Connect with us
DAPA Banner
DAPA Coin
DAPA
COIN PAYMENT ASSET
PRIVACY · BLOCKDAG · HOMOMORPHIC ENCRYPTION · RUST
ElGamal Encrypted MINE DAPA
🚫 GENESIS SOLD OUT
DAPAPAY COMING

Tech

This Week In Security: Another Record Patch Tuesday, LAME Is More Secure, Secure Boot Is Less Secure, And Milk Malware

Published

on

Following the reports last week using the Windows Global Device ID (GDID) in tracking a malware operators behavior, here is a comprehensive write-up about what goes into the GDID and how it is used. It’s worth noting that the GDID itself was not used to catch the malware operator, however once a suspect was identified, the GDID was used to correlate behavior across various Microsoft products on the Internet.

The GDID is generated and assigned during a Windows install, but a re-install of Windows will generate a new GDID. Developer [SmtimesIWndr] tracks the generation and tracking of the GDID through the various Windows libraries and services, identifying where it appears to be created and how it is passed to other services like Azure.

Worth noting is your GDID is a unique, personally identifiable piece of information; if you go exploring and extract it from your Windows install, be sure to keep it private!

LAME mp3 updates

Those of us who were around for the dawn of MP3 files may remember the LAME encoder and library. After almost 10 years, there is a new LAME release.

Advertisement

Notably, this includes two security fixes, one for a stack buffer overflow based on malicious input to the Blade encoder, and an integer underflow in the AIFF header parser. Both of the fixed bugs feel very old-school, which seems appropriate given the age of the library and most of the related code.

Buffer overflows impacting the stack are some of the simplest and most direct forms of vulnerabilities, where it is possible to write past the end of a buffer and control how the function returns and instead execute arbitrary code. Integer under-flows, similarly, impact memory management; usually caused by allowing a variable that stores the size of a buffer to go negative. Since sizes are typically unsigned positive numbers, a negative is interpreted as an enormous positive number, writing past the proper buffer length.

Despite the new findings, the LAME codebase has been extremely resilient over the years, and considering the number of programs that likely still use LAME under the covers to process audio, seeing the project wake up with security fixes is great news.

Recovering Passwords from BIOS

Researchers have found a vulnerability in Dell BIOS code that allows extraction of the administrator password from the BIOS flash chips, either with physical access via a flash programmer, or via administrator or root level access to the operating system and reading the contents of the flash chip.

Advertisement

Dell used a 20 byte key to encrypt a 32 byte password field: for any admin password of 12 characters or fewer, the password is stored in completely plaintext. For longer passwords, characters beyond the first 12 are encrypted – but the random bytes are computed from the first character of the password mixed with fixed device data, yielding only 256 possible encryption seeds for the remaining bytes.

Using the BIOS admin password for evil requires local access, so the attack surface is small, however as the researchers note it controls the boot order and may allow an attacker with physical access to then boot an unsigned OS or bypass full-disk encryption, so it’s serious.

Patch Tuesday Crushes Records

Last month, Microsoft broke records for the number of security fixes in the June monthly Patch Tuesday roundup. This month, Microsoft broke records for the number of security fixes in the July monthly Patch Tuesday roundup.

This month includes a record 60 plus patches for critical vulnerabilities in Windows, as well as fixes for previous Bitlocker bypasses, and an AI prompt injection which could allow web sites to trigger Copilot in Microsoft Edge on Android and execute arbitrary prompts. Another bug patched this month allowed privilege escalation and code execution over DHCP, potentially impacting all Windows installs on the same physical network or public hotspot.

Advertisement

Microsoft credits AI assisted tooling with the record-breaking number of bugs discovered, and indicates it’s unlikely to slow down next month.

LegacyHive Windows Vulnerability

It’s a week with a Patch Tuesday, which now seems to mean it’s a week with a new exploit from NightmadeEclipse, the researcher who previously made news for being quite upset with the responses from the Microsoft security group. After then creating a public outcry by threatening prosecution, Microsoft recently has seemed simply to be fixing bugs disclosed by NightmareEclipse in the next series of security updates.

This month, we have LegacyHive, an exploit which allows loading the “hive”, or collection of registry settings and configuration files, of another user. The Windows registry is typically used to store preferences, settings, auto-launched applications, and other important settings, so being able to access other users registry groups seems significant.

