"Five years ago, Brian Frye set an elaborate trap," writes Decrypt.co. "Now the law professor is teaming up with a singer-songwriter to finally spring it" on America's Security and Exchange Commission "in a novel lawsuit — and in the process, prevent the regulator from ever coming after NFT art projects again." Over and again, the SEC has sued cherry-picked NFT projects it says qualify as unregistered securities — but never once has the regulator defined what types of NFT projects are legal and which are not, casting a chill over the nascent industry... [In 2019] Frye, an expert in securities law and a fan of novel technologies, minted an NFT of a letter he sent to the SEC in which he declared his art project to constitute an illegal, unregistered security. If the conceptual art project wasn't a security, Frye challenged the agency, then it needed to say so. The SEC never responded to Frye — not then, and not after several more self-incriminating correspondences from the professor. But in due time, the agency began vigorously pursuing, and suing, NFT projects.
So 10 months ago, Jonathan Mann — who writes a new song every day and shares it online — crafted a song titled "This Song is A Security." As a seller of NFTs himself, Mann wrote the song "to fight back against the SEC, and defend his right — plus the rights of other artists like him — to earn revenue," according to the article: Frye, who'd practically been salivating for such an opportunity for half a decade, was a natural fit.... In the lawsuit filed against the SEC in Louisiana earlier this week, they challenged the SEC's standing to regulate their NFT-backed artworks as securities, and demanded the agency declare that their respective art projects do not constitute illegal, unregistered securities offerings.
More from the International Business Times: The complaint asked the court to clarify whether the SEC should regulate art and whether artists were supposed to "register" their artworks before selling the pieces to the general public. The complaint also asked whether artists should be "forced to make public disclosures about the 'risks' of buying their art," and whether artists should be "required to comply" with federal securities laws...

The Blockchain Association, a collective crypto group that includes some of the biggest digital asset firms, asserted that the SEC has no authority over NFT art. "We support the plaintiffs in their quest for legal clarity," the group said.
In an interview with Slashdot, Mann says he started his "Song a Day" project almost 17 years ago (when he was 26 years old) — and his interest in NFTs is sincere: "Over the years, I've always sought a way to make Song A Day sustainable financially, through video contests, conference gigs, ad revenue, royalties, Patreon and more.

"When I came across NFTs in 2017, they didn't have a name. We just called them 'digital collectibles'. For the last 2+ years, NFTs have become that self-sustaining model for my work.

"I know most people believe NFTs are a joke at best and actively harmful at worst. Even most people in the crypto community have given up on them. Despite all that, I still believe they're worth pursuing.

"Collecting an NFT from an artist you love is the most direct way to support them. There's no multinational corporation, no payment processor, and no venture capitalists between you and the artist you want to support."
Slashdot also tracked down the SEC's Office of Public Affairs, and got an official response from SEC public affairs specialist Ryan White.

Slashdot: The suit argues that the SEC's approach "threatens the livelihoods of artists and creators that are simply experimenting with a novel, fast-growing technology," and seeks guidance in the face of a "credible threat of enforcement". Is the SEC going to respond to this lawsuit? And if you don't have an answer at this time, can you give me a general comment on the issues and concerns being raised?

SEC Public Affairs Specialist Ryan White: We would decline comment.

Decrypt.co points out that the lawsuit "has no guarantee of offering some conclusive end to the NFT regulation question... That may only come with concrete legislation or a judgment by the Supreme Court."

But Mann's song still makes a very public show out of their concerns — with Mann even releasing a follow-up song titled "I'm Suing the SEC." (Its music video mixes together wacky clips of Mila Kunis's Stoner Cats and Fonzie jumping a shark with footage of NFT critics like Elizabeth Warren and SEC chairman Gary Gensler.)

And an earlier song also used auto-tune to transform Gensler's remarks about cryptocurrencies into the chorus of a song titled "Hucksters, Fraudsters, Scam Artists, Ponzi Schemes".

Mann later auctioned an NFT of the song — for over $3,000 in Ethereum.

