The Common Vulnerability and Exposures, or CVE, repository holds the answers to some of information security's most vital questions. Namely, which security issue are we talking about, exactly, and how does it work?

The 25-year-old CVE program, an essential part of global cybersecurity, is cited in nearly any discussion or response to a computer security issue, including Ars posts. CVE was at real risk of closure after its contract was set to expire on April 16. The nonprofit MITRE runs CVE and related programs (like Common Weakness Enumeration, or CWE) on a contract with the US Department of Homeland Security (DHS). A letter to CVE board members sent Tuesday by Yosry Barsoum, vice president of MITRE, gave notice of the potential halt to operations.

"If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum wrote.

Read full article

Comments

A New Mexico man is facing federal charges for two separate incidents of alleged arson—one at an Albuquerque Tesla showroom and one at the New Mexico Republican Party’s office—according to a Monday press release from the Department of Justice.

Jamison Wagner, 40, was charged with allegedly setting fire to a building or vehicle used in interstate commerce. The charge can apply to goods manufactured and sold in different states and the facilities that house them—like the Tesla showroom or the Republican office, which also sells MAGA merchandise. DOJ spokesperson Shannon Shevlin tells WIRED that Wagner’s arrest happened on Saturday.

“Let this be the final lesson to those taking part in this ongoing wave of political violence,” Attorney General Pam Bondi said in the Monday press release. “We will arrest you, we will prosecute you, and we will not negotiate. Crimes have consequences.”

Read full article

Comments

In the AI world, a vulnerability called a "prompt injection" has haunted developers since chatbots went mainstream in 2022. Despite numerous attempts to solve this fundamental vulnerability—the digital equivalent of whispering secret instructions to override a system's intended behavior—no one has found a reliable solution. Until now, perhaps.

Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between user commands and potentially malicious content.

The new paper grounds CaMeL's design in established software security principles like Control Flow Integrity (CFI), Access Control, and Information Flow Control (IFC), adapting decades of security engineering wisdom to the challenges of LLMs.

Read full article

Comments

There is a signal, born in the earliest days of the cosmos. It’s weak. It’s faint. It can barely register on even the most sensitive of instruments. But it contains a wealth of information about the formation of the first stars, the first galaxies, and the mysteries of the origins of the largest structures in the Universe.

Despite decades of searching for this signal, astronomers have yet to find it. The problem is that our Earth is too noisy, making it nearly impossible to capture this whisper. The solution is to go to the far side of the Moon, using its bulk to shield our sensitive instruments from the cacophony of our planet.

Building telescopes on the far side of the Moon would be the greatest astronomical challenge ever considered by humanity. And it would be worth it.

Read full article

Comments

The rate of autism in a group of 8-year-olds in the US rose from 2.76 percent (1 in 36) in 2020 to 3.22 percent (1 in 31) in 2022, according to a study out Tuesday in the Morbidity and Mortality Weekly Report, a journal published by the Centers for Disease Control and Prevention.

The report's authors—researchers at the CDC and academic institutions across the country—suggest that the slight uptick is likely due to improved access to evaluations in underserved groups, including Black, Hispanic, and low-income communities.

The data comes from the CDC-funded Autism and Developmental Disabilities Monitoring (ADDM) Network. The national network has been tracking the prevalence of autism spectrum disorder (ASD) in 8-year-olds at a handful of sites since 2000, publishing estimates every two years. In 2000, ASD prevalence was 1 in 150, with white children from high-income communities having the highest rates of the developmental disability. In 2020, when the rate hit 1 in 36, it was the first year in which higher ASD rates were seen in underserved communities. That year, researchers also noted that the link between ASD and socioeconomic status evaporated in most of the network.

Read full article

Comments

Google has announced that yet another AI model is coming to Gemini, but this time, it's more than a chatbot. The company's Veo 2 video generator is rolling out to the Gemini app and website, giving paying customers a chance to create short video clips with Google's allegedly state-of-the-art video model.

