fidzu : computers

An anonymous reader quotes a report from MIT Technology Review: Since the beginning of the generative AI boom, content creators have argued that their work has been scraped into AI models without their consent. But until now, it has been difficult to know whether specific text has actually been used in a training data set. Now they have a new way to prove it: "copyright traps" developed by a team at Imperial College London, pieces of hidden text that allow writers and publishers to subtly mark their work in order to later detect whether it has been used in AI models or not. The idea is similar to traps that have been used by copyright holders throughout history -- strategies like including fake locations on a map or fake words in a dictionary. [...] The code to generate and detect traps is currently available on GitHub, but the team also intends to build a tool that allows people to generate and insert copyright traps themselves. "There is a complete lack of transparency in terms of which content is used to train models, and we think this is preventing finding the right balance [between AI companies and content creators]," says Yves-Alexandre de Montjoye, an associate professor of applied mathematics and computer science at Imperial College London, who led the research. The traps aren't foolproof and can be removed, but De Montjoye says that increasing the number of traps makes it significantly more challenging and resource-intensive to remove. "Whether they can remove all of them or not is an open question, and that's likely to be a bit of a cat-and-mouse game," he says.

Read more of this story at Slashdot.

27 Jul 2024 3:30am GMT

Brian Krebs writes via KrebsOnSecurity: Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google's "Sign in with Google" feature. [...] Google Workspace offers a free trial that people can use to access services like Google Docs, but other services such as Gmail are only available to Workspace users who can validate control over the domain name associated with their email address. The weakness Google fixed allowed attackers to bypass this validation process. Google emphasized that none of the affected domains had previously been associated with Workspace accounts or services. "The tactic here was to create a specifically-constructed request by a bad actor to circumvent email verification during the signup process," [said Anu Yamunan, director of abuse and safety protections at Google Workspace]. "The vector here is they would use one email address to try to sign in, and a completely different email address to verify a token. Once they were email verified, in some cases we have seen them access third party services using Google single sign-on." Yamunan said none of the potentially malicious workspace accounts were used to abuse Google services, but rather the attackers sought to impersonate the domain holder to other services online.

Read more of this story at Slashdot.

27 Jul 2024 1:25am GMT

On Wednesday, Judge Nina Morrison ruled that cellphone searches at the border are "nonroutine" and require probable cause and a warrant, likening them to more invasive searches due to their heavy privacy impact. As reported by Reason, this decision closes the loophole in the Fourth Amendment's protection against unreasonable searches and seizures, which Customs and Border Protection (CBP) agents have exploited. Courts have previously ruled that the government has the right to conduct routine warrantless searches for contraband at the border. From the report: Although the interests of stopping contraband are "undoubtedly served when the government searches the luggage or pockets of a person crossing the border carrying objects that can only be introduced to this country by being physically moved across its borders, the extent to which those interests are served when the government searches data stored on a person's cell phone is far less clear," the judge declared. Morrison noted that "reviewing the information in a person's cell phone is the best approximation government officials have for mindreading," so searching through cellphone data has an even heavier privacy impact than rummaging through physical possessions. Therefore, the court ruled, a cellphone search at the border requires both probable cause and a warrant. Morrison did not distinguish between scanning a phone's contents with special software and manually flipping through it. And in a victory for journalists, the judge specifically acknowledged the First Amendment implications of cellphone searches too. She cited reporting by The Intercept and VICE about CPB searching journalists' cellphones "based on these journalists' ongoing coverage of politically sensitive issues" and warned that those phone searches could put confidential sources at risk. Wednesday's ruling adds to a stream of cases restricting the feds' ability to search travelers' electronics. The 4th and 9th Circuits, which cover the mid-Atlantic and Western states, have ruled that border police need at least "reasonable suspicion" of a crime to search cellphones. Last year, a judge in the Southern District of New York also ruled (PDF) that the government "may not copy and search an American citizen's cell phone at the border without a warrant absent exigent circumstances."

Read more of this story at Slashdot.

27 Jul 2024 12:45am GMT

In January of 2021 I was exploring the corpus of Skins I collected for the Winamp Skin Museum and found some that seemed corrupted, so I decided to explore them. Winamp skins are actually just zip files with a different file extension, so I tried extracting their files to see what I could find. This ended up leading me down a series of wild rabbit holes. ↫ Jordan Eldredge I'm not going to spoil any of this.

