Ars Technica

Enlarge (credit: BeeBright / Getty Images / iStockphoto)

Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.

The unknown attackers behind the compromise infected at least four servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm ESET said. After obtaining the cryptographic hashes for 551 user accounts on the network, the attackers were able to convert half into plaintext passwords, likely through password-cracking techniques and the use of an advanced credential-stealing feature built into the malware. From there, the attackers used the servers to send spam and carry out other nefarious activities. The four servers were likely infected and disinfected at different times, with the last two being remediated at some point in 2011.

An infection of kernel.org came to light in 2011, when kernel maintainers revealed that 448 accounts had been compromised after attackers had somehow managed to gain unfettered, or “root,” system access to servers connected to the domain. Maintainers reneged on a promise to provide an autopsy of the hack, a decision that has limited the public’s understanding of the incident.

Read 19 remaining paragraphs | Comments

Enlarge (credit: Getty Images)

The Federal Trade Commission's Office of Technology has issued a warning to automakers that sell connected cars. Companies that offer such products "do not have the free license to monetize people’s information beyond purposes needed to provide their requested product or service," it wrote in a blog post on Tuesday. Just because executives and investors want recurring revenue streams, that does not "outweigh the need for meaningful privacy safeguards," the FTC wrote.

Based on your feedback, connected cars might be one of the least-popular modern inventions among the Ars readership. And who can blame them? Last January, a security researcher revealed that a vehicle identification number was sufficient to access remote services for multiple different makes, and yet more had APIs that were easily hackable.

Later, in 2023, the Mozilla Foundation published an extensive report examining the various automakers' policies regarding the use of data from connected cars; the report concluded that "cars are the worst product category we have ever reviewed for privacy."

Read 5 remaining paragraphs | Comments

Enlarge / John Milton citing Spenser on the recent history of Ireland in his 1587 edition of Raphael Holinshed's Chronicles. Note Milton's italic e, hooks and curls on letters and distinctive s's. (credit: Phoenix Public Library)

John Milton is widely considered to be one of the greatest English poets who ever lived—just ask such luminaries as John Dryden, Alexander Pope, Samuel Jonson, and Voltaire, who once declared, "Milton remains the glory and the wonder of England." But while Milton's own books continue to be widely read and studied, there are only a handful of books in collections today known to have been part of his personal library.

Add one more title to that small list, as scholars recently discovered a copy of Holinshed's Chronicles of England, Scotland, and Ireland in the Phoenix Public Library, containing handwritten notes in Milton's distinctive hand. This makes the volume extra-special, since only two other books once owned by Milton also contain handwritten notes. The scholars detailed their findings in a new article published in the Times Literary Supplement.

Holinshed's Chronicles is a hugely influential and comprehensive three-volume history of Great Britain, first published in 1577; it was followed by a second edition in 1587. A London printer named Reginald Wolfe started the project and hired Raphael Holinshed and William Harrison to help him create a "universal cosmography of the whole world." Wolfe died before the book could be completed, and the project was eventually scaled down to a history of England, Scotland, and Ireland, complete with maps and illustrations.

Read 8 remaining paragraphs | Comments

Enlarge (credit: VMware)

Broadcom's acquisition of VMware last year has led to widespread upheaval at the company, including layoffs, big changes to how it approaches software licensing, and general angst from customers and partners. Broadcom also discontinued the free-to-use version of VMware's vSphere Hypervisor, also known as ESXi, earlier this year, forcing home users to find alternatives.

But today there's a bit of good news—for home users, at least. Broadcom is making VMware Fusion Pro 13 and VMWare Workstation Pro free for personal use.

Fusion Pro and Workstation Pro certainly aren't the only free-to-use virtualization products—VirtualBox has existed for years, and there are many indie projects that make use of Apple's virtualization frameworks for macOS. But VMware's products are a bit more polished and easier to learn than some of those alternatives, and VMware's file formats are also commonly used when redistributing virtual machines for retrocomputing purposes.