Veo 2 works like other video generators, including OpenAI's Sora—you input text describing the video you want, and a Google data center churns through tokens until it has an animation. Google claims that Veo 2 was designed to have a solid grasp of real-world physics, particularly the way humans move. Google's examples do look good, but presumably that's why they were chosen.

Prompt: Aerial shot of a grassy cliff onto a sandy beach where waves crash against the shore, a prominent sea stack rises from the ocean near the beach, bathed in the warm, golden light of either sunrise or sunset, capturing the serene beauty of the Pacific coastline.

Read full article

Comments

The Trump White House is proposing to eliminate most federal funding for National Public Radio (NPR) and the Public Broadcasting Service (PBS) and issued a statement yesterday alleging that NPR and PBS "spread radical, woke propaganda disguised as 'news.'"

"The NPR, PBS grift has ripped us off for too long," the White House statement said.

White House budget director Russ Vought drafted a memo for a rescission plan that would eliminate funding already approved by Congress, according to multiple news reports. This includes $1.1 billion for the Corporation for Public Broadcasting (CPB), or about two years' worth of funding for the nonprofit group that provides money to public broadcasting stations.

Read full article

Comments

More than 45 million people in the US are fans of bowling, with national competitions awarding millions of dollars. Bowlers usually rely on instinct and experience, earned through lots and lots of practice, to boost their strike percentage. A team of physicists has come up with a mathematical model to better predict ball trajectories, outlined in a new paper published in the journal AIP Advances. The resulting equations take into account such factors as the composition and resulting pattern of the oil used on bowling lanes, as well as the inevitable asymmetries of bowling balls and player variability.

The authors already had a strong interest in bowling. Three are regular bowlers and quite skilled at the sport; a fourth, Curtis Hooper of Longborough University in the UK, is a coach for Team England at the European Youth Championships. Hooper has been studying the physics of bowling for several years, including an analysis of the 2017 Weber Cup, as well as papers devising mathematical models for the application of lane conditioners and oil patterns in bowling.

The calculations involved in such research are very complicated because there are so many variables that can affect a ball's trajectory after being thrown. Case in point: the thin layer of oil that is applied to bowling lanes, which Hooper found can vary widely in volume and shape among different venues, plus the lack of uniformity in applying the layer, which creates an uneven friction surface.

Read full article

Comments

Infamous Internet imageboard and wretched hive of scum and villainy 4chan was apparently hacked at some point Monday evening and remains mostly unreachable as of this writing. DownDetector showed reports of outages spiking at about 10:07 pm Eastern time on Monday, and they've remained elevated since.

Posters at Soyjack Party, a rival imageboard that began as a 4chan offshoot, claimed responsibility for the hack. But as with all posts on these intensely insular boards, it's difficult to separate fact from fiction. The thread shows screenshots of what appear to be 4chan's PHP admin interface, among other screenshots, that suggest extensive access to 4chan's databases of posts and users.

Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version.

Read full article

Comments

Netflix plans to reach a market capitalization of $1 trillion by 2030, The Wall Street Journal (WSJ) reported this week, citing anonymous people who attended an “annual business review meeting” that Netflix held in March. Netflix's current market capitalization is nearly $400 billion.

Netflix is reportedly partnering its market cap goals with plans to double revenue within the same time frame. For 2024, Netflix reported $39 billion in revenue, meaning the company aims to raise its annual revenue to $78 billion in five years.

Compared to the prior five years, Netflix’s revenue grew 93.5 percent from 2019 ($20.16 billion) to 2024. However, that time period represented a different market, one where streaming subscriber counts were rising rapidly, and Netflix faced less competition than it does today. However, Netflix's 2030 revenue goals are also dependent on its advertising business, something Netflix lacked in 2019.

Read full article

Comments

Dig deep on Google Earth and you'll inevitably find a surprise or two. Maybe you're looking at far-flung islands in the middle of an ocean or checking in on something closer to home.