Apple's elaborate new ad campaign promises that Safari is "a browser that protects your privacy." And the Washington Post says Apple "deserves credit for making many privacy protections automatic with Safari..."

"But Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, said Safari is no better than the fourth-best web browser for your privacy." "If browser privacy were a sport at the Olympics, Apple isn't getting on the medal stand," Cahn said. (Apple did not comment about this.)

Safari stops third-party cookies anywhere you go on the web. So do Mozilla's Firefox and the Brave browser... Chrome allows third-party cookies in most cases unless you turn them off... Even without cookies, a website can pull information like the resolution of your computer screen, the fonts you have installed, add-on software you use and other technical details that in aggregate can help identify your device and what you're doing on it. The measures, typically called "fingerprinting," are privacy-eroding tracking by another name. Nick Doty with the Center for Democracy & Technology said there's generally not much you can do about fingerprinting. Usually you don't know you're being tracked that way. Apple says it defends against common fingerprinting techniques but Cahn said Firefox, Brave and the Tor Browser all are better at protecting you from digital surveillance. That's why he said Safari is no better than the fourth-best browser for privacy.
Safari's does offer extra privacy protections in its "private" mode, the article points out. "When you use this option, Apple says it does more to block use of 'advanced' fingerprinting techniques. It also steps up defenses against tracking that adds bits of identifying information to the web links you click."

The article concludes that Safari users can "feel reasonably good about the privacy (and security) protections, but you can probably do better — either by tweaking your Apple settings or using a web browser that's even more private than Safari."

Google has pulled its "Dear Sydney" Olympics ad after it garnered significant backlash. (You can still watch the ad on YouTube, but comments have been turned off.) According to Ad Age, the ad was "meant to promote Google's Gemini AI platform, but viewers had a difficult time looking past its miscalculated storyline." From the report: In the ad, a father wants to help his daughter write a letter to her idol, Olympic track star Sydney McLaughlin-Levrone. But instead of encouraging her to take part in such a personal moment, he delegates Gemini to write the letter for her. Viewers and ad leaders lambasted the spot on social media for being tone-deaf. Some were upset over Google evidently seeing no problem with an AI co-opting a formative childhood act, while others alluded to its reinforcing of a more existential fear, that AI is bound to replace meaningful work. The ad got significant airplay during NBCU's TV coverage of the Olympics this week, including on NBC in primetime, as well as on E!, CNBC and USA, according to iSpot.tv. It last ran on national TV around midnight of July 30 on USA, according to iSpot.TV. "While the ad tested well before airing, given the feedback, we've decided to phase the ad out of our Olympics rotation," a Google spokesperson told Ad Age today.

The company earlier this week defended the ad in a statement: "We believe that AI can be a great tool for enhancing human creativity, but can never replace it. Our goal was to create an authentic story celebrating Team USA. It showcases a real-life track enthusiast and her father, and aims to show how the Gemini app can provide a starting point, thought starter, or early draft for someone looking for ideas for their writing."

For the first time, an AI-controlled autonomous robot performed an entire dental procedure on a human patient, completing the task eight times faster than a human dentist could. New Atlas reports: The system, built by Boston company Perceptive, uses a hand-held 3D volumetric scanner, which builds a detailed 3D model of the mouth, including the teeth, gums and even nerves under the tooth surface, using optical coherence tomography, or OCT. This cuts harmful X-Ray radiation out of the process, as OCT uses nothing more than light beams to build its volumetric models, which come out at high resolution, with cavities automatically detected at an accuracy rate around 90%. At this point, the (human) dentist and patient can discuss what needs doing -- but once those decisions are made, the robotic dental surgeon takes over. It plans out the operation, then jolly well goes ahead and does it.

The machine's first specialty: preparing a tooth for a dental crown. Perceptive claims this is generally a two-hour procedure that dentists will normally split into two visits. The robo-dentist knocks it off in closer to 15 minutes. Here's a time-lapse video of the drilling portion, looking very much like a CNC machine at work. Remarkably, the company claims the machine can take care of business safely "even in the most movement-heavy conditions," and that dry run testing on moving humans has all been successful. [...] The robot's not FDA-approved yet, and Perceptive hasn't placed a timeline on rollout, so it may be some years yet before the public gets access to this kind of treatment.

