TL;DR: This week's highlights include Google AI's error-corrected quantum computing strides and weaknesses of Large Language Models (LLMs) in probabilistic tasks. We also introduce OpenDAC, an AI-driven tool combating climate change. On the security front, we delve into Path History Register (PHR) attacks on Intel processors, Microsoft's Passkey support rollout, and the LockBit v3 ransomware analysis. Finally, we cover a data breach at Dropbox Sign and privacy debates surrounding the UK's Investigatory Powers Bill.

Artificial Intelligence

Revolutionizing Climate Change Mitigation: Unlocking the Power of AI-Driven Direct Air Capture Technology (~6 min.) : To combat climate change, researchers have developed an open-source database to accelerate the design and implementation of direct air capture technologies that can remove carbon dioxide from the atmosphere. The OpenDAC dataset contains reaction data for 8,400 materials and was created by Georgia Tech and Meta’s Fundamental AI Research (FAIR) team. The database uses machine learning models trained on nearly 40 million quantum mechanics calculations to predict how different materials interact with carbon dioxide. This powerful tool can help engineers find suitable materials for direct air capture technology, which is crucial for reducing excessive carbon emissions and mitigating climate impacts.

Exploring the Limits of LLMs in Probabilistic Tasks (~4 min.) : James Ravey discusses a critical limitation of large language models (LLMs) such as GPT and Llama when tasked with generating responses based on specified probabilities. He highlights a test scenario where LLMs were instructed to choose between two options with an 80/20 split, but failed to adhere to these odds, revealing their struggle with probabilistic instructions. Ravey suggests that while LLMs are not built for probabilistic tasks, workarounds like external scripts can control outcome probabilities. This raises questions about the practical applications of LLMs in scenarios requiring random or probabilistic responses.

Error-Corrected Quantum Computers: Unlocking Intractable Problems for a Better Tomorrow! (~2 min.) : Google Quantum AI’s mission is to build best-in-class quantum computing that enables complex calculations through error correction. The team is working on advancing quantum algorithms for real-world applications and has identified industrially relevant uses cases in chemistry, materials science, and energy. Additionally, they are exploring new quantum algorithms and overcoming technical challenges to make quantum computers more practical. Overall, the goal is to create a truly useful quantum computer that can solve problems currently intractable for classical computers.


Breach Alert: Dropbox Sign Compromised; Passwords Reset and API Keys Rotated (~6 min.) : Dropbox Sign (formerly HelloSign) has disclosed an unauthorized access incident that occurred on April 24th, affecting customer information such as emails, usernames, phone numbers, and hashed passwords. The breach was isolated to Dropbox Sign infrastructure and did not impact other Dropbox products. To mitigate risks, the company’s security team reset user passwords, logged users out of devices connected to Dropbox Sign, and is coordinating API key and OAuth token rotations.

Dissecting LockBit v3 Ransomware: A Technical Deep Dive into Its Crypto Flaws and Design Vulnerabilities (~23 min.) : A detailed analysis of the LockBit v3 ransomware, specifically a variant called LockBit Black, which shares code with the BlackMatter family. The researchers from Calif uncovered a crypto bug that allows partial decryption of data without the ransom payment, alongside a design flaw leading to potential data corruption. These vulnerabilities stem from improper usage of the RSA and Salsa20 encryption algorithms and a specific reuse of encryption keys across multiple files. The analysis not only highlights these flaws but also discusses the sophisticated anti-debugging and obfuscation techniques employed by the ransomware, providing essential insights for cybersecurity professionals. Additionally, the team has released an open-source decryptor tool on GitHub to aid affected organizations.

Unlock the Future: Microsoft Rolls Out Passkey Support for All Consumer Accounts! (~3 min.) : Microsoft has fully rolled out passkey support for all consumer accounts, allowing users to generate and use passkeys across Windows, Android, and iOS devices. Passkeys replace traditional passwords with device-based authentication methods, such as facial recognition or fingerprint scanning, making it easier to sign in to Microsoft accounts without typing a password. This feature is built on WebAuthn technology and has become an industry norm, adopted by Apple, Google, and others, with over 400 million Google accounts already using passkeys.