A few years ago, online sleuths found an image of a B-2 stealth bomber in flight over Missouri. The aircraft is smeared in the image because it was in motion, while the farm fields below appear as crisp as any other view on Google Earth.

There's something else that now appears on Google Earth. Zoom in over rural North Texas, and you'll find a satellite. It appears five times in different colors, each projected over wooded bottomlands in a remote wildlife refuge about 60 miles (100 kilometers) north of Dallas.

Read full article

Comments

Nvidia is rounding out its GeForce RTX 50-series graphics cards today with the official announcement of the mainstream RTX 5060 series. The company is announcing three new GPUs today: The 5060 Ti will launch on April 16 in both 8GB and 16GB variations, for $379 and $429, respectively. The regular RTX 5060 will follow at some point in May for the same $299 MSRP as the last-generation RTX 4060. It is also sticking with 8GB of RAM.

Obviously, it remains to be seen whether the company and its partners can actually stock these cards at these prices. GPUs from the top-tier RTX 5090 to the mainstream RTX 5070 have been difficult to impossible to buy at their announced MSRPs. And it's not just Nvidia's problem or a high-end problem—AMD's Radeon RX 9070 series GPUs have also been hard to buy, as have Intel's Arc B580 and B570 cards.

The new graphics cards' specs essentially match numbers that have been floating around for a couple of months now. Both models include modest increases in the number of CUDA cores compared to the last-generation 4060 and 4060 Ti models, with the same amount of RAM and the same 128-bit memory interface. But an upgrade to GDDR7 instead of GDDR6 provides a healthy bump to memory bandwidth and is probably also partially responsible for an increase in peak power consumption. The 4060 Ti in particular was memory bandwidth-constrained at higher resolutions, so hopefully some extra bandwidth will make it a better choice for a decent 1440p gaming PC.

Read full article

Comments

The Trump administration has been using federal research funding as a cudgel. The government has blocked billions of dollars in research funds and threatened to put a hold on even more in order to compel universities to adopt what it presents as essential reforms. In the case of Columbia University, that includes changes in the leadership of individual academic departments.

On Friday, the government sent a list of demands that it presented as necessary to "maintain Harvard’s financial relationship with the federal government." On Monday, Harvard responded that accepting these demands would "allow itself to be taken over by the federal government." The university also changed its home page into an extensive tribute to the research that would be eliminated if the funds were withheld.

The reprisals against Harvard began almost immediately. By the end of Monday, the Trump administration put $2.2 billion of Harvard's research funding on hold. And on Tuesday, Trump himself made threats against the university's tax exempt status.

Read full article

Comments

A silent update rolling out to virtually all Android devices will make your phone more secure, and all you have to do is not touch it for a few days. The new feature implements auto-restart of a locked device, which will make your personal data harder to extract. It's coming as part of a Google Play Services update, though, so there's nothing you can do to speed along the process.

Google is preparing to release a new update to Play Services (v25.14), which brings a raft of tweaks and improvements. First spotted by 9to5Google, the update was officially released on April 14, but as with all Play Services updates, it could take a week or more to reach all devices. When 25.14 arrives, Android devices will see a few minor improvements, including prettier settings screens, improved connection with cars and watches, and content previews when using Quick Share.

Most importantly, Play Services 25.14 adds a feature that Google describes thusly: "With this feature, your device automatically restarts if locked for 3 consecutive days."

Read full article

Comments

Industry groups have submitted deregulatory wishlists for the Federal Communications Commission's "Delete, Delete, Delete" initiative that aims to eliminate as many regulations as possible.

Broadband providers that want fewer telecom regulations and debt collectors opposed to robocall rules were among those submitting comments to the FCC in response to Chairman Brendan Carr's request for public input. The Carr-led FCC last month issued a public notice asking for help with "identifying FCC rules for the purpose of alleviating unnecessary regulatory burdens."

