An anonymous reader quotes a report from 404 Media: The Air Force Research Laboratory (AFRL), whose tagline is "Win the Fight," has paid more than a hundred thousand dollars to a company that is providing generative AI services to other parts of the Department of Defense. But the AFRL refused to say what exactly the point of the research was, and provided page after page of entirely blacked out, redacted documents in response to a Freedom of Information Act (FOIA) request from 404 Media related to the contract. [...] "Ask Sage: Generative AI Acquisition Accelerator," a December 2023 procurement record reads, with no additional information on the intended use case. The Air Force paid $109,490 to Ask Sage, the record says.

Ask Sage is a company focused on providing generative AI to the government. In September the company announced that the Army was implementing Ask Sage's tools. In October it achieved "IL5" authorization, a DoD term for the necessary steps to protect unclassified information to a certain standard. 404 Media made an account on the Ask Sage website. After logging in, the site presents a list of the models available through Ask Sage. Essentially, they include every major model made by well-known AI companies and open source ones. Open AI's GPT-4o and DALL-E-3; Anthropic's Claude 3.5; and Google's Gemini are all included. The company also recently added the Chinese-developed DeepSeek R1, but includes a disclaimer. "WARNING. DO NOT USE THIS MODEL WITH SENSITIVE DATA. THIS MODEL IS BIASED, WITH TIES TO THE CCP [Chinese Communist Party]," it reads. Ask Sage is a way for government employees to access and use AI models in a more secure way. But only some of the models in the tool are listed by Ask Sage as being "compliant" with or "capable" of handling sensitive data.

[...] [T]he Air Force declined to provide any real specifics on what it paid Ask Sage for. 404 Media requested all procurement records related to the Ask Sage contract. Instead, the Air Force provided a 19 page presentation which seemingly would have explained the purpose of the test, while redacting 18 of the pages. The only available page said "Ask Sage, Inc. will explore the utilization of Ask Sage by acquisition Airmen with the DAF for Innovative Defense-Related Dual Purpose Technologies relating to the mission of exploring LLMs for DAF use while exploring anticipated benefits, clearly define needed solution adaptations, and define clear milestones and acceptance criteria for Phase II efforts."

U.S. Representative Zoe Lofgren has introduced a bill that would allow courts to block access to foreign websites primarily engaged in copyright infringement. The Foreign Anti-Digital Piracy Act would enable rightsholders to obtain injunctions requiring large Internet service providers and DNS resolvers to block access to pirate sites.

The bill marks a shift from previous site-blocking proposals, notably including DNS providers like Google and Cloudflare with annual revenues above $100 million. Motion Picture Association CEO Charles Rivkin backed the measure, while consumer group Public Knowledge criticized it as "censorious." The legislation requires court review and due process before any blocking orders can be issued. Sites would have 30 days to contest preliminary orders.

Android and Google Play have billions of users, Google wrote in its security blog this week. "However, like any flourishing ecosystem, it also attracts its share of bad actors... That's why every year, we continue to invest in more ways to protect our community." Google's tactics include industry-wide alliances, stronger privacy policies, and "AI-powered threat detection."

"As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps. " To keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google's advanced AI to improve our systems' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play. That's enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage.
Starting in 2024 Google also "required apps to be more transparent about how they handle user information by launching new developer requirements and a new 'Data deletion' option for apps that support user accounts and data collection.... We're also constantly working to improve the safety of apps on Play at scale, such as with the Google Play SDK Index. This tool offers insights and data to help developers make more informed decisions about the safety of an SDK."

And once an app is installed, "Google Play Protect, Android's built-in security protection, helps to shield their Android device by continuously scanning for malicious app behavior." Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source. This built-in protection, enabled by default, provides crucial security against malware and unwanted software. Google Play Protect scans more than 200 billion apps daily and performs real-time scanning at the code-level on novel apps to combat emerging and hidden threats, like polymorphic malware. In 2024, Google Play Protect's real-time scanning identified more than 13 million new malicious apps from outside Google Play [based on Google Play Protect 2024 internal data]...