Bucket Brawl: How a Single Misconfigured Tool Led to a $1,300 AWS Bill and a Security Nightmare (~4 min.) : A developer discovered their Amazon S3 bucket was bombarded with nearly 100 million S3 PUT requests in just one day, resulting in a $1,300 bill. The requests were coming from multiple accounts, which were attempting to store backups in the bucket due to a default configuration setting. The issue highlights the importance of securing S3 buckets by not using common or easily guessable names and explicitly specifying regions when executing requests. Additionally, enabling AWS CloudTrail logs can help identify unauthorized access attempts.

Intel Processors in Jeopardy: New Attacks Exploit Conditional Branch Predictors, Threatening Billions of Devices (~5 min.) : Researchers have discovered two novel attacks that target the conditional branch predictor found in high-end Intel processors, which could compromise billions of processors currently in use. The attacks, known as “Pathfinder” and “Spectre-style poisoning,” exploit the Path History Register (PHR) and allow attackers to capture sequences of tens of thousands of branches in precise order, exposing secret images and confidential data. The attacks have been shared with Intel and AMD, which are releasing security announcements and bulletins today to address the concerns raised by the researchers. The findings have also been reported to the Vulnerability Information and Coordination Environment (VINCE).


The Slippery Slope of Workplace Surveillance: From Prisons to Desks (~15 min.) : Cory Doctorow’s “Shitty Technology Adoption Curve” illustrates a troubling trend where surveillance technologies, initially used in prisons, are now commonplace in diverse work environments. The pandemic accelerated the use of “bossware,” enabling employers to monitor everything from keystrokes to biometric data, originally targeting low-wage workers and now prevalent among white-collar professionals. This shift not only invades privacy but also promotes a culture of meaningless busywork, impacting genuine productivity and extending corporate control into personal spaces.

Location Data Leak: Feds Slap T-Mobile, AT&T, Verizon with $196M Fine for Sharing Customer Location Info Without Consent (~3 min.) : The Federal Communications Commission (FCC) has fined T-Mobile, AT&T, and Verizon $196 million for sharing customers’ location information without consent. The fines relate to the carriers’ sale of real-time location data to third-party aggregators, which in turn shared the data with shady actors such as bounty hunters and bail-bond companies. The FCC found that the carriers failed to obtain valid customer consent and did not take reasonable measures to protect the data from unauthorized access. All three carriers have vowed to appeal the fines.

Powers That Be: UK Government’s Investigatory Powers Bill Sparks Debate and Concerns (~1 min.) : The UK government has introduced a new bill to grant law enforcement agencies enhanced investigatory powers. The Investigatory Powers (Bulk Powers) Bill aims to strengthen national security by allowing authorities to collect and retain data on individuals’ internet browsing history and other online activities without prior judicial approval. Critics argue that the bill will undermine civil liberties, while supporters claim it is necessary to combat terrorism and cybercrime.


Lyrics Lockdown: Spotify’s New Tactic to Push Free Users to Premium? (~3 min.) : Spotify has quietly introduced a paywall for its free users’ access to song lyrics, with reports surfacing on Reddit. The company has confirmed the change without making an official announcement, stating that features can vary between markets and devices. This move aims to push more users towards paid subscriptions, as Spotify’s revenue had missed analyst expectations in its recent quarter.


Unraveled: The Truth About Rabbit’s AI Device - It’s Just an Android App! (~3 min.) : The Rabbit R1, a handheld AI device, has been revealed to be “just an Android app” after an APK (Android Package File) was obtained and analyzed. The APK is actually a launcher app that runs on top of Android OS, with a bespoke AOSP (Android Open Source Project) and firmware modifications. The analysis found significant use of Flutter code, indicating the implementation of features such as video chatting or streaming, and over 40% of the APK size consists of animations. The lack of AI/ML in the APK does not necessarily mean that Rabbit doesn’t have a “LAM” (Large Action Model) elsewhere, potentially in the backend.