Read 5 remaining paragraphs | Comments

Enlarge / GM used a Silverado EV to power a 10,000-square-foot house as a demo of its Home Energy system. (credit: General Motors)

LOS ANGELES—Let's face it: The American power grid is a hot mess. The system is outdated and overstressed by amp-sucking appliances, air conditioning units, and extreme weather. Depending on where you live, it's likely only a matter of time before your home will experience a blackout. GM Energy, a subsidiary of General Motors, is here to help.

At a demonstration in a swanky 10,000-square-foot mansion in Beverly Hills, California, where I counted 51 recessed lights in the great room, the new home products from GM Energy easily kept the electrons flowing, eschewing the grid and drawing power from the 200 kWh battery in a 2024 Chevrolet Silverado RST.

It all starts with the GM Energy PowerShift charger. On an 80 A circuit, the charger can charge your EV at a whopping 19.2 kW, and its bi-directional technology can push electrons from the truck's battery into an inverter to convert it to the AC power your home requires. The happy little AC current then goes into the Home Hub that distributes the power to the appropriate circuits, and voilà—the lights are on.

Read 18 remaining paragraphs | Comments

Enlarge / Riding atop a SpaceX Falcon 9 rocket, NASA’s Double Asteroid Redirection Test, or DART, spacecraft sets off to collide with an asteroid in the world’s first full-scale planetary defense test mission in November 2021. (credit: NASA/Bill Ingalls)

On a fall evening in 2022, scientists at the Johns Hopkins University Applied Physics Laboratory were busy with the final stages of a planetary defense mission. As Andy Rivkin, one of the team leaders, was getting ready to appear in NASA’s live broadcast of the experiment, a colleague posted a photo of a pair of asteroids: the half-mile-wide Didymos and, orbiting around it, a smaller one called Dimorphos, taken about 7 million miles from Earth.

“We were able to see Didymos and this little dot in the right spot where we expected Dimorphos to be,” Rivkin recalled.

After the interview, Rivkin joined a crowd of scientists and guests to watch the mission’s finale on several big screens: As part of an asteroid deflection mission called DART, a spacecraft was closing in on Dimorphos and photographing its rocky surface in increasing detail.

Read 32 remaining paragraphs | Comments

Enlarge (credit: Benj Edwards)

Ars Technica AI Reporter and tech historian Benj Edwards has co-written a book on the Virtual Boy with Dr. Jose Zagal. In this exclusive excerpt, Benj and Jose take you back to Nintendo of the early '90s, where a unique 3D display technology captured the imagination of legendary designer Gunpei Yokoi and set the stage for a daring, if ultimately ill-fated, foray into the world of stereoscopic gaming.

Seeing Red: Nintendo's Virtual Boy is now available for purchase in print and ebook formats.

A full list of references can be found in the book.

Nearly 30 years after the launch of the Virtual Boy, not much is publicly known about how, exactly, Nintendo came to be interested in developing what would ultimately become its ill-fated console. Was Nintendo committed to VR as a future for video games and looking for technological solutions that made business sense? Or was the Virtual Boy primarily the result of Nintendo going “off script” and seizing a unique, and possibly risky, opportunity that presented itself? The answer is probably a little bit of both.

As it turns out, the Virtual Boy was not an anomaly in Nintendo’s history with video game platforms. Rather, it was the result of a deliberate strategy that was consistent with Nintendo’s way of doing things and informed by its lead creator Gunpei Yokoi’s design philosophy.

Read 47 remaining paragraphs | Comments

Enlarge / An image Illya Sutskever tweeted with this OpenAI resignation announcement. From left to right: New OpenAI Chief Scientist Jakub Pachocki, President Greg Brockman, Sutskever, CEO Sam Altman, and CTO Mira Murati. (credit: Ilya Sutskever / X)

On Tuesday evening, OpenAI chief scientist Ilya Sutskever announced that he is leaving the company he co-founded, six months since he participated in the coup that temporarily ousted OpenAI CEO Sam Altman. Jan Leike, a fellow member of Sutskever's Superalignment team, is reportedly resigning with him.