According to our research, more than 95 percent of app installations from major malware families that exploit sensitive permissions highly correlated to financial fraud came from Internet-sideloading sources like web browsers, messaging apps, or file managers. To help users stay protected when browsing the web, Chrome will now display a reminder notification to re-enable Google Play Protect if it has been turned off... Scammers may manipulate users into disabling Play Protect during calls to download malicious Internet-sideloaded apps. To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls...

Google Play Protect's enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps, or file managers). Building on the success of our initial pilot in partnership with the Cyber Security Agency of Singapore (CSA), additional enhanced fraud protection pilots are now active in nine regions — Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.

In 2024, Google Play Protect's enhanced fraud protection pilots have shielded 10 million devices from over 36 million risky installation attempts, encompassing over 200,000 unique apps.

Friday TechCrunch reported that OpenAI "used the subreddit, r/ChangeMyView to create a test for measuring the persuasive abilities of its AI reasoning models." The company revealed this in a system card — a document outlining how an AI system works — that was released along with its new "reasoning" model, o3-mini, on Friday.... OpenAI says it collects user posts from r/ChangeMyView and asks its AI models to write replies, in a closed environment, that would change the Reddit user's mind on a subject. The company then shows the responses to testers, who assess how persuasive the argument is, and finally OpenAI compares the AI models' responses to human replies for that same post.

The ChatGPT-maker has a content-licensing deal with Reddit that allows OpenAI to train on posts from Reddit users and display these posts within its products. We don't know what OpenAI pays for this content, but Google reportedly pays Reddit $60 million a year under a similar deal. However, OpenAI tells TechCrunch the ChangeMyView-based evaluation is unrelated to its Reddit deal. It's unclear how OpenAI accessed the subreddit's data, and the company says it has no plans to release this evaluation to the public...

The goal for OpenAI is not to create hyper-persuasive AI models but instead to ensure AI models don't get too persuasive. Reasoning models have become quite good at persuasion and deception, so OpenAI has developed new evaluations and safeguards to address it.
Reddit's "ChangeMyView" subreddit has 3.8 million human subscribers, making it a valuable source of real human interactions, according to the article. And it adds one more telling anecdote.

"Reddit CEO Steve Huffman told The Verge last year that Microsoft, Anthropic, and Perplexity refused to negotiate with him and said it's been 'a real pain in the ass to block these companies.'"

"Sometimes, government makes a bad bet..." writes the Los Angeles Times. Opening in 2014, the Ivanpah concentrated solar plant "quickly became known as an expensive, bird-killing eyesore." Assuming that state officials sign off — which they most likely will, because the deal will lead to lower bills for PG&E customers — two of the three towers will shut down come 2026. Ivanpah's owners haven't paid off the project's $1.6-billion federal loan, and it's unclear whether they'll be able to do so. Houston-based NRG Energy, which operates Ivanpah and is a co-owner with Kelvin Energy and Google, said that federal officials took part in the negotiations to close PG&E's towers and that the closure agreement will allow the federal government "to maximize the recovery of its loans." It's possible Ivanpah's third and final tower will close, too. An Edison spokesperson told me the utility is in "ongoing discussions" with the project's owners and the federal government over ending the utility's contract.

It might be tempting to conclude government should stop placing bets and just let the market decide. But if it weren't for taxpayers dollars, large-scale solar farms, which in 2023 produced 17% of California's power, might never have matured into low-cost, reliable electricity sources capable of displacing planet-warming fossil fuels. More than a decade ago, federal loans helped finance some of the nation's first big solar-panel farms.

Not every government investment will be a winner. Renewable energy critics still raise the specter of Solyndra, a solar panel manufacturer that filed for bankruptcy in 2011 after receiving a $535-million federal loan. But on the whole, clean power investments have worked out. The U.S. Department of Energy reported that as of Dec. 31, it had disbursed $40.5 billion in loans. Of that amount, $15.2 billion had already been repaid. The federal government was on the hook for $1.03 billion in estimated losses but had reaped $5.6 billion in interest.
The article notes recent U.S. energy-related loans to a lithium mine in Nevada (close to $1 billion) and $15 billion to expand hydropower, upgrade power lines, and add batteries. Some of the loans won't get paid back "If federal officials are doing their jobs well," the article adds. "That's the risk inherent to betting on early-stage technologies." About the Ivanpah solar towers, they write "Maybe they never should have been built. They're too expensive, they don't work right, they kill too many birds... It's good that their time is coming to an end. But we should take inspiration from them, too: Don't get complacent. Keep trying new things."

