iPhone 14 Satellite Feature Saves Stranded Man In Alaska

Apple’s iPhone 14 Emergency SOS via Satellite Feature was put to the test in Alaska yesterday, when a man became stranded in a rural area. MacRumors reports: In the early hours of the morning on December 1, Alaska State Troopers received an alert that a man traveling by snow machine from Noorvik to Kotzebue had become stranded. The man was in a cold, remote location with no connectivity, and he activated the Emergency SOS via satellite feature on his iPhone 14 to alert authorities to his predicament. Apple’s Emergency Response Center worked with local search and rescue teams and the Northwest Arctic Borough Search and Rescue Coordinator to send out volunteer searchers directly to the GPS coordinates that were relayed to Apple using the emergency function.

The man was rescued successfully and there were no injuries. The area where he was located is remote and on the fringes of where satellite connectivity is available. Apple says that satellite connectivity might not work in places above 62 degrees latitude, such as northern parts of Canada and Alaska, and Noorvik and Kotzebue are close to 69 degrees latitude. Troopers who helped with the rescue were “impressed with the accuracy and completeness of information included in the initial alert,” with the Emergency SOS via Satellite feature designed to ask several questions ahead of when an alert is sent out to expedite rescue missions.

Read more of this story at Slashdot.

Prime Video Replaces Netflix As No. 1 Streaming Service In US

Prime Video has supplanted Netflix as the No. 1 subscription streaming outlet in the U.S. in an annual ranking compiled by research firm Parks Associates. Deadline reports: The company didn’t disclose its methodology for how it isolates the number of Prime Video subscribers, a metric long cloaked in secrecy due to Amazon’s general reluctance to disclose statistics about its Prime business. Still, Parks has been a reputable tracker of the streaming space for more than a decade. For many years in the 2010s, its rankings looked consistent, with the former “Big 3” of Netflix, Prime Video and Hulu sharing the top three spots, always with Netflix at the top. Today, the rankings are much more fragmented given how many new players have entered the scene. The list reflects total subscribers through September 2022, via the OTT Video Market Tracker, a Parks offering described by the firm as “an exhaustive analysis of market trends and profiles of the nearly 100 over-the-top video service providers in the U.S. and Canada.”

Amazon said last year it has more than 200 million Prime members, with Prime Video among the program’s benefits. Several weeks ago, the company also recently said The Lord of the Rings: The Rings of Power has been viewed by more than 100 million Prime subscribers worldwide. […] Netflix, meanwhile, has hit a plateau in the U.S., even shedding a small amount of subscribers over recent quarters. The company reported 73.4 million subscribers in the U.S. and Canada as of September 30, up 100,000 from the previous quarter but below levels in 2021 and earlier this year.

On a global basis, of course, Netflix continues to lead the field with a bit more than 223 million subscribers. Disney has been hot on its heels, with Disney+ now at 164.2 million and the company overall reaching 235.7 million across Disney+, Hulu and ESPN+. The rest of the 2022 chart looks relatively similar to the 2021 edition, though NBCUniversal’s Peacock broke through to take the No. 10 spot as Showtime dropped out of the picture.

Read more of this story at Slashdot.

Tesla Delivers Its First Electric Semi Trucks

Electrek recaps yesterday’s Tesla’s Semi Delivery Event in Nevada: As expected, Tesla delivered the first electric trucks to PepsiCo, a long-time reservation holder, and held a presentation to reveal more details about the production version of the Tesla Semi. There wasn’t any big surprise during the presentation. Tesla basically delivered on its original promises made in 2017 when it first unveiled the prototypes of the Tesla Semi. Despite the lack of major changes, it’s still a big moment since the electric truck has the potential to change the trucking industry for good by eliminating emissions and significantly reducing costs.