Fairlife Dairy Suspends Production

Fairlife Dairy, owned by Coca-Cola, has suspended US operations due to a ransomware attack. Filings with the SEC simply say that production facilities are impacted and will be temporarily suspended, with no estimate as to when they will be restored.

Advertisement

Typically when a food-processing facility goes offline, the delays for restoring service can be significant due to the sanitization requirements.

CPAN and Perl April Task Force

The April Task Force has been announced (yes, in July) with a focus on enhancing the security posture of Perl and the CPAN library.

Given the absolute havoc wreaked on the NPM and PyPi repositories in 2026, proactive measures to protect other repositories seem prudent. Funded by the Perl and Raku Foundation and the Linux Foundation, the April Task Force will be focused on supply chain security, vulnerability patching, and processing reported vulnerabilities and CVEs.

Perl may not be the juggernaut language it once was, but it’s still used widely, so any preventative measures are good news.

Advertisement

Secure Boot vulnerable

Researchers from ESET enumerated 11 boot loaders signed by Microsoft that can be used to bypass secure boot protections and execute arbitrary code.

Secure Boot was designed to only boot code signed by trusted organizations (in this case, Microsoft). Those of us running Linux typically know it as “the option in the BIOS to turn off to get a kernel to run properly”, but for corporate fleets, Secure Boot protections help protect disk encryption and prevent malware installs.

During boot, a Secure Boot protected system validates the code it is about to launch to ensure it is signed by a trusted organization, establishing a chain of trust where each component then validates the next before launching. Often, to enable other tools or Linux distributions to boot, a “shim” boot loader is created and signed by an organization trusted by the UEFI install, which then loads and validates the actual boot loader or kernel.

Over the years, many such shims have been signed, but updates have lagged and security vulnerabilities have been found. Even unused old boot loader code remains signed and viable, allowing attackers to replace a modern version with a vulnerable, still valid, old version.

Advertisement

Microsoft has removed several of the vulnerable boot loaders via recent Windows patches, however systems that are not updated and systems that do not run Windows will still likely be vulnerable.

Source link

Advertisement
Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Tech

Ken Paxton Vowed To Crack Down On “Illegal Voting.” He May Have Violated Texas Election Law.

Published

on

from the hypocrisy-is-a-part-of-the-job dept

This article first appeared on The Texas Tribune.

Two weeks before this year’s primary elections, Texas Attorney General Ken Paxton announced the creation of a tip line for the public to report people or groups suspected of voter fraud.

“Free and fair elections are a cornerstone of a thriving republic, and with the authority granted to my office by the Legislature, we will stop at nothing to uncover and stop any illegal voting activity,” Paxton said in a February news release announcing the tip line.

The announcement linked to guidance from his office about election laws in Texas, which included a requirement to be a U.S. citizen, a prohibition on collecting mail ballots on behalf of others and a warning that “it is illegal to misrepresent your residence on election records or to establish a residence for the purpose of influencing the outcome of an election.”

“You must register to vote using the address where you reside,” the attorney general’s guidance stated.

Advertisement

Despite his own warnings, Paxton appears to have used an address where he did not live while voting in six elections in the past two years, including in May’s runoff that made him the Republican nominee for U.S. senator, according to records obtained by ProPublica and The Texas Tribune.

State Sen. Angela Paxton said in a 2025 divorce filing that Paxton, whom she accused of adultery, moved out of their Collin County home a year earlier. But Paxton continues to list the home’s address in the northern Dallas suburb on his voter registration. Angela Paxton declined to be interviewed. A source close to the Paxtons said the attorney general has not moved back into the home since leaving.

It is unclear where Paxton has lived for the past two years, but reporting by ProPublica and the Tribune has linked him to a home in neighboring Denton County since February.

Three election lawyers told the news organizations that Paxton may have violated the same Texas laws his office cautioned about in its news release.

Advertisement

ProPublica and the Tribune reached out to Paxton’s campaign on June 3, 15 and 25, asking why he remained registered to vote in Collin County when he appeared to no longer live there and about his connection to the Denton County property. A reporter also left a voicemail on his personal cellphone on June 25. The news organizations sent his government office and campaign staff an email on Monday with a detailed list of questions, including a request for Paxton’s response to election lawyers’ belief that he may be violating the law. 

