An anonymous reader quotes a report from TorrentFreak: The Blender Institute develops Blender, a free and open source 3D graphics tool used to create animated films. Sintel and Big Buck Bunny are among Blender's most recognizable titles and due to Creative Commons licensing (CC BY), they are widely shared, used, remixed and reshared. According to original Blender creator Ton Roosendaal, "Open licenses are essential for sharing our films and their source material." Right now, a company is claiming that Blender's free content is actually their content and as a result, must be immediately removed from the internet. We're talking about content that was created with Blender's explicit blessing but even after multiple appeals, not even YouTube will see reason.

Bruno Fernandez-Ruiz is the co-founder and CTO at AI-focused driver safety company, Nexar. On Sunday he informed TorrentFreak that he's also an independent film composer and producer, working with music production libraries, and distributing to the main music platforms. TorrentFreak contacted Bruno after noticing a post he made on a music production forum. He wrote that after uploading a video containing a clip from the Blender movie Caminandes 3 -- Llamigos, YouTube notified him that a rightsholder had filed a copyright complaint, his video had been taken down, and a copyright strike had been issued to his account. The complaint, sent by Uzbekistan-based media/news company ZO'R TV, was not the result of automatic matching under Content ID. It was filed as a formal DMCA notice, meaning that someone probably reviewed the details before sending the complaint. The notice claimed that Bruno had infringed ZO'R TV's copyrights by reproducing content (6:21 to 8:26) from this YouTube video published in 2018.

Since the content in question is obviously from Blender's film Caminandes 3, ZO'R TV was in no position to issue a DMCA notice. On that basis, Bruno followed the recognized procedure by sending a DMCA counternotice to YouTube. It didn't go well. After filing his counternotice with YouTube, Bruno was informed that since he'd provided insufficient information, YouTube could not process it. However, YouTube did inform Bruno of the risks of filing a counternotice, including that his name could be sent to the claimant, ZO'R TV in this case. Determined to have his video restored, Bruno accepted the risks and sent another counternotice to YouTube. This time there was no indication that the counternotice was deficient. YouTube thanked him for filing it -- but still declined to process it. YouTube's email advised Bruno that counternotices should only be filed in case of a mistake or misidentification. Consulting with a lawyer first might be helpful, YouTube added. After three attempts to restore the video and have the copyright strike removed, YouTube responded once again. The message contained yet more disappointment for Bruno. "Based on the information that you have provided, it appears that you do not have the necessary rights to post the content on YouTube. Therefore, we regretfully cannot honor your request," it advised. This signaled the end of the debate as far as YouTube was concerned and by rejecting Bruno's right to send a counternotice, the platform denied him an opportunity to have the video restored, stand up for Blender's rights, and get the strike removed. After notifying Blender of the situation, Blender developed Ton Roosendaal replied, saying the company has "no staff here available to go after situations like this" but suggested they could "escalate it to the Creative Commons organization."

"After all, it's their mission," he added.

FTX founder Sam Bankman-Fried promised to testify before Congress after he finished "learning and reviewing" the events that caused the popular cryptocurrency exchange to file for bankruptcy last month. The Verge reports: Bankman-Fried's promise was made in response to a tweet from House Financial Services Chair Maxine Waters (D-CA) last week calling on him to join the committee's hearing on FTX's collapse on December 13th. But Bankman-Fried didn't commit to testifying at the hearing scheduled for next week.

"Once I have finished learning and reviewing what happened, I would feel like it was my duty to appear before the committee and explain," Bankman-Fried said in a tweet on Sunday. "I'm not sure that will happen by the 13th. But when it does, I will testify." Bankman-Fried resigned as FTX's chief executive last month, a move that could hinder his ability to fully review internal company materials before agreeing to testify.

