Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down.
Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He generated a password using the RoboForm password manager and stored that password in a file encrypted with a tool called TrueCrypt. At some point, that file got corrupted, and Michael lost access to the 20-character password he had generated to secure his 43.6 BTC (worth a total of about 4,000 euros, or $5,300, in 2013). Michael used the RoboForm password manager to generate the password but did not store it in his manager. He worried that someone would hack his computer and obtain the password.
“At [that] time, I was really paranoid with my security,” he laughs.
Grand is a famed hardware hacker who in 2022 helped another crypto wallet owner recover access to $2 million in cryptocurrency he thought he’d lost forever after forgetting the PIN to his Trezor wallet. Since then, dozens of people have contacted Grand to help them recover their treasure. But Grand, known by the hacker handle “Kingpin,” turns down most of them, for various reasons.
Grand is an electrical engineer who began hacking computing hardware at age 10 and in 2008 cohosted the Discovery Channel’s Prototype This show. He now consults with companies that build complex digital systems to help them understand how hardware hackers like him might subvert their systems. He cracked the Trezor wallet in 2022 using complex hardware techniques that forced the USB-style wallet to reveal its password.
But Michael stored his cryptocurrency in a software-based wallet, which meant none of Grand’s hardware skills were relevant this time. He considered brute-forcing Michael’s password—writing a script to automatically guess millions of possible passwords to find the correct one—but determined this wasn’t feasible. He briefly considered that the RoboForm password manager Michael used to generate his password might have a flaw in the way it generated passwords, which would allow him to guess the password more easily. Grand, however, doubted such a flaw existed.
Michael contacted multiple people who specialize in cracking cryptography; they all told him “there’s no chance” of retrieving his money. But last June he approached Grand again, hoping to convince him to help, and this time Grand agreed to give it a try, working with a friend named Bruno in Germany who also hacks digital wallets.
On Monday, OpenAI announced the formation of a new “Safety and Security Committee” to oversee risk management for its projects and operations. The announcement comes as the company says it has “recently begun” training its next frontier model, which it expects to bring the company closer to its goal of achieving artificial general intelligence (AGI), though some critics say AGI is farther off than we might think. It also comes as a reaction to a terrible two weeks in the press for the company.
Whether the aforementioned new frontier model is intended to be GPT-5 or a step beyond that is currently unknown. In the AI industry, “frontier model” is a term for a new AI system designed to push the boundaries of current capabilities. And “AGI” refers to a hypothetical AI system with human-level abilities to perform novel, general tasks beyond its training data (unlike narrow AI, which is trained for specific tasks).
Meanwhile, the new Safety and Security Committee, led by OpenAI directors Bret Taylor (chair), Adam D’Angelo, Nicole Seligman, and Sam Altman (CEO), will be responsible for making recommendations about AI safety to the full company board of directors. In this case, “safety” partially means the usual “we won’t let the AI go rogue and take over the world,” but it also includes a broader set of “processes and safeguards” that the company spelled out in a May 21 safety update related to alignment research, protecting children, upholding election integrity, assessing societal impacts, and implementing security measures.
OpenAI says the committee’s first task will be to evaluate and further develop those processes and safeguards over the next 90 days. At the end of this period, the committee will share its recommendations with the full board, and OpenAI will publicly share an update on adopted recommendations.
OpenAI says that multiple technical and policy experts, including Aleksander Madry (head of preparedness), Lilian Weng (head of safety systems), John Schulman (head of alignment science), Matt Knight (head of security), and Jakub Pachocki (chief scientist), will also serve on its new committee.
The announcement is notable in a few ways. First, it’s a reaction to the negative press that came from OpenAI Superalignment team members Ilya Sutskever and Jan Leike resigning two weeks ago. That team was tasked with “steer[ing] and control[ling] AI systems much smarter than us,” and their departure has led to criticism from some within the AI community (and Leike himself) that OpenAI lacks a commitment to developing highly capable AI safely. Other critics, like Meta Chief AI Scientist Yann LeCun, think the company is nowhere near developing AGI, so the concern over a lack of safety for superintelligent AI may be overblown.
Second, there have been persistent rumors that progress in large language models (LLMs) has plateaued recently around capabilities similar to GPT-4. Two major competing models, Anthropic’s Claude Opus and Google’s Gemini 1.5 Pro, are roughly equivalent to the GPT-4 family in capability despite every competitive incentive to surpass it. And recently, when many expected OpenAI to release a new AI model that would clearly surpass GPT-4 Turbo, it instead released GPT-4o, which is roughly equivalent in ability but faster. During that launch, the company relied on a flashy new conversational interface rather than a major under-the-hood upgrade.
We’ve previously reported on a rumor of GPT-5 coming this summer, but with this recent announcement, it seems the rumors may have been referring to GPT-4o instead. It’s quite possible that OpenAI is nowhere near releasing a model that can significantly surpass GPT-4. But with the company quiet on the details, we’ll have to wait and see.
A previously unknown piece of ransomware, dubbed ShrinkLocker, encrypts victim data using the BitLocker feature built into the Windows operating system.