Paxton and his office did not reply until Monday’s email. Campaign spokesperson Madison Cercy did not answer the questions from the news organizations. Instead, she issued a statement saying that the attorney general has been “a national leader on election integrity, with a long record of defending Texas elections.” Cercy said that “attempting to insinuate otherwise and tear him down with a baseless, lie-filled tabloid story is not real reporting.”

Asked twice to provide specifics about what they believed was inaccurate, the campaign did not respond. 

Voting in an election when the voter is ineligible is a second-degree felony under Texas law and is punishable by up to 20 years in prison and a fine of up to $10,000. But prosecutors rarely bring cases challenging individual voters’ residency claims because they are hard to prove, the election lawyers said.

Advertisement

State courts have repeatedly ruled that there is no single way to determine where someone lives, and judges must consider multiple factors, such as where a voter sleeps or stores personal belongings. Prosecuting such cases also requires proof that a voter “knowingly” or “intentionally” broke the law.

Even if it’s clear that someone doesn’t live at the address where they are registered to vote, state law allows them to remain registered if their absence is temporary and they intend to return. The provision is commonly used by college students and military service members.

“So long as you truly intend to return, I think you’re fine,” said Beth Stevens, an election lawyer who worked for the Harris County clerk and the Texas Civil Rights Project. “When you start doing things that suggest, ‘Oh, I’ve fully moved. I’m just wink-wink saying I intend to return,’ that’s when you get into questionable territory.”

Paxton’s public and contentious split from his wife could make it difficult to argue that he intended to return to the home they own and where she continues to reside, said David Becker, a former voting rights lawyer for the Justice Department.

Advertisement

“I think there would be questions raised about a residence where someone does not live, does not spend the night and can in no way have the intent to continue to reside. Those would probably raise red flags in any state,” Becker said.

Becker, who is now the director of the Center for Election Innovation and Research, a Washington, D.C.-based nonprofit that works to build public trust in elections, added that the situation is particularly problematic because Paxton’s job is to enforce election laws.

“Certainly, the chief law enforcement officer of the state of Texas, someone who has made claims about election integrity and made it a priority of his office, should be charged with knowing the laws of residencies of the state of Texas with regard to voting,” Becker said.

Paxton has advocated for strict enforcement of the state’s election fraud law, including in cases against voters his office alleged had falsified records about where they lived. In 2018, the attorney general’s voter fraud unit arrested nine people on suspicion of using residential addresses where they did not live to vote in a municipal election in Edinburg, in the state’s Rio Grande Valley. County prosecutors, acting on behalf of Paxton, later dismissed the charges after failing to secure a conviction against the mayoral candidate they alleged had encouraged those voters to register at false addresses. The candidate, Richard Molina, said he was innocent and said the prosecution was politically motivated.

Advertisement

Clark Birdsall was not the attorney on those cases but defended another resident whom Paxton prosecuted for illegal voting. Birdsall was stunned that the attorney general appears to have voted under an address where he does not live.

He called it “especially egregious that someone such as Ken Paxton appears he’s not conforming to the law.”

State privacy laws allow some politicians and law enforcement officials to shield their voter registration information from public view. Paxton does not do so. His opponent in the Senate race, Democratic State Rep. James Talarico, does. Talarico’s campaign said he lives and is registered at the north Austin home he purchased in 2022. ProPublica and the Tribune were not able to independently confirm this.

Paxton’s campaign did not raise any issues with Talarico’s voter registration. In her statement to ProPublica and the Tribune, however, Cercy said, “Talarico has actively campaigned against voter security measures” and has said he opposes voter identification requirements. She pointed to a 2021 Fox News interview in which the state representative said he opposed voter identification rules that would require Texans to provide their driver’s license number or partial Social Security number for mail ballots. Talarico said hundreds of thousands of Texans, who don’t drive, lack a driver’s license. He did not directly answer a question about Social Security numbers during the interview.

Advertisement

The Talarico campaign did not respond to a request for comment. 

Paxton’s living arrangements since he separated from his wife are not public, but information obtained by ProPublica and the Tribune offers some indication of where he may have been residing since February.

In mid-February, a trust bought a 5,000-square-foot home listed for $2.4 million in a gated community in Denton County, according to the appraisal district and the seller’s real estate agent. The trust did not disclose its ownership to Denton County officials. Trusts are not required to by law, a spokesperson for Travis County’s appraisal district said.

