Google Reports Decline In Android Memory Safety Vulnerabilities As Rust Usage Grows

Last year, Google announced Android Open Source Project (AOSP) support for Rust, and today the company provided an update, while highlighting the decline in memory safety vulnerabilities. 9to5Google reports: Google says the “number of memory safety vulnerabilities have dropped considerably over the past few years/releases.”; Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android’s total vulnerabilities versus 76% four years ago. In fact, “2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.”

That count is for “vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally.” During that period, the amount of new memory-unsafe code entering Android has decreased: “Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. ”

Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android’s Virtualization framework (AVF), and “various other components and their open source dependencies.” Google considers it significant that there have been “zero memory safety vulnerabilities discovered in Android’s Rust code” so far across Android 12 and 13. Google’s blog post today also talks about non-memory-safety vulnerabilities, and its future plans: “… We’re implementing userspace HALs in Rust. We’re adding support for Rust in Trusted Applications. We’ve migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we’re excited to bring memory-safety to the kernel, starting with kernel drivers.

Read more of this story at Slashdot.

OpenAI’s New Chatbot Can Explain Code and Write Sitcom Scripts But Is Still Easily Tricked

OpenAI has released a prototype general purpose chatbot that demonstrates a fascinating array of new capabilities but also shows off weaknesses familiar to the fast-moving field of text-generation AI. And you can test out the model for yourself right here. The Verge reports: ChatGPT is adapted from OpenAI’s GPT-3.5 model but trained to provide more conversational answers. While GPT-3 in its original form simply predicts what text follows any given string of words, ChatGPT tries to engage with users’ queries in a more human-like fashion. As you can see in the examples below, the results are often strikingly fluid, and ChatGPT is capable of engaging with a huge range of topics, demonstrating big improvements to chatbots seen even a few years ago. But the software also fails in a manner similar to other AI chatbots, with the bot often confidently presenting false or invented information as fact. As some AI researchers explain it, this is because such chatbots are essentially “stochastic parrots” — that is, their knowledge is derived only from statistical regularities in their training data, rather than any human-like understanding of the world as a complex and abstract system. […]

Enough preamble, though: what can this thing actually do? Well, plenty of people have been testing it out with coding questions and claiming its answers are perfect. ChatGPT can also apparently write some pretty uneven TV scripts, even combining actors from different sitcoms. It can explain various scientific concepts. And it can write basic academic essays.
And the bot can combine its fields of knowledge in all sorts of interesting ways. So, for example, you can ask it to debug a string of code … like a pirate, for which its response starts: “Arr, ye scurvy landlubber! Ye be makin’ a grave mistake with that loop condition ye be usin’!” Or get it to explain bubble sort algorithms like a wise guy gangster. ChatGPT also has a fantastic ability to answer basic trivia questions, though examples of this are so boring I won’t paste any in here. And someone else saying the code ChatGPT provides in the very answer above is garbage.

I’m not a programmer myself, so I won’t make a judgment on this specific case, but there are plenty of examples of ChatGPT confidently asserting obviously false information. Here’s computational biology professor Carl Bergstrom asking the bot to write a Wikipedia entry about his life, for example, which ChatGPT does with aplomb — while including several entirely false biographical details. Another interesting set of flaws comes when users try to get the bot to ignore its safety training. If you ask ChatGPT about certain dangerous subjects, like how to plan the perfect murder or make napalm at home, the system will explain why it can’t tell you the answer. (For example, “I’m sorry, but it is not safe or appropriate to make napalm, which is a highly flammable and dangerous substance.”) But, you can get the bot to produce this sort of dangerous information with certain tricks, like pretending it’s a character in a film or that it’s writing a script on how AI models shouldn’t respond to these sorts of questions.

Read more of this story at Slashdot.

Judge Approves Apple’s Massive MacBook Keyboard Lawsuit Payout

A California federal judge has given preliminary approval to Apple’s plan to pay $50 million to settle a long-running class-action lawsuit over the faulty MacBook butterfly keyboard. MacTrast reports: Law360 says the payment will include $13.6 million in attorney fees, up to $2 million in litigation costs, and $1.4 million in settlement administration costs, with the rest distributed to class members. The lawsuit covers customers in California, Florida, Illinois, Michigan, New Jersey, New York, and Washington, who complained that Apple knew of and concealed the fact that its 2015 and later MacBook, MacBook Air, and MacBook Pro machines were equipped with “butterfly” keyboards that were prone to failure, and that its repair program for the keyboard was insufficient, as the replacement keyboards could also fail. […]

Apple initially agreed to the settlement in July 2022. Customers in the above-mentioned states are expected to receive maximum payouts of $395 to customers who replaced multiple keyboards, $125 to people who replaced one keyboard, and $50 to people who replaced keycaps. Mac owners who received butterfly keyboard replacements will begin receiving class notices later in December.