The FCC said it opened the official proceeding—which is titled "Delete, Delete, Delete"—because "President Trump has called on administrative agencies to unleash prosperity through deregulation and ensure that they are efficiently delivering great results for the American people." Initial comments were due on Friday, and there is an April 28 deadline for reply comments.

Read full article

Comments

Computed tomography scans have become vital, even lifesaving, medical imaging for diagnosing and monitoring health conditions. But they do expose patients to ionizing radiation at levels linked to higher risks of cancer. In a new study in JAMA Internal Medicine, researchers tried to estimate what those higher risks are exactly—and although the estimates come with uncertainty, they may seem startling.

Based on data from 93 million CT scans performed on 62 million people in 2023, the researchers estimated that the CT scans would lead to 103,000 future cancers. To put that in context, those 103,000 cancers would account for about 5 percent of cancers diagnosed each year, based on the current cancer rates and the current usage of CT scans. And the estimate puts CT scans on par with alcohol consumption and obesity in terms of risk factors for developing cancer.

The most common types of cancers estimated to be a result of CT scans were lung cancer and colon cancer—two cancers that are becoming more common in younger people for reasons experts do not fully understand. The types of CT scans linked to the greatest number of cancers were abdomen and pelvis CT scans.

Read full article

Comments

Mars is back on the agenda.

During his address to a joint session of Congress in March, President Donald Trump said the United States "will pursue our Manifest Destiny into the stars, launching American astronauts to plant the Stars and Stripes on the planet Mars."

What does this mean? Manifest destiny is the belief, which was particularly widespread in 1800s America, that US settlers were destined to expand westward across North America. Similarly, then, the Trump administration believes it is the manifest destiny of Americans to settle Mars. And he wants his administration to take steps toward accomplishing that goal.

Read full article

Comments

On Monday, OpenAI announced the GPT-4.1 model family, its newest series of AI language models that brings a 1 million token context window to OpenAI for the first time and continues a long tradition of very confusing AI model names. Three confusing new names, in fact: GPT‑4.1, GPT‑4.1 mini, and GPT‑4.1 nano.

According to OpenAI, these models outperform GPT-4o in several key areas. But in an unusual move, GPT-4.1 will only be available through the developer API, not in the consumer ChatGPT interface where most people interact with OpenAI's technology.

The 1 million token context window—essentially the amount of text the AI can process at once—allows these models to ingest roughly 3,000 pages of text in a single conversation. This puts OpenAI's context windows on par with Google's Gemini models, which have offered similar extended context capabilities for some time.

Read full article

Comments

In one way or another, the Lunar Gateway has lingered around the periphery of NASA's human exploration program since the Obama administration.

Back then, the elements that eventually coalesced into the Gateway were geared toward a nebulous initiative to capture a small asteroid and reposition it closer to Earth. Under direction from the first Trump administration, NASA ditched the asteroid idea and repackaged the concept to become a mini-space station in orbit around the Moon.

NASA officials justified the Lunar Gateway program by highlighting its utility as a staging point or safe haven for astronauts traveling to and from the surface of the Moon. Crews could launch from Earth and travel to the Moon's vicinity inside NASA's Orion spacecraft, connect with the Gateway, and then float into their lunar lander already docked with the outpost.

Read full article

Comments

Razer, maker of green-hued gaming hardware and accessories, has entered the game-streaming space with its new—but not entirely new—app, PC Remote Play. It's based on very good existing streaming tech and makes connecting a PC to mobile devices fairly simple. It's worth checking out unless you have a hard-and-fast policy about avoiding software "utilities" from RGB-obsessed gaming companies.

That, or you're already using and comfortable with Moonlight. Moonlight and Sunshine are the open source game-streaming client and server that wonderfully picked up where Nvidia's Gamestream left off. PC Remote Play is based on Moonstream's open source code, and Razer has made much of its own version's code available.

You're getting a few small upgrades when using PC Remote Play:

Read full article

Comments