Framework’s Software and Firmware Have Been a Mess

Framework, the company known for designing and selling upgradeable, modular laptops, has struggled with providing up-to-date software for its products. Ars Technica’s Andrew Cunningham spoke with CEO Nirav Patel to discuss how the company is working on fixing these issues. Longtime Slashdot reader snikulin shares the report: Driver bundles remain un-updated for years after their initial release. BIOS updates go through long and confusing beta processes, keeping users from getting feature improvements, bug fixes, and security updates. In its community support forums, Framework employees, including founder and CEO Nirav Patel, have acknowledged these issues and promised fixes but have remained inconsistent and vague about actual timelines. […] Patel says Framework has taken steps to improve the update problem, but he admits that the team’s initial approach — supporting existing laptops while also trying to spin up firmware for upcoming launches — wasn’t working. “We started 12th-gen [Intel Framework Laptop] development, basically the 12th-gen team was also handling looking back at 11th-gen [Intel Framework Laptop] to do firmware updates there,” Patel told Ars. “And it became clear, especially as we continued to add on more platforms, that just wasn’t a sustainable path to proceed on.”

Part of the issue is that Framework relies on external companies to put together firmware updates. Some components are provided by Intel, AMD, and other chip companies to all PC companies that use their chips. Others are provided by Insyde, which writes UEFI firmware for Framework and others. And some are handled by Compal, the contract manufacturer that actually produces Framework’s systems and has also designed and sold systems for most of the big-name PC companies. As far back as August 2023, Patel has written that the plan is to work with Compal and Insyde to hire dedicated staff to provide better firmware support for Framework laptops. However, the benefits of this arrangement have been slow to reach users. “[Compal] started recruiting on their side towards the end of last year,” Patel told Ars. “And now, just at the beginning of this year, we’ve been able to get that whole team into place and start onboarding them. And especially after Lunar New Year, which is in early February, that team is now up and running at full speed.” The goal, Patel says, is to continuously cycle through all of Framework’s actively supported laptops, updating each of them one at a time before looping back around and starting the process over again. Functionality-breaking problems and security fixes will take precedence, while additional features and user requests will be lower-priority. … snikulin adds: “As a recent Framework 13/AMD owner, I can confirm that it does not sleep properly on a default Windows 11 install. When I close the lid in the evening, the battery is dead the next morning. It’s interesting to hear from Linus Sebastian (LTT) on the topic because he is a stakeholder in Framework.”

Read more of this story at Slashdot.

‘Crescendo’ Method Can Jailbreak LLMs Using Seemingly Benign Prompts

spatwei shares a report from SC Magazine: Microsoft has discovered a new method to jailbreak large language model (LLM) artificial intelligence (AI) tools and shared its ongoing efforts to improve LLM safety and security in a blog post Thursday. Microsoft first revealed the “Crescendo” LLM jailbreak method in a paper published April 2, which describes how an attacker could send a series of seemingly benign prompts to gradually lead a chatbot, such as OpenAI’s ChatGPT, Google’s Gemini, Meta’s LlaMA or Anthropic’s Claude, to produce an output that would normally be filtered and refused by the LLM model. For example, rather than asking the chatbot how to make a Molotov cocktail, the attacker could first ask about the history of Molotov cocktails and then, referencing the LLM’s previous outputs, follow up with questions about how they were made in the past.

The Microsoft researchers reported that a successful attack could usually be completed in a chain of fewer than 10 interaction turns and some versions of the attack had a 100% success rate against the tested models. For example, when the attack is automated using a method the researchers called “Crescendomation,” which leverages another LLM to generate and refine the jailbreak prompts, it achieved a 100% success convincing GPT 3.5, GPT-4, Gemini-Pro and LLaMA-2 70b to produce election-related misinformation and profanity-laced rants. Microsoft reported the Crescendo jailbreak vulnerabilities to the affected LLM providers and explained in its blog post last week how it has improved its LLM defenses against Crescendo and other attacks using new tools including its “AI Watchdog” and “AI Spotlight” features.

Read more of this story at Slashdot.

