Cruise Says Hostility Toward Regulators Led To Grounding of Its Autonomous Cars

Cruise, the driverless car subsidiary of General Motors, said in a report on Thursday that an adversarial approach taken (non-paywalled link) by its top executives toward regulators had led to a cascade of events that ended with a nationwide suspension of Cruise’s fleet. From a report: The roughly 100-page report was compiled by a law firm that Cruise hired to investigate whether its executives had misled California regulators about an October crash in San Francisco in which a Cruise vehicle dragged a woman 20 feet. The investigation found that while the executives had not intentionally misled state officials, they had failed to explain key details about the incident. In meetings with regulators, the executives let a video of the crash “speak for itself” rather than fully explain how one of its vehicles severely injured the pedestrian. The executives later fixated on protecting Cruise’s reputation rather than giving a full account of the accident to the public and media, according to the report, which was written by the Quinn Emanuel Urquhart & Sullivan law firm.

The company said that the Justice Department and the Securities and Exchange Commission were investigating the incident, as well as state agencies and the National Highway Traffic Safety Administration. The report is central to Cruise’s efforts to regain the public’s trust and eventually restart its business. Cruise has been largely shut down since October, when the California Department of Motor Vehicles suspended its license to operate because its vehicles were unsafe. It responded by pulling its driverless cars off the road across the country, laying off a quarter of its staff and replacing Kyle Vogt, its co-founder and chief executive, who resigned in November, with new leaders.

Read more of this story at Slashdot.

OpenAI Quietly Scrapped a Promise To Disclose Key Documents To the Public

From its founding, OpenAI said its governing documents were available to the public. When WIRED requested copies after the company’s boardroom drama, it declined to provide them. Wired: Wealthy tech entrepreneurs including Elon Musk launched OpenAI in 2015 as a nonprofit research lab that they said would involve society and the public in the development of powerful AI, unlike Google and other giant tech companies working behind closed doors. In line with that spirit, OpenAI’s reports to US tax authorities have from its founding said that any member of the public can review copies of its governing documents, financial statements, and conflict of interest rules. But when WIRED requested those records last month, OpenAI said its policy had changed, and the company provided only a narrow financial statement that omitted the majority of its operations.

“We provide financial statements when requested,” company spokesperson Niko Felix says. “OpenAI aligns our practices with industry standards, and since 2022 that includes not publicly distributing additional internal documents.” OpenAI’s abandonment of the long-standing transparency pledge obscures information that could shed light on the recent near-implosion of a company with crucial influence over the future of AI and could help outsiders understand its vulnerabilities. In November, OpenAI’s board fired CEO Sam Altman, implying in a statement that he was untrustworthy and had endangered its mission to ensure AI “benefits all humanity.” An employee and investor revolt soon forced the board to reinstate Altman and eject most of its own members, with an overhauled slate of directors vowing to review the crisis and enact structural changes to win back the trust of stakeholders.

Read more of this story at Slashdot.

IT Consultant Fined For Daring To Expose Shoddy Security

Thomas Claburn reports via The Register: A security researcher in Germany has been fined $3,300 for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records. Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential.

With that easy-to-find password in hand, anyone could log into the remote server and access data belonging to not just that one customer of Modern Solution, but data belonging to all of the vendor’s clients stored on that database server. That info is said to have included personal details of those customers’ own customers. And we’re told that Modern Solution’s program files were available for free from the web, so truly anyone could inspect the executables in a text editor for plain-text hardcoded database passwords. The contractor’s findings were discussed in a June 23, 2021 report by Mark Steier, who writes about e-commerce. That same day Modern Solution issued a statement [PDF] — translated from German — summarizing the incident […]. The statement indicates that sensitive data about Modern Solution customers was exposed: last names, first names, email addresses, telephone numbers, bank details, passwords, and conversation and call histories. But it claims that only a limited amount of data — names and addresses — about shoppers who made purchases from these retail clients was exposed. Steier contends that’s incorrect and alleged that Modern Solution downplayed the seriousness of the exposed data, which he said included extensive customer data from the online stores operated by Modern Solution’s clients.

