Tesla Delivers Its First Electric Semi Trucks

Electrek recaps yesterday’s Tesla’s Semi Delivery Event in Nevada: As expected, Tesla delivered the first electric trucks to PepsiCo, a long-time reservation holder, and held a presentation to reveal more details about the production version of the Tesla Semi. There wasn’t any big surprise during the presentation. Tesla basically delivered on its original promises made in 2017 when it first unveiled the prototypes of the Tesla Semi. Despite the lack of major changes, it’s still a big moment since the electric truck has the potential to change the trucking industry for good by eliminating emissions and significantly reducing costs.

In terms of the technology powering the truck, things have changed since the original prototypes, but not in any major ways. Tesla is now using a tri-motor drivetrain that is basically the same as in the Model S and Model X Plaid. Dan Priestley, Tesla Semi Program manager, explained that Tesla is using one of the motors for cruising speed geared toward peak efficiency at highway speeds and the two other motors are used for torque when accelerating in order to create a smooth driving experience never seen in a class 8 truck before. To prove the capacity, Tesla shared a very impressive video of a Tesla Semi loaded at 82,000 lb. passing a diesel truck at 6% incline on the Donner Pass as if it’s nothing:

Tesla promised a range of 500 miles with a full load five years ago, and it delivered on the promise. Tesla shared data on a 500-mile trip with a full load of just under 82,000 lb. total with the tractor. It started out in the Bay Area with a 97% state of charge and ended up in San Diego with still 4% charge. Tesla reiterated that it can achieve a less-than-2 kWh-per-mile efficiency, which means that trucking companies can achieve up to $70,000 in fuel savings per year depending on their cost of electricity. Once the battery pack is depleted after 500 miles or so, you can expect blazing-fast charging thanks to the new 1-megawatt charging technology developed by Tesla. The automaker also said it will make it to the Cybertruck. In an updated article, Electrek’s Fred Lambert says Musk confirmed Tesla Semi’s efficiency at 1.7 kWh per mile, “which means it has a roughly 900 kWh battery pack.”

Tesla didn’t reveal the weight of the actual truck or the price. “In 2017, Tesla said the trucks would be $150,000, $180,000, and $200,000, depending on the model, but those prices are expected to have changed over the last five years,” reports Lambert.

Read more of this story at Slashdot.

Hyundai App Bugs Allowed Hackers To Remotely Unlock, Start Cars

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. BleepingComputer reports: Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM “smart vehicle” platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to “remotely unlock, start, locate, flash, and honk” them. At this time, the researchers have not published detailed technical write-ups for their findings but shared some information on Twitter, in two separate threads.

The mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis, allow authenticated users to start, stop, lock, and unlock their vehicles. After intercepting the traffic generated from the two apps, the researchers analyzed it and were able to extract API calls for further investigation. They found that validation of the owner is done based on the user’s email address, which was included in the JSON body of POST requests. Next, the analysts discovered that MyHyundai did not require email confirmation upon registration. They created a new account using the target’s email address with an additional control character at the end. Finally, they sent an HTTP request to Hyundai’s endpoint containing the spoofed address in the JSON token and the victim’s address in the JSON body, bypassing the validity check. To verify that they could use this access for an attack on the car, they tried to unlock a Hyundai car used for the research. A few seconds later, the car unlocked. The multi-step attack was eventually baked into a custom Python script, which only needed the target’s email address for the attack.

Yuga Labs analysts found that the mobile apps for Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota, use SiriusXM technology to implement remote vehicle management features. They inspected the network traffic from Nissan’s app and found that it was possible to send forged HTTP requests to the endpoint only by knowing the target’s vehicle identification number (VIN). The response to the unauthorized request contained the target’s name, phone number, address, and vehicle details. Considering that VINs are easy to locate on parked cars, typically visible on a plate where the dashboard meets the windshield, an attacker could easily access it. These identification numbers are also available on specialized car selling websites, for potential buyers to check the vehicle’s history. In addition to information disclosure, the requests can also carry commands to execute actions on the cars. […] Before posting the details, Yuga Labs informed both Hyundai and SiriusXM of the flaws and associated risks. The two vendors have fixed the vulnerabilities.

Read more of this story at Slashdot.

Google Reports Decline In Android Memory Safety Vulnerabilities As Rust Usage Grows

Last year, Google announced Android Open Source Project (AOSP) support for Rust, and today the company provided an update, while highlighting the decline in memory safety vulnerabilities. 9to5Google reports: Google says the “number of memory safety vulnerabilities have dropped considerably over the past few years/releases.”; Specifically, the number of annual memory safety vulnerabilities fell from 223 to 85 between 2019 and 2022. They are now 35% of Android’s total vulnerabilities versus 76% four years ago. In fact, “2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.”