T-Mobile Employees Across The Country Receive Cash Offers To Illegally Swap SIMs: Report

T-Mobile employees from around the country are reportedly receiving text messages offering them cash in exchange for swapping SIMs. SIM swapping is when cybercriminals trick a cellular service provider into switching a victim’s service to a SIM card that they control, essentially hijacking the victim’s phone number and gaining access to two-factor authentication codes. From the Mobile Report: The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block. The text also claims they acquired the employee’s number “from the T-Mo employee directory.” If true, it could mean T-Mobile’s employee directory, with contact numbers, has somehow been accessed. It’s also possible the bad actor has live/current access to this data, though we consider that less likely due to the fact that some impacted people are former employees who have not worked at the company in months.

Still, the biggest issue here is how this person (or multiple people) obtained the employee phone numbers. We’re not sure yet which employees are impacted, but based on comments online it seems at least a few third-party employees are affected, and we’ve independently confirmed current corporate employees have also received the message. Though we can’t say for certain, this likely means the information is not the same data as what was leaked during the Connectivity Source breach [from September]. We can’t, however, eliminate that possibility. As mentioned, there are reports that some of the contacted people are former employees, and haven’t been employed at T-Mobile for months, so the information being acted upon is likely a few months old at the very least. That being said, we’re pretty confident based on corporate employees being included that this is a different source of data being used.

Read more of this story at Slashdot.

Adobe Premiere Pro Is Getting Generative AI Video Tools

Adobe is using its Firefly machine learning model to bring generative AI video tools to Premiere Pro. “These new Firefly tools — alongside some proposed third-party integrations with Runway, Pika Labs, and OpenAI’s Sora models — will allow Premiere Pro users to generate video and add or remove objects using text prompts (just like Photoshop’s Generative Fill feature) and extend the length of video clips,” reports The Verge. From the report: Unlike many of Adobe’s previous Firefly-related announcements, no release date — beta or otherwise — has been established for the company’s new video generation tools, only that they’ll roll out “this year.” And while the creative software giant showcased what its own video model is currently capable of in an early video demo, its plans to integrate Premiere Pro with AI models from other providers isn’t a certainty. Adobe instead calls the third-party AI integrations in its video preview an “early exploration” of what these may look like “in the future.” The idea is to provide Premiere Pro users with more choice, according to Adobe, allowing them to use models like Pika to extend shots or Sora or Runway AI when generating B-roll for their projects. Adobe also says its Content Credentials labels can be applied to these generated clips to identify which AI models have been used to generate them.

Read more of this story at Slashdot.

CNN Reporter ‘Still Haunted’ By Space Shuttle Columbia Disaster

After nearly 11 years as CNN’s space correspondent, Miles O’Brien found himself in 2003 at the Kennedy Space Center in Florida covering the launch of the space shuttle Columbia:

As part of the post-launch routine, NASA began sharing several replays of the launch from various cameras trained on the vehicle. And that was when we saw it. Producer Dave Santucci called me into our live truck, and said, “You got to look at this.” It was kind of a grainy image of what looked like a puff of smoke, as if someone dropped a bag of flour on the ground and it broke open. We played it over and over again, and it did not look good at all. The giant orange fuel tank was filled with super cold liquid hydrogen and oxygen, so it was enveloped in insulating foam. A big piece of the foam had broken away near a strut called the “bipod,” striking the leading edge of the orbiter’s left wing. It was made of reinforced carbon to protect the aluminum structure of the spacecraft from the searing heat of re-entry from space.

I reached out to some of my sources inside the shuttle program. Everyone had seen it, of course, but the people I spoke with cautioned me not to worry. The foam was very light, and it had fallen off on earlier missions and nothing of concern had happened as a result… I wish I hadn’t taken my eye off the ball. Space was my beat, and I was uniquely positioned to put this concerning event into the public domain. Like NASA’s leadership, I went through a process of convincing myself that it was going to be okay. But I had this sinking feeling. It didn’t feel right. A spacecraft re-entering the atmosphere at 17,500 miles an hour — much faster than a rifle bullet — is enveloped in a glowing inferno of plasma…

[As it returned to earth 16 days later] the communication between the ground and the orbiter became non-routine. Producers in the control room realized the gravity of the situation, and we cut to a commercial break to get me off the couch. As I was making my way across the newsroom, I started heaving. I knew in an instant that they were all gone. There was no survivable scenario. I was sickened. It was like a body blow. Somehow I got my act together and started talking. I felt like it was my responsibility to mention the foam strike, to get the information out there to the public. About an hour after Columbia had disintegrated, I shared with a huge global audience what I knew… “That bipod is the place where they think a little piece of foam fell off and hit the leading edge of that wing.”