BitLocker is a full-volume encryptor that debuted in 2007 with the release of Windows Vista. Users employ it to encrypt entire hard drives to prevent people from reading or modifying data in the event they get physical access to the disk. Starting with the rollout of Windows 10, BitLocker by default has used the 128-bit and 256-bit XTS-AES encryption algorithm, giving the feature extra protection from attacks that rely on manipulating cipher text to cause predictable changes in plain text.
Recently, researchers from security firm Kaspersky found a threat actor using BitLocker to encrypt data on systems located in Mexico, Indonesia, and Jordan. The researchers named the new ransomware ShrinkLocker, both for its use of BitLocker and because it shrinks the size of each non-boot partition by 100 MB and splits the newly unallocated space into new primary partitions of the same size.
“Our incident response and malware analysis are evidence that attackers are constantly refining their tactics to evade detection,” the researchers wrote Friday. “In this incident, we observed the abuse of the native BitLocker feature for unauthorized data encryption.”
ShrinkLocker isn’t the first malware to leverage BitLocker. In 2022, Microsoft reported that ransomware attackers with a nexus to Iran also used the tool to encrypt files. That same year, the Russian agricultural business Miratorg was attacked by ransomware that used BitLocker to encrypt files residing in the system storage of infected devices.
Once installed on a device, ShrinkLocker runs a VisualBasic script that first invokes the Windows Management Instrumentation and Win32_OperatingSystem class to obtain information about the operating system.
“For each object within the query results, the script checks if the current domain is different from the target,” the Kaspersky researchers wrote. “If it is, the script finishes automatically. After that, it checks if the name of the operating system contains ‘xp,’ ‘2000,’ ‘2003,’ or ‘vista,’ and if the Windows version matches any one of these, the script finishes automatically and deletes itself.”
Enlarge/ A screenshot showing initial conditions for execution.
Kaspersky
The script then continues to use the WMI for querying information about the OS. It goes on to perform the disk resizing operations, which can vary depending on the OS version detected. The ransomware performs these operations only on local, fixed drives. The decision to leave network drives alone is likely motivated by the desire not to trigger network detection protections.
Eventually, ShrinkLocker disables protections designed to secure the BitLocker encryption key and goes on to delete them. It then enables the use of a numerical password, both as a protector against anyone else taking back control of BitLocker and as an encryptor for system data. The reason for deleting the default protectors is to disable key recovery features by the device owner. ShrinkLocker then goes on to generate a 64-character encryption key using random multiplication and replacement of:
A variable with the numbers 0–9;
The famous pangram, “The quick brown fox jumps over the lazy dog,” in lowercase and uppercase, which contains every letter of the English alphabet;
Special characters.
After several additional steps, data is encrypted. The next time the device reboots, the display looks like this:
Enlarge/ Screenshot showing the BitLocker recovery screen.
Kaspersky
Decrypting drives without the attacker-supplied key is difficult and likely impossible in many cases. While it is possible to recover some of the passphrases and fixed values used to generate the keys, the script uses variable values that are different on each infected device. These variable values aren’t easy to recover.
There are no protections specific to ShrinkLocker for preventing successful attacks. Kaspersky advises the following:
Use robust, properly configured endpoint protection to detect threats that try to abuse BitLocker;
If BitLocker is enabled, make sure it uses a strong password and that the recovery keys are stored in a secure location;
Ensure that users have only minimal privileges. This prevents them from enabling encryption features or changing registry keys on their own;
Enable network traffic logging and monitoring. Configure the logging of both GET and POST requests. In case of infection, the requests made to the attacker’s domain may contain passwords or keys;
Monitor for events associated with VBS execution and PowerShell, then save the logged scripts and commands to an external repository storing activity that may be deleted locally;
Make backups frequently, store them offline, and test them.
Friday’s report also includes indicators that organizations can use to determine if they have been targeted by ShrinkLocker.
Enlarge/ A Russian Soyuz rocket climbs away from the Plesetsk Cosmodrome on May 16.
The launch of a classified Russian military satellite last week deployed a payload that US government officials say is likely a space weapon.
In a series of statements, US officials said the new military satellite, named Kosmos 2576, appears to be similar to two previous “inspector” spacecraft launched by Russia in 2019 and 2022.
“Just last week, on May 16, Russia launched a satellite into low-Earth orbit that the United States assesses is likely a counter-space weapon presumably capable of attacking other satellites in low-Earth orbit,” said Robert Wood, the deputy US ambassador to the United Nations. “Russia deployed this new counter-space weapon into the same orbit as a US government satellite.”
Kosmos 2576 is flying in the same orbital plane as a National Reconnaissance Office (NRO) spy satellite, meaning it can regularly approach the top-secret US reconnaissance platform. The launch of Kosmos 2576 from Russia’s Plesetsk Cosmodrome on a Soyuz rocket was precisely timed to happen when the Earth’s rotation brought the launch site underneath the orbital path of the NRO spy satellite, officially designated USA 314.