That count is for “vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally.” During that period, the amount of new memory-unsafe code entering Android has decreased: “Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. ”

Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android’s Virtualization framework (AVF), and “various other components and their open source dependencies.” Google considers it significant that there have been “zero memory safety vulnerabilities discovered in Android’s Rust code” so far across Android 12 and 13. Google’s blog post today also talks about non-memory-safety vulnerabilities, and its future plans: “… We’re implementing userspace HALs in Rust. We’re adding support for Rust in Trusted Applications. We’ve migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we’re excited to bring memory-safety to the kernel, starting with kernel drivers.

Read more of this story at Slashdot.

OpenAI’s New Chatbot Can Explain Code and Write Sitcom Scripts But Is Still Easily Tricked

OpenAI has released a prototype general purpose chatbot that demonstrates a fascinating array of new capabilities but also shows off weaknesses familiar to the fast-moving field of text-generation AI. And you can test out the model for yourself right here. The Verge reports: ChatGPT is adapted from OpenAI’s GPT-3.5 model but trained to provide more conversational answers. While GPT-3 in its original form simply predicts what text follows any given string of words, ChatGPT tries to engage with users’ queries in a more human-like fashion. As you can see in the examples below, the results are often strikingly fluid, and ChatGPT is capable of engaging with a huge range of topics, demonstrating big improvements to chatbots seen even a few years ago. But the software also fails in a manner similar to other AI chatbots, with the bot often confidently presenting false or invented information as fact. As some AI researchers explain it, this is because such chatbots are essentially “stochastic parrots” — that is, their knowledge is derived only from statistical regularities in their training data, rather than any human-like understanding of the world as a complex and abstract system. […]

Enough preamble, though: what can this thing actually do? Well, plenty of people have been testing it out with coding questions and claiming its answers are perfect. ChatGPT can also apparently write some pretty uneven TV scripts, even combining actors from different sitcoms. It can explain various scientific concepts. And it can write basic academic essays.
And the bot can combine its fields of knowledge in all sorts of interesting ways. So, for example, you can ask it to debug a string of code … like a pirate, for which its response starts: “Arr, ye scurvy landlubber! Ye be makin’ a grave mistake with that loop condition ye be usin’!” Or get it to explain bubble sort algorithms like a wise guy gangster. ChatGPT also has a fantastic ability to answer basic trivia questions, though examples of this are so boring I won’t paste any in here. And someone else saying the code ChatGPT provides in the very answer above is garbage.

I’m not a programmer myself, so I won’t make a judgment on this specific case, but there are plenty of examples of ChatGPT confidently asserting obviously false information. Here’s computational biology professor Carl Bergstrom asking the bot to write a Wikipedia entry about his life, for example, which ChatGPT does with aplomb — while including several entirely false biographical details. Another interesting set of flaws comes when users try to get the bot to ignore its safety training. If you ask ChatGPT about certain dangerous subjects, like how to plan the perfect murder or make napalm at home, the system will explain why it can’t tell you the answer. (For example, “I’m sorry, but it is not safe or appropriate to make napalm, which is a highly flammable and dangerous substance.”) But, you can get the bot to produce this sort of dangerous information with certain tricks, like pretending it’s a character in a film or that it’s writing a script on how AI models shouldn’t respond to these sorts of questions.

Read more of this story at Slashdot.

Judge Approves Apple’s Massive MacBook Keyboard Lawsuit Payout

A California federal judge has given preliminary approval to Apple’s plan to pay $50 million to settle a long-running class-action lawsuit over the faulty MacBook butterfly keyboard. MacTrast reports: Law360 says the payment will include $13.6 million in attorney fees, up to $2 million in litigation costs, and $1.4 million in settlement administration costs, with the rest distributed to class members. The lawsuit covers customers in California, Florida, Illinois, Michigan, New Jersey, New York, and Washington, who complained that Apple knew of and concealed the fact that its 2015 and later MacBook, MacBook Air, and MacBook Pro machines were equipped with “butterfly” keyboards that were prone to failure, and that its repair program for the keyboard was insufficient, as the replacement keyboards could also fail. […]

Apple initially agreed to the settlement in July 2022. Customers in the above-mentioned states are expected to receive maximum payouts of $395 to customers who replaced multiple keyboards, $125 to people who replaced one keyboard, and $50 to people who replaced keycaps. Mac owners who received butterfly keyboard replacements will begin receiving class notices later in December.

Read more of this story at Slashdot.