Apple’s Vision Pro Misstep: A Reality Check on Tech Inevitability (~9 min.) : Apple’s Vision Pro unveiling has proven to be a significant misfire, challenging the narrative of technological inevitability. Despite the company’s past successes with the iPhone and Mac, the Vision Pro—a mixed reality headset priced at $3,500—received widespread criticism for its antisocial implications and lack of compelling use cases. Initial excitement quickly faded, reflected by drastically reduced sales projections and a significant number of returns. This scenario underscores the importance of public critique and choice in shaping the tech landscape, highlighting that not all technological advancements are destined for success.

Everything Else

Startup Dreams Dashed: The Newchip Bankruptcy Debacle (~12 min.) : Newchip’s bankruptcy severely impacted many startups, leading to the loss of companies for some founders. The Austin-based accelerator, initially promising growth and investor connections for a fee, ended up in a situation where warrants—rights to buy shares at a later date—were auctioned off without founders’ control, due to bankruptcy proceedings. This legal move affected over 1,000 startups, with ongoing auctions adding to the founders’ frustrations. The article highlights personal stories from affected founders and details Newchip’s operational issues and questionable management practices, painting a picture of broken promises and lost opportunities.

The Comeback of the Home Page: How Digital Journals Are Reclaiming Their Space (~9 min.) : Amidst the decline of social media as reliable news distributors, publications like The Verge and Semafor are revitalizing their home pages, turning them into dynamic hubs of engagement similar to social networks. The Verge’s site redesign has significantly increased its loyal user base, demonstrating a successful pivot away from social media dependency. Meanwhile, other digital outlets are rediscovering the value of curated, niche content over the broad and impersonal approach of platforms like Twitter and Facebook. This trend suggests a shift back to more traditional, controlled digital environments where publishers can offer curated experiences directly to their audience.

Navigating the Pitfalls of Tech Journalism (~19 min.) : Timothy B. Lee highlights the challenges facing tech journalism, characterized by sensationalism and a lack of depth due to competitive pressures and economic constraints. The article discusses how superficial coverage and sensational stories attract more attention, overshadowing nuanced and detailed reporting. Lee advocates for improving tech journalism by fostering rigorous reporting, leveraging philanthropy, and enhancing public understanding through accessible, high-quality technology news.

The Hidden Costs and Challenges of Free-Tier Pricing in Tech Companies (~14 min.) : The article discusses the complexities and potential pitfalls of free-tier pricing strategies in technology companies. While these tiers are popular for attracting users, transitioning from a free to a paid model can cause frustration and even alienation among customers. The author explores cases like PlanetScale, which recently removed its free tier, causing distress within the developer community due to the lack of transparency and the high costs of alternative plans. The piece advocates for clearer communication and better planned transition strategies to avoid undermining trust and customer loyalty.

Lies, Followed by Consequences: The Dark Side of Social Media’s ‘Follow’ Button (~1 min.) : The “Follow Lie” refers to the phenomenon where social media influencers and content creators present an idealized version of themselves, hiding their true lives and struggles. This can lead to unrealistic expectations and feelings of inadequacy among followers. The article argues that this type of deception is worse than a simple lie because it perpetuates harmful comparisons and diminishes the value of genuine online interactions. By exposing the “Follow Lie,” the author encourages readers to prioritize authenticity and vulnerability in their online presence.

Thank you for joining me in this week’s exploration of the tech universe. Amidst the endless stream of information, I strive to bring you news that is not only relevant but also thought-provoking. Your thoughts and feedback are always welcome. Don’t forget to spread the word about the Friday Tech Focus Newsletter and stay tuned for more curated insights next week!