Longtime Slashdot reader ArchieBunker shares a report from Jalopnik: YouTube's Rich Rebuilds has been taking electric vehicles apart to see what makes them tick for years, so when a bargain-priced Fisker Ocean came on his radar, he had to buy it. Even if it was totally bricked. This car was purchased new for over $70,000, had several thousand dollars of paint protection and tint applied, was driven for 300 miles, and traded in. It sat on the dealer lot for long enough for the battery to die, and the techs at the dealer couldn't figure it out. So they sold it to Rich for just 10 grand!

As Rich notes in the video, the car is worth way more than ten grand in parts alone, as current Fisker owners will be looking for ways to keep their cars on the road for years to come. The company has gone the way of the dodo, and parts supply and software updates are never going to come. What you see is what you get, and what you get is kind of shitty. In June, Fisker filed for bankruptcy, months after the electric-vehicle startup stopped production of its only model, the oft-malfunctioning Ocean SUV.

An anonymous reader quotes a report from TechCrunch: A group of researchers said they found that vulnerabilities in the design of some dating apps, including the popular Bumble and Hinge, allowed malicious users or stalkers to pinpoint the location of their victims down to two meters. In a new academic paper, researchers from the Belgian university KU Leuven detailed their findings (PDF) when they analyzed 15 popular dating apps. Of those, Badoo, Bumble, Grindr, happn, Hinge and Hily all had the same vulnerability that could have helped a malicious user to identify the near-exact location of another user, according to the researchers. While neither of those apps share exact locations when displaying the distance between users on their profiles, they did use exact locations for the "filters" feature of the apps. Generally speaking, by using filters, users can tailor their search for a partner based on criteria like age, height, what type of relationship they are looking for and, crucially, distance.

To pinpoint the exact location of a target user, the researchers used a novel technique they call "oracle trilateration." In general, trilateration, which for example is used in GPS, works by using three points and measuring their distance relative to the target. This creates three circles, which intersect at the point where the target is located. Oracle trilateration works slightly differently. The researchers wrote in their paper that the first step for the person who wants to identify their target's location "roughly estimates the victim's location," for example, based on the location displayed in the target's profile. Then, the attacker moves in increments "until the oracle indicates that the victim is no longer within proximity, and this for three different directions. The attacker now has three positions with a known exact distance, i.e., the preselected proximity distance, and can trilaterate the victim," the researchers wrote.

"It was somewhat surprising that known issues were still present in these popular apps," Karel Dhondt, one of the researchers, told TechCrunch. While this technique doesn't reveal the exact GPS coordinates of the victim, "I'd say 2 meters is close enough to pinpoint the user," Dhondt said. The good news is that all the apps that had these issues, and that the researchers reached out to, have now changed how distance filters work and are not vulnerable to the oracle trilateration technique. The fix, according to the researchers, was to round up the exact coordinates by three decimals, making them less precise and accurate.

An anonymous reader shares a report: Multiple YouTube users are now reporting on social media that YouTube is serving them with blank ads or black screens before a video when they are using an ad-blocker extension. The black screens appear for the length of a typical YouTube pre-roll or ad insert before displaying the actual content of the video the viewer wants to watch.

Long-time Slashdot reader sandbagger writes: Have you ever wondered if it's true you can instantly get malware? In this video, a person connects an XP instance directly to the internet with no firewall to see just how fast it gets compromised by malware, rootkits, malicious services and new user accounts. The answer — fast!
Malwarebytes eventually finds eight different viruses/Trojan horses -- and a DNS changer. (One IP address leads back to the Russian federation.) Itâ(TM)s fun to watch -- within just a few hours a new Windows user has even added themself. And for good measure, he also opens up Internet Explorer...

âoeWindows XP -- very insecure,â they conclude at the end of the video. âoeVery easy for random software from the internet to get more privileges than you, and it is very hard to solve that.