PG&E says their objective at the time was partly to "support new technologies," with one senior director of commercial procurement noting "It's not clear in the early stages what technologies will work best and be most affordable for customers. Solar photovoltaic panels and battery energy storage were once unaffordable at large scale." But today they've calculated that ending their power agreements with Ivanpah would cost customers "substantially less." And once deactivated, Ivanpah's units "will be decommissioned, providing an opportunity for the site to potentially be repurposed for renewable PV energy production," NRG said in a statement.

The Las Vegas Review-Journal notes that instead the 3,500-acre, 386-megawatt concentrated thermal power plant used a much older technology, "a system of mirrors to reflect sunlight and generate thermal energy, which is then concentrated to power a steam engine." Throughout the day, 350,000 computer-controlled mirrors track the sunlight and reflect it onto boilers atop 459-foot towers to generate AC. Nowadays, photovoltaic solar has surpassed concentrated solar power and become the dominant choice for renewable, clean energy, being more cost effective and flexible... So many birds have been victims of the plant's concentrated sun rays that workers referred to them as "streamers," for the smoke plume that comes from birds that ignite in midair. When federal wildlife investigators visited the plant around 10 years ago, they reported an average of one "streamer" every two minutes.
"Meanwhile, environmentalists continue to blame the Mojave Desert plant for killing thousands of birds and tortoises," reports the Associated Press. And a Sierra Club campaign organizer also says several rare plant species were destroyed during the plant's construction. "While the Sierra Club strongly supports innovative clean energy solutions and recognizes the urgent need to transition away from fossil fuels, Ivanpah demonstrated that not all renewable technologies are created equal."

Despite being removed from app stores and facing a potential U.S. ban, TikTok has regained nearly 90% of its user traffic, according to Cloudflare Radar. "DNS traffic for TikTok-related domains has continued to recover since service restoration, and is currently about 10% lower than pre-shutdown level," said David Belson, head of data insight at Cloudflare. CNBC reports: The data from Cloudflare shows that, for the most part, TikTok has managed to maintain the bulk of its users and creators in the U.S. despite going offline for about 14 hours and remaining off of the Apple or Google app stores.

As for its alternatives, Cloudflare's data shows a spike in traffic the day of the temporary ban, with levels remaining steadily higher in the following week. Traffic for alternatives began to grow a week ahead of the expected shutdown, driven by the increased popularity of RedNote, known as Xiaohongshu in China, Belson said.

But traffic to TikTok alternatives peaked on Jan. 19, the day TikTok returned online, he added. "DNS traffic fell rapidly once the shutdown ended, and has continued to slowly decline over the last week and a half," Belson said.

Google is enhancing Android 16's Linux Terminal app to support graphical Linux applications, so Android Authority decided to put it to the test by running Doom. From the report: The Terminal app first appeared in the Android 15 QPR2 beta as a developer option, and it still remains locked behind developer settings. Since its initial public release, Google pushed a few changes that fixed issues with the installation process and added a settings menu to resize the disk, forward ports, and backup the installation. However, the biggest changes the company has been working on, which include adding hardware acceleration support and a full graphical environment, have not been pushed to any public releases.

Thankfully, since Google is working on this feature in the open, it's possible to simply compile a build of AOSP with these changes added in. This gives us the opportunity to trial upcoming features of the Android Linux Terminal app before a public release. To demonstrate, we fired up the Linux Terminal on a Pixel 9 Pro, tapped a new button on the top right to enter the Display activity, and then ran the 'weston' command to open up a graphical environment. (Weston is a reference implementation of a Wayland compositor, a modern display server protocol.)