Paxton shares a separate blind trust with his wife, Angela, that they have used to purchase property and other assets. For years, the address listed for that blind trust had been an office building in Collin County. But that address was changed to the Denton County home a week after the property was purchased.

Advertisement

Angela Paxton said through a spokesperson that she has no connection to the Denton County home or the trust that purchased it. The trustee of the Paxtons’ trust, family friend Chip Loper, did not respond to questions about the address change.

In June, a reporter knocked on the door of the Denton County home. No one answered. When the reporter placed a letter for Paxton in the mailbox, an envelope addressed to Warren Paxton, the attorney general’s given name, was visible.

Later that week, Paxton appeared on a podcast with Texas Lt. Gov. Dan Patrick. Video from the podcast showed Paxton seated in front of a fireplace and mantle that were nearly identical to those depicted in the home’s online real estate listing. One resident also told the newsrooms that they spotted Paxton in the gated community.

In a podcast appearance in June, Texas Attorney General Ken Paxton was seated in front of a gray fireplace that appeared to match real estate listings for a Denton County home. 📸 Obtained and edited for privacy by The Texas Tribune and ProPublica

Separately, the Daily Mail reported in May that Paxton had moved into the Denton County home with Tracy Duhon, whose extramarital affair with Paxton, the news outlet said, prompted his wife’s divorce filing. The Daily Mail also published a video of Paxton and Duhon that it reported was taken at an airport in Iceland in late June. The video was quickly seized upon by Talarico, who depicted Paxton as out of touch with Texans. Duhon did not respond to questions about her connection to the Denton County property or about the Daily Mail reporting.

Paxton is not registered to vote in Denton County, voter rolls show. Instead, since February, he has voted in Collin County twice: once in the March Republican primary and once in the May runoff. Each Texas county elects its own slate of local officials, which is why state law requires voters to register where they live.

Advertisement

Ekow Yankah, a law professor at the University of Michigan whose expertise includes election law, said Paxton’s voter registration situation should remind the attorney general of what studies have consistently shown: that intentional illegal voting is rare.

“You would think that somebody who’s going through this would learn a little bit of humility that lots of things which look on their face, like technical violations of the law, are usually explained by totally ordinary things,” Yankah said. “It’s only if you’re utterly cynical and ignore all the evidence that you make a claim that, in fact, these cases are attributable to nefarious criminal intent.”

Paxton cannot claim ignorance of the law because he enforces it, said Joshua Blank, research director of the Texas Politics Project at the University of Texas at Austin. In fact, as attorney general, Paxton should avoid even the appearance that he is not following the law, Blank said.

“We expect these laws to be understandable by ordinary citizens,” Blank said. “When our elected officials who are tasked with passing and enforcing these laws exhibit troubles in engaging with the voting process themselves, that raises serious questions.”

Advertisement

Filed Under: elections, ken paxton, texas, voting, voting fraud

Source link

Advertisement
Continue Reading

Tech

Seattle indie hit ‘Stardew Valley’ is coming to ‘Magic: The Gathering’

Published

on

Credits: Eric “ConcernedApe” Barone and Sylvain Sarrailh for Wizards of the Coast.

One of the biggest hits ever produced by Seattle’s independent video game scene is joining the Magic: The Gathering multiverse later this month. Sort of.

Magic, the long-running collectible card game published and developed by Renton, Wash.-based Wizards of the Coast, frequently puts out special crossover editions via its Secret Lair imprint.

The Secret Lair “drops” are limited-run collectibles that typically reimagine older Magic cards with new designs and art, which replaces Magic‘s usual cast of wizards and monsters with, for example, Dwarf Fortress, Garfield, or various Marvel superheroes. A caveat: Secret Lairs are priced to appeal to die-hard collectors, rather than casual players.

On Friday, during the first day of MagicCon Amsterdam, Wizards announced several upcoming “drops” for Secret Lair, three of which are based on the popular indie video game Stardew Valley.

Stardew, made by solo developer Eric “ConcernedApe” Barone, is arguably the single biggest success story to come out of Seattle’s independent game development scene. It’s an open-ended video game about a young person who moves back to their grandfather’s abandoned farm, to raise crops, breed livestock, make friends, fish, adventure through the nearby abandoned mines, and/or romance neighbors. This can all be taken at the player’s own pace, with no particular time limits or directions.

