Technology

A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

⛓️‍💥🗃️

Basing costs on token consumption, whether it's for code suggestion, generation, or AI debugging, makes as much sense – less, even – than paying programmers per keystroke in and character out. That's even dafter than the lines of code per month metric for coder goodness, a concept so dumb it makes Juicero's backers look like Warren Buffett. There is no concept of usable work actually done, no sense that inefficiencies are rewarded, and no easy way to relate the price paid to the actual cost of production. But it's simple to understand and looks like any other prepayment limited use subscription model. Oddly, nobody seems minded to improve on this.

There are virtually no other metrics. You can measure tokens per second for a benchmark test case. You can measure the ratio of tokens out to tokens in, although it's not clearer why. At least with arguably comparable service models like cloud computing, you know what you're getting when you buy so much compute, memory, storage, and connectivity. You still have to watch automation or mismanagement, and Bill Shock still works at AWS, but you have a chance of linking results to costs. Good luck with LLM-based services, let alone AI agents.

Add this lack of value metrics to the ridiculous returns on investments the AI industry needs to show to make good on its promises, and we have a recipe for mounting TIBS inflation.

Vendors have an addiction to making everything a subscription, then frog-boiling subscribers, especially when they can incorporate an effective monopoly. Imagine the lock-in where an org has deskilled its code production humans and become reliant on a particular AI code gen chain.

...

If AI does result in deskilling the tech workforce and recapturing the engine of IT creation, it will be as if the mainframe era came at the end of semiconductor evolution, rather than the beginning. All that can be said about the evolutionary driver that will move things on is that it has yet to be invented, despite fifty years of looking.

Wine 11 is different. This isn't just another yearly release with a few hundred bug fixes and some compatibility tweaks. It represents a huge number of changes and bug fixes. However, it also ships with NTSYNC support, which is a feature that has been years in the making and rewrites how Wine handles one of the most performance-sensitive operations in modern gaming. On top of that, the WoW64 architecture overhaul is finally complete, the Wayland driver has grown up a lot, and there's a big list of smaller improvements that collectively make this feel like an all-new project.

Since most router makers use overseas manufacturing, it's unclear which manufacturers would actually be clear to continue selling their products.

Recently we’ve seen sweeping attempts to censor the internet. The UK’s “Online Safety Act” imposes sweeping restrictions on speech and expression. It’s disguised a child safety measure, but its true purpose is (avowedly!) intentional control over “services that have a significant influence over public discourse”. And similar trends threaten the US, especially as lawmakers race to more aggressively categorize more speech as broadly harmful.

A common response to these restrictions has been to dismiss them as unenforceable: that’s not how the internet works, governments are foolish for thinking they can do this, and you can just use a VPN to get around crude attempts at content blocking.

But this “just use a workaround” dismissal is a dangerous, reductive mistake. Even if you can easily defeat an attempt to impose a restriction right now, you can’t take that for granted.

From the article: Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool.

Researchers' findings (sound warning): https://vmfunc.re/blog/persona

Palantir Technologies Inc. announced Tuesday it has relocated its headquarters from Denver, Colorado, to Miami, Florida. The company offered no explanation for the decision, issuing only a brief statement: “We have moved our headquarters to Miami, Florida.”

Founded in 2003 by Peter Thiel, Alex Karp, and others, Palantir is a data analytics and software firm known for its work with government agencies, including the CIA, the Department of Defense, and U.S. Immigration and Customs Enforcement (ICE). Its platforms, such as Palantir Gotham and Foundry, are widely used for intelligence analysis, law enforcement, and military operations.

Palantir’s co-founder, Peter Thiel, is also a prominent supporter of President Donald Trump and a long-time associate of Vice President JD Vance — who worked for a venture capital firm co-founded by Thiel out of college and later launched his own venture fund, with Thiel as an early financial backer.

Users who aren’t verified as adults will not be able to access age-restricted servers and channels, won’t be able to speak in Discord’s livestream-like “stage” channels, and will see content filters for any content Discord detects as graphic or sensitive.

cross-posted from: https://lemmy.ca/post/59369446

"The average AI-generated pull request has 10.83 issues compared with 6.45 for human code, report claims."