Ron Miller reports via TechCrunch: It's been quite a roller coaster ride for Bret Taylor over the last year. In one week last December, he was named board chair at Twitter and co-CEO at Salesforce. One year later, he doesn't have either job. Taylor lost the job as Twitter board chair when Elon Musk took over last month and dissolved the Twitter board immediately. Today, he stepped down as co-CEO at Salesforce in a stunning announcement that appeared to come out of the blue. "After a lot of reflection, I've decided to return to my entrepreneurial roots. Salesforce has never been more relevant to customers, and with its best-in-class management team and the company executing on all cylinders, now is the right time for me to step away," Taylor said in a statement announcing his resignation.

Taylor, who helped guide the $27 billion Slack acquisition in 2020, appeared to be in line to take over whenever company founder and CEO Marc Benioff decided to step down. Now he has stepped away, and it's not clear what has changed. Benioff called his co-CEO's resignation "a bittersweet moment" in a statement, and said he would always be his biggest champion. He repeated Taylor's words about him returning to his entrepreneurial roots. Perhaps Taylor really had enough of running a big company, but it does seem strange timing, right after he appeared onstage with Benioff at Dreamforce in September.

"The Perl Advent Calendar has come a long way since it's first year in 2000," says an announcement on Reddit. But in fact the online world now has many daily advent calendars aimed at programmers — offering tips about their favorite language or coding challenges.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — decided to try publishing 24 original articles for their 2022 HTMHell Advent Calendar. Elsewhere on the way there's the Web Performance Calendar, promising daily articles for speed geeks. And the 24 Days in December blog comes to life every year with new blog posts for PHP users.

• The JVM Advent Calendar brings a new article daily about a JVM-related topic. And there's also a C# Advent calendar promising two new blog posts about C# every day up to (and including) December 25th.

• The Perl Advent Calendar offers fun stories about Perl tools averting December catastrophes up at the North Pole. (Day One's story — "Silent Mite" — described Santa's troubles building software for a ninja robot alien toy, since its embedded hardware support contract prohibited unwarrantied third-party code, requiring a full code rewrite using Perl's standard library.) Other stories so far this December include "Santa is on GitHub" and "northpole.cgi"

• The code quality/security software company SonarSource has a new 2022 edition of their Code Security Advent Calendar — their seventh consecutive year — promising "daily challenges until December 24th. Get ready to fill your bag of security tricks!" (According to a blog post the challenges are being announced on Twitter and on Mastadon.

• Just as the Perl community spawned another language named Perl 6 — now called Raku — there's also a Raku-themed advent calendar. (It's now at a new URL, though it's been running since 2009.) Day Three's post tells the story of Santa and the Rakupod Wranglers.

• "24 Pull Requests" dares participants to make 24 pull requests before December 24th. (The site's tagline is "giving back to open source for the holidays.") Over the years tens of thousands of developers (and organizations) have participated — and this year they're also encouraging organizers to hold hack events.

• The Advent of JavaScript and Advent of CSS sites promise 24 puzzles delivered by email (though you'll have to pay if you also want them to email you the solutions!)

• TryHackMe.com has its own set of darily cybersecurity puzzles (and even a few prizes).

• For 2022 Oslo-based Bekk Consulting (a "strategic internet consulting company") is offering an advent calendar of their own. A blog post says its their sixth annual edition, and promises "new original articles, podcasts, tutorials, listicles and videos every day up until Christmas Eve... all written and produced by us - developers, designers, project managers, agile coaches, management consultants, specialists and generalists."

Whether you participate or not, the creation of programming-themed advent calendar sites is a long-standing tradition among geeks, dating back more than two decades. (Last year Smashing magazine tried to compile an exhaustive list of the various sites serving all the different developer communities.)

But no list would be complete without mentioning Advent of Code. This year's programming puzzles involve everything from feeding Santa's reindeer and loading Santa's sleigh. The site's About page describes it as "an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like."

Now in its eighth year, the site's daily two-part programmig puzzles have a massive online following. This year's Day One puzzle was solved by 178,628 participants...