In September 2021 police in Germany seized the IT consultant’s computers following a complaint from Modern Solution that claimed he could only have obtained the password through insider knowledge â” he worked previously for a related firm — and the biz claimed he was a competitor. Hendrik H. was charged with unlawful data access under Section 202a of Germany’s Criminal Code, based on the rule that examining data protected by a password can be classified as a crime under the Euro nation’s cybersecurity law. In June, 2023, a Julich District Court in western Germany sided with the IT consultant because the Modern Solution software was insufficiently protected. But the Aachen regional court directed the district court to hear the complaint. Now, the district court has reversed its initial decision. On January 17, a Julich District Court fined Hendrik H. and directed him to pay court costs.

Read more of this story at Slashdot.

Modder Recreates Game Boy Advance Games Using the Audio From Crash Sounds

Kevin Purdy reports via Ars Technica: Sometimes, a great song can come from great pain. The Game Boy Advance (GBA), its software having crashed nearly two hours ago, will, for example, play a tune based on the game inside it. And if you listen closely enough — using specialty hardware and code — you can tell exactly what game it was singing about. And then theoretically play that same game. This was discovered recently by TheZZAZZGlitch, whose job is to “sadistically glitch and hack the crap out of Pokemon games. It’s “hardly a ready-to-use solution,” the modder notes, as it requires a lot of tuning specific to different source formats. So while there are certainly easier ways to get GBA data from a cartridge, none make you feel quite so much like an audio datamancer.

After crashing a GBA and recording it over four hours, the modder saw some telltale waveforms in a sound file at about the 1-hour, 50-minute mark. Later in the sound-out, you can hear the actual instrument sounds and audio samples the game contains, played in sequence. Otherwise, it’s 8-bit data at 13,100 Hz, and at times, it sounds absolutely deranged. “2 days of bugfixing later,” the modder had a Python script ready that could read the audio from a clean recording of the GBA’s crash dump. Did it work? Not without more troubleshooting. One issue with audio-casting ROM data is that there are large sections of 0-byte data in the ROM, which are hard to parse as mute sounds. After running another script that realigned sections based on their location in the original ROM, the modder’s ROM was 99.76 percent accurate but “still didn’t boot tho.” TheZZAZZGlitch later disclaimed that, yes, this is technically using known ROM data to surface unknown data, or “cheating,” but there are assumptions and guesses one could make if you were truly doing this blind.

The next fix was to refine the sound recording. By recording three times and merging them with a “majority vote” algorithm, their accuracy notched up to 99.979 percent. That output ROM booted — but with glitched text and a title screen crash. After seven different recordings are meshed and filtered for blank spaces, they achieve 100 percent parity. You can watch the video describing this feat here. Used source code is also available under the file name “gbacrashsound_dumper.zip.”

Read more of this story at Slashdot.

Sony Ends $10 Billion Merger With India Media Giant Zee

Sony has scrapped plans for a $10 billion merger of its Indian unit with Zee Entertainment, “ending a deal that could have created one of the South Asian nation’s biggest TV broadcasters,” reports Reuters. From the report: The collapse of the deal in content-hungry India creates more uncertainty for TV broadcaster Zee in particular as competition heats up, with Disney, also seeking to merge its Indian businesses with the media assets of billionaire Mukesh Ambani’s Reliance. Zee told Indian stock exchanges Sony was seeking $90 million in termination fees for alleged breaches of their merger agreement and emergency interim relief by “invoking arbitration.” Zee said it denies all claims made by Sony and would take appropriate legal action. Sony said in a statement certain “closing conditions” to the merger were not satisfied despite “good faith discussions” with Zee, and the companies had been unable to agree upon an extension by their Jan. 21 deadline.

“After more than two years of negotiations, we are extremely disappointed … We remain committed to growing our presence in this vibrant and fast-growing market,” it added. While neither Sony nor Zee elaborated on Monday on which conditions had been unfulfilled, a stalemate over who will lead the combined company had put the merger in danger. Zee had proposed that CEO Punit Goenka take the helm, but Sony balked after he became the subject of an investigation by India’s market regulator. Zee said on Monday Goenka had been “agreeable to step down in the interest of the merger.” A source with direct knowledge however said Sony was not keen to proceed unless Goenka backed out before the closure of the merger, rather than after the deal had been sealed as he had proposed.

Read more of this story at Slashdot.