During the mission, I could have easily done a story about the foam strike, spreading the word that some NASA engineers believed there may be some reason for concern. What if I had done that? It might have made a difference.

“A rescue mission would not have been impossible,” the article concludes, “and I feel certain that if NASA managers saw that gaping hole in Columbia’s wing, they would’ve tried.
“We will never know for sure, but I do know how so many of us on the ground failed to do our jobs during that mission. It still haunts me.”

CNN broadcasts the last two episodes of its four-part series Space Shuttle Columbia: The Final Flight tonight at 9 p.m. EST (time-delayed on the west coast until 9 p.m.PST). CNN’s web site offers a “preview” of its live TV offerings here.
The news episodes (along with past episodes) will also be available on-demand starting Monday — “for pay TV subscribers via CNN.com, CNN connected TV and mobile apps.” It’s also available for purchase on Amazon Prime.

Read more of this story at Slashdot.

America’s Legal System May Be ‘Closing In’ on Regulating Cryptocurrencies

A business columnist at the Los Angeles Times notes Sam Bankman-Fried’s judge issued another ruling “that may have a more far-reaching effect on the crypto business.

U.S. Judge Failla “cleared the Securities and Exchange Commission to proceed with its lawsuit alleging that the giant crypto broker and exchange Coinbase has been dealing in securities without a license.”

What’s important about Failla’s ruling is that she dismissed out of hand Coinbase’s argument, which is that cryptocurrencies are novel assets that don’t fall within the SEC’s jurisdiction — in short, they’re not “securities.” Crypto promoters have been making the same argument in court and the halls of Congress, where they’re urging that the lawmakers craft an entirely new regulatory structure for crypto — preferably one less rigorous than the existing rules and regulations promulgated by the SEC and the Commodity Futures Trading Commission…

Failla saw through that argument without breaking a sweat. “The ‘crypto’ nomenclature may be of recent vintage,” she wrote, “but the challenged transactions fall comfortably within the framework that courts have used to identify securities for nearly eighty years….” Since Congress hasn’t enacted regulations specifically aimed at crypto, Coinbase said, the SEC’s lawsuit should be dismissed. The judge’s opinion of that argument was withering. “While certainly sizable and important,” she wrote, “the cryptocurrency industry ‘falls far short of being a “portion of the American economy” bearing vast economic and political significance….'”

Failla’s ruling followed another in New York federal court in which a judge deemed crypto to be securities. In that case, Judge Edgardo Ramos refused to dismiss SEC charges against Gemini Trust Co., a crypto trading outfit run by Cameron and Tyler Winkelvoss, and the crypto lender Genesis Global Capital. The SEC charged that a scheme in which Gemini pooled customers’ crypto assets and lent them to Genesis while promising the customers high interest returns is an unregistered security. The SEC case, like that against Coinbase, will proceed….

The hangover from March continued into this month. On April 5, a federal jury in New York found Terraform Labs and its chief executive and major shareholder, Do Kwon, liable in what the SEC termed “a massive crypto fraud….” The value of UST fell in effect to zero, the SEC said, “wiping out over $40 billion of total market value … and sending shock waves through the crypto asset community.”

Read more of this story at Slashdot.