Read more of this story at Slashdot.

EU Unveils Plans To Cut Europe’s Plastic and Packaging Waste

The EU executive wants to ban mini-shampoo bottles in hotels and the use of throwaway cups in cafes and restaurants, as part of sweeping legal proposals to curb Europe’s mountains of waste. The Guardian reports: A draft EU regulation published on Wednesday also proposes mandatory deposit and return schemes for single-use plastic drinks bottles and metal cans, as well as an end to e-commerce firms wrapping small items in huge boxes. The new rules, which will have to be approved by EU member states and the European parliament, are intended to tackle the surge in plastic and other packaging waste. EU officials estimate that 40% of new plastics and 50% of paper are used in packaging, making the sector a vast consumer of virgin materials.

The EU passed a law in 2019 to ban the most common single-use plastic items, such as plastic cutlery, stirrers and straws, but officials want to go further to tackle soaring amounts of packaging rubbish. The average European is thought to generate 180kg of packaging waste each year, which could rise by 19% by 2030, without action. Under the latest proposals, EU member states would have to reduce packaging waste per capita by 15% by 2040 compared with 2018. Officials think this could be achieved by more reuse and refilling, as well as tighter controls on packaging. For example, e-commerce retailers would have to ensure that empty space in a box is a maximum 40% in relation to the product.

The commission also hopes to end confusion about recycling: it proposes harmonized labels, probably pictograms, to make it clear to consumers which bin to use. In a separate law, the commission seeks to ensure that products claiming to be “biobased,” “biodegradable” or “compostable” meet minimum standards. In an attempt to clamp down on greenwashing, consumers would be able to tell how long it takes an item to biodegrade, how much biomass was used in its production and whether it is really suitable for home composting.

Read more of this story at Slashdot.

Cocaine Synthesized In a Tobacco Plant

Longtime Slashdot reader Amiga Trombone shares a report from Phys.Org: A team of researchers at the Chinese Academy of Sciences, working with a colleague from Syngenta Jealott’s Hill International Research Centre in the U.K., has developed a way to synthesize cocaine using a tobacco plant. The group describes how they synthesized the notorious drug and possible uses for their process in their paper published in Journal of the American Chemical Society.

In studying the coca plant, the researchers discovered that the cocaine that winds up in its leaves is not produced by elements in the plant converting 4-(1-methyl-2-pyrrolidinyl)-3-oxobutanoic acid to hyoscyamine, as has been thought. They found that it is instead produced by the two enzymes, EnMT4 and EnCYP81AN15. To prove their discovery, the group genetically engineered a tobacco plant to produce the two enzymes in its leaves, which resulted in the production of small amounts of cocaine (with assistance from a substance also produced in the plant called ornithine, which is similar to the precursor in the coca plant). […] Not mentioned in the paper is the possibility of synthesizing the two enzymes produced by both the coca and engineered tobacco plant as a more direct way to synthesize cocaine.

Read more of this story at Slashdot.

Apple’s iPhone Pro Shipments May Fall 20 Million Units Short of Estimates

Apple’s iPhone 14 Pro and Pro Max model shipments could miss market expectations by up to 20 million units in the holiday quarter due to labor unrest at a major Chinese factory, TF Securities analyst Ming-Chi Kuo said. Reuters reports: Kuo is the latest to flag a hit to the world’s most valuable company from protests over pay and strict COVID-19 curbs at the world’s biggest iPhone factory, the Foxconn-operated plant in the central city of Zhengzhou. He trimmed his estimate for quarterly iPhone shipments by about 20% to between 70 million and 75 million units, compared with the market consensus of 80 million to 85 million units.

Kuo, in a blog post on Tuesday, also predicted that the supply shortfall could erase demand for the more popular Pro models, instead of deferring sales, as consumers also grapple with a weakening economy. In contrast, other Apple analysts expect sales to pick up once production constraints ease and more Pro models become available. Some analysts signaled the possibility of the challenges extending into 2023.

Read more of this story at Slashdot.

Snap Demands Employees Work In Office 80% of the Time Starting Early Next Year

Snapchat’s parent company is asking workers to return to the office 80% of the time, or the equivalent of four days a week, beginning early next year, in the latest sign of tech employees receiving less flexibility nearly three years after the pandemic took hold and amid a wave of industry cost cutting. CNN reports: “After working remotely for so long we’re excited to get everyone back together next year with our new 80/20 hybrid model,” a spokesperson for Snap (SNAP) confirmed to CNN in a statement Tuesday. “We believe that being together in person, while retaining flexibility for our team members, will enhance our ability to deliver on our strategic priorities of growing our community, driving revenue growth, and leading in [augmented reality].” The new policy will take effect at the end of February.