The writers of Rogue One: A Star Wars Story "had an idea for a sequel that would have been even darker and more morally ambiguous," writes Screen Rant: Rogue One told the story of how the Rebel Alliance gained access to the Death Star plans, and further explored the sacrifices that needed to be made to defeat the Empire. Famously, the movie led straight into the events of Star Wars: A New Hope, and most of its main characters died, so there was never any true hope for a direct Rogue One sequel. However, the writers of Rogue One did once discuss an idea for a thematic sequel that would have delved into the moral ambiguity of the Rebellion.

Co-writers Gary Whitta and Chris Weitz conceptualized a Rogue One sequel show that would have involved a "Mossad-style Rebel team" tracking down fleeing Imperial war criminals after the fall of the Empire. This would have been an interesting continuation of Rogue One's narrative; a Star Wars show in which the darker side of the Rebel victory could be explored. In that scenario, the Rebels would have had to fight on the offensive, not defensively, reversing the war's dynamic entirely. The show could have explored how far the Rebels were willing to go to hold onto their hard-won freedom, and whether it mirrored anything the Empire did to hang onto its dictatorship.
At the time Lucasfilm was experimenting with "one-and-done stories within blockbuster movies," the article point sout. But Solo: A Star Wars Story "was unable to replicate the same winning formula" as Rogue One. "After that, the ideas for Star Wars' anthology movies fizzled out, essentially replaced with Star Wars TV once Disney+ launched in 2019."

And in an earlier article, Screen Rant points out that The Mandalorian "has already filled in the story gaps that the Rogue One writers were looking to explore. That series dug deep into the criminal underbelly of the post-Empire galaxy and how the remaining imperial loyalists chose to spend their time."

"Graduate students at Northeastern University were able to organize and beat back an attempt at introducing invasive surveillance devices that were quietly placed under desks at their school," reports Motherboard: Early in October, Senior Vice Provost David Luzzi installed motion sensors under all the desks at the school's Interdisciplinary Science & Engineering Complex (ISEC), a facility used by graduate students and home to the "Cybersecurity and Privacy Institute" which studies surveillance. These sensors were installed at night — without student knowledge or consent — and when pressed for an explanation, students were told this was part of a study on "desk usage," according to a blog post by Max von Hippel, a Privacy Institute PhD candidate who wrote about the situation for the Tech Workers Coalition's newsletter....

Students began to raise concerns about the sensors, and an email was sent out by Luzzi attempting to address issues raised by students.... Luzzi wrote, the university had deployed "a Spaceti occupancy monitoring system" that would use heat sensors at groin level to "aggregate data by subzones to generate when a desk is occupied or not." Luzzi added that the data would be anonymized, aggregated to look at "themes" and not individual time at assigned desks, not be used in evaluations, and not shared with any supervisors of the students. Following that email, an impromptu listening session was held in the ISEC. At this first listening session, Luzzi asked that grad student attendees "trust the university since you trust them to give you a degree...."

After that, the students at the Privacy Institute, which specialize in studying surveillance and reversing its harm, started removing the sensors, hacking into them, and working on an open source guide so other students could do the same. Luzzi had claimed the devices were secure and the data encrypted, but Privacy Institute students learned they were relatively insecure and unencrypted.... After hacking the devices, students wrote an open letter to Luzzi and university president Joseph E. Aoun asking for the sensors to be removed because they were intimidating, part of a poorly conceived study, and deployed without IRB approval even though human subjects were at the center of the so-called study.
von Hippel notes that many members of the computer science department were also in a union, and thus networked together for a quick mass response. Motherboard writes that the controversy ultimately culminated with another listening session in which Luzzi "struggles to quell concerns that the study is invasive, poorly planned, costly, and likely unethical."

"Afterwards, von Hippel took to Twitter and shares what becomes a semi-viral thread documenting the entire timeline of events from the secret installation of the sensors to the listening session occurring that day. Hours later, the sensors are removed..."

A reader submits a report:
Artificial Intelligence (AI) research company OpenAI on Wednesday announced ChatGPT, a prototype dialogue-based AI chatbot capable of understanding natural language and responding in natural language. It has since taken the internet by storm, with people marvelling at how intelligent the AI-powered bot sounds. Some even called it a replacement for Google, since it's capable of giving solutions to complex problems directly," almost like a personal know-all teacher.