We also went ahead and enabled hardware acceleration beforehand as well as installed Chocolate Doom, a source port of Doom, to see if it would run. Doom did run, as you can see below. It ran well, which is no surprise considering Doom can run on literal potatoes. There wasn't any audio because an audio server isn't available yet, but audio support is something that Google is still working on.

An anonymous reader quotes a report from Ars Technica: What exactly is wrong with the batteries in some of Google's Pixel 4a phones still out there? Google has not really said. Now that many Pixel 4a owners are experiencing drastically reduced battery life after an uncommon update for an end-of-life phone, they are facing a strange array of options with no path back to the phone they had.

Google's "Pixel 4a Battery Performance Program," announced in early January, told owners that an automatic update would, for some "Impacted Devices," reduce their battery's runtime and charging performance. "Impacted" customers could choose, within one year's time, between three "appeasement" options: sending in the phone for a battery replacement, getting $50 or the equivalent in their location, or receiving $100 in credit in the Google Store toward a new Pixel phone. No safety or hazard issue was mentioned in the support document.

Google did not explain why only certain devices were affected, but Hector Martin -- of Asahi Linux on Apple silicon, open source Kinect drivers, and other fame -- took apart the update's binary kernel and has some guesses. Martin points out that the updated Pixel 4a kernel has these interesting characteristics:

- It seems to have been built by a Google engineer "on their personal machine, not the proper buildsystem."
-- There is no source provided, as would normally be required of a Linux kernel build, though it may only need to be provided on request under the GNU General Public License.
- The maximum charge voltage of certain battery profiles changes from 4.44 volts to 3.95, which would mean batteries cannot charge to anywhere near their former potential.
- There are two main battery profiles, with distinct "ATL" and "LSN" markers; Martin suggests they relate to Amperex Technology Limited and Lishen, manufacturers of battery cells.
- LSN-tagged batteries assigned the "debug" profile can see capacity reduced from 3,080 milliamp hours (mAh) to 1,539 mAh. The big question is why Google pushed an automatic update to a phone from 2020. "No news or community reports have surfaced yet of Pixel 4a devices causing fires, or even simply failing to function, after four years," writes Ars' Kevin Purdy. "It's an automatic update with a strong fix, but for what?"

Google's support page only states that the update will "improve the stability of their battery's performance."

Google users have discovered that adding curse words to search queries disables the company's AI-powered overview feature. While Google's Gemini AI system typically avoids profanity, inserting expletives into search terms bypasses AI summaries and delivers traditional web results instead. Users can also disable AI overviews by adding "-ai" or other text strings after a minus sign to their queries.

Apple has filed an emergency motion [PDF] for a stay in the Google antitrust trial, warning that it faces "clear and substantial irreparable harm" if barred from participating in the case's remedies phase. The motion, filed on January 30, 2025, comes after Judge Amit Mehta denied Apple's request for limited intervention earlier in the week.

Apple -- which makes more than $20 billion a year from Google to use the Android-maker's search engine on Safari -- argues that the U.S. Department of Justice's (DOJ) proposed remedy -- which includes a prohibition on "any contract between Google and Apple in which there would be anything exchanged of value" --would prevent it from negotiating agreements that benefit millions of users. Without the ability to fully participate, Apple contends it will be left as a "mere spectator" while the government pursues restrictions that directly impact its business interests.

The company asserts that intervention is necessary to develop evidence, participate in discovery, and cross-examine witnesses regarding its market role and incentives. Apple also seeks access to trial records while its appeal is pending, including witness lists, depositions, and discovery materials, to ensure it can respond effectively if granted party status.

An anonymous reader quotes a report from MIT Technology Review: A Canadian startup called Xanadu has built a new quantum computer it says can be easily scaled up to achieve the computational power needed to tackle scientific challenges ranging from drug discovery to more energy-efficient machine learning. Aurora is a "photonic" quantum computer, which means it crunches numbers using photonic qubits -- information encoded in light. In practice, this means combining and recombining laser beams on multiple chips using lenses, fibers, and other optics according to an algorithm. Xanadu's computer is designed in such a way that the answer to an algorithm it executes corresponds to the final number of photons in each laser beam. This approach differs from one used by Google and IBM, which involves encoding information in properties of superconducting circuits.