The Soyuz rocket’s Fregat upper stage released Kosmos 2576 into an orbit roughly 275 miles (445 km) above Earth at an inclination of 97.25 degrees to the equator.
Conventional but concerning
So far, Kosmos 2576 is nowhere near USA 314, a bus-size spacecraft believed to carry a powerful Earth-facing telescope to capture high-resolution images for use by US intelligence agencies. This type of spacecraft is publicly known as a KH-11, or Keyhole-class, satellite, but its design and capabilities are top-secret.
It’s no surprise that the Russian military wants to get a close look in hopes of learning more about the US government’s most closely held secrets about what it does in orbit. Russian satellites have also flown near Western communications satellites in geostationary orbit, likely in an attempt to eavesdrop on radio transmissions.
Russia’s deputy foreign minister, Sergei Ryabkov, dismissed the US government’s assessment about the purpose of Kosmos 2576 as “fake news.” However, in the last few years, Russia has steered satellites into orbits intersecting with the paths of US spy platforms, and demonstrated it can take out an enemy satellite using a range of methods.
The current orbit of Kosmos 2576 will only occasionally bring it within a few hundred kilometers of the USA 314, according to Jonathan McDowell, an astrophysicist and expert tracker of spaceflight events. However, analysts expect additional maneuvers to raise the altitude Kosmos 2576 and put it into position for closer passes. This is what happened with a pair of Russian satellites launched in 2019 and 2022.
These two previous Russian satellites—Kosmos 2542 and Kosmos 2558— continually flew within a few dozen kilometers of two other NRO satellites—USA 245 and USA 326—in low-Earth orbit. In a post on the social media platform X, McDowell wrote that the Russian military craft “shadowed US satellites at a large distance but have not interfered with them.”
Because of this, McDowell wrote that he is “highly skeptical” that Kosmos 2576 is an anti-satellite weapon.
But one of these Russian satellites, Kosmos 2542, released a smaller sub-satellite, designated Kosmos 2543, which made its own passes near the USA 245 spacecraft, a KH-11 imaging satellite similar to USA 314. At one point, satellite trackers noticed USA 245 made a slight change to orbit. Its Russian pursuer later made a similar orbit adjustment to keep up.
In 2020, Kosmos 2543 backed off from USA 245. Once well away from the NRO satellite, Kosmos 2543 ejected a mysterious projectile into space at a speed fast enough to damage any target in its sights.
At the time, US Space Command called the event a “non-destructive test of a space-based anti-satellite weapon.” The projectile fired from Kosmos 2543 at a relative velocity of some 400 mph (700 km per hour), according to McDowell’s analysis of publicly available satellite tracking data.
Enlarge/ Gen. Charles “CQ” Brown, chairman of the joint chiefs of staff, says the US military must have an ability to defend itself in space.
The US military has identified China as its most significant strategic adversary in the coming decades. Most aspects of Russia’s space program are in decline, but it still boasts formidable anti-satellite capabilities. Russia intentionally destroyed one of its retired satellites in orbit with a ground-based missile in 2021. The Russian military has also deployed several Peresvet laser units capable of disabling a satellite in orbit. A Russian cyberattack at the start of the invasion of Ukraine in 2022 knocked a commercial satellite communications network offline.
Most recently, US government officials have claimed Russia is developing a nuclear anti-satellite weapon. Russian officials also denied this. But Russia vetoed a UN Security Council resolution last month reiterating language from the 1967 Outer Space Treaty banning weapons of mass destruction in orbit.
The US military has its own fleet of inspector satellites in orbit to track what other nations are doing in space. The Space Force’s development of any offensive military capability in space is classified.
“The space domain is much more challenging today than it was a number a number of years ago,” said Air Force Gen. Charles “CQ” Brown, chairman of the joint chiefs of staff, in an event Wednesday hosted by the Atlantic Council. “We looked at it as a very benign environment, where you didn’t have to worry about conflicts in space. As a matter of fact, naming space as a warfighting domain was kind of forbidden, but that’s changed, and it’s been changed based what our adversaries are doing in space.”
“We don’t want to have our satellites … be challenged,” Brown said. “So we want to make sure that we have the capabilities to defend ourselves, no matter what domain we’re in, whether it’s in the space domain, air, land, or maritime. That’s where our focus is as a military, in making sure we’re investing to provide the capabilities and expertise to do that.”
Bing, Microsoft’s search engine platform, went down in the very early morning today. That meant that searches from Microsoft’s Edge browsers that had yet to change their default providers didn’t work. It also meant that services relying on Bing’s search API—Microsoft’s own Copilot, ChatGPT search, Yahoo, Ecosia, and DuckDuckGo—similarly failed.
If dismay about AI’s hallucinations, power draw, or pizza recipes concern you—along with perhaps broader Google issues involving privacy, tracking, news, SEO, or monopoly power—most of your other major options were brought down by a single API outage this morning. Moving past that kind of single point of vulnerability will take some work, both by the industry and by you, the person wondering if there’s a real alternative.
Search engine market share, as measured by StatCounter, April 2023–April 2024.