"After almost a decade, I have made the decision to leave OpenAI," Sutskever tweeted. "The company’s trajectory has been nothing short of miraculous, and I’m confident that OpenAI will build AGI that is both safe and beneficial under the leadership of @sama, @gdb, @miramurati and now, under the excellent research leadership of @merettm. It was an honor and a privilege to have worked together, and I will miss everyone dearly."

Sutskever has been with the company since its founding in 2015 and is widely seen as one of the key engineers behind some of OpenAI's biggest technical breakthroughs. As a former OpenAI board member, he played a key role in the removal of Sam Altman as CEO in the shock firing last November. While it later emerged that Altman's firing primarily stemmed from a power struggle with former board member Helen Toner, Sutskever sided with Toner and personally delivered the news to Altman that he was being fired on behalf of the board.

Read 6 remaining paragraphs | Comments

Enlarge / Wegovy is an injectable prescription weight loss medicine that has helped people with obesity. (credit: Getty | Michael Siluk)

A large, long-term trial of the weight-loss medication Wegovy (semaglutide) found that people tended to lose weight over the first 65 weeks on the drug—about one year and three months—but then hit a plateau or "set point." But that early weight loss was generally maintained for up to four years while people continued taking the weekly injections.

The findings, published Monday in Nature Medicine, come from a fresh analysis of data from the SELECT trial, which was designed to look at the drug's effects on cardiovascular health. The trial—a multicenter, double-blind, randomized, placebo-controlled trail—specifically enrolled people with existing cardiovascular disease who also had overweight or obesity, but did not have diabetes. In all, the trial included 17,604 people from 41 countries. Seventy-two percent of them were male, 84 percent were white, and the average age was about 62 years old.

Last year, researchers published the trial's primary results, which showed that semaglutide reduced participants' risk of heart attack, stroke, and cardiovascular-related deaths by 20 percent over the span of a little over three years.

Read 5 remaining paragraphs | Comments

House of the Dragon returns to HBO Max for an action-packed second season next month.

The second season of House of the Dragon premieres in about a month and we've got one final action-packed trailer to boost anticipation. While the first season felt smaller and quieter—in a good way, more focused on character relationships and political maneuvering—the show seems to be pulling out all the stops in S2 as all-out war breaks out in the legendary "Dance of Dragons."

As previously reported, the series is set nearly 200 years before the events of Game of Thrones and chronicles the beginning of the end of House Targaryen's reign. The primary source material is Fire and Blood, a fictional history of the Targaryen kings written by George R.R. Martin. As book readers know, those events culminated in a civil war and the extinction of the dragons—at least until Daenerys Targaryen came along.

(Spoilers for S1 below.)

Read 6 remaining paragraphs | Comments

Charlie Vicker's Sauron is front and center in the teaser for S2 of Lord of the Rings: The Rings of Power.

Amazon's Prime Video made a major investment in The Rings of Power when it acquired the rights to the source material from the Tolkien estate, even committing to multiple seasons upfront. The casting was strong and the visuals were quite spectacular (including the opening credits). But while the first season had its moments, personally I found it a bit plodding, often more concerned with establishing this rich fictional world and the characters within it than moving the story forward.

Showrunners J. D. Payne and Patrick McKay have said that this was deliberate. They wanted to avoid a "villain-centric" story in S1 but promised they would be delving more deeply into "the lore and the stories people have been waiting to hear." That would be the rise of Sauron (Charlie Vickers), the forging of the titular rings of power, and the last alliance between elves and men to defeat Sauron's evil machinations. Judging by the teaser that dropped today, we'll be getting lots more action in S2, with the shape-shifting Sauron now handily disguised as an elf. Bonus: There's an accompanying behind-the-scenes preview of the second season.

(Spoilers for the S1 finale below.)

Read 5 remaining paragraphs | Comments

Enlarge (credit: imaginima | E+)

After backlash over Google's search engine becoming the primary traffic source for deepfake porn websites, Google has started burying these links in search results, Bloomberg reported.

