Former Apple Engineer Accused of Stealing Automotive Trade Secrets Pleads Guilty

Xiaolang Zhang, a former Apple employee who was accused of stealing computer files with trade secrets about Apple’s secretive car division, pleaded guilty in federal court in San Jose on Monday. CNBC reports: Zhang’s plea agreement with the U.S. government is under seal, according to court filings on Monday. Zhang faces as much as 10 years in prison and a $250,000 fine after pleading guilty to a felony charge of theft of trade secrets. Sentencing is scheduled for November. Zhang was accused of downloading internal Apple files about the company’s car project — specifically, a 25-page document including engineering schematics of a circuit board for an autonomous vehicle. Zhang was also accused of taking reference manuals and PDFs describing Apple’s prototypes and prototype requirements.

Zhang was arrested by federal agents in July 2018 at the San Jose airport, where he planned to fly to China. He had previously worked for Apple since 2015, most recently as a hardware engineer on Apple’s autonomous vehicle team, according to charging documents from the FBI and U.S. attorney’s office. The charges gave a peek into a secretive side of Apple that the company even years later still doesn’t often acknowledge: its division developing autonomous electric vehicles.

Read more of this story at Slashdot.

Devs Make Progress Getting MacOS Venture Running On Unsupported, Decade-Old Macs

An anonymous reader quotes a report from Ars Technica: Skirting the official macOS system requirements to run new versions of the software on old, unsupported Macs has a rich history. Tools like XPostFacto and LeopardAssist could help old PowerPC Macs run newer versions of Mac OS X, a tradition kept alive in the modern era by dosdude1’s patchers for Sierra, High Sierra, Mojave, and Catalina. For Big Sur and Monterey, the OpenCore Legacy Patcher (OCLP for short) is the best way to get new macOS versions running on old Macs. It’s an offshoot of the OpenCore Hackintosh bootloader, and it’s updated fairly frequently with new features and fixes and compatibility for newer macOS versions. The OCLP developers have admitted that macOS Ventura support will be tough, but they’ve made progress in some crucial areas that should keep some older Macs kicking for a little bit longer.

[…] First, while macOS doesn’t technically include system files for pre-AVX2 Intel CPUs, Apple’s Rosetta 2 software does still include those files, since Rosetta 2 emulates the capabilities of a pre-AVX2 x86 CPU. By extracting and installing those files in Ventura, you can re-enable support on Ivy Bridge and older CPUs without AVX2 instructions. And this week, Grymalyuk showed off another breakthrough: working graphics support on old Metal-capable Macs, including machines as old as the 2014 5K iMac, the 2012 Mac mini, and even the 2008 cheese grater-style Mac Pro tower. The OCLP team still has other challenges to surmount, not least of which will involve automating all of these hacks so that users without a deep technical understanding of macOS’s underpinnings can continue to set up and use the bootloader. Grymalyuk still won’t speculate about a timeframe for official Ventura support in OCLP. But given the progress that has been made so far, it seems likely that people with 2012-and-newer Macs should still be able to run Ventura on their Macs without giving up graphics acceleration or other important features.

Read more of this story at Slashdot.

Apple’s Repair Program Creates ‘Excruciating Gauntlet of Hurdles’, iFixit Says

On Monday, Apple expanded its DIY repair program to include MacBook Air and MacBook Pro laptops equipped with M1 chips (including the Pro and Max). At least, in theory. The repairability experts at iFixit, who regularly dissect Apple’s gadgets, have taken a look at the new program, and their outlook is…mixed. iFixit’s Sam Goldheart writes that the new MacBook Pro guides “threw us for a loop.” The issue: the documentation “makes MacBook Pros seem less repairable” than they have been in the past. From a report: The repair manual for replacing the 14-inch MacBook Pro’s battery, for example, is a whole 162 pages long. (One of the first steps, of course, is “Read the entire manual first.”) The reason the guide is so long, it turns out, is that replacing these batteries isn’t just a matter of popping the battery out. A user needs to replace the entire top case and keyboard in order to replace the battery. Needless to say, it is unusual for a laptop battery replacement to require a full-computer teardown.

And then, as Goldheart points out, there’s the matter of the money. The “top case with battery” part that you’ll need to purchase for the 2020 and 2021 MacBook Pro models is not cheap — after rooting around Apple’s store, Verge editor Sean Hollister found that you can expect to pay well upwards of $400 for the top case with battery after the repair credit. “Apple is presenting DIY repairers with a excruciating gauntlet of hurdles: read 162 pages of documentation without getting intimidated and decide to do the repair anyway, pay an exorbitant amount of money for an overkill replacement part, decide whether you want to drop another 50 bucks on the tools they recommend, and do the repair yourself within 14 days, including completing the System Configuration to pair your part with your device,” Goldheart writes in summary. “Which makes us wonder, does Apple even want better repairability?”