Advertisement

Stardew’s success helped to popularize what’s come to be known as the “cozy” genre of chill-out, low-stress video games, alongside other hits like Nintendo’s Animal Crossing. Stardew celebrated its 10th anniversary earlier this year, has sold nearly 50 million copies across multiple platforms, and has spun out into a successful concert tour, a cookbook, and as of earlier this month, a crochet book.

Now Stardew is coming to Magic via Secret Lair, in a package that Wizards is calling the “Superdrop of the Moonlight Jellies,” named after a jellyfish-themed town festival in Stardew Valley.

Coming on July 27, the drop is split into three specific sets of cards: Welcome to Stardew Valley, Life in Pelican Town, and A Flicker in the Deep. The first set, Welcome, features unique pixel art made by ConcernedApe on each card.

Most of the cards in the Stardew Valley Secret Lair are reprints of existing Magic cards, though some have been renamed in keeping with the theme. For example, Swords to Plowshares is one of the oldest cards in Magic, but it’s getting a new Stardew-themed edition in this Secret Lair.

Advertisement

The lone exception is the actual Stardew Valley card (above), which is a special land that’s designed to be compatible with most styles of competitive Magic play.

Other upcoming Secret Lairs announced at MagicCon Amsterdam include:

  • a full playable deck that’s based on the virtual Japanese singer Hatsune Miku;
  • a food-themed take on J.R.R. Tolkien’s The Hobbit;
  • four separate Marvel Comics drops, including one that will feature the universe’s various super-pets;
  • three drops built around specific artists, including American cartoonist Gene Luen Yang (American Born Chinese);
  • and most oddly, a drop with a theme based upon the French record label Lofi Girl, best known for its 24-7 chillhop YouTube “radio station” featuring its namesake and mascot.

Source link

Continue Reading

Tech

OnePlus confirms exit from US and European markets, will replace OxygenOS with ColorOS

Published

on

In a nutshell: Following months of rumors and speculation about the future of the OnePlus brand, the company has officially confirmed that it is exiting all North American and European markets effective immediately. OnePlus will no longer launch new devices in these regions but will continue providing software updates and after-sales support to existing customers.

OnePlus also assured existing users that it will honor all warranty coverage and that eligible devices will be repaired through its authorized service centers in accordance with its standard warranty and support obligations. Eligible OnePlus devices will also continue receiving Android updates and security patches under the company’s existing software support commitments.

Additionally, OnePlus announced that it will replace OxygenOS with the latest version of ColorOS, the Android skin used by its parent company, Oppo. However, the company will give users the option to decline the update and continue using OxygenOS instead. Users will also be able to roll back to OxygenOS if they accidentally update to ColorOS.

Advertisement

As part of its exit strategy, OnePlus will shut down its online community forums in North America and Europe on August 16. In an official announcement, the company said existing forum posts would no longer be accessible after the shutdown and urged users to manually save copies of their posts, comments, photos, guides, and other contributions before that date.

OnePlus’ announcement comes just days after reports began circulating that the long-rumored shutdown could happen as early as this week. Speculation about the company’s future has been ongoing for several months, with multiple tipsters and media reports claiming that OnePlus planned to close its operations in the US, UK, and EU.

OnePlus previously issued denials that failed to convince many observers, with India CEO Robin Liu stating that the company’s local operations would continue as usual. However, he resigned just weeks later, raising further questions about the statement. The company has since confirmed that it will remain operational in India and China and has launched multiple devices in both markets over the past few months.

Advertisement

Source link

Continue Reading

Tech

AWS Billing Glitch Hits Customers With Billion-Dollar Fees

Published

on

A glitch with Amazon Web Services’ billing operation led some customers to believe they owed the world’s fifth most valuable company billions of dollars. Oops!

Bill Radjewski, who runs CollegeFootballData.com, was one of the affected customers. This morning, he woke up to a jarring email alert from AWS: He had racked up more than $1.5 billion in usage fees, and his August 1 bill was on track to be upwards of $3 billion.

“I’ve had this account for 6+ years and in that time my monthly spend has never exceeded $0.02,” Radjewski tells WIRED. He shared screenshots of his three most recent monthly AWS invoices. They each came out to $0.01.