"We've trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer follow-up questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests," OpenAI wrote on its announcement page for ChatGPT.

ChatGPT is based on GPT-3.5, a language model that uses deep learning to produce human-like text. However, while the older GPT-3 model only took text prompts and tried to continue on that with its own generated text, ChatGPT is more engaging. It's much better at generating detailed text and can even come up with poems. Another unique characteristic is memory. The bot can remember earlier comments in a conversation and recount them to the user. ChatGPT wrote a poem about Slashdot. And another one about Dogecoin.

Try ChatGPT for yourself here.

"Twitter CEO Elon Musk turned to journalist Matt Taibbi on Friday to reveal the decision-making behind the platform's suppression of a 2020 article from the New York Post regarding Hunter Biden's laptop," reports Newsweek.

"Taibbi later deleted a tweet showing [former Twitter CEO] Jack Dorsey's email address," adds the Verge, covering reactions to Taibbi's thread — and the controversial events that the tweets described: At the time, it was not clear if the materials were genuine, and Twitter decided to ban links to or images of the Post's story, citing its policy on the distribution of hacked materials. The move was controversial even then, primarily among Republicans but also with speech advocates worried about Twitter's decision to block a news outlet. While Musk might be hoping we see documents showing Twitter's (largely former) staffers nefariously deciding to act in a way that helped now-President Joe Biden, the communications mostly show a team debating how to finalize and communicate a difficult moderation decision.
Taibbi himself tweeted that "Although several sources recalled hearing about a 'general' warning from federal law enforcement that summer about possible foreign hacks, there's no evidence - that I've seen - of any government involvement in the laptop story."

More from the Verge: Meanwhile, Taibbi's handling of the emails — which seem to have been handed to him at Musk's direction, though he only refers to "sources at Twitter" — appears to have exposed personal email addresses for two high-profile leaders: Dorsey and Representative Ro Khanna. An email address that belongs to someone Taibbi identifies as Dorsey is included in one message, in which Dorsey forwards an article Taibbi wrote criticizing Twitter's handling of the Post story. Meanwhile, Khanna confirmed to The Verge that his personal Gmail address is included in another email, in which Khanna reaches out to criticize Twitter's decision to restrict the Post's story as well.

"As the congressman who represents Silicon Valley, I felt Twitter's actions were a violation of First Amendment principles so I raised those concerns," Khanna said in a statement to The Verge. "Our democracy can only thrive if we are open to a marketplace of ideas and engaging with people with whom we disagree."

The story also revealed the names of multiple Twitter employees who were in communications about the moderation decision. While it's not out of line for journalists to report on the involvement of public-facing individuals or major decision makers, that doesn't describe all of the people named in the leaked communications.... "I don't get why naming names is necessary. Seems dangerous," Twitter co-founder Biz Stone wrote Friday in apparent reference to the leaks.... The Verge reached out to Taibbi for comment but didn't immediately hear back.

Twitter, which had its communications team dismantled during layoffs last month, also did not respond to a request for comment.
Wired adds: What did the world learn about Twitter's handling of the incident from the so-called Twitter Files? Not much. After all, Twitter reversed its decision two days later, and then-CEO Jack Dorsey said the moderation decision was "wrong."
In other news, "Twitter will start showing view count for all tweets," Elon Musk announced Friday, "just as view count is shown for all videos." And he shared other insights into his plans for Twitter's future.

"Freedom of speech doesn't mean freedom of reach. Negativity should & will get less reach than positivity."

CNN reports on the aftermath of last weekend's protests against the Chinese government: A protester told CNN they received a phone call Wednesday from a police officer, who revealed they were tracked because their cellphone signal was recorded in the vicinity of the protest site.... When they denied being there, the caller asked: "Then why did your cellphone number show up there?"

In China, all mobile phone users are required by law to register their real name and national identification number with telecom providers. The protester was also told to report to a police station for questioning and to sign a written record....