Read more of this story at Slashdot.

Quest VR Owners Have New Meta Logins To Use Instead of Facebook

Meta will now allow users of its Quest VR headsets to log in with a new Meta account instead of a Facebook account, the company announced on Tuesday. The Verge reports: The company had said in July that this change would be rolling out in August, and it marks a shift from an unpopular policy announced in 2020 that required users to log in to their headsets with a Facebook account instead of a separate Oculus account. Users can create Meta accounts through the Meta mobile app using an email address, Facebook account, or Instagram account. Once you create a Meta account, you’ll need to set up a linked Meta Horizon social profile that will be used in VR. As with Facebook accounts before, you’ll need one of these accounts to use a Quest headset.

“Our new Meta account structure gives you more flexibility and control, letting you choose how you do and don’t show up — and whether Facebook and / or Instagram is part of your experience in VR and other surfaces where you use your Meta Horizon profile,” Meta says in its blog post. If you want to set up a Meta account, the company has instructions in the blog post and in a video. If you are still using an Oculus account, you’ll be able to do so until January 1st, 2023. After that date, you’ll need to make a Meta account. The company says the option to make a Meta account and a Meta Horizon profile is rolling out now, so if you aren’t able to just yet, you should be given the option soon.

Read more of this story at Slashdot.

China Punishes 27 People Over ‘Tragically Ugly’ Illustrations In Maths Textbook

Chinese authorities have punished 27 people over the publication of a maths textbook that went viral over its “tragically ugly” illustrations. The Guardian reports: A months-long investigation by a ministry of education working group found the books were “not beautiful,” and some illustrations were “quite ugly” and did not “properly reflect the sunny image of China’s children.” The mathematics books were published by the People’s Education Press almost 10 years ago, and were reportedly used in elementary schools across the country. But they went viral in May after a teacher published photos of the illustrations inside, including people with distorted faces and bulging pants, boys pictures grabbing girls’ skirts and at least one child with an apparent leg tattoo.

Social media users were largely amused by the illustrations, but many also criticized them as bringing disrepute and “cultural annihilation” to China, speculating they were the deliberate work of western infiltrators in the education sector. Related hashtags were viewed billions of times, embarrassing the Communist party and education authorities who announced a review of all textbooks “to ensure that the textbooks adhere to the correct political direction and value orientation.”

In a lengthy statement released on Monday, the education authorities said 27 individuals were found to have “neglected their duties and responsibilities” and were punished, including the president of the publishing house, who was given formal demerits, which can affect a party member’s standing and future employment. The editor-in-chief and the head of the maths department editing office were also given demerits and dismissed from their roles. The statement said the illustrators and designers were “dealt with accordingly” but did not give details. They and their studios would no longer be engaged to work on textbook design or related work, it said. The highly critical statement found a litany of issues with the books, including critiquing the size, quantity and quality of illustrations, some of which had “scientific and normative problems.”

Read more of this story at Slashdot.

Streaming Service Crunchyroll Blocks Privacy-Focused Email Tutanota Because ‘Hackers Use It’

The end-to-end encryption email service, Tutanota, says they are receiving reports that Crunchyroll is not allowing the use of their email addresses when signing up for their service. After contacting their team requiring that their domains be unblocked, they received the following response: “The ban of your domains is because we encountered a lot of hackers that used your domains emails to hack our accounts.” From a report: In other words, Crunchyroll believes that many hackers used Tutanota domain emails to hack their accounts, which is why they banned Tutanota from their list. Moreover, they recommend users to use email accounts powered by “Big Tech” companies for hassle-free sign up to their services. This is not entirely a new phenomenon, notes It’s FOSS. “DeviantArt actively blocked Proton Mail in the past because spammers used the platform to create accounts. Now, they have unblocked them.”

Tutanota recently called out Microsoft for blocking Tutanota users from registering an account with its cloud-based collaboration platform, Teams.

Read more of this story at Slashdot.