Based on replies to the AWS Support account on X, Radjewski is not alone. Others have received similarly shocking quotes: $22 billion; $75 billion; $110 billion. “Blud why did you hit me with a cost of 5 million USD what did I even do,” one user wrote. “Please explain man my heart will explode.”

Advertisement

When reached for comment, Amazon spokesperson Aisha Johnson referred WIRED to the AWS Service Health Dashboard. While it’s not clear exactly how many customers have been affected, the dashboard characterized the issue as “global.”

The dashboard also said that the billing console “began displaying incorrect estimated billing data” on Thursday, July 16 at 10:38 PM ET.

The company began investigating the issue about six hours later, per the dashboard, and concluded that the “root cause” of the error was “an issue with unit pricing within the estimated billing computation subsystem.” It did not specify what the issue was.

In subsequent updates, AWS said that it’s “rolling back a recent change to the billing computation subsystem,” and said it was attempting to revert to its “last known good estimated bill computation.” It also said it had “paused estimated billing computations.”

Advertisement

The issue should be resolved by this weekend, and “there are no customer actions required at this time,” the company wrote.

Ultimately, some customers have decided to post through it.

One Reddit user posted a screenshot of their current “Cost and usage overview” to the AWS subreddit, which showed that they had incurred $7.1 trillion in service fees since July 1—more than twice Amazon’s market cap.

Source link

Advertisement
Continue Reading

Tech

The Zoom hack that says, ‘Don’t record me’

Published

on

VC Jeremy Levine has a wry solution to something that routinely annoys him, according to a new Wall Street Journal article on the rise of AI transcription apps. On Zoom, he is no longer “Jeremy Levine” but instead “Jeremy Levine I do not consent to transcribing or recording.”

It may sound petty or brilliant, depending on your point of view, but what’s clear is that always-on recording is becoming ubiquitous, thanks to a growing crop of AI note-taking apps and devices, many of which we’ve covered here at TechCrunch (we’ve even ranked some).

VC Eric Bahn tells the outlet he now automatically assumes his meetings with founders will be recorded, even before he sees a phone slide across a conference table. One founder tells the WSJ she records most of her first dates with the Granola app, then feeds the transcript to Claude afterward to see if she could be more “engaging or empathetic,” while also assessing who did most of the talking.

Levine calls the whole trend “socially unacceptable behavior” that can completely kill spontaneous conversations. Others in the piece note it’s a legal minefield.

Advertisement

But there’s another wrinkle: if every meeting, watercooler conversation, and romantic outing gets transcribed and summarized, who’s actually reading any of it? At what point does this audio landfill of every conversation stop being useful and just become another recording no one has time to play back?

Source link

Continue Reading

Tech

Sarah Downs Equips NASA’s Robots With Assembly Skills

Published

on

Like many engineers, Sarah Downs says she knew she wanted to pursue a STEM career from a young age. As a teenager, she discovered robotics through her Tulsa, Okla., middle school’s First Lego League team, and she fell in love with the field, she says. Downs participated in the international robotics program from 2014 to 2016.

Watching PBS specials on NASA Mars rovers Spirit and Opportunity, and seeing the live broadcast of the Curiosity rover launch in 2011, inspired the teen to dream of a career working with NASA.

Sarah Downs

MEMBER GRADE

Advertisement

Graduate student member

UNIVERSITY

Texas A&M University in College Station

MAJOR

Advertisement

Electric engineering

This year the IEEE graduate student member achieved that dream. For her final project as a master’s degree candidate in electrical engineering at the University of Tulsa, she worked on an algorithm in collaboration with NASA and the U.S. Air Force.

The algorithm she developed enables a robot assembling satellites in space to insert an antenna into the correct spot, addressing robotics’s classic peg-in-hole problem of inserting an object into its corresponding hole.

Now a Ph.D. student in electrical engineering at Texas A&M University in College Station, Downs is continuing her research on satellite assembly and manipulation “but on a much larger scale,” she says.

Advertisement

Following a childhood passion

Downs grew up in the Tulsa area. Her father, who died from a heart attack in 2015 when she was 13, was a safety advisor in the oil and gas industry. Her mother stayed home to take care of her brother, who has autism. After her father died, her mother went back to college to earn a bachelor’s degree in business so she could support the family.