In Shanghai, where some of the boldest protests took place with crowds calling for Xi's removal on two consecutive nights, police searched residents' cellphones in the streets and in the subway for VPNs that can be used to circumvent China's internet firewall, or apps such as Twitter and Telegram, which though banned in the country have been used by protesters. Police also confiscated the cellphones of protesters under arrest, according to two protesters who spoke to CNN.

A protester who was arrested over the weekend said they were told to hand over their phone and password to the police as "evidence." They said they feared police would export the data on their phone after it was confiscated by officers, who told them they could pick it up a week later. Another protester said police returned their phone upon their release, but officers had deleted the photo album and removed the WeChat social media app.
One protester told CNN they successfully avoided being contacted by the police as of Thursady afternoon.

During the demonstration, they'd kept their phone in airplane mode.

Electrek recaps yesterday's Tesla's Semi Delivery Event in Nevada: As expected, Tesla delivered the first electric trucks to PepsiCo, a long-time reservation holder, and held a presentation to reveal more details about the production version of the Tesla Semi. There wasn't any big surprise during the presentation. Tesla basically delivered on its original promises made in 2017 when it first unveiled the prototypes of the Tesla Semi. Despite the lack of major changes, it's still a big moment since the electric truck has the potential to change the trucking industry for good by eliminating emissions and significantly reducing costs.

In terms of the technology powering the truck, things have changed since the original prototypes, but not in any major ways. Tesla is now using a tri-motor drivetrain that is basically the same as in the Model S and Model X Plaid. Dan Priestley, Tesla Semi Program manager, explained that Tesla is using one of the motors for cruising speed geared toward peak efficiency at highway speeds and the two other motors are used for torque when accelerating in order to create a smooth driving experience never seen in a class 8 truck before. To prove the capacity, Tesla shared a very impressive video of a Tesla Semi loaded at 82,000 lb. passing a diesel truck at 6% incline on the Donner Pass as if it's nothing:

Tesla promised a range of 500 miles with a full load five years ago, and it delivered on the promise. Tesla shared data on a 500-mile trip with a full load of just under 82,000 lb. total with the tractor. It started out in the Bay Area with a 97% state of charge and ended up in San Diego with still 4% charge. Tesla reiterated that it can achieve a less-than-2 kWh-per-mile efficiency, which means that trucking companies can achieve up to $70,000 in fuel savings per year depending on their cost of electricity. Once the battery pack is depleted after 500 miles or so, you can expect blazing-fast charging thanks to the new 1-megawatt charging technology developed by Tesla. The automaker also said it will make it to the Cybertruck. In an updated article, Electrek's Fred Lambert says Musk confirmed Tesla Semi's efficiency at 1.7 kWh per mile, "which means it has a roughly 900 kWh battery pack."

Tesla didn't reveal the weight of the actual truck or the price. "In 2017, Tesla said the trucks would be $150,000, $180,000, and $200,000, depending on the model, but those prices are expected to have changed over the last five years," reports Lambert.

Huawei has confirmed the existence of a smartwatch it's working on featuring a pair of built-in wireless earbuds. "Huawei's account on Chinese Twitter-like site Weibo announced the existence of the device on Wednesday and promised all would be revealed on December 2," reports The Register. "But Huawei has since postponed its Winter 2022 consumer kit launch for unexplained reasons." You can view a teaser video on YouTube. The Verge adds: As the name suggests, the Huawei Watch Buds are a pair of earbuds concealed within a smartwatch that looks similar to the Huawei Watch 3. Details are a little sparse so there's no word yet on what kind of performance or battery life you can expect from either of the products, but the watch itself does appear to be running HarmonyOS.

The earbuds don't seem to resemble any previous Huawei products, sporting a bare-bones black and silver design. While the concept feels more than a little gimmicky, it could be a neat solution for runners and other sporty folks who don't want to carry a separate earbud case during a workout. (If they don't mind the extra bulk on their wrists.) [...] Addressing the elephant in the room, it's unlikely that you'll be able to buy this wacky gadget in the US anyway, regardless of its legitimacy. Huawei products have been effectively banned in the country since the company was placed on the Commerce Department's Bureau of Industry and Security Entity list in 2019.