StatCounter
Upward of a billion dollars a year
The overwhelming majority of search tools offering an “alternative” to Google are using Google, Bing, or Yandex, the three major search engines that maintain massive global indexes. Yandex, being based in Russia, is a non-starter for many people around the world at the moment. Bing offers its services widely, most notably to DuckDuckGo, but its ad-based revenue model and privacy particulars have caused some friction there in the past. Before his company was able to block more of Microsoft’s own tracking scripts, DuckDuckGo CEO and founder Gabriel Weinberg explained in a Reddit reply why firms like his weren’t going the full DIY route:
… [W]e source most of our traditional links and images privately from Bing … Really only two companies (Google and Microsoft) have a high-quality global web link index (because I believe it costs upwards of a billion dollars a year to do), and so literally every other global search engine needs to bootstrap with one or both of them to provide a mainstream search product. The same is true for maps btw — only the biggest companies can similarly afford to put satellites up and send ground cars to take streetview pictures of every neighborhood.
Bing makes Microsoft money, if not quite profit yet. It’s in Microsoft’s interest to keep its search index stocked and API open, even if its focus is almost entirely on its own AI chatbot version of Bing. Yet if Microsoft decided to pull API access, or it became unreliable, Google’s default position gets even stronger. What would non-conformists have to choose from then?
Enlarge / But… but I was just about to check out Tacoma.
Getty Images
With Valve’s Steam gaming platform approaching the US drinking age this year, more and more aging PC gamers may be considering what will happen to their vast digital game libraries after they die. Unfortunately, legally, your collection of hundreds of backlogged games will likely pass into the ether along with you someday.
The issue of digital game inheritability gained renewed attention this week as a ResetEra poster quoted a Steam support response asking about transferring Steam account ownership via a last will and testament. “Unfortunately, Steam accounts and games are non-transferable” the response reads. “Steam Support can’t provide someone else with access to the account or merge its contents with another account. I regret to inform you that your Steam account cannot be transferred via a will.”
This isn’t the first time someone has asked this basic estate planning question, of course. Last year, a Steam forum user quoted a similar response from Steam support as saying, “Your account is yours and yours alone. Now you can share it with family members, but you cannot give it away.”
Potential loopholes
As a practical matter, Steam would have little way of knowing if you wrote down your Steam username and password and left instructions for your estate to give that information to your descendants. When it comes to legal ownership of that account, though, the Steam Subscriber Agreement seems relatively clear.
“You may not reveal, share, or otherwise allow others to use your password or Account except as otherwise specifically authorized by Valve,” the agreement reads, in part. “You may… not sell or charge others for the right to use your Account, or otherwise transfer your Account, nor may you sell, charge others for the right to use, or transfer any Subscriptions other than if and as expressly permitted by this Agreement… or as otherwise specifically permitted by Valve.”
Eagle-eyed readers might notice a potential loophole, though, in the clauses regarding account transfers that are “specifically permitted by Valve.” Steam forum users have suggested in the past that Valve “wouldn’t block this change of ownership” via a will if a user or their estate specifically requests it (Valve has not responded to a request for comment).
Donating all those 3DS and Wii U games to someone else might be difficult for Jirard “The Completionist” Khalil.
There also might be a partial, physical workaround for Steam users who bequeath an actual computer with downloaded titles installed. In a 2013 Santa Clara High Technology Law Journal article, author Claudine Wong writes that “digital content is transferable to a deceased user’s survivors if legal copies of that content are located on physical devices, such as iPods or Kindle e-readers.” But if that descendant wanted to download those games to a different device or reinstall them in the case of a hard drive failure, they’d legally be out of luck.
Beyond personal estate planning, the inability to transfer digital game licenses has some implications for video game preservation work as well. Last year, Jirard “The Completionist” Khalil spent nearly $20,000 to purchase and download every digital 3DS and Wii U game while they were still available. And while Khalil said he intends to donate the physical machines (and their downloads) to the Video Game History Foundation, subscriber agreements mean the charity may have trouble taking legal ownership of those digital games and accounts.
“There is no reasonable, legal path for the preservation of digital-born video games,” VGHF’s then co-director Kelsey Lewin told Ars last year. “Limiting library access only to physical games might have worked 20 years ago, but we no longer live in a world where all games are sold on physical media, and we haven’t for a long time.”
Enlarge/ VideoCardz’ leaked image of a ROG Ally X, seemingly having gone through the JPG blender a couple times.
Asus’ ROG Ally was the first major-brand attempt to compete with Valve’s Steam Deck. It was beefy and interesting, but it had three major flaws: It ran Windows on a little touchscreen, had unremarkable ergonomics, and its battery life was painful.
The Asus ROG (Republic of Gamers) Ally X, which has been announced and is due out June 2, seems to have had its specs leaked, and they indicate a fix for at least the battery life. Gaming site VideoCardz, starting its leak reveal with “No more rumors,” cites the ROG Ally X as having the same Ryzen Z1 Extreme APU as the prior ROG Ally, as well as the same 7-inch 1080p VRR screen with a 120 Hz refresh rate.