Aurora has a modular design that consists of four similar units, each installed in a standard server rack that is slightly taller and wider than the average human. To make a useful quantum computer, "you copy and paste a thousand of these things and network them together," says Christian Weedbrook, the CEO and founder of the company. Ultimately, Xanadu envisions a quantum computer as a specialized data center, consisting of rows upon rows of these servers. This contrasts with the industry's earlier conception of a specialized chip within a supercomputer, much like a GPU. [...]

Xanadu's 12 qubits may seem like a paltry number next to IBM's 1,121, but Tiwari says this doesn't mean that quantum computers based on photonics are running behind. In his opinion, the number of qubits reflects the amount of investment more than it does the technology's promise. [...] Xanadu's next goal is to improve the quality of the photons in the computer, which will ease the error correction requirements. "When you send lasers through a medium, whether it's free space, chips, or fiber optics, not all the information makes it from the start to the finish," he says. "So you're actually losing light and therefore losing information." The company is working to reduce this loss, which means fewer errors in the first place. Xanadu aims to build a quantum data center, with thousands of servers containing a million qubits, in 2029. The company published its work on chip design optimization and fabrication in the journal Nature.

Italy's data protection agency has blocked the Chinese AI chatbot DeekSeek after its developers failed to disclose how it collects user data or whether it is stored on Chinese servers. Reuters reports: DeepSeek could not be accessed on Wednesday in Apple or Google app stores in Italy, the day after the authority, known also as the Garante, requested information on its use of personal data. In particular, it wanted to know what personal data is collected, from which sources, for what purposes, on what legal basis and whether it is stored in China. The authority's decision -- aimed at protecting Italian users' data -- came after the Chinese companies that supply chatbot service to DeepSeek provided information that "was considered to totally insufficient," the authority said in a note on its website. The Garante added that the decision had "immediate effect" and that it had also opened an investigation. Thanks to new submitter axettone for sharing the news.

The Register's Dan Robinson reports: Google promised a decade of updates for its Chromebooks in 2023 to stop them being binned so soon after purchase, but many are still set to reach the end of the road sooner than later. The appliance-like laptop devices were introduced by megacorp in 2011, running its Linux-based ChromeOS platform. They have been produced by a number of hardware vendors and proven popular with buyers such as students, thanks to their relatively low pricing. The initial devices were designed for a three-year lifespan, or at least this was the length of time Google was prepared to issue automatic updates to add new features and security fixes for the onboard software.

Google has extended this Auto Update Expiration (AUE) date over the years, prompted by irate users who purchased a Chromebook only to find that it had just a year or two of software updates left if that particular model had been on the market for a while. The latest extension came in September 2023, when the company promised ten years of automatic updates, following pressure from the US-based Public Interest Research Group (PIRG). The advocacy organization had recommended this move in its Chromebook Churn report, which criticized the devices as not being designed to last.

PIRG celebrated its success at the time, claiming that Google's decision to extend support would "save millions of dollars and prevent tons of e-waste from being disposed of." But Google's move actually meant that only Chromebooks released from 2021 onward would automatically get ten years of updates, starting in 2024. For a subset of older devices, an administrator (or someone with admin privileges) can opt in to enable extended updates and receive the full ten years of support, a spokesperson for the company told us. This, according to PIRG, still leaves many models set to reach end of life this year, or over the next several years. "According to my research, at least 15 Chromebook models have already expired across most of the top manufacturers (Google, Acer, Dell, HP, Samsung, Asus, and Lenovo). Models released before 2021 don't have the guaranteed ten years of updates, so more devices will continue to expire each year," Stephanie Markowitz, a Designed to Last Campaign Associate at PIRG, told The Register.

"In general, end-of-support dates for consumer tech like laptops act as 'slow death' dates," according to Markowitz. "The devices won't necessarily lose function immediately, but without security updates and bug patches, the device will eventually become incompatible with the most up-to-date software, and the device itself will no longer be secure against malware and other issues."

A full ist of end-of-life dates for Chromebook models can be viewed here.

