Category Archives: News

Source: Ars Technica

Source: Hack a Day

Recently there was a panicked scrambling after the announcement by [Tarlogic] of a ‘backdoor’ found in Espressif’s popular ESP32 MCUs. Specifically a backdoor on  the Bluetooth side that would give a lot of control over the system to any attacker. As [Xeno Kovah] explains, much about these claims is exaggerated, and calling it a ‘backdoor’ is far beyond the scope of what was actually discovered.

To summarize the original findings, the researchers found a number of vendor-specific commands (VSCs) in the (publicly available) ESP32 ROM that can be sent via the host-controller interface (HCI) between the software and the Bluetooth PHY. They found that these VSCs could do things like writing and reading the firmware in the PHY, as well as send low-level packets.

The thing about VSCs is of course that these are a standard feature with Bluetooth controllers, with each manufacturer implementing a range of these for use with their own software SDK. These VSCs allow for updating firmware, report temperatures and features like debugging, and are generally documented (except for Broadcom).

Effectively, [Xeno] makes the point that VSCs are a standard feature in Bluetooth controllers, which – like most features – can also be abused. [Tarlogic] has since updated their article as well to distance themselves from the ‘backdoor’ term and instead want to call these VSCs a ‘hidden feature’. That said, if these VSCs in ESP32 chips are a security risk, then as [Xeno] duly notes, millions of BT controllers from Texas Instruments, Broadcom and others with similar VSCs would similarly be a security risk.

Source: OSNews

Remember about half a year ago, when the PowerPC versions of Windows NT were made to run on certain models of PowerPC Macs? The same developer responsible for that work, Rairii, took all of this to the next level, and it’s now possible to run the PowerPC version of Windows NT on the GameCube, Wii, Wii U, and a few related development boards.

NT 3.51 RTM and higher. NT 3.51 betas (build 944 and below) will need kernel patches to run due to processor detection bugs. NT 3.5 will never be compatible, as it only supports PowerPC 601. (The additional suspend/hibernation features in NT 3.51 PMZ could be made compatible in theory but in practise would require all of the additional drivers for that to be reimplemented.)

↫ Windows NT for GameCube/Wii GitHub page

As you may have expected, there are some issues, such as instability and random reboots, USB hotplugging doesn’t work, and some other, smaller issues, but none of that takes away from just how awesome and impressive this really is. There’s framebuffer support for the Flipper GPU, full support for the controllers ports and a ton of compatible controllers and related input devices, including support for the N64 mouse and keyboard, although said support is untested.

The GameCube and Wii (U) are PowerPC computers, after all, running IBM processors, so it shouldn’t be surprising that running Windows NT on them is possible. Still, it’s an impressive feat of engineering to get this to work at all, let alone in as complete a state as it appears to be.

Source: Hacker News

Source: Engadget

Educational tech company Chegg has sued Google in federal court claiming that its "AI Overviews" that appear ahead of search results have hurt its traffic and revenue. In order to be included in Google's search results, Chegg alleges, it must "supply content that Google republishes without permission in AI-generated answers that unfairly compete for the attention of users on the internet in violation of antitrust laws of the United States." 

Previously, publishers like The New York Times have sued AI companies over copyright infringement, accusing them of training large language models (LLMs) on IP material without permission. However, Chegg is taking another approach, instead accusing Google of abusing its monopoly position to force companies to supply materials for its "AI Overviews" on its search page. Failing to do so, it says, means it could effectively be excluded from Google Search altogether. 

Chegg included a screenshot of a Google AI Overview that takes details from Chegg's website without attribution, though the page in question appears lower down in the search results.

Google told CNBC that it would defend itself against the suit. "Every day, Google sends billions of clicks to sites across the web, and AI Overviews send traffic to a greater diversity of sites," a spokesperson said.

Google's use of its monopoly power in this way "amounts to a form of unlawful reciprocal dealing that harms competition in violation of the Sherman Act," Chegg claimed, while citing a federal judge's ruling from last year that Google is a monopolist in search. The tech-ed company said that it is particularly affected by these practices because the "breadth, depth, quality and volume of Chegg's educational content holds enormous value for artificial intelligence applications." 

Chegg is the latest in a long list of companies suing Google over alleged misappropriation of IP content, though as mentioned, using the Sherman Act is a novel approach. As of January 2025, 38 copyright lawsuits related to AI have been filed in the US, according to a site keeping track of the claims — so far with mixed results. 

Source: Hacker News

Source: OSNews

Humane is selling most of its company to HP for $116 million and will stop selling AI Pin, the company announced today.

AI Pins that have already been purchased will continue to function normally until 3PM ET on February 28th, Humane says in a support document. After that date, Pins will “no longer connect to Humane’s servers.” As a result, AI Pin features will “no longer include calling, messaging, AI queries / responses, or cloud access.” Humane is also encouraging users to download any pictures, videos, and notes stored on their Pins before they are permanently deleted at that shutdown time.

↫ Jay Peters at The Verge

I can’t think of a better example of “AI” being a planet-cooking hype bubble than the Humane failure everybody saw coming from a mile away.

HP can add this useless acquisition next to the Palm one.

Source: Hacker News

Source: Hacker News

Source: Engadget

According to researchers, anyone who knows where to look can spray digital graffiti on the Department of Government Efficiency (DOGE) website. Two web development experts said the site doesn’t seem to be hosted on government servers and that the database it pulls from can be modified by those who locate it. At the time of writing, a message reading “these ‘experts’ left their database open - roro” is still visible on the DOGE site.

DOGE chief and President Trump consigliere Elon Musk said on Tuesday that his team would be as transparent as possible, with updates on its actions shared to an X account and website. As 404 Media notes, the DOGE website was pretty much blank at the time. Since then, it's been hurriedly assembled to show a feed of posts from the entity’s X account, along with details about the federal workforce.

The researchers told 404 that the site appeared to be built on Cloudflare Pages instead of government servers. After looking at the site’s architecture and API endpoints, one was able to locate the database containing stats on government employees. They made changes to database entries that were reflected on the DOGE website.

It's not the first time that a federal website operating under the Trump administration has appeared to have been slapped together. Just this week, the waste.gov was locked after it was reported that the site displayed a dummy WordPress page, complete with placeholder text.

DOGE does acknowledge that there are possible issues with its web presence. “This is DOGE's effort to create a comprehensive, government-wide org chart,” a footnote on the DOGE website reads. “This is an enormous effort, and there are likely some errors or omissions. We will continue to strive for maximum accuracy over time.”

However, it doesn’t exactly inspire confidence that a team tasked with making sweeping cuts to government spending and allegedly barging its way into federal systems that contain sensitive data on federal employees and citizens can’t secure its own website. Perhaps gutting the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency wasn't the wisest idea.