VideoCardz’ leaked image, seemingly from Asus marketing materials, with the ROG Ally X’s specifications.
The battery and memory have changed substantially, though. An 80-watt-hour battery, up from 40, somehow adds just 70 grams of weight and about 5 mm of thickness to the sequel device. By increasing the RAM from 16GB to 24GB and making it LPDDR5, the ROG Ally X may be able to lend more of it to the GPU, upping performance somewhat without demanding a new chip or architecture. There is also a second USB-C port, with USB4 speeds, that should help quite a bit with docking, charging while playing with accessories, and, I would guess, Linux hackery.
How does it feel? Only Sean Hollister at The Verge knows, outside of ASUS employees. The sequel has lost the weirdly sharp angles on the back, and more of your hand fits around the back, without the rear buttons being accidentally triggered so easily. The triggers and buttons all seem to have received some feedback-based upgrades to durability and feel.
Expanding the viability of handheld PC gaming means more developers targeting these systems, in specs or just accessibility. More demand for new types of handhelds makes the whole field more interesting and competitive. Microsoft, which is keenly aware of this developing market and is contemplating a more cloud-based and less Xbox-centered gaming future, can only make Windows better on handhelds because the bar is pretty low right now.
All of that gives me more games to play on the couch while the rice is cooking, whether or not the device I’m holding has more and faster RAM and better USB-C ports than my gaming PC.
Enlarge/ A Falcon 9 rocket launches the NROL-146 mission from California this week.
SpaceX
Welcome to Edition 6.45 of the Rocket Report! The most interesting news in launch this week, to me, is that Firefly is potentially up for sale. That makes two of the handful of US companies with operational rockets, Firefly and United Launch Alliance, actively on offer. I’ll be fascinated to see what the valuations of each end up being if/when sales go through.
As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.
Firefly may be up for sale. Firefly Aerospace investors are considering a sale that could value the closely held rocket and Moon lander maker at about $1.5 billion, Bloomberg reports. The rocket company’s primary owner, AE Industrial Partners, is working with an adviser on “strategic options” for Firefly. Neither AE nor Firefly commented to Bloomberg about the potential sale. AE invested $75 million into Texas-based Firefly as part of a series B financing round in 2022. The firm made a subsequent investment in its Series C round in November 2023.
Launches and landers … Now more than a decade old and with a history of financial struggles, Firefly has emerged as one of the apparent winners in the small launch race in the United States. The company’s Alpha rocket has now launched four times since its unsuccessful debut in September 2021, and it is due to fly a Venture Class Launch Services 2 mission for NASA in the coming weeks. Firefly also aims to launch its Blue Ghost spacecraft to the moon later this year and is working on an orbital transfer vehicle.
Blue Origin makes successful return to flight. With retired Air Force captain and test pilot Ed Dwight as the headline passenger, Blue Origin’s New Shepard spacecraft returned to flight on Sunday morning. An African American, Dwight was one of 26 pilots the Air Force recommended to NASA for the third class of astronauts in 1963, but the agency didn’t select him. It took another 20 years for America’s first Black astronaut, Guion Bluford, to fly in space in 1983. At the age of 90, Dwight finally entered the record books Sunday, becoming the oldest person to reach space. “I thought I didn’t need it in my life,” Dwight said after Sunday’s fight. “But I lied!”
One chute down … This was the seventh time Blue Origin, the space company owned by billionaire Jeff Bezos, has flown people to suborbital space, and the 25th flight overall of the company’s fleet of New Shepard rockets. It was the first time Blue Origin had launched people in nearly two years, resuming suborbital service after a rocket failure on an uncrewed research flight in September 2022. In December, Blue Origin launched another uncrewed suborbital research mission to set the stage for the resumption of human missions Sunday. There was one issue with the flight, as only two of the capsule’s three parachutes deployed. It’s unclear how long it will take to address this problem.
The easiest way to keep up with Eric Berger’s space reporting is to sign up for his newsletter, we’ll collect his stories in your inbox.
RFA tests first stage of its rocket. German launch startup Rocket Factory Augsburg announced Sunday that it had begun the hot-fire campaign for the first stage of its RFA One rocket. “We hot-fired a total of four Helix engines, igniting one by one at four-second intervals,” the company said on the social media site X. “All engines ran simultaneously for 8 seconds with a total hot-fire duration of 20 seconds. The test ran flawlessly through start-up, steady-state, and shutdown.” It’s a great step forward for the launch company.
Targeting a test flight this year, but … The test occurred at the SaxaVord Spaceport in the United Kingdom. The RFA One vehicle is powered by nine Helix engines and will have a payload capacity of 1.6 metric tons to low-Earth orbit. The company is targeting a debut launch later this year, but I’m fairly skeptical of that. By way of comparison, SpaceX began test firing its Falcon 9 first stage in 2008, with a full-duration test firing of all nine engines in November of that year. But the rocket did not make its debut flight until June 2010.
