Posted by BeauHD from Slashdot
From the PSA department: Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports:
Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies.
Tuckner said in an email Wednesday that the most recent status of the affected extensions is:
- Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library.
- Of 129 Edge extensions incorporating the library, eight are now inactive.
- Of 71 affected Firefox extensions, two are now inactive.
Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.
Posted by BeauHD from Slashdot
From the fake-it-til-devs-make-it department: After discovering that ChatGPT was falsely telling users that Soundslice could convert ASCII tablature into playable music, founder Adrian Holovaty decided to actually build the feature -- even though the app was never designed to support that format. TechCrunch reports: Soundslice is an app for teaching music, used by students and teachers. It's known for its video player synchronized to the music notations that guide users on how the notes should be played. It also offers a feature called "sheet music scanner" that allows users to upload an image of paper sheet music and, using AI, will automatically turn that into an interactive sheet, complete with notations. [Adrian Holovaty, founder of music-teaching platform Soundslice] carefully watches this feature's error logs to see what problems occur, where to add improvements, he said. That's where he started seeing the uploaded ChatGPT sessions.
They were creating a bunch of error logs. Instead of images of sheet music, these were images of words and a box of symbols known as ASCII tablature. That's a basic text-based system used for guitar notations that uses a regular keyboard. (There's no treble key, for instance, on your standard QWERTY keyboard.) The volume of these ChatGPT session images was not so onerous that it was costing his company money to store them and crushing his app's bandwidth, Holovaty said. He was baffled, he wrote in a blog post about the situation.
< This article continues on their website >
Posted by BeauHD from Slashdot
From the democratizing-robotics-development department: An anonymous reader quotes a report from VentureBeat: Hugging Face, the $4.5 billion artificial intelligence platform that has become the GitHub of machine learning, announced Tuesday the launch of Reachy Mini, a $299 desktop robot designed to bring AI-powered robotics to millions of developers worldwide. The 11-inch humanoid companion represents the company's boldest move yet to democratize robotics development and challenge the industry's traditional closed-source, high-cost model.
The announcement comes as Hugging Face crosses a significant milestone of 10 million AI builders using its platform, with CEO Clement Delangue revealing in an exclusive interview that "more and more of them are building in relation to robotics." The compact robot, which can sit on any desk next to a laptop, addresses what Delangue calls a fundamental barrier in robotics development: accessibility. "One of the challenges with robotics is that you know you can't just build on your laptop. You need to have some sort of robotics partner to help in your building, and most people won't be able to buy $70,000 robots," Delangue explained, referring to traditional industrial robotics systems and even newer humanoid robots like Tesla's Optimus, which is expected to cost $20,000-$30,000.
< This article continues on their website >
Posted by BeauHD from Slashdot
From the what-to-expect department: IKEA is relaunching its smart home line with over 20 new Matter-over-Thread devices that will work across ecosystems such as Apple Home and Amazon Alexa, with or without IKEA's own hub. This marks a major shift toward openness, affordability, and interoperability, and positions IKEA as one of the first major retailers to bring Matter to the mainstream while maintaining backward compatibility with Zigbee products. The Verge reports: We don't have a lot of details on the over 20 new devices coming next year, but [David Granath of IKEA of Sweden] confirmed that they are replacing existing functions. So, new smart bulbs, plugs, sensors, remotes, buttons, and air-quality devices, including temperature and humidity monitors. They will also come with a new design. Although "not necessarily what's been leaked," says Granath, referring to images of the Bilresa Dual Button that appeared earlier this year. He did confirm that some new product categories will arrive in January, with more to follow in April and beyond, including potentially Matter-over-Wi-Fi products. Pricing will be comparable to or lower than that of previous products, which start under $10. "Affordability remains a key priority for us."
< This article continues on their website >
Posted by BeauHD from Slashdot
From the new-and-shiny department: Samsung on Wednesday unveiled three new foldable smartphones at a time when the company is facing increased competition from Chinese rivals such as Honor and Oppo, reports CNBC. The company's share of the global foldable phone market slipped to 45% in 2024, down from 54% a year earlier. Today's new devices include the ultra-thin Galaxy Z Fold 7, the clamshell-style Galaxy Z Flip 7, and the more affordable Flip 7 FE. Here's a breakdown of each: The Galaxy Z Fold 7 is super thin at a thickness of 8.9 millimeters (0.35 inches) closed and only 4.2 millimeters open. It's also much lighter than its predecessor, weighing 215 grams (7.62 ounces). These stats put the phone on par with both Honor's Magic V5 and the Oppo Find N5. The new Fold device has a 6.5-inch cover screen and an 8-inch main display when opened, making it bigger than its predecessor. It's also decked out with premium new cameras, featuring a 200-megapixel main lens, as well as a 10-megapixel telephoto sensor, 12-megapixel ultra-wide and two 10-megapixel front cameras on both the cover screen and on the main display.
Samsung's new Fold generation is, nevertheless, much more limited than other devices in the market when it comes to battery capacity. The Galaxy Z Fold 7 has a 4,400 milliampere-hour (mAh) battery -- far less than the 6,100 mAh power pack in Honor's Magic V5's or the Oppo Find N5's 5,600 mAh battery. Samsung says its device is capable of 24 hours of video playback.
< This article continues on their website >
Posted by BeauHD from Slashdot
From the perils-of-AI department: An anonymous reader quotes a report from Wired: If you want a job at McDonald's today, there's a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead anAI chatbotthat screens applicants, asks for their contact information and resume, directs them to a personality test, and occasionally makes them "go insane" by repeatedly misunderstanding their most basic questions. Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants -- including all the personal information they shared in those conversations -- with tricks as straightforward as guessing the username and password "123456."
On Wednesday, security researchers Ian Carroll and Sam Curryrevealedthat they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with along track record of independent security testing, discovered that simple web-based vulnerabilities -- including guessing one laughably weak password -- allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.
< This article continues on their website >
Posted by msmash from Slashdot
From the moving-forward department: Microsoft has pledged more than $4 billion in cash and technology services to train millions of people in AI use, targeting schools, community colleges, technical colleges and nonprofits. The company said it will launch Microsoft Elevate Academy to help 20 million people earn AI certificates.
Microsoft President Brad Smith said the company would "serve as an advocate to ensure that students in every school across the country have access to A.I. education." The announcement follows Tuesday's news that the American Federation of Teachers received $23 million from Microsoft, OpenAI and Anthropic for a national AI training center. Last week, dozens of companies including Amazon, Apple, Google, Meta, Microsoft, Nvidia and OpenAI signed a White House pledge promising schools funding, technology and training materials for AI education.
A comic about a toddler telling his first joke.
We're building on our earlier success getting web developers to pay to change the backslashes in our displayed payment URL to forward slashes. 
