cross-posted from: https://lemm.ee/post/12632609

Oryon (pronounced like “Orion,” the star system) in its initial offering is a 12-core Arm CPU core, custom-designed by Qualcomm, built on 64-bit architecture and 4nm process technology. It’s the successor to the Kryo used in Snapdragon 8cx Gen 3 (5nm process) and earlier 8cx efforts.

The overall boost clock on these 12 cores is 3.8GHz, with the ability (a bit like Intel chips with their various Turbo Boost and Turbo Boost Max technologies) to boost just one or two cores to 4.3GHz. According to Qualcomm, this limited acceleration should manifest in faster application launch times, better web browsing responsiveness, and snappier UI. The company also points out that, when in boost mode, these cores are the world’s first 4GHz-capable Arm cores.

The Snapdragon summit 2023 keynote starts in 5 minutes. They'll show off their new ARM CPU for windows PCs, hopefully it's good.

The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models. Is intended as a way to fight back against AI companies that use artists’ work to train their models without the creator’s permission.

ARTICLE - Technology Review

ARTICLE - Mashable

ARTICLE - Gizmodo

The researchers tested the attack on Stable Diffusion’s latest models and on an AI model they trained themselves from scratch. When they fed Stable Diffusion just 50 poisoned images of dogs and then prompted it to create images of dogs itself, the output started looking weird—creatures with too many limbs and cartoonish faces. With 300 poisoned samples, an attacker can manipulate Stable Diffusion to generate images of dogs to look like cats.

The massive Chinese social media network Sina Weibo informed its platform’s most popular users last week that they must display their real identities, including names, gender, IP locations, as well as professional and educational background, on their account page starting at the end of October.

The policy will first apply to Weibo users with more than 1 million followers and later extend to those with half a million followers. It is believed that other social media platforms in China will also follow the move.

China implemented the online real-name registration system in 2012. Under the policy, personal data are stored on the platforms and are invisible to other users. Last year, Chinese social media platforms started displaying the IP locations of social media users to crack down on online rumors, including witness accounts of social incidents such as protests.

The latest change was confirmed by Weibo’s CEO Wang Gaofei, who briefly activated the personal information display on his profile page on October 20, 2023. Wang’s social credit status, employment, and professional and educational background were all listed on this profile page.

The new policy triggered a heated debate on Chinese social media. Unexpectedly, online patriots, who are usually fairly united, split into two camps over the new requirements.

Supporters argued that the policy could reduce online rumours and that influencers should bear more social responsibility and reveal their genuine identity to their readers. Among them is state-owned Global Times’ top commentator Hu Xijin, who commented on the new measure on Weibo on October 16:

read more: https://globalvoices.org/2023/10/23/new-policy-requires-chinese-influencers-to-display-their-real-identities-on-weibo/

Open Empathic aims to equip open-source AI systems with empathy and emotional intelligence. We hope that methods and tools developed within the framework of this project, together with a community of researchers and technology enthusiasts, will revolutionize the way AI interacts with and supports humans in various domains.

cross-posted from: https://lemdro.id/post/2469210 (!android@lemdro.id)

archive

Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.

Looking at the ad, which masquerades as a pitch for the open-source password manager Keepass, there’s no way to know that it’s fake. It’s on Google, after all, which claims to vet the ads it carries. Making the ruse all the more convincing, clicking on it leads to ķeepass[.]info, which when viewed in an address bar appears to be the genuine Keepass site.

A closer link at the link, however, shows that the site is not the genuine one. In fact, ķeepass[.]info —at least when it appears in the address bar—is just an encoded way of denoting xn--eepass-vbb[.]info, which it turns out, is pushing a malware family tracked as FakeBat. Combining the ad on Google with a website with an almost identical URL creates a near perfect storm of deception.

“Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain,” Jérôme Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post Wednesday that revealed the scam.

Information available through Google’s Ad Transparency Center shows that the ads have been running since Saturday and last appeared on Wednesday. The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.

Google representatives didn’t immediately respond to an email, which was sent after hours. In the past, the company has said it promptly removes fraudulent ads as soon as possible after they’re reported.

The sleight of hand that allowed the imposter site xn--eepass-vbb[.]info to appear as ķeepass[.]info is an encoding scheme known as punycode. It allows unicode characters to be represented in standard ASCII text. Looking carefully, it’s easy to spot the small comma-like figure immediately below the k. When it appears in an address bar, the figure is equally easy to miss, especially when the URL is backed by a valid TLS certificate, as is the case here.

The use of punycode-enhanced malware scams has a long history. Two years ago, scammers used Google ads to drive people to a site that looked almost identical to brave.com, but was, in fact, another malicious website pushing a fake, malicious version of the browser. The punycode technique first came to widespread attention in 2017, when a Web application developer created a proof-of-concept site that masqueraded as apple.com.

There’s no sure-fire way to detect either malicious Google ads or punycode encoded URLs. Posting ķeepass[.]info into all five major browsers leads to the imposter site. When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long. Another option is to inspect the TLS certificate to make sure it belongs to the site displayed in the address bar.

This is over 10 years old but more relevant than ever. :)