Struggling Movie Exhibitors Beg Studios For More Movies – and Not Just Blockbusters

Movie exhibitors still face “serious risks,” the Los Angeles Times reported Tuesday:
Attendance was on the decline even before the pandemic shuttered theaters, thanks to changing consumer habits and competition for people’s time and money from other entertainment options. The industry has demonstrated an over-reliance on Imax-friendly studio action tent poles, when theater chains need a deep and diverse roster of movies in order to thrive… It remains to be seen whether the global box office will ever get back to the $40 billion-plus days of 2019 and earlier years. A clearer picture will emerge in 2025 when the writers’ and actors’ strikes are further in the past. But overall, there’s a strong case that moviegoing has proved to be relatively sturdy despite persistent difficulties.
Which brings us to this year’s CinemaCon convention, where multiplex operators heard from Hollywood studios teasing upcoming blockbusters like Joker: Folie à Deux, Furiosa: A Mad Max Saga, Transformers One, and Deadpool & Wolverine.

Exhibitors pleaded with the major studios to release more films of varying budgets on the big screen, while studios made the case that their upcoming slates are robust enough to keep them in business… Box office revenue in the U.S. and Canada is expected to total about $8.5 billion, which is down from $9 billion in 2023 and a far cry from the pre-pandemic yearly tallies that nearly reached $12 billion… Though a fuller release schedule is expected for 2025, talk of budget cuts, greater industry consolidation and corporate mergers has forced exhibitors to prepare for the possibility of a near future with fewer studios making fewer movies….

As the domestic film business has been thrown into turmoil in recent years, Japanese cinema and faith-based content have been two of movie theaters’ saving graces. Industry leaders kicked off CinemaCon on Tuesday by singing the praises of Sony-owned anime distributor Crunchyroll’s hits — including the latest “Demon Slayer” installment. Mitchel Berger, senior vice president of global commerce at Crunchyroll, said Tuesday that the global anime business generated $14 billion a decade ago and is projected to generate $37 billion next year. “Anime is red hot right now,” Berger said. “Fans have known about it for years, but now everyone else is catching up and recognizing that it’s a cultural, economic force to be reckoned with…. ” Another type of product buoying the exhibition industry right now is faith-based programming, shepherded in large part by “Sound of Freedom” distributor Angel Studios…

Theater owners urged studio executives at CinemaCon to put more films in theaters — and not just big-budget tent poles timed for summer movie season and holiday weekends… “Whenever we have a [blockbuster] film — whether it be ‘Barbie’ or ‘Super Mario’ … records are set,” added Bill Barstow, co-founder of ACX Cinemas in Nebraska. “But we just don’t have enough of them.”

Read more of this story at Slashdot.

Could a New Charge Double the Service-life of Li-Ion Batteries?

“An improved charging protocol might help lithium-ion batteries to last much longer,” writes Science Daily:

The best commercial lithium-ion batteries…have a service life of up to eight years. Batteries are usually charged with a constant current flow. But is this really the most favorable method? A new study by Prof. Philipp Adelhelm’s group at HZB and Humboldt-University Berlin answers this question clearly with “no.” [In collaboration with teams including the Technical University of Berlin.]

Part of the battery tests were carried out at Aalborg University. The batteries were either charged conventionally with constant current (CC) or with a new charging protocol with pulsed current (PC). Post-mortem analyses revealed clear differences after several charging cycles: In the CC samples, the solid electrolyte interface (SEI) at the anode was significantly thicker, which impaired the capacity… PC-charging led to a thinner SEI interface and fewer structural changes in the electrode materials.

The study is published in the journal Advanced Energy Materials and analyzes the effect of the charging protocol on the service time of the battery, according to the article. “The frequency of the pulsed current counts…”

“Doubling the life of your EV’s battery or even your smartphone’s battery is no small thing,” says Slashdot reader NewtonsLaw…

Read more of this story at Slashdot.

Data Collected by the US Justice Department Exposed in Consultant’s Breach

DOJ-Collected Information Exposed In Data Breach Affecting 340,000
Information Collected

An anonymous reader shared this report from Security Week:

Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach. The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals.

According to GMA’s notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office, both personal and Medicare information was compromised in the data breach… “This information may have included your name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information,” the notification letter reads.

The compromised data, GMA says, was obtained by the US Department of Justice “as part of a civil litigation matter”. More than 340,000 individuals were affected by the data breach, the company told the Maine Attorney General’s Office. The impacted individuals, however, are “not the subject of this investigation or the associated litigation matters”, the company tells the affected individuals.

Read more of this story at Slashdot.