26 Jul 2024 10:32pm GMT

This blog post is a guide explaining how to setup a full-featured email server on OpenBSD 7.5. It was commissioned by a customer of my consultancy who wanted it to be published on my blog. Setting up a modern email stack that does not appear as a spam platform to the world can be a daunting task, the guide will cover what you need for a secure, functional and low maintenance email system. ↫ Solène Rapenne If you ever wanted to set up and run your own email server, this is a great way to do it. Solène, an OpenBSD developer, will help you through setting up IMAP, POP, and Webmail, an SMTP server with server-to-server encryption and hidden personal information, every possible measure to make sure your server is regarded as legitimate, and all the usual firewall and anti-spam stuff you are definitely going to need. Taking back email from Google - or even Proton, which is now doing both machine learning and Bitcoin, of all things - is probably one of the most daunting tasks for anyone willing to cut ties with as much of big tech as possible. Not only is there the technical barrier, there's also the fact that the major email providers, like Gmail or whatever Microsoft offers these days, are trying their darnest to make self-hosting email as cumbersome as possible by trying to label everything you send as spam or downright malicious. It's definitely not an easy task, but at least with guides like this there's some set of easy steps to follow to get there.

26 Jul 2024 10:14pm GMT

Bad math and unclear directions are behind overdoses of up to 20 times the normal amount.

26 Jul 2024 9:22pm GMT

Boeing won't start flying operational crew missions with Starliner until a year from now.

26 Jul 2024 8:25pm GMT

Use of motion-capture actors' performances for AI training is a sticking point.

26 Jul 2024 7:44pm GMT

Normally I'm not that interested in reporting on news coming from OpenAI, but today is a little different - the company launched SearchGPT, a search engine that's supposed to rival Google, but at the same time, they're also kind of not launching a search engine that's supposed to rival Google. What? We're testing SearchGPT, a prototype of new search features designed to combine the strength of our AI models with information from the web to give you fast and timely answers with clear and relevant sources. We're launching to a small group of users and publishers to get feedback. While this prototype is temporary, we plan to integrate the best of these features directly into ChatGPT in the future. If you're interested in trying the prototype, sign up for the waitlist. ↫ OpenAI website Basically, before adding a more traditional web-search like feature set to ChatGPT, the company is first breaking them out into a separate, temporary product that users can test, before parts of it will be integrated into OpenAI's main ChatGPT product. It's an interesting approach, and with just how stupidly popular and hyped ChatGPT is, I'm sure they won't have any issues assembling a large enough pool of testers. OpenAI claims SearchGPT will be different from, say, Google or AltaVista, by employing a conversation-style interface with real-time results from the web. Sources for search results will be clearly marked - good - and additional sources will be presented in a sidebar. True to the ChatGPT-style user interface, you can keep "talking" after hitting a result to refine your search further. I may perhaps betray my still relatively modest age, but do people really want to "talk" to a machine to search the web? Any time I've ever used one of these chatbot-style user interfaces -including ChatGPT - I find them cumbersome and frustrating, like they're just adding an obtuse layer between me and the computer, and that I'd rather just be instructing the computer directly. Why try and verbally massage a stupid autocomplete into finding a link to an article I remember from a few days ago, instead of just typing in a few quick keywords? I am more than willing to concede I'm just out of touch with what people really want, so maybe this really is the future of search. I hope I can just always disable nonsense like this and just throw keywords at the problem.

25 Jul 2024 11:17pm GMT

After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections (see https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5). When upgrading remote hosts, please make sure to restart the sshd service using systemctl try-restart sshd right after upgrading. We are evaluating the possibility to automatically apply a restart of the sshd service on upgrade in a future release of the openssh-9.8p1 package.

01 Jul 2024 12:00am GMT

Rationale Emacs users try to avoid leaving their editor for other tasks. There is an shell (Eshell: The Emacs Shell), an integration into Secret Service API (Emacs auth-source Library 0.3) and countless other integrations. Search is a central element of the Gnome desktop environment. Many applications implement the Search Provider dbus interface to provide suitable results. The aim of this package is to make these search results also available within the Emacs editor.

23 May 2024 12:00am GMT

I went on a trip to Mongolia to find out the meaning behind my name.

03 May 2024 12:00am GMT