News of Snap’s stricter in-office policy was first reported by Bloomberg, which cited an internal memo from CEO Evan Spiegel telling employees they may have to “sacrifice” some amount of “individual convenience” but it will benefit “our collective success.”

Read more of this story at Slashdot.

Torrent Site User Who Transferred 120TB of Pirated Content Avoids Prison

A torrent site user accused of downloading and uploading at least 120TB of movies, TV shows, eBooks, music and software, has avoided an immediate prison term. The 28-year-old was arrested as part of a police operation against DanishBytes. A member of the same site was sentenced earlier this month after he uploaded Netflix content obtained using hacked credentials. TorrentFreak reports: Early November 2021, Denmark’s Public Prosecutor for Special Economic and International Crime (SOIK) announced that six people had been arrested following criminal referrals by Rights Alliance. All were members and/or operators of ShareUniversity and DanishBytes. Prosecution of site operators is not uncommon but when it’s deemed in the public interest, pirate site users can also face charges. Every case is unique so criteria differ, especially across national borders, but when evidence shows large volumes of infringement, successful prosecutions become more likely. That was the case when a former DanishBytes user was sentenced last week. According to Danish anti-piracy group Rights Alliance, the 28-year-old man was a regular site member and wasn’t involved in running the site. That being said, evidence showed that for the period January 2021 to November 2021, he downloaded and/or uploaded no less than 3,000 copyrighted works, including movies, TV shows, music, books, audiobooks and comics.

Information released by the National Unit for Special Crimes (NSK), a Danish police unit focused on cybercrime, organized crime, and related financial crime, reveals that the user’s traffic statistics interested prosecutors. “During the period, the man downloaded no less than 100 TB and uploaded no less than 20 TB of copyrighted material,” NSK says. BitTorrent trackers operating a ratio model usually insist on a better ratio of downloads to uploads but DanishBytes’ situation was out of the ordinary.

The site launched in January 2021 in the wake of other sites being shut down, so had to get going from a standing start with no users. Even when arrests were being made, the site still had a relatively small userbase, which can limit opportunities to upload more. That may have been a blessing in disguise. Faced with the evidence, the man decided to plead guilty and was sentenced last week at the Court in Vibourg. In common with similar prosecutions recently, he received a suspended conditional sentence of 60 days’ probation, 80 hours of community service, and confiscation of his computer equipment. The case against the DanishBytes user began with a Rights Alliance investigation and a referral to the police. As part of his sentence, the man must pay the anti-piracy group DKK 5,000 (US$600) in compensation but Rights Alliance director Maria Fredenslund is focused on the deterrent effect of another successful prosecution.

Read more of this story at Slashdot.

BlockFi Sues FTX’s Bankman-Fried Over Shares In Robinhood

Newly-bankrupt crypto lending platform BlockFi has filed a lawsuit against Sam Bankman-Fried’s holding company Emergent Fidelity Technologies seeking his shares in Robinhood that were pledged as collateral earlier in November. CoinTelegraph reports: The suit was filed on Nov. 28 in the United States Bankruptcy Court for the District of New Jersey just hours after BlockFi filed for Chapter 11 bankruptcy in the same court. As per the filing, BlockFi is demanding Emergent turnover collateral as part of a Nov. 9 pledge agreement that saw Emergent agree to a payment schedule with BlockFi that it has allegedly failed to pay.

BlockFi names the collateral as “including certain shares of common stock.” In May, Bankman-Fried acquired a 7.6% stake in the online brokerage firm Robinhood, buying a total of $648 million in Robinhood shares through his Emergent investment company.

Read more of this story at Slashdot.

Media Groups Urge US To Drop Julian Assange Charges

The US government must drop its prosecution of the WikiLeaks co-founder Julian Assange because it is undermining press freedom, according to the media organizations that first helped him publish leaked diplomatic cables. The Guardian reports: Twelve years ago today, the Guardian, the New York Times, Le Monde, Der Spiegel, and El Pais collaborated to release excerpts from 250,000 documents obtained by Assange in the “Cablegate” leak. The material, leaked to WikiLeaks by the then American soldier Chelsea Manning, exposed the inner workings of US diplomacy around the world. The editors and publishers of the media organizations that first published those revelations have come together to publicly oppose plans to charge Assange under a law designed to prosecute first world war spies. “Publishing is not a crime,” they said, saying the prosecution is a direct attack on media freedom.

Read more of this story at Slashdot.