EU Unveils Plans To Cut Europe’s Plastic and Packaging Waste

The EU executive wants to ban mini-shampoo bottles in hotels and the use of throwaway cups in cafes and restaurants, as part of sweeping legal proposals to curb Europe’s mountains of waste. The Guardian reports: A draft EU regulation published on Wednesday also proposes mandatory deposit and return schemes for single-use plastic drinks bottles and metal cans, as well as an end to e-commerce firms wrapping small items in huge boxes. The new rules, which will have to be approved by EU member states and the European parliament, are intended to tackle the surge in plastic and other packaging waste. EU officials estimate that 40% of new plastics and 50% of paper are used in packaging, making the sector a vast consumer of virgin materials.

The EU passed a law in 2019 to ban the most common single-use plastic items, such as plastic cutlery, stirrers and straws, but officials want to go further to tackle soaring amounts of packaging rubbish. The average European is thought to generate 180kg of packaging waste each year, which could rise by 19% by 2030, without action. Under the latest proposals, EU member states would have to reduce packaging waste per capita by 15% by 2040 compared with 2018. Officials think this could be achieved by more reuse and refilling, as well as tighter controls on packaging. For example, e-commerce retailers would have to ensure that empty space in a box is a maximum 40% in relation to the product.

The commission also hopes to end confusion about recycling: it proposes harmonized labels, probably pictograms, to make it clear to consumers which bin to use. In a separate law, the commission seeks to ensure that products claiming to be “biobased,” “biodegradable” or “compostable” meet minimum standards. In an attempt to clamp down on greenwashing, consumers would be able to tell how long it takes an item to biodegrade, how much biomass was used in its production and whether it is really suitable for home composting.

Read more of this story at Slashdot.

Cocaine Synthesized In a Tobacco Plant

Longtime Slashdot reader Amiga Trombone shares a report from Phys.Org: A team of researchers at the Chinese Academy of Sciences, working with a colleague from Syngenta Jealott’s Hill International Research Centre in the U.K., has developed a way to synthesize cocaine using a tobacco plant. The group describes how they synthesized the notorious drug and possible uses for their process in their paper published in Journal of the American Chemical Society.

In studying the coca plant, the researchers discovered that the cocaine that winds up in its leaves is not produced by elements in the plant converting 4-(1-methyl-2-pyrrolidinyl)-3-oxobutanoic acid to hyoscyamine, as has been thought. They found that it is instead produced by the two enzymes, EnMT4 and EnCYP81AN15. To prove their discovery, the group genetically engineered a tobacco plant to produce the two enzymes in its leaves, which resulted in the production of small amounts of cocaine (with assistance from a substance also produced in the plant called ornithine, which is similar to the precursor in the coca plant). […] Not mentioned in the paper is the possibility of synthesizing the two enzymes produced by both the coca and engineered tobacco plant as a more direct way to synthesize cocaine.

Read more of this story at Slashdot.

Apple’s iPhone Pro Shipments May Fall 20 Million Units Short of Estimates

Apple’s iPhone 14 Pro and Pro Max model shipments could miss market expectations by up to 20 million units in the holiday quarter due to labor unrest at a major Chinese factory, TF Securities analyst Ming-Chi Kuo said. Reuters reports: Kuo is the latest to flag a hit to the world’s most valuable company from protests over pay and strict COVID-19 curbs at the world’s biggest iPhone factory, the Foxconn-operated plant in the central city of Zhengzhou. He trimmed his estimate for quarterly iPhone shipments by about 20% to between 70 million and 75 million units, compared with the market consensus of 80 million to 85 million units.

Kuo, in a blog post on Tuesday, also predicted that the supply shortfall could erase demand for the more popular Pro models, instead of deferring sales, as consumers also grapple with a weakening economy. In contrast, other Apple analysts expect sales to pick up once production constraints ease and more Pro models become available. Some analysts signaled the possibility of the challenges extending into 2023.

Read more of this story at Slashdot.

Snap Demands Employees Work In Office 80% of the Time Starting Early Next Year

Snapchat’s parent company is asking workers to return to the office 80% of the time, or the equivalent of four days a week, beginning early next year, in the latest sign of tech employees receiving less flexibility nearly three years after the pandemic took hold and amid a wave of industry cost cutting. CNN reports: “After working remotely for so long we’re excited to get everyone back together next year with our new 80/20 hybrid model,” a spokesperson for Snap (SNAP) confirmed to CNN in a statement Tuesday. “We believe that being together in person, while retaining flexibility for our team members, will enhance our ability to deliver on our strategic priorities of growing our community, driving revenue growth, and leading in [augmented reality].” The new policy will take effect at the end of February.

News of Snap’s stricter in-office policy was first reported by Bloomberg, which cited an internal memo from CEO Evan Spiegel telling employees they may have to “sacrifice” some amount of “individual convenience” but it will benefit “our collective success.”

Read more of this story at Slashdot.