China expanding commercial spaceport. China is planning new phases of expansion for its new commercial spaceport to support an expected surge in launch and commercial space activity, Space News reports. Construction of the second of two launch pads at Hainan Commercial Launch Site could be completed by the end of May. The first, completed in December and dedicated to the Long March 8 rocket, could host its first launch before the end of June.
Fulfilling a mega-need … However this appears to be just the beginning, as the spaceport could have a total of 10 pads serving both liquid and solid rockets. The reason for the dramatic expansion appears to be increasing access to space and allowing China to achieve a launch rate needed to build a pair of low-Earth orbit megaconstellations, each over 10,000 satellites strong. It is also a further sign of China’s commitment to establishing a thriving commercial space sector. (submitted by Ken the Bin)
Enlarge/ American black bear seen along the Red Rock Parkway inside Waterton Lakes National Park in Alberta, Canada.
In the summer of 2022, a family gathered in South Dakota for a reunion that included a special meal—kabobs made with the meat of a black bear that one of the family members had “harvested” from northern Saskatchewan, Canada, that May. Lacking a meat thermometer, the family assessed the doneness of the dark-colored meat by eye. At first, they accidentally served it rare, which a few family members noticed before a decision was made to recook it. The rest of the reunion was unremarkable, and the family members departed to their homes in Arizona, Minnesota, and South Dakota.
But just days later, family members began falling ill. One, a 29-year-old male in Minnesota, sought care for a mysterious illness marked by fever, severe muscle pains, swelling around his eyes (periorbital edema), high levels of infection-fighting white blood cells (eosinophilia, a common response to parasites), and other laboratory anomalies. The man sought care four times and was hospitalized twice in a 17-day span in July. It wasn’t until his second hospitalization that doctors learned about the bear meat—and then it all made sense.
The doctors suspected the man had a condition called trichinellosis and infection of Trichinella nematodes (roundworms). These dangerous parasites can be found worldwide, embedded into the muscle fibers of various carnivores and omnivores, according to the Centers for Disease Control and Prevention. But, it’s quite rare to find them in humans in North America. Between 2016 and 2022, there were seven outbreaks of trichinellosis in the US, involving just 35 cases. The majority were linked to eating bear meat, but moose and wild boar meat are also common sources.
Enlarge/ Microscopic examination of encapsulated larvae in a direct black bear meat muscle squash prep (A), larvae liberated from artificially digested bear meat (B), and motile larvae viewed with differential interference contrast microscopy (C and D)from black bear meat suspected as the source of an outbreak of human Trichinellanativa infections—Arizona, Minnesota, and South Dakota, 2022.
Once eaten, larvae encased in the meat are released and begin to invade the small intestines (the gastrointestinal phase), causing pain, diarrhea, nausea, and vomiting. Then, the larvae develop into adults in the gut, mate, and produce more larvae there. The second generation of worms then go wandering through the lymphatic system, into the blood, and then throughout the body (systemic phase). The larvae can end up all over, reaching skeletal muscles, the heart, and the brain, which is rich in oxygen. The systemic phase is marked by fever, periorbital edema, muscle pain, heart inflammation, and brain inflammation. The larvae can also provoke severe eosinophilia, particularly when they move into the heart and central nervous system.
The man’s symptoms fit the case, and several tests confirmed the parasitic infection. Of eight interviewed family members present for the bear-meat meal, six people had illnesses matching trichinellosis (ranging in age from 12 to 62), and three of them were hospitalized, including the 12-year-old. Four of the six sickened people had eaten the bear meat, while two only ate vegetables that were cooked alongside the meat and cross-contaminated. Experts at the CDC obtained leftover frozen samples of the bear meat, which revealed moving larvae. Testing identified the worm as Trichinella nativa, a species that is resistant to freezing.
In an outbreak study published Thursday in the CDC’s Morbidity and Mortality Weekly Report, health officials from Minnesota and the CDC reported that the three hospitalized patients were treated with the anti-parasitic drug albendazole and recovered. The remaining three cases fortunately recovered without treatment. The health experts noted how tricky it can be to identify and diagnose these rare cases but flagged periorbital edema and the eosinophilia as being key clinical clues to the grizzly infections. And, above all, people who are going to eat wild game meat should invest in a meat thermometer and make sure the meat is cooked to at least ≥165° F (≥74° C) to avoid risking brain worms.
For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server peers due to an unexplained glitch that could have caused stability and security problems worldwide. This server, maintained by Internet carrier Cogent Communications, is one of the 13 root servers that provision the Internet’s root zone, which sits at the top of the hierarchical distributed database known as the domain name system, or DNS.
Here’s a simplified recap of the way the domain name system works and how root servers fit in:
When someone enters wikipedia.org in their browser, the servers handling the request first must translate the human-friendly domain name into an IP address. This is where the domain name system comes in. The first step in the DNS process is the browser queries the local stub resolver in the local operating system. The stub resolver forwards the query to a recursive resolver, which may be provided by the user’s ISP or a service such as 1.1.1.1 or 8.8.8.8 from Cloudflare and Google, respectively.