YouTube Launches a Dedicated ‘Explore’ Page For Podcasts

The first fruit of YouTube’s new podcast strategy has taken shape with a new “Explore” page “Podcasts.” 9to5Google reports: youtube.com/podcasts is now live and is linked to on the existing Explore page alongside: Trending, Music, Movies & Shows, Live, Gaming, News, Sports, Learning, and Fashion & Beauty. It appears to have first gone live in late July, and is slowly becoming more widely available as it’s not showing up for all users we checked with today. Available on desktop web and mobile, it’s very rudimentary at this point. There are carousels, which can be expanded via “Show all,” for “Popular episodes,” “Popular podcast playlists,” “Recommended,” and “Popular podcast creators.” The rest of this page links to various categories: Comedy, True Crime, Sports, Music, and TV & Film.

You’re just browsing through regular video thumbnails rather than anything more optimized. Meanwhile, tapping one just opens the regular player on Android, and doesn’t even default to the “Listening controls” available for YouTube Premium subscribers. You get large buttons and shortcuts to like, save, and quickly adjust playback speed. The podcast experience for end users will presumably get more optimized over time, while it remains to be seen what the UI in YouTube Music is going to be.

Read more of this story at Slashdot.

Oracle’s ‘Surveillance Machine’ Targeted In US Privacy Class Action

A new privacy class action claim (PDF) in the U.S. alleges Oracle’s “worldwide surveillance machine” has amassed detailed dossiers on some five billion people, “accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth,” reports TechCrunch. From the report: The suit has three class representatives: Dr Johnny Ryan, senior fellow of the Irish Council for Civil Liberties (ICCL); Michael Katz-Lacabe, director of research at The Center for Human Rights and Privacy; and Dr Jennifer Golbeck, a professor of computer science at the University of Maryland — who say they are “acting on behalf of worldwide Internet users who have been subject to Oracle’s privacy violations.” The litigants are represented by the San Francisco-headquartered law firm, Lieff Cabraser, which they note has run significant privacy cases against Big Tech. The key point here is there is no comprehensive federal privacy law in the U.S. — so the litigation is certainly facing a hostile environment to make a privacy case — hence the complaint references multiple federal, constitutional, tort and state laws, alleging violations of the Federal Electronic Communications Privacy Act, the Constitution of the State of California, the California Invasion of Privacy Act, as well as competition law, and the common law.

It remains to be seen whether this “patchwork” approach to a tricky legal environment will prevail — for an expert snap analysis of the complaint and some key challenges this whole thread is highly recommended. But the substance of the complaint hinges on allegations that Oracle collects vast amounts of data from unwitting Internet users, i.e. without their consent, and uses this surveillance intelligence to profile individuals, further enriching profiles via its data marketplace and threatening people’s privacy on a vast scale — including, per the allegations, by the use of proxies for sensitive data to circumvent privacy controls.

Read more of this story at Slashdot.

Hyundai Uses Example Keys For Encryption System

“Hyundai predictably fails in attempting to secure their car infotainment system with a default key lifted from programming examples,” writes Slashdot reader sinij. “This level of security is unfortunately expected from auto manufacturers, who also would like to sell you always-connected Car2Car self-driving automobiles.” Cryptographer and security experience Bruce Schneier writes: “Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF],” writes an unidentified developer under the name “greenluigi1.” Luck held out, in a way. “Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like “RSA Encryption & Decryption Example with OpenSSL in C.” Two questions remain:

1.) How did the test key get left behind?
2) Was it by accident or design?

Read more of this story at Slashdot.

Meta AI and Wikimedia Foundation Build an ML-Powered, Citation-Checking Bot

Digital Trends reports:

Working with the Wikimedia Foundation, Meta AI (that’s the AI research and development research lab for the social media giant) has developed what it claims is the first machine learning model able to automatically scan hundreds of thousands of citations at once to check if they support the corresponding claims….

“I think we were driven by curiosity at the end of the day,” Fabio Petroni, research tech lead manager for the FAIR (Fundamental AI Research) team of Meta AI, told Digital Trends. “We wanted to see what was the limit of this technology. We were absolutely not sure if [this AI] could do anything meaningful in this context. No one had ever tried to do something similar [before].”

Trained using a dataset consisting of 4 million Wikipedia citations, Meta’s new tool is able to effectively analyze the information linked to a citation and then cross-reference it with the supporting evidence…. Just as impressive as the ability to spot fraudulent citations, however, is the tool’s potential for suggesting better references. Deployed as a production model, this tool could helpfully suggest references that would best illustrate a certain point. While Petroni balks at it being likened to a factual spellcheck, flagging errors and suggesting improvements, that’s an easy way to think about what it might do.

Read more of this story at Slashdot.