“We didn’t have much income, and my mom was always worried about money,” Downs says. “That made me more aware of having a successful career, in a monetary sense.”

From then on, whenever she considered her future career, having a decent salary to support the family was high on her list.

By pursuing a career in robotics, she says, she can follow her passion while obtaining financial security.

Advertisement

In high school, Downs joined the First robotics club, where she found herself drawn to the electrical components used in the machines she and her classmates built.

During her final two years of high school, she participated in an extension program at Tulsa Tech, a training school. She spent half her day in high school classes and the other half taking engineering courses at the vocational school.

After graduating in 2020, she accepted scholarships to attend the University of Tulsa. She began her freshman year at UTulsa not knowing whether she wanted to major in electrical or mechanical engineering, she says, adding that her love of working with small systems helped her choose EE.

For her senior year capstone project, she and two of her classmates designed a lunar lander exhibit for the Tulsa Air and Space Museum. They created an interactive game that simulates missions on lunar and martian surfaces. Four celestial bodies—the moon, Venus, Mars, and Titan—are listed across three computer monitors. Using a game controller, museum visitors can explore the virtual surface of each one. The exhibit is still on display.

Advertisement

Downs earned her bachelor’s degree in electrical engineering in 2024 and continued her education at the university’s EE master’s degree program.

Both more and less complicated than people think

When Downs began her graduate studies, she was supposed to be part of a NASA robotics project for two years. But when a delay in government funding postponed the project’s start, she instead spent her first year in the school’s Institute for Robotics and Autonomy, then newly launched. Its main focus is developing robots to assist people who have mobility challenges.

Inspired by her grandmother, who was wheelchair-bound due to severe arthritis, Downs developed a robotic arm that helps older people and wheelchair users live independently. The arm was able to identify and place objects in the appropriate locations inside the home, such as unloading certain groceries from a shopping bag and placing them on a shelf or in separate containers.

Before the start of her sophomore year in 2025, the NASA project finally secured government funding. She developed a robot that achieves the peg-in-hole task without using any vision systems. Typically, cameras help guide robots’ satellite-assembly work. But in the harsh, remote environment of outer space, cameras might malfunction or encounter delays.

Advertisement

“Don’t stop asking questions. Especially in engineering, don’t pretend like you know everything, because science is about constantly wanting to learn and listen.”

Rather than using cameras, Downs’s robotic arm deploys a force-based insertion process to sense position and orientation of objects in the arm’s environment. The robot loosely grips an antenna and, with a torque sensor on its gripper, “feels” the force feedback of where the satellite and antenna are in relation to each other. The robot then guides the antenna assembly into a target opening on its satellite and maintains the position during adhesion.

Adding to the complexity, the robot performs its task in zero gravity.

“Without gravity, you now have to consider the arm’s reaction torques on the satellite to avoid flinging it into space,” Downs says. Any motion from the arm during the insertion process, especially from increased forces, could cause the satellite to continue movement in that direction.

Advertisement

To combat that, Downs is performing calculations for the project to direct targeted reverse thrusts and counter the force of the robot’s motions.

Her graduate project captures the simple yet complex nature of robotics that she finds fascinating, she says.

“I think robots are both more and also less complicated than people think,” she says. “Really, all you need to start programming a robot is its Denavit-Hartenberg parameters, and you can do a lot with that,” she says, referencing the four values used to describe the position and orientation of a robotic arm and manipulators. Even with different grippers and degrees of freedom, “fundamentally, all robot manipulators start there,” she says.

“But,” she adds, “we’re still learning so much about how robots interact with their environment. Even something simple to us, like manipulating a pen, is still incredibly complex for robots.”

Advertisement

Downs is completing her doctoral thesis in the Robotic Space Simulator project at Texas A&M’s Robotics and Automation Design (RAD) Lab, which specializes in developing machines that can survive in extreme environments. It collaborates with NASA.

Her thesis advisor is Robert Ambrose, a NASA veteran who launched the RAD Lab in 2022. The IEEE member is set to serve as associate director of the school’s Space Institute, due to open this year in Houston. The research facility is being built next to the Johnson Space Center.

After earning her Ph.D., Downs says, she hopes to one day work for NASA, developing rovers that collect samples from Mars or robotic arms that perform tasks on space stations.

To learn more about robots, check out IEEE Spectrum’s guide.