If it needs to, the recursive resolver contacts the c-root server or one of its 12 peers to determine the authoritative name server for the .org top level domain. The .org name server then refers the request to the Wikipedia name server, which then returns the IP address. In the following diagram, the recursive server is labeled “iterator.”
Given the crucial role a root server provides in ensuring one device can find any other device on the Internet, there are 13 of them geographically dispersed all over the world. Each root sever is, in fact, a cluster of servers that are also geographically dispersed, providing even more redundancy. Normally, the 13 root servers—each operated by a different entity—march in lockstep. When a change is made to the contents they host, it generally occurs on all of them within a few seconds or minutes at most.
Strange events at the C-root name server
This tight synchronization is crucial for ensuring stability. If one root server directs traffic lookups to one intermediate server and another root server sends lookups to a different intermediate server, the Internet as we know it could collapse. More important still, root servers store the cryptographic keys necessary to authenticate some of intermediate servers under a mechanism known as DNSSEC. If keys aren’t identical across all 13 root servers, there’s an increased risk of attacks such as DNS cache poisoning.
For reasons that remain unclear outside of Cogent—which declined to comment for this post—all 12 instances of the c-root it’s responsible for maintaining suddenly stopped updating on Saturday. Stéphane Bortzmeyer, a French engineer who was among the first to flag the problem in a Tuesday post, noted then that the c-root was three days behind the rest of the root servers.
Enlarge/ A mismatch in what’s known as the zone serials shows root-c is three days behind.
Enlarge/ Nathan Benaich of Air Street Capital delivers the opening presentation on the state of AI at EmTech Digital 2024 on May 22, 2024.
Benj Edwards
CAMBRIDGE, Massachusetts—On Wednesday, AI enthusiasts and experts gathered to hear a series of presentations about the state of AI at EmTech Digital 2024 on the Massachusetts Institute of Technology’s campus. The event was hosted by the publication MIT Technology Review. The overall consensus is that generative AI is still in its very early stages—with policy, regulations, and social norms still being established—and its growth is likely to continue into the future.
I was there to check the event out. MIT is the birthplace of many tech innovations—including the first action-oriented computer video game—among others, so it felt fitting to hear talks about the latest tech craze in the same building that hosts MIT’s Media Lab on its sprawling and lush campus.
EmTech’s speakers included AI researchers, policy experts, critics, and company spokespeople. A corporate feel pervaded the event due to strategic sponsorships, but it was handled in a low-key way that matches the level-headed tech coverage coming out of MIT Technology Review. After each presentation, MIT Technology Review staff—such as Editor-in-Chief Mat Honan and Senior Reporter Melissa Heikkilä—did a brief sit-down interview with the speaker, pushing back on some points and emphasizing others. Then the speaker took a few audience questions if time allowed.
Enlarge/ EmTech Digital 2024 took place in building E14 on MIT’s Campus in Cambridge, MA.
Benj Edwards
The conference kicked off with an overview of the state of AI by Nathan Benaich, founder and general partner of Air Street Capital, who rounded up news headlines about AI and several times expressed a favorable view toward defense spending on AI, making a few people visibly shift in their seats. Next up, Asu Ozdaglar, deputy dean of Academics at MIT’s Schwarzman College of Computing, spoke about the potential for “human flourishing” through AI-human symbiosis and the importance of AI regulation.
Kari Ann Briski, VP of AI Models, Software, and Services at Nvidia, highlighted the exponential growth of AI model complexity. She shared a prediction from consulting firm Gartner research that by 2026, 50 percent of customer service organizations will have customer-facing AI agents. Of course, Nvidia’s job is to drive demand for its chips, so in her presentation, Briski painted the AI space as an unqualified rosy situation, assuming that all LLMs are (and will be) useful and reliable, despite what we know about their tendencies to make things up.
The conference also addressed the legal and policy aspects of AI. Christabel Randolph from the Center for AI and Digital Policy—an organization that spearheaded a complaint about ChatGPT to the FTC last year—gave a compelling presentation about the need for AI systems to be human-centered and aligned, warning about the potential for anthropomorphic models to manipulate human behavior. She emphasized the importance of demanding accountability from those designing and deploying AI systems.
Asu Ozdaglar, deputy dean of Academics at MIT’s Schwarzman College of Computing, spoke about the potential for “human flourishing” through AI-human symbiosis at EmTech Digital on May 22, 2024.
Benj Edwards
Asu Ozdaglar, deputy dean of Academics at MIT’s Schwarzman College of Computing spoke with MIT Technology Review Editor-in-Chief Mat Honan at EmTech Digital on May 22, 2024.
Benj Edwards
Kari Ann Briski, VP of AI Models, Software, and Services at NVIDIA, highlighted the exponential growth of AI model complexity at EmTech Digital on May 22, 2024.
Benj Edwards
MIT Technology Review Senior Reporter Melissa Heikkilä introduces a speaker at EmTech Digital on May 22, 2024.
Benj Edwards
After her presentation, Christabel Randolph from the Center for AI and Digital Policy sat with MIT Technology Review Senior Reporter Melissa Heikkilä at EmTech Digital on May 22, 2024.