In terms of the technology powering the truck, things have changed since the original prototypes, but not in any major ways. Tesla is now using a tri-motor drivetrain that is basically the same as in the Model S and Model X Plaid. Dan Priestley, Tesla Semi Program manager, explained that Tesla is using one of the motors for cruising speed geared toward peak efficiency at highway speeds and the two other motors are used for torque when accelerating in order to create a smooth driving experience never seen in a class 8 truck before. To prove the capacity, Tesla shared a very impressive video of a Tesla Semi loaded at 82,000 lb. passing a diesel truck at 6% incline on the Donner Pass as if it’s nothing:

Tesla promised a range of 500 miles with a full load five years ago, and it delivered on the promise. Tesla shared data on a 500-mile trip with a full load of just under 82,000 lb. total with the tractor. It started out in the Bay Area with a 97% state of charge and ended up in San Diego with still 4% charge. Tesla reiterated that it can achieve a less-than-2 kWh-per-mile efficiency, which means that trucking companies can achieve up to $70,000 in fuel savings per year depending on their cost of electricity. Once the battery pack is depleted after 500 miles or so, you can expect blazing-fast charging thanks to the new 1-megawatt charging technology developed by Tesla. The automaker also said it will make it to the Cybertruck. In an updated article, Electrek’s Fred Lambert says Musk confirmed Tesla Semi’s efficiency at 1.7 kWh per mile, “which means it has a roughly 900 kWh battery pack.”

Tesla didn’t reveal the weight of the actual truck or the price. “In 2017, Tesla said the trucks would be $150,000, $180,000, and $200,000, depending on the model, but those prices are expected to have changed over the last five years,” reports Lambert.

Read more of this story at Slashdot.

Hyundai App Bugs Allowed Hackers To Remotely Unlock, Start Cars

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. BleepingComputer reports: Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM “smart vehicle” platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to “remotely unlock, start, locate, flash, and honk” them. At this time, the researchers have not published detailed technical write-ups for their findings but shared some information on Twitter, in two separate threads.

The mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis, allow authenticated users to start, stop, lock, and unlock their vehicles. After intercepting the traffic generated from the two apps, the researchers analyzed it and were able to extract API calls for further investigation. They found that validation of the owner is done based on the user’s email address, which was included in the JSON body of POST requests. Next, the analysts discovered that MyHyundai did not require email confirmation upon registration. They created a new account using the target’s email address with an additional control character at the end. Finally, they sent an HTTP request to Hyundai’s endpoint containing the spoofed address in the JSON token and the victim’s address in the JSON body, bypassing the validity check. To verify that they could use this access for an attack on the car, they tried to unlock a Hyundai car used for the research. A few seconds later, the car unlocked. The multi-step attack was eventually baked into a custom Python script, which only needed the target’s email address for the attack.

Yuga Labs analysts found that the mobile apps for Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota, use SiriusXM technology to implement remote vehicle management features. They inspected the network traffic from Nissan’s app and found that it was possible to send forged HTTP requests to the endpoint only by knowing the target’s vehicle identification number (VIN). The response to the unauthorized request contained the target’s name, phone number, address, and vehicle details. Considering that VINs are easy to locate on parked cars, typically visible on a plate where the dashboard meets the windshield, an attacker could easily access it. These identification numbers are also available on specialized car selling websites, for potential buyers to check the vehicle’s history. In addition to information disclosure, the requests can also carry commands to execute actions on the cars. […] Before posting the details, Yuga Labs informed both Hyundai and SiriusXM of the flaws and associated risks. The two vendors have fixed the vulnerabilities.

Read more of this story at Slashdot.

Google Reports Decline In Android Memory Safety Vulnerabilities As Rust Usage Grows

Last year, Google announced Android Open Source Project (AOSP) support for Rust, and today the company provided an update, while highlighting the decline in memory safety vulnerabilities. 9to5Google reports: Google says the “number of memory safety vulnerabilities have dropped considerably over the past few years/releases.”; Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android’s total vulnerabilities versus 76% four years ago. In fact, “2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.”

That count is for “vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally.” During that period, the amount of new memory-unsafe code entering Android has decreased: “Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. ”

Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android’s Virtualization framework (AVF), and “various other components and their open source dependencies.” Google considers it significant that there have been “zero memory safety vulnerabilities discovered in Android’s Rust code” so far across Android 12 and 13. Google’s blog post today also talks about non-memory-safety vulnerabilities, and its future plans: “… We’re implementing userspace HALs in Rust. We’re adding support for Rust in Trusted Applications. We’ve migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we’re excited to bring memory-safety to the kernel, starting with kernel drivers.

Read more of this story at Slashdot.