Advertisement

Getting out of the engineering bubble

Downs joined IEEE in 2020 as a freshman at UTulsa to get more involved in electrical engineering events on campus. At the time, the COVID-19 pandemic kept clubs and organizations from meeting in person.

She was active in her school’s IEEE student branch and was elected as its 2022–2024 president. Under her leadership, the branch went from having a few events to hosting one every two weeks.

They included lunch-and-learn sessions and dinners that connected students with professional engineers and the university’s alumni. Downs also organized hands-on workshops on soldering, 3D printing, CAD modeling, and résumé-building.

Her efforts helped increase the branch’s executive board membership from roughly five students to 25 in 2023. The same year, her soldering workshop attracted about 80 students.

Advertisement

She says she enjoyed working with IEEE, especially “engaging with alumni and learning from engineers.”

IEEE is a great resource for networking opportunities, she says, noting that “during the COVID-19 pandemic, engineering students stayed in their bubbles.” IEEE events helped the students make connections that could serve them well, she says.

“Networking is very important, especially in today’s tough job market,” she says. “It’s a lot about who you know and how people observe your work ethic.”

Downs, who now serves as an IEEE graduate advisor for UTulsa’s student branch, says she has seen firsthand how the school’s student branch network has benefited its student members.

Advertisement

“A lot of them have found jobs” because of IEEE, she says.

From Your Site Articles

Related Articles Around the Web

Source link

Advertisement
Continue Reading

Tech

Linus Torvalds To Critics of AI Coding On Linux: ‘Fork It. Or Just Walk Away.’

Published

on

Linus Torvalds says the Linux kernel will not ban AI-assisted coding tools, and if anti-AI absolutists have a problem with that, they can “fork it” or “walk away.” An anonymous reader quotes a report from Ars Technica: Writing in a lengthy post on the Linux kernel mailing list this week, Torvalds said that “Linux is not one of those anti-AI projects, and if somebody has issues with that, they can do the open-source thing and fork it. Or just walk away.” The statement came amid a lengthy thread arguing about the use of Sashiko, an “agentic Linux kernel code review system” that its creators claim can, in tests, independently find 53.6 percent of the bugs that would end up being fixed by human coders in later commits. But the tool can also waste maintainers’ time by sending “false positive” reports of bugs that don’t exist, at a rate Sashiko’s maintainers estimate is “well within [the] 20% range.”

In discussing whether maintainers should be subjected to a flood of these kinds of automated, AI-powered bug report emails (true or false), one poster cited the Software Freedom Conservancy’s recent statement that the open source community “should support, not just tolerate, those who outright reject LLM-gen-AI systems” and that “every FOSS contributor deserves self-determination regarding LLM-gen-AI.” In the face of that statement, Torvalds said that he rejects those who demand that their open source projects not accept any LLM-generated code or revisions. “We’re not forcing anybody to use [LLM tools], but I will very loudly ignore people who try to argue against other people from using it,” Torvalds said.

Torvalds said his position on this is a pragmatic one that’s “based on technical merit. Not fear of new tools.” And when it comes to utility, Torvalds said that “AI is a tool, just like other tools we use. And it’s clearly a useful one. It may not have been that ‘clearly’ even just a year ago, but it’s no longer in question today. Anybody who doubts that clearly hasn’t actually used it.” […] While Torvalds acknowledged that “AI isn’t perfect,” he urged detractors to compare the output of these tools to the performance of human code maintainers. “Anybody who points to the problems at AI had better be looking in the mirror and pointing at themselves at the same time,” Torvalds wrote. “Because it’s not like natural intelligence is always all that great either.”

Source link

Advertisement
Continue Reading

Tech

Spotify is deleting millions of AI-generated music tracks to fend off spammers

Published

on

SpotiSlop: Large language models and sophisticated audio-generation tools are disrupting the traditional music industry. Digital listening platforms such as Spotify have become prime targets for AI-powered spammers, but trade organizations are fighting back with new labeling programs.

Spotify’s Sam Duboff recently revealed that the platform was forced to remove 75 million AI-generated tracks in 2025 alone. As Spotify’s senior director and global head of marketing, policy, and music business, Duboff believes that AI has not introduced any entirely new tactics for spam operations. However, he also argues that generative AI and other machine learning technologies have taken audio spam to the next