Over the past year, Google has been driving millions to controversial sites distributing AI-generated pornography depicting real people in fake sex videos that were created without their consent, Similarweb found. While anyone can be targeted—police already are bogged down with dealing with a flood of fake AI child sex images—female celebrities are the most common victims. And their fake non-consensual intimate imagery is more easily discoverable on Google by searching just about any famous name with the keyword "deepfake," Bloomberg noted.

Google refers to this content as "involuntary fake" or "synthetic pornography." The search engine provides a path for victims to report that content whenever it appears in search results. And when processing these requests, Google also removes duplicates of any flagged deepfakes.

Read 20 remaining paragraphs | Comments

Enlarge / Top: a look through the past 2,000 years of summertime temperatures, showing that 2023 is considerably warmer than anything earlier. Bottom: a bell curve of the typical temperatures, showing that the hot outliers are all recent years. (credit: Esper, Torbenson, and Büntgen)

Starting in June of last year, global temperatures went from very hot to extreme. Every single month since June, the globe has experienced the hottest temperatures for that month on record—that's 11 months in a row now, enough to ensure that 2023 was the hottest year on record, and 2024 will likely be similarly extreme.

There's been nothing like this in the temperature record, and it acts as an unmistakable indication of human-driven warming. But how unusual is that warming compared to what nature has thrown at us in the past? While it's not possible to provide a comprehensive answer to that question, three European researchers (Jan Esper, Max Torbenson, and Ulf Büntgen) have provided a partial answer: the Northern Hemisphere hasn't seen anything like this in over 2,000 years.

Current temperature records are based on a global network of data-gathering hardware. But, as you move back in time, gaps in that network go from rare to ever more common. Moving backwards from 1900, the network shrinks to just a few dozen land-based thermometers, almost all of them in Europe.

Read 12 remaining paragraphs | Comments

• The "ask this PDF" feature.

Google's "code red" demands that AI be part of every single Google product and that includes Android. At Google I/O, the company announced a "multi-year journey to reimagine Android with AI at the core" but only demoed a few minor AI enhancements.

Gemini can soon be brought up via the power button as an overlay panel, where it will have access to whatever's on your screen. The demo involved opening a PDF in Android's PDF reader, summarizing it, and answering questions based on the content. You can do something similar with a YouTube video. The demo also showed generating images based on a text prompt and then sending those images in a text message. Another demo involved Gemini understanding a chat log and suggesting future actions.

Talkback, Android's system for low-vision users, will soon be able to use AI to describe images that lack descriptive text.

Read 3 remaining paragraphs | Comments

Enlarge / A view looking down at Boeing's Starliner spacecraft and United Launch Alliance's Atlas V rocket inside the Vertical Integration Facility at Cape Canaveral Space Force Station, Florida. (credit: United Launch Alliance)

Boeing is taking a few extra days to resolve a small helium leak on the Starliner spacecraft slated to ferry two NASA astronauts on a test flight to the International Space Station, officials said Tuesday.

This means the first crew launch of Boeing's Starliner spacecraft, running years behind schedule and more than $1.4 billion over budget, won't happen before next Tuesday, May 21, at 4:43 pm EDT (20:43 UTC). Meeting this schedule assumes engineers can get comfortable with the helium leak. Officials from Boeing and NASA, which manages Boeing's multibillion-dollar Starliner commercial crew contract, previously targeted Friday, May 17, for the spacecraft's first launch with astronauts onboard.

Boeing's ground team traced the leak to a flange on a single reaction control system thruster on the spacecraft's service module.

Read 12 remaining paragraphs | Comments

Enlarge (credit: Getty Images | AaronP/Bauer-Griffin)

The US government has provided more detail on how a former AT&T executive allegedly bribed a powerful state lawmaker's ally in order to obtain legislation favorable to AT&T's business.

Former AT&T Illinois President Paul La Schiazza is set to go on trial in September 2024 after being indicted on charges of conspiracy to unlawfully influence then-Illinois House Speaker Michael Madigan. AT&T itself agreed to pay a $23 million fine in October 2022 in connection with the alleged illegal influence campaign and said it was "committed to ensuring that this never happens again."

