citibank has illegally refused to reimburse scam victims who lost money due partly to Citibank’s poor online security practices, New York Attorney General Letitia James alleged in a lawsuit filed today in US District Court for the Southern District of New York.

“The lawsuit alleges that Citi does not implement strong online protections to stop unauthorized account takeovers, misleads account holders about their rights after their accounts are hacked and funds are stolen, and illegally denies reimbursement to victims of fraud,” James’ office said in a press release.

The AG’s office alleged that Citi customers “have lost their life savings, their children’s college funds, or even money needed to support their day-to-day lives as a result of Citi’s illegal and deceptive acts and practices.”

“Defendant Citi has not deployed sufficiently robust data security measures to protect consumer financial accounts, respond appropriately to red flags, or limit theft by scam,” the lawsuit said. “Instead, Citi has overpromised and underdelivered on security, reacted ineffectively to fraud alerts, misled consumers, and summarily denied their claims. Citi’s illegal and deceptive practices have cost New Yorkers millions.”

Citi approved large wire transfers

Describing the case of a New York woman who lost $35,000 to a scammer in July 2022, the AG’s press release stated:

She was reviewing her online account and found a message that her account had been suspended and was instructed to call a phone number. She called the number provided and a scammer told her that he would send her Citi codes to verify recent suspicious activity. The scammer then transferred all of the money in the customer’s three savings accounts into her checking account, changed her online passwords, and attempted a $35,000 wire transfer.

Citi attempted to verify the wire transfer by calling the customer, but she was working and did not see the call at the time. Less than an hour later, the scammer attempted another $35,000 wire transfer, which Citi approved without ever having made direct contact with the customer. She lost nearly everything she had saved, and Citi refused to reimburse her.

In an October 2021 incident, a customer clicked a link in a scammer’s message “but did not provide additional information” and then “called her local branch to report the suspicious activity but was told not to worry about it,” the AG’s office said.

“Three days later, the customer discovered that a scammer changed her banking password, enrolled in online wire transfers, transferred $70,000 from her savings to her checking account, and then electronically executed a $40,000 wire transfer, none of which was consistent with her past account activity,” the AG’s office said. “For weeks, the customer continued to contact the bank and submit affidavits, but in the end, she was told that her claim for fraud was denied.”

Citi: No refunds when people “follow criminals’ instructions”

Citi defended its security and refund practices in a statement provided to Ars.

“Citi closely follows all laws and regulations related to wire transfers and works extremely hard to prevent threats from affecting our clients and to assist them in recovering losses when possible. Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the company said.

Citi acknowledged that there has been an “industry-wide surge in wire fraud during the last several years,” and said it has “taken proactive steps to safeguard our clients’ accounts with leading security protocols, intuitive fraud prevention tools, clear insights about the latest scams, and driving client awareness and education. Our actions have reduced client wire fraud losses significantly, and we remain committed to investing in fraud prevention measures to help our clients secure their accounts against emerging threats.”

James’ lawsuit argues that Citibank must provide reimbursement under the Electronic Fund Transfer Act (EFTA), a US law passed in 1978. “As with credit cards, so long as consumers promptly alert banks to unauthorized activity, the EFTA limits losses and requires reimbursement of stolen funds. These consumer protections cannot be waived or modified by contract… Under the EFTA, Citi’s electronic debits of consumers’ accounts are unauthorized and Citi must reimburse all debited amounts,” the lawsuit said.

The lawsuit seeks a permanent injunction against Citibank, an accounting of customer losses over the last six years, payment of restitution and damages to harmed consumers, and civil penalties.

Lawsuit: Citibank refused to reimburse scam victims who lost “life savings” Read More »