"Besides having 1.7x more issues on general, AI-generated pull requests also had 1.4x more critical issues and 1.7x more major issues, so they're not just minor niggles."

"The tech also introduced 1.76x fewer spelling errors and 1.32x fewer testability issues."

I don't think they actually linked to the source report, which is here: https://www.coderabbit.ai/blog/state-of-ai-vs-human-code-generation-report

"The era of Windows as an agentic OS is here, whether we like it or not."

OpenAI plans to allow a wider range of content, including erotica, on its popular chatbot ChatGPT as part of its push to "treat adult users like adults", says its boss Sam Altman.

In a post on X on Tuesday, Mr Altman said upcoming versions of the popular chatbot would enable it to behave in a more human-like way - "but only if you want it, not because we are usage maxxing".

The move, reminiscent of Elon Musk's xAI's recent introduction of two sexually explicit chatbots to Grok, could help OpenAI attract more paying subscribers.

It is also likely to intensify pressure on lawmakers to introduce tighter restrictions on chatbot companions.

Satellites beam data down to the Earth all around us, all the time. So you might expect that those space-based radio communications would be encrypted to prevent any snoop with a satellite dish from accessing the torrent of secret information constantly raining from the sky. You would, to a surprising and troubling degree, be wrong.

Roughly half of geostationary satellite signals, many carrying sensitive consumer, corporate, and government communications, have been left entirely vulnerable to eavesdropping, a team of researchers at UC San Diego and the University of Maryland revealed today in a study that will likely resonate across the cybersecurity industry, telecom firms, and inside military and intelligence agencies worldwide.

In a blog post, F-Droid staff say that Google's plan to force devs outside Google Play to register with the company threatens to kill alternative app stores like F-Droid.

Cross-posted from: https://lemmy.sdf.org/post/43105573

Archived

Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU).

"The new variant's features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the XOR-RC4-RtlDecompressBuffer algorithm used to encrypt/decrypt payloads and the RC4 keys used," Cisco Talos researchers Joey Chen and Takahiro Takeda said in an analysis published this week.

The cybersecurity company noted that the configuration associated with the PlugX variant diverges significantly from the usual PlugX configuration format, instead adopting the same structure used in RainyDay, a backdoor associated with a China-linked threat actor known as Lotus Panda (aka Naikon APT). It's also likely tracked by Kaspersky as FoundCore and attributed to a Chinese-speaking threat group it calls Cycldek.

[...]

Microsoft will provide free Extended Security Updates (ESU) for Windows 10 in the European Economic Area through October 13, 2026, but with specific conditions[^1]. While users won't need to enable Windows Backup or use Microsoft Rewards points, they must sign in with a Microsoft Account at least once every 60 days to maintain access to updates[^2].

"If your Microsoft Account is not used to sign in for a period of up to 60 days, ESU updates will be discontinued, and you'll need to re-enroll by signing in using the same MSA," Microsoft confirmed[^3].

This change came after pressure from Euroconsumers, who argued that linking security updates to Microsoft's cloud services raised concerns under the Digital Markets Act[^4]. The free ESU program applies to Windows 10 version 22H2 devices in the EEA (European Union member states plus Iceland, Liechtenstein, and Norway)[^5].

Outside the EEA, users still must either enable Windows Backup, redeem Microsoft Rewards points, or pay approximately $30 for ESU access[^2].

[^1]: BleepingComputer - Microsoft will offer free Windows 10 extended security updates in Europe

[^2]: Windows Central - Microsoft will revoke free access to Windows 10's extended security updates in the EEA

[^3]: WindowsLatest - No, you'll still need a Microsoft account for Windows 10 ESU in Europe

[^4]: The Verge - Microsoft forced to make Windows 10 extended security updates truly free in Europe

[^5]: gHacks - Microsoft makes Windows 10 Extended Security Updates free, but only for users in one region

After endless delays, Trump insiders claim to be zeroing in on a deal that would sell 80% of TikTok’s U.S. assets to Andreessen Horowitz, Oracle, and Silver Lake.