Benj Edwards
Lawyer Amir Ghavi provided an overview of the current legal landscape surrounding AI at EmTech Digital on May 22, 2024.
Benj Edwards
Lawyer Amir Ghavi provided an overview of the current legal landscape surrounding AI at EmTech Digital on May 22, 2024.
Benj Edwards
Amir Ghavi, an AI, Tech, Transactions, and IP partner at Fried Frank LLP, who has defended AI companies like Stability AI in court, provided an overview of the current legal landscape surrounding AI, noting that there have been 24 lawsuits related to AI so far in 2024. He predicted that IP lawsuits would eventually diminish, and he claimed that legal scholars believe that using training data constitutes fair use. He also talked about legal precedents with photocopiers and VCRs, which were both technologies demonized by IP holders until courts decided they constituted fair use. He pointed out that the entertainment industry’s loss on the VCR case ended up benefiting it by opening up the VHS and DVD markets, providing a brand new revenue channel that was valuable to those same companies.
In one of the higher-profile discussions, Meta President of Global Affairs Nick Clegg sat down with MIT Technology Review Executive Editor Amy Nordrum to discuss the role of social media in elections and the spread of misinformation, arguing that research suggests social media’s influence on elections is not as significant as many believe. He acknowledged the “whack-a-mole” nature of banning extremist groups on Facebook and emphasized the changes Meta has undergone since 2016, increasing fact-checkers and removing bad actors.
With most computer programs—even complex ones—you can meticulously trace through the code and memory usage to figure out why that program generates any specific behavior or output. That’s generally not true in the field of generative AI, where the non-interpretable neural networks underlying these models make it hard for even experts to figure out precisely why they often confabulate information, for instance.
Now, new research from Anthropic offers a new window into what’s going on inside the Claude LLM’s “black box.” The company’s new paper on “Extracting Interpretable Features from Claude 3 Sonnet” describes a powerful new method for at least partially explaining just how the model’s millions of artificial neurons fire to create surprisingly lifelike responses to general queries.
Opening the hood
When analyzing an LLM, it’s trivial to see which specific artificial neurons are activated in response to any particular query. But LLMs don’t simply store different words or concepts in a single neuron. Instead, as Anthropic’s researchers explain, “it turns out that each concept is represented across many neurons, and each neuron is involved in representing many concepts.”
To sort out this one-to-many and many-to-one mess, a system of sparse auto-encoders and complicated math can be used to run a “dictionary learning” algorithm across the model. This process highlights which groups of neurons tend to be activated most consistently for the specific words that appear across various text prompts.
Enlarge/ The same internal LLM “feature” describes the Golden Gate Bridge in multiple languages and modes.
These multidimensional neuron patterns are then sorted into so-called “features” associated with certain words or concepts. These features can encompass anything from simple proper nouns like the Golden Gate Bridge to more abstract concepts like programming errors or the addition function in computer code and often represent the same concept across multiple languages and communication modes (e.g., text and images).
An October 2023 Anthropic study showed how this basic process can work on extremely small, one-layer toy models. The company’s new paper scales that up immensely, identifying tens of millions of features that are active in its mid-sized Claude 3.0 Sonnet model. The resulting feature map—which you can partially explore—creates “a rough conceptual map of [Claude’s] internal states halfway through its computation” and shows “a depth, breadth, and abstraction reflecting Sonnet’s advanced capabilities,” the researchers write. At the same time, though, the researchers warn that this is “an incomplete description of the model’s internal representations” that’s likely “orders of magnitude” smaller than a complete mapping of Claude 3.
Enlarge/ A simplified map shows some of the concepts that are “near” the “inner conflict” feature in Anthropic’s Claude model.
Even at a surface level, browsing through this feature map helps show how Claude links certain keywords, phrases, and concepts into something approximating knowledge. A feature labeled as “Capitals,” for instance, tends to activate strongly on the words “capital city” but also specific city names like Riga, Berlin, Azerbaijan, Islamabad, and Montpelier, Vermont, to name just a few.
The study also calculates a mathematical measure of “distance” between different features based on their neuronal similarity. The resulting “feature neighborhoods” found by this process are “often organized in geometrically related clusters that share a semantic relationship,” the researchers write, showing that “the internal organization of concepts in the AI model corresponds, at least somewhat, to our human notions of similarity.” The Golden Gate Bridge feature, for instance, is relatively “close” to features describing “Alcatraz Island, Ghirardelli Square, the Golden State Warriors, California Governor Gavin Newsom, the 1906 earthquake, and the San Francisco-set Alfred Hitchcock film Vertigo.”
Enlarge/ Some of the most important features involved in answering a query about the capital of Kobe Bryant’s team’s state.
Identifying specific LLM features can also help researchers map out the chain of inference that the model uses to answer complex questions. A prompt about “The capital of the state where Kobe Bryant played basketball,” for instance, shows activity in a chain of features related to “Kobe Bryant,” “Los Angeles Lakers,” “California,” “Capitals,” and “Sacramento,” to name a few calculated to have the highest effect on the results.