âoeAlso, just out of curiosity I tried this on Windows 7. And even with all of the same settings, nothing happened. I let it run for 10 hours. So it seems like this may be a problem in historical Windows.â

CNET visits a leading-edge company making an implantable brain-computer-interface that's "experimenting with ChatGPT integration..." We previously covered Synchron's unique approach to implanting its brain-computer-interface (BCI) without the need for open brain surgery. Now the company has integrated OpenAI's ChatGPT into its software, something it says is a world's first for a BCI company...

Typing out messages word by word with the help of a BCI is still time consuming. The addition of AI is seen as a way to make communication faster and easier by taking in the relevant context, like what was last said in a conversation, and anticipating answers a person might want to respond with, providing them with a menu of possible options. Now, instead of typing out each word, answers can be filled in with a single "click." There's a refresh button in case none of the AI answers are right... [ALS patient Mark, one of 10 people in the world testing Synchron's brain implant in a clinical trial] has noticed the AI getting better at providing answers that are more in line with things he might say. "Every once in a while it'll drop an f-bomb, which I tend to do occasionally," he says with a laugh.

Synchron CEO Tom Oxley tells me the company has been experimenting with different AI models for about a year, but the release of OpenAI's ChatGPT-4o in May raised some interesting new possibilities. The "o" in ChatGPT-4o stands for "omni," representative of the fact that this latest version is capable of taking in text, audio and visual inputs all at once to inform its outputs... Oxley envisions the future of BCIs as... having large language models like ChatGPT take in relevant context in the form of text, audio and visuals to provide relevant prompts that users can select with their BCI... Synchron's BCI is expected to cost between $50,000 and $100,000, comparable with the cost of other implanted medical devices like cardiac pacemakers or cochlear implants.
CNET has also released a video — titled "What It's Like Using a Brain Implant With ChatGPT."

Former U.S. president Donald Trump spoke at Nashville's Bitcoin Conference on Saturday.

But he wasn't the only one there making headlines, according to a local newspaper called the Tennesseean: Republican Sens. Cynthia Lummis and Tim Scott pledged their resolute support for the cryptocurrency industry at Nashville's Bitcoin2024 conference Friday — moments before whistleblower and political dissident Edward Snowden warned attendees to be wary of politicians trying to win them over. "Cast a vote, but don't join a cult," Snowden said. "They are not our tribe. They are not your personality. They have their own interests, their own values, their own things that they're chasing. Try to get what you need from them, but don't give yourself to them."

Snowden didn't call out any politicians specifically, but the conference has drawn national attention for its robust lineup of legislators including former President Donald Trump, independent presidential nominee Robert F. Kennedy Jr, former presidential candidate Vivek Ramaswamy and a number of other senators. "Does this feel normal to you?" Snowden said. "When you look at the candidates, when you look at the dynamics, even the people on stage giving all the speeches, I'm not saying they're terrible at all, but it's a little unusual. The fact that they're here is a little unusual...."

Two key tenets of Bitcoin are transparency and decentralization, which means anyone can view all Bitcoin transactions on a public ledger. Snowden said this kind of metadata could be dangerous in the wrong hands, especially with artificial intelligence innovations making it easier to collect. "It is fantasy to imagine they're not doing this," he said.... He added that other countries like China or Russia could be collecting this same data. Snowden said he's afraid the collection of transaction data could happen across financial institutions and ultimately be used against the customers.
Also speaking was RFK Jr — who asked why Snowden hadn't already been pardoned, along with Julian Assange and Ross Ulbricht, when Donald Trump was president (as Kennedy promised to do). According to USA Today, Kennedy promised more than just creating a strategic reserve of Bitcoin worth more than half a trillion dollars: Kennedy also pledged to sign an executive order directing the IRS to treat Bitcoin as an eligible asset for 1031 Exchange into real property — making transactions unreportable and by extension nontaxable — which prompted a roar of approval from the crowd.
Though Trump's appearance also ended with a promise to have the government create a "strategic national bitcoin stockpile," NBC News notes that Trump "stopped short of offering many details." Immediately following Trump's remarks, Senator Cynthia Lummis, R-Wyo., said she would introduce a bill to create the reserve. However, the price of bitcoin fell slightly in the wake of Trump's remarks Saturday, perhaps reflecting crypto traders' unmet expectations for a more definitive commitment on the reserve idea from the presidential candidate...