US government prosecutors offered a preview of their case against La Schiazza in a filing on Friday in US District Court for the Northern District of Illinois. A contract lobbyist hired by AT&T "is expected to testify that AT&T successfully passed two major pieces of legislation after the company started making payments to Individual FR-1."

Read 15 remaining paragraphs | Comments

Enlarge / A video still of Project Astra demo at the Google I/O conference keynote in Mountain View on May 14, 2024. (credit: Google)

Just one day after OpenAI revealed GPT-4o, which it bills as being able to understand what's taking place in a video feed and converse about it, Google announced Project Astra, a research prototype that features similar video comprehension capabilities. It was announced by Google DeepMind CEO Demis Hassabis on Tuesday at the Google I/O conference keynote in Mountain View, California.

Hassabis called Astra "a universal agent helpful in everyday life." During a demonstration, the research model showcased its capabilities by identifying sound-producing objects, providing creative alliterations, explaining code on a monitor, and locating misplaced items. The AI assistant also exhibited its potential in wearable devices, such as smart glasses, where it could analyze diagrams, suggest improvements, and generate witty responses to visual prompts.

Google says that Astra uses the camera and microphone on a user's device to provide assistance in everyday life. By continuously processing and encoding video frames and speech input, Astra creates a timeline of events and caches the information for quick recall. The company says that this enables the AI to identify objects, answer questions, and remember things it has seen that are no longer in the camera's frame.

Read 14 remaining paragraphs | Comments

Enlarge / "Google will do the Googling for you," says firm's search chief. (credit: Google)

Search is still important to Google, but soon it will change. At its all-in-one AI Google I/O event Tuesday, the company introduced a host of AI-enabled features coming to Google Search at various points in the near future, which will "do more for you than you ever imagined."

"Google will do the Googling for you," said Liz Reid, Google's head of Search.

It's not AI in every search, but it will seemingly be hard to avoid a lot of offers to help you find, plan, and brainstorm things. "AI Overviews," the successor to the Search Generative Experience, will provide summary answers to questions, along with links to sources. You can also soon submit a video as a search query, perhaps to identify objects or provide your own prompts by voice.

Read 4 remaining paragraphs | Comments

• AI in Gmail summarizes recent emails. [credit: Google ]

Google's Gemini AI often just feels like a chatbot built into a text-input field, but you can really start to do special things when you give it access to a ton of data. Gemini in Gmail will soon be able to search through your entire backlog of emails and show a summary in a sidebar.

That's simple to describe but solves a huge problem with email: even searching brings up a list of email subjects, and you have to click-through to each one just to read it. Having an AI sift through a bunch of emails and provide a summary sounds like a huge time saver and something you can't do with any other interface.

Google's one-minute demo of this feature showed a big blue Gemini button at the top right of the Gmail web app. Tapping it opens the normal chatbot sidebar you can type in. Asking for a summary of emails from a certain contact will get you a bullet-point list of what has been happening, with a list of "sources" at the bottom that will jump you right to a certain email. In the last second of the demo, the user types, "Reply saying I want to volunteer for the parent's group event," hits "enter," and then the chatbot instantly, without confirmation, sends an email.

Read 2 remaining paragraphs | Comments

• Lego Barad-Dúr silently surveils a living room. [credit: Lego ]

Here's something for any Lord of the Rings fan with a tall, narrow space available on their tchotchkes shelf: Lego has announced a $460, 5,471-piece rendition of Barad-Dûr, which viewers of the films will recognize as "that giant black tower with the flaming eye on top of it."

Sauron, Base Master of Treachery, will keep his Eye on you from atop the tower, which will actually glow thanks to a built-in light brick. The tower includes a minifig of Sauron himself, plus the Mouth of Sauron, Gollum, and a handful of Orcs.

The Lego Barad-Dûr set will launch on June 1 for Lego Insiders and June 4 for everybody else. If you buy it between June 1 and June 7, you'll also get the "Fell Beast" bonus set, with pose-able wings and a Nazgûl minifig. It doesn't seem as though this bonus set will be sold separately, making it much harder to buy the nine Nazgûl you would need to make your collection story-accurate.

Read 4 remaining paragraphs | Comments