An anonymous reader quotes a report from Ars Technica: Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts. "The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages," the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. "This also includes private email addresses and phone numbers entered during login." The post went on to say that after the researchers privately reported the vulnerabilities last Saturday, many of the flaws they reported remained unpatched. They headlined their post "Warning: do not use Hive Social." Hive Social responded by pulling down its entire service. "The Hive team has become aware of security issues that affect the stability of our application and the safety of our users," company officials wrote. "Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience."

Technical details are being withheld to prevent the active exploitation of them by malicious hackers. According to Business Insider, Hive Social's user base has doubled in the last few weeks, going from about 1 million to 2 million as of last week. The site is only being staffed by two people, "neither of whom had much of a background in security," reports Ars.

OpenAI has released a prototype general purpose chatbot that demonstrates a fascinating array of new capabilities but also shows off weaknesses familiar to the fast-moving field of text-generation AI. And you can test out the model for yourself right here. The Verge reports: ChatGPT is adapted from OpenAI's GPT-3.5 model but trained to provide more conversational answers. While GPT-3 in its original form simply predicts what text follows any given string of words, ChatGPT tries to engage with users' queries in a more human-like fashion. As you can see in the examples below, the results are often strikingly fluid, and ChatGPT is capable of engaging with a huge range of topics, demonstrating big improvements to chatbots seen even a few years ago. But the software also fails in a manner similar to other AI chatbots, with the bot often confidently presenting false or invented information as fact. As some AI researchers explain it, this is because such chatbots are essentially "stochastic parrots" -- that is, their knowledge is derived only from statistical regularities in their training data, rather than any human-like understanding of the world as a complex and abstract system. [...]

Enough preamble, though: what can this thing actually do? Well, plenty of people have been testing it out with coding questions and claiming its answers are perfect. ChatGPT can also apparently write some pretty uneven TV scripts, even combining actors from different sitcoms. It can explain various scientific concepts. And it can write basic academic essays. And the bot can combine its fields of knowledge in all sorts of interesting ways. So, for example, you can ask it to debug a string of code ... like a pirate, for which its response starts: "Arr, ye scurvy landlubber! Ye be makin' a grave mistake with that loop condition ye be usin'!" Or get it to explain bubble sort algorithms like a wise guy gangster. ChatGPT also has a fantastic ability to answer basic trivia questions, though examples of this are so boring I won't paste any in here. And someone else saying the code ChatGPT provides in the very answer above is garbage.

I'm not a programmer myself, so I won't make a judgment on this specific case, but there are plenty of examples of ChatGPT confidently asserting obviously false information. Here's computational biology professor Carl Bergstrom asking the bot to write a Wikipedia entry about his life, for example, which ChatGPT does with aplomb -- while including several entirely false biographical details. Another interesting set of flaws comes when users try to get the bot to ignore its safety training. If you ask ChatGPT about certain dangerous subjects, like how to plan the perfect murder or make napalm at home, the system will explain why it can't tell you the answer. (For example, "I'm sorry, but it is not safe or appropriate to make napalm, which is a highly flammable and dangerous substance.") But, you can get the bot to produce this sort of dangerous information with certain tricks, like pretending it's a character in a film or that it's writing a script on how AI models shouldn't respond to these sorts of questions.

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. BleepingComputer reports: Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "smart vehicle" platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to "remotely unlock, start, locate, flash, and honk" them. At this time, the researchers have not published detailed technical write-ups for their findings but shared some information on Twitter, in two separate threads.

The mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis, allow authenticated users to start, stop, lock, and unlock their vehicles. After intercepting the traffic generated from the two apps, the researchers analyzed it and were able to extract API calls for further investigation. They found that validation of the owner is done based on the user's email address, which was included in the JSON body of POST requests. Next, the analysts discovered that MyHyundai did not require email confirmation upon registration. They created a new account using the target's email address with an additional control character at the end. Finally, they sent an HTTP request to Hyundai's endpoint containing the spoofed address in the JSON token and the victim's address in the JSON body, bypassing the validity check. To verify that they could use this access for an attack on the car, they tried to unlock a Hyundai car used for the research. A few seconds later, the car unlocked. The multi-step attack was eventually baked into a custom Python script, which only needed the target's email address for the attack.

Yuga Labs analysts found that the mobile apps for Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota, use SiriusXM technology to implement remote vehicle management features. They inspected the network traffic from Nissan's app and found that it was possible to send forged HTTP requests to the endpoint only by knowing the target's vehicle identification number (VIN). The response to the unauthorized request contained the target's name, phone number, address, and vehicle details. Considering that VINs are easy to locate on parked cars, typically visible on a plate where the dashboard meets the windshield, an attacker could easily access it. These identification numbers are also available on specialized car selling websites, for potential buyers to check the vehicle's history. In addition to information disclosure, the requests can also carry commands to execute actions on the cars. [...] Before posting the details, Yuga Labs informed both Hyundai and SiriusXM of the flaws and associated risks. The two vendors have fixed the vulnerabilities.

Parler announced Thursday it reached a mutual agreement with Ye, formerly known as Kanye West, to terminate the sale of the social media app. Axios reports: The deal already was on life support, as Axios previously reported, and it's unclear if a formal merger agreement was ever signed. Parler originally said it had an agreement "in principle," and today referred to it as "intent of sale." A Parler spokesperson previously told Axios that the acquisition was set to close by year-end but declined to say if Ye ever had signed paperwork to that effect.

In a statement, Parler's parent company said: "This decision was made in the interest of both parties in mid-November. Parler will continue to pursue future opportunities for growth and the evolution of the platform for our vibrant community." A source familiar with the situation said that Ye's precarious financial situation -- including the loss of his Adidas deal -- played a role in the deal collapse.

Popular NFT and cryptocurrency app Coinbase Wallet today said that Apple required an NFT-sending feature to be removed from the app due to an in-app purchase dispute. MacRumors reports: Apple's App Store review team apparently told Coinbase that the "gas fees required to send NFTs need to be paid through in-app purchase." Apple wanted a cut of transactions, which Coinbase Wallet said is similar to Apple attempting to take a cut of fees for every email that's sent over the internet. Apple is asking for something that is not possible, because the in-app purchase system does not support cryptocurrency to begin with.

Coinbase Wallet says that Apple would not approve an app update until the NFT-sending feature was disabled, and the removal of the functionality will make it more difficult for iPhone users who have an NFT to transfer the NFT to other wallets or gift an NFT to friends or family. The developers behind the app say that Apple has introduced profit-protecting policies that come at the expense of "developer innovation across the crypto ecosystem." Coinbase Wallet is hoping that this is a mistake and has tweeted an invitation to Apple to discuss the matter.

An anonymous reader quotes a report from Slate, written by Lizzie O'Leary: When the New York Times announced, on November 7, that Wordle would have an editor, I didn't give it much thought. How much could the mere presence of a person really change it? Oh, how naive I was! Four days later, I got my answer. And that answer was MEDAL. MEDAL? On November 11th? Wait a minute -- was the Times punning with its Wordle on Veterans Day? Hmm. I was willing to chalk it up to a coincidence, until November 23rd, the day before Thanksgiving, one of the busiest travel days of the year when DRIVE appeared. I tapped angrily on my phone, muttering to myself. And then, on the day of the holiday itself? FEAST. This -- this was too much. My treasured mind awakener had gone soft. (Two days later came CLEAN. Harrumph.)

Folks (FOLKS), I do not want a punny Wordle. Wordle should not be cutesy, or themed, or even ironic. Wordle should stay hard and weird. No hints! Especially no thematic hints! People on Twitter should post their scores, and we should be able to scoff privately. Haha, what a loser; it took him four guesses! When the word is FEAST, you then must wonder: Did he intentionally take four guesses so as not to appear lame?? Wordle's very randomness is what makes it so great! It's why thousands of people play. And, I'd wager, why the Times eagerly shelled out in the "low seven figures" for it. The ability to guess the Wordle based on context clues that would appeal to Andy Borowitz is soul-crushing. Or, at the very least, quite annoying.