Shortly after his morning remarks, Bitcoin Magazine reported that a group of Democratic representatives and candidates had sent a letter to the Democratic National Committee urging party leaders to be more supportive of crypto...

On Saturday, the Financial Times reported [presidential candidate Kamala] Harris had approached top crypto companies seeking a "reset" of relations, citing unnamed sources.
Ironically, in the end one conference attendee ended up telling Bloomberg that "It doesn't really matter who the president is. I don't really care much about it, because Bitcoin will do its thing regardless."

As Comic-Con hits San Diego, "part of the big news in 2024 is that the con won't have a corresponding virtual or online event this year," according to Polygon, "for the first time since 2019."

But there's still some big scifi media news, according to CNET's Comic-Con coverage: Disney revealed a new Doctor Who addition to the franchise that will jump back to the 1970s with the Sea Devils, an ancient group of beings who arise from the sea. Made in partnership with the BBC, the series... will air on Disney Plus, where fans can currently stream season 14 of Doctor Who starring Ncuti Gatwa.
And there's also an upcoming Doctor Who Christmas special.

Meanwhile, Saturday night, USA Today ran a special article with late-breaking announcements about Marvel's Cinematic Universe: Marvel has already won Comic-Con, with a raucous screening of "Deadpool & Wolverine" followed by a high-tech drone show, and the box office, with the new movie on track to have one of the best openings of all time... Robert Downey Jr. returns to the MCU as Doctor Doom in Avengers: Doomsday. Kevin Feige says the Fantastic Four will be in the next two Avengers movies... And here comes the Fantastic Four [movie] a year from now. It starts filming Tuesday in the UK...
The article says Marvel's Fantastic Four presentation included "a Fantasti-Car that hovers across the stage — and that castmembers also appeared from the upcoming Thunderbolts* movie.

More geeky news:

• Amazon Prime showed a new four-minute trailer with clips from season two of its J.R.R. Tolkein prequel, "The Rings of Power". (And there was also a three-minute blooper reel for Season 4 of Prime's superhero-themed series, "The Boys".)

• Paramount+ showed a trailer for the Star Trek universe's first streaming movie, Section 31. There was also a trailer for season 5 of the animated comedy Star Trek: Lower Decks — plus a particularly strange clip from the fourth season of Star Trek: Strange New Worlds.

• Keanu Reeves accepted the Inkpot award for his contribution to the world of film and comics — partly because since 2021 Reeves has been co-authoring a Kickstarter-funded comic book called BRZRKR. (Netflix plans to adapt it into a movie.)

• Next February will see the release of Captain America: Brave New World, in which the Incredible Hulk may get some competition from Harrison Ford, who's been cast as the Red Hulk.

But things got a little too real Friday when a fire at a nearby steakhouse forced the evacuation of the immersive "Penguin Lounge" — which was promoting Max's new prequel series to 2022's movie The Batman.

joshuark shares a report from The Verge: NASA researchers have successfully tested laser communications in space by streaming 4K video footage originating from an airplane in the sky to the International Space Station and back. The feat demonstrates that the space agency could provide live coverage of a Moon landing during the Artemis missions and bodes well for the development of optical communications that could connect humans to Mars and beyond. NASA normally uses radio waves to send data and talk between the surface to space but says that laser communications using infrared light can transmit data 10 to 100 times faster than radios. "ISS astronauts, cosmonauts, and unwelcomed commercial space-flight visitors can now watch their favorite porn in real-time, adding some life to a boring zero-G existence," adds joshuark. "Ralph Kramden, when contacted by Ouiji board, simply spelled out 'Bang, zoom, straight to the moon!'"