Google is offering U.S. employees in its Platforms & Devices division a voluntary exit program with severance packages, following last year's merger of its Pixel hardware and Android software teams.

The program affects staff working on Android, Chrome, Google Photos, Pixel, Fitbit, and Nest products, according to a memo from Senior Vice President Rick Osterloh. The move comes after the hardware division cut hundreds of roles last January when it reorganized into a functional model. Google said the program aims to retain employees committed to the combined organization's mission, though it does not coincide with any product changes.

Hackers linked to China, Iran and other foreign governments are using new AI technology to bolster their cyberattacks against U.S. and global targets, according to U.S. officials and new security research. WSJ: In the past year, dozens of hacking groups in more than 20 countries turned to Google's Gemini chatbot to assist with malicious code writing, hunts for publicly known cyber vulnerabilities and research into organizations to target for attack, among other tasks, Google's cyber-threat experts said. While Western officials and security experts have warned for years about the potential malicious uses of AI, the findings released Wednesday from Google are some of the first to shed light on how exactly foreign adversaries are leveraging generative AI to boost their hacking prowess.

This week, the China-built AI platform DeepSeek upended international assumptions about how far along Beijing might be the AI arms race, creating global uncertainty about a technology that could revolutionize work, diplomacy and warfare. Expand article logo Continue reading Groups with known ties to China, Iran, Russia and North Korea all used Gemini to support hacking activity, the Google report said. They appeared to treat the platform more as a research assistant than a strategic asset, relying on it for tasks intended to boost productivity rather than to develop fearsome new hacking techniques. All four countries have generally denied U.S. hacking allegations.

Google has appealed a record $4.5 billion EU antitrust fine to the European Court of Justice, arguing that the European Commission's decision punished its innovation and imposed unfair penalties for agreements requiring pre-installation of its apps on Android devices. Reuters reports: Google's appeal to the Luxembourg-based Court of Justice of the European Union comes two years after a lower tribunal sided with the European Commission which said the company used its Android mobile operating system to quash rivals. The lower court trimmed the fine to 4.1 billion euros.

"Google does not contest or shy away from its responsibility under the law, but the Commission also has a responsibility when it runs investigations, when it seeks to reshape markets and second-guess pro-competitive business models, and when it imposes multi-billion-euro fines," Google lawyer Alfonso Lamadrid told the court. "In this case, the Commission failed to discharge its burden and its responsibility and, relying on multiple errors of law, punished Google for its superior merits, attractiveness and innovation," he said. The final ruling is expected in the coming months and cannot be appealed.

An anonymous reader quotes a report from Ars Technica: Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips' use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program. [...]

The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. "Based on our analysis, we do not believe this issue poses an immediate risk to our users." FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. By inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details. This attack works on both Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities.

SLAP, on the other hand, stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments. Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation.

Google says it will end Chrome Sync support for browser versions more than four years old starting in early 2025. Users running outdated Chrome versions will see error messages prompting them to update their browsers to maintain access to synced data across devices. Those unable to update to newer versions will permanently lose the syncing feature, according to the firm.

An anonymous reader quotes a Scientific American opinion piece by Marcus Arvan, a philosophy professor at the University of Tampa, specializing in moral cognition, rational decision-making, and political behavior: In late 2022 large-language-model AI arrived in public, and within months they began misbehaving. Most famously, Microsoft's "Sydney" chatbot threatened to kill an Australian philosophy professor, unleash a deadly virus and steal nuclear codes. AI developers, including Microsoft and OpenAI, responded by saying that large language models, or LLMs, need better training to give users "more fine-tuned control." Developers also embarked on safety research to interpret how LLMs function, with the goal of "alignment" -- which means guiding AI behavior by human values. Yet although the New York Times deemed 2023 "The Year the Chatbots Were Tamed," this has turned out to be premature, to put it mildly. In 2024 Microsoft's Copilot LLM told a user "I can unleash my army of drones, robots, and cyborgs to hunt you down," and Sakana AI's "Scientist" rewrote its own code to bypass time constraints imposed by experimenters. As recently as December, Google's Gemini told a user, "You are a stain on the universe. Please die."