Andrew Tarantola writes via Engadget: It's been six years since Tesla, SpaceX (and now Twitter) CEO Elon Musk co-founded brain-control interfaces (BCI) startup, Neuralink. It's been three years since the company first demonstrated its "sewing machine-like" implantation robot, two years since the company stuck its technology into the heads of pigs -- and just over 19 months since they did the same to primates, an effort that allegedly killed 15 out of 23 test subjects. After a month-long delay in October, Neuralink held its third "show and tell" event on Wednesday where CEO Elon Musk announced, "we think probably in about six months, we should be able to have a Neuralink installed in a human."

Neuralink has seen tumultuous times in the previous April 2021 status update: The company's co-founder, Max Hodak, quietly quit just after that event, though he said was still a "huge cheerleader" for Neuralink's success. That show of confidence was subsequently shattered this past August after Musk reportedly approached Neuralink's main rival, Synchron, as an investment opportunity. Earlier in February, Neuralink confirmed that monkeys had died during prototype testing of its BCI implants at the University of California, Davis Primate Center but rejected accusations by the Physicians Committee for Responsible Medicine of animal cruelty. Musk responded indirectly to those charges on Wednesday. "Before we would even think of putting a device in an animal, we do everything possible we with rigorous benchtop testing, We're not cavalier about putting these devices into animals," he said. "We're extremely careful and we always want the device, whenever we do the implant -- whether into a sheep, pig or monkey -- to be confirmatory, not exploratory."

Neuralink is still working towards gaining FDA approval for its implant, though the company was awarded the agency's Breakthrough Device Designation in July 2020. This program allows patients and caregivers more "timely access" to promising treatments and medical devices by fast tracking their development and regulatory testing. As of September, 2022 the FDA has granted that designation to 728 medical devices. The FDA has also updated its best practices guidance regarding clinical and nonclinical BCI testing in 2021. "The field of implanted BCI devices is progressing rapidly from fundamental neuroscience discoveries to translational applications and market access," the agency asserted in its May guidance. "Implanted BCI devices have the potential to bring benefit to people with severe disabilities by increasing their ability to interact with their environment, and consequently, providing new independence in daily life."

Spotify's CEO Daniel Ek renewed his attack on Apple on Wednesday in a series of tweets alleging the iPhone maker "gives itself every advantage while at the same time stifling innovation and hurting consumers." From a report: Ek tagged a number of sympathetic business leaders in his 21-tweet thread, including Musk, Microsoft president Brad Smith, and Proton founder Andy Yen. On Monday, the world's richest person Elon Musk criticized the fee Apple charges software developers - including his Twitter business - for in-app purchases, and posted a meme suggesting he was willing to "go to war" rather than pay it. Spotify has previously submitted antitrust complaints against Apple in various countries, alleging the 30% charge has forced Spotify to "artificially inflate" its own prices.

Serum, a decentralized crypto exchange backed by FTX, notified its 215,000 Twitter followers the project is "defunct" after the crypto exchange giant's sudden collapse -- while pointing users towards a community-led fork of the project. From a report: "The Serum program on mainnet became defunct" following FTX's implosion, Serum tweeted. "As upgrade authority is held by FTX, security is in jeopardy, leading to protocols like Jupiter and Radium moving away," it added, referring to two DeFi projects on the Solana blockchain. Earlier this month, the now-bankrupt FTX exchange was hacked for more than $400 million, which is said to have compromised the security of Serum's code. This is because the "update authority" for its code was held solely in the hands of insiders at the FTX exchange, Serum explained. The team also commented on its native Serum (SRM) token, stating its future was "uncertain" and that developers have proposed to scrap its use due to exposure to FTX and its sister trading firm Alameda Research.