Thomas Claburn reports via The Register: Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories (public or private) and from deleted copies (forks) of repositories isn't necessarily deleted. Joe Leon, a security researcher with the outfit, said in an advisory on Wednesday that being able to access deleted repo data -- such as APIs keys -- represents a security risk. And he proposed a new term to describe the alleged vulnerability: Cross Fork Object Reference (CFOR). "A CFOR vulnerability occurs when one repository fork can access sensitive data from another fork (including data from private and deleted forks)," Leon explained.

For example, the firm showed how one can fork a repository, commit data to it, delete the fork, and then access the supposedly deleted commit data via the original repository. The researchers also created a repo, forked it, and showed how data not synced with the fork continues to be accessible through the fork after the original repo is deleted. You can watch that particular demo [here].

According to Leon, this scenario came up last week with the submission of a critical vulnerability report to a major technology company involving a private key for an employee GitHub account that had broad access across the organization. The key had been publicly committed to a GitHub repository. Upon learning of the blunder, the tech biz nuked the repo thinking that would take care of the leak. "They immediately deleted the repository, but since it had been forked, I could still access the commit containing the sensitive data via a fork, despite the fork never syncing with the original 'upstream' repository," Leon explained. Leon added that after reviewing three widely forked public repos from large AI companies, Truffle Security researchers found 40 valid API keys from deleted forks. GitHub said it considers this situation a feature, not a bug: "GitHub is committed to investigating reported security issues. We are aware of this report and have validated that this is expected and documented behavior inherent to how fork networks work. You can read more about how deleting or changing visibility affects repository forks in our [documentation]."

Truffle Security argues that they should reconsider their position "because the average user expects there to be a distinction between public and private repos in terms of data security, which isn't always true," reports The Register. "And there's also the expectation that the act of deletion should remove commit data, which again has been shown to not always be the case."

Russia admitted that it's deliberately slowing YouTube's loading speeds and said it plans to throttle the download speeds on the Google platform by up to 70% by the end of next week. Russia is taking this stand in response to Google's refusal to comply with the demands of the Russian authorities, local lawmaker Alexander Khinshtein said. From a report: Khinshtein, the head of the State Duma's Information Policy Committee, claimed that the move is "not aimed against Russian users, but against the administration of a foreign resource that still believes that it can violate and ignore our legislation with impunity."

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what's known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings "DO NOT SHIP" or "DO NOT TRUST." These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here. "It's a big problem," said Martin Smolar, a malware analyst specializing in rootkits who reviewed the Binarly research. "It's basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically... execute any malware or untrusted code during system boot. Of course, privileged access is required, but that's not a problem in many cases."

Binarly founder and CEO Alex Matrosov added: "Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?"

samleecole writes: A leaked document obtained by 404 Media shows company-wide effort at generative AI company Runway, where employees collected thousands of YouTube videos and pirated content for training data for its Gen-3 Alpha model. The model -- initially codenamed Jupiter and released officially as Gen-3 -- drew widespread praise from the AI development community and technology outlets covering its launch when Runway released it in June. Last year, Runway raised $141 million from investors including Google and Nvidia, at a $1.5 billion valuation.

The spreadsheet of training data viewed by 404 Media and our testing of the model indicates that part of its training data is popular content from the YouTube channels of thousands of media and entertainment companies, including The New Yorker, VICE News, Pixar, Disney, Netflix, Sony, and many others. It also includes links to channels and individual videos belonging to popular influencers and content creators, including Casey Neistat, Sam Kolder, Benjamin Hardman, Marques Brownlee, and numerous others.

An anonymous reader quotes a report from TechCrunch: Content creators are busy people. Most spend more than 20 hours a week creating new content for their respective corners of the web. That doesn't leave much time for audience engagement. But Mark Zuckerberg, Meta's CEO, thinks that AI could solve this problem. In an interview with internet personality Rowan Cheung, Zuckerberg laid out his vision for a future in which creators have their own bots, of sorts, that capture their personalities and "business objectives." Creators will offload some community outreach to these bots to free up time for other, presumably more important tasks, Zuckerberg says.