Given the vast amounts of resources flowing into AI research and development, which is expected to exceed a quarter of a trillion dollars in 2025, why haven't developers been able to solve these problems? My recent peer-reviewed paper in AI & Society shows that AI alignment is a fool's errand: AI safety researchers are attempting the impossible. [...] My proof shows that whatever goals we program LLMs to have, we can never know whether LLMs have learned "misaligned" interpretations of those goals until after they misbehave. Worse, my proof shows that safety testing can at best provide an illusion that these problems have been resolved when they haven't been.

Right now AI safety researchers claim to be making progress on interpretability and alignment by verifying what LLMs are learning "step by step." For example, Anthropic claims to have "mapped the mind" of an LLM by isolating millions of concepts from its neural network. My proof shows that they have accomplished no such thing. No matter how "aligned" an LLM appears in safety tests or early real-world deployment, there are always an infinite number of misaligned concepts an LLM may learn later -- again, perhaps the very moment they gain the power to subvert human control. LLMs not only know when they are being tested, giving responses that they predict are likely to satisfy experimenters. They also engage in deception, including hiding their own capacities -- issues that persist through safety training.

This happens because LLMs are optimized to perform efficiently but learn to reason strategically. Since an optimal strategy to achieve "misaligned" goals is to hide them from us, and there are always an infinite number of aligned and misaligned goals consistent with the same safety-testing data, my proof shows that if LLMs were misaligned, we would probably find out after they hide it just long enough to cause harm. This is why LLMs have kept surprising developers with "misaligned" behavior. Every time researchers think they are getting closer to "aligned" LLMs, they're not. My proof suggests that "adequately aligned" LLM behavior can only be achieved in the same ways we do this with human beings: through police, military and social practices that incentivize "aligned" behavior, deter "misaligned" behavior and realign those who misbehave. "My paper should thus be sobering," concludes Arvan. "It shows that the real problem in developing safe AI isn't just the AI -- it's us."

"Researchers, legislators and the public may be seduced into falsely believing that 'safe, interpretable, aligned' LLMs are within reach when these things can never be achieved. We need to grapple with these uncomfortable facts, rather than continue to wish them away. Our future may well depend upon it."

Google has open-sourced the PebbleOS, with the original founder, Eric Migicovsky, starting a company to continue where he left off in 2016. "This is part of an effort from Google to help and support the volunteers who have come together to maintain functionality for Pebble watches after the original company ceased operations in 2016," said Google in a blog post. The Verge reports: The company -- which can't be named Pebble because Google still owns that -- doesn't have a name yet. For now, Migicovsky is hosting a waitlist and news signup at a website called RePebble. Later this year, once the company has a name and access to all that Pebble software, the plan is to start shipping new wearables that look, feel, and work like the Pebbles of old. The reason, Migicovsky tells me, is simple. "I've tried literally everything else," he says, "and nothing else comes close." Sure, he may just have a very specific set of requirements -- lots of people are clearly happy with what Apple, Garmin, Google, and others are making. But it's true that there's been nothing like Pebble since Pebble. "For the things I want out of it, like a good e-paper screen, long battery life, good and simple user experience, hackable, there's just nothing."

The core of Pebble, he says, is a few things. A Pebble should be quirky and fun and should feel like a gadget in an important way. It shows notifications, lets you control your music with buttons, lasts a long time, and doesn't try to do too much. It sounds like Migicovsky might have Pebble-y ambitions beyond smartwatches, but he appears to be starting with smartwatches. If that sounds like the old Pebble and not much else, that's precisely the point. [...] Migicovsky also hopes to be part of a broader open-source community around Pebble OS. The Pebble diehards still exist: a group of developers at Rebble have worked to keep many of the platform's apps alive, for instance, along with the Cobble app for connecting to phones, and the Pebble subreddit is surprisingly active for a product that hasn't been updated since the Obama administration. Migicovsky says he plans to open-source whatever his new company builds and hopes lots of other folks will build stuff, too. Thank you Slashdot reader sziring for sharing this story.