OpenAI’s New Chatbot Can Explain Code and Write Sitcom Scripts But Is Still Easily Tricked

OpenAI has released a prototype general purpose chatbot that demonstrates a fascinating array of new capabilities but also shows off weaknesses familiar to the fast-moving field of text-generation AI. And you can test out the model for yourself right here. The Verge reports: ChatGPT is adapted from OpenAI’s GPT-3.5 model but trained to provide more conversational answers. While GPT-3 in its original form simply predicts what text follows any given string of words, ChatGPT tries to engage with users’ queries in a more human-like fashion. As you can see in the examples below, the results are often strikingly fluid, and ChatGPT is capable of engaging with a huge range of topics, demonstrating big improvements to chatbots seen even a few years ago. But the software also fails in a manner similar to other AI chatbots, with the bot often confidently presenting false or invented information as fact. As some AI researchers explain it, this is because such chatbots are essentially “stochastic parrots” — that is, their knowledge is derived only from statistical regularities in their training data, rather than any human-like understanding of the world as a complex and abstract system. […]

Enough preamble, though: what can this thing actually do? Well, plenty of people have been testing it out with coding questions and claiming its answers are perfect. ChatGPT can also apparently write some pretty uneven TV scripts, even combining actors from different sitcoms. It can explain various scientific concepts. And it can write basic academic essays.
And the bot can combine its fields of knowledge in all sorts of interesting ways. So, for example, you can ask it to debug a string of code … like a pirate, for which its response starts: “Arr, ye scurvy landlubber! Ye be makin’ a grave mistake with that loop condition ye be usin’!” Or get it to explain bubble sort algorithms like a wise guy gangster. ChatGPT also has a fantastic ability to answer basic trivia questions, though examples of this are so boring I won’t paste any in here. And someone else saying the code ChatGPT provides in the very answer above is garbage.

I’m not a programmer myself, so I won’t make a judgment on this specific case, but there are plenty of examples of ChatGPT confidently asserting obviously false information. Here’s computational biology professor Carl Bergstrom asking the bot to write a Wikipedia entry about his life, for example, which ChatGPT does with aplomb — while including several entirely false biographical details. Another interesting set of flaws comes when users try to get the bot to ignore its safety training. If you ask ChatGPT about certain dangerous subjects, like how to plan the perfect murder or make napalm at home, the system will explain why it can’t tell you the answer. (For example, “I’m sorry, but it is not safe or appropriate to make napalm, which is a highly flammable and dangerous substance.”) But, you can get the bot to produce this sort of dangerous information with certain tricks, like pretending it’s a character in a film or that it’s writing a script on how AI models shouldn’t respond to these sorts of questions.

Read more of this story at Slashdot.

EU Unveils Plans To Cut Europe’s Plastic and Packaging Waste

The EU executive wants to ban mini-shampoo bottles in hotels and the use of throwaway cups in cafes and restaurants, as part of sweeping legal proposals to curb Europe’s mountains of waste. The Guardian reports: A draft EU regulation published on Wednesday also proposes mandatory deposit and return schemes for single-use plastic drinks bottles and metal cans, as well as an end to e-commerce firms wrapping small items in huge boxes. The new rules, which will have to be approved by EU member states and the European parliament, are intended to tackle the surge in plastic and other packaging waste. EU officials estimate that 40% of new plastics and 50% of paper are used in packaging, making the sector a vast consumer of virgin materials.

The EU passed a law in 2019 to ban the most common single-use plastic items, such as plastic cutlery, stirrers and straws, but officials want to go further to tackle soaring amounts of packaging rubbish. The average European is thought to generate 180kg of packaging waste each year, which could rise by 19% by 2030, without action. Under the latest proposals, EU member states would have to reduce packaging waste per capita by 15% by 2040 compared with 2018. Officials think this could be achieved by more reuse and refilling, as well as tighter controls on packaging. For example, e-commerce retailers would have to ensure that empty space in a box is a maximum 40% in relation to the product.

The commission also hopes to end confusion about recycling: it proposes harmonized labels, probably pictograms, to make it clear to consumers which bin to use. In a separate law, the commission seeks to ensure that products claiming to be “biobased,” “biodegradable” or “compostable” meet minimum standards. In an attempt to clamp down on greenwashing, consumers would be able to tell how long it takes an item to biodegrade, how much biomass was used in its production and whether it is really suitable for home composting.

Read more of this story at Slashdot.