"I think there's going to be a huge unlock where basically every creator can pull in all their information from social media and train these systems to reflect their values and their objectives and what they're trying to do, and then people can can interact with that," Zuckerberg said. "It'll be almost like this artistic artifact that creators create that people can kind of interact with in different ways." [...] It's tough to imagine creators putting trust in the hands of flawed AI bots to interact with their fans. In the interview, Zuckerberg acknowledges that Meta has to "mitigate some of the concerns" around its use of generative AI and win users' trust over the long term. This is especially true as some of Meta's AI training practices are actively driving creators away from its platforms.

Who wrote the code for Windows' notorious "Blue Screen of Death? It's "been a source of some contention," writes SFGate: A Microsoft developer blog post from Raymond Chen in 2014 said that former Microsoft CEO Steve Ballmer wrote the text for the Ctrl+Alt+Del dialog in Windows 3.1. That very benign post led to countless stories from tech media claiming Ballmer was the inventor of the "Blue Screen of Death." That, in turn, prompted a follow-up developer blog post from Chen titled "Steve Ballmer did not write the text for the blue screen of death...."

Chen then later tried to claim he was responsible for the "Blue Screen of Death," saying he coded it into Windows 95. Problem is, it already existed in previous iterations of Windows, and 95 simply removed it. Chen added it back in, which he sort of cops to, saying: "And I'm the one who wrote it. Or at least modified it last." No one challenged Chen's 2014 self-attribution, until 2021, when former Microsoft developer Dave Plummer stepped in. According to Plummer, the "Blue Screen of Death" was actually the work of Microsoft developer John Vert, whom logs revealed to be the father of the modern Windows blue screen way back in version 3.1.
Plummer spoke directly with Vert, according to Vert, who'd remembered that he got the idea because there was already a blue screen with white text in both his machine at the time (a MIPS RISC box) and this text editor (SlickEdit)...

AI companies are generally secretive about their sources of training data, but an investigation by Proof News found some of the wealthiest AI companies in the world have used material from thousands of YouTube videos to train AI. Companies did so despite YouTube's rules against harvesting materials from the platform without permission. From a report: Our investigation found that subtitles from 173,536 YouTube videos, siphoned from more than 48,000 channels, were used by Silicon Valley heavyweights, including Anthropic, Nvidia, Apple, and Salesforce. The dataset, called YouTube Subtitles, contains video transcripts from educational and online learning channels like Khan Academy, MIT, and Harvard. The Wall Street Journal, NPR, and the BBC also had their videos used to train AI, as did The Late Show With Stephen Colbert, Last Week Tonight With John Oliver, and Jimmy Kimmel Live.

Proof News also found material from YouTube megastars, including MrBeast (289 million subscribers, two videos taken for training), Marques Brownlee (19 million subscribers, seven videos taken), Jacksepticeye (nearly 31 million subscribers, 377 videos taken), and PewDiePie (111 million subscribers, 337 videos taken). Some of the material used to train AI also promoted conspiracies such as the "flat-earth theory." Further reading: YouTube Says OpenAI Training Sora With Its Videos Would Break Rules.

An anonymous reader quotes a report from Ars Technica: During an interview with Sequoia Capital's Training Data podcast published last Tuesday, Microsoft CTO Kevin Scott doubled down on his belief that so-called large language model (LLM) "scaling laws" will continue to drive AI progress, despite some skepticism in the field that progress has leveled out. Scott played a key role in forging a $13 billion technology-sharing deal between Microsoft and OpenAI. "Despite what other people think, we're not at diminishing marginal returns on scale-up," Scott said. "And I try to help people understand there is an exponential here, and the unfortunate thing is you only get to sample it every couple of years because it just takes a while to build supercomputers and then train models on top of them."

LLM scaling laws refer to patterns explored by OpenAI researchers in 2020 showing that the performance of language models tends to improve predictably as the models get larger (more parameters), are trained on more data, and have access to more computational power (compute). The laws suggest that simply scaling up model size and training data can lead to significant improvements in AI capabilities without necessarily requiring fundamental algorithmic breakthroughs. Since then, other researchers have challenged the idea of persisting scaling laws over time, but the concept is still a cornerstone of OpenAI's AI development philosophy. Scott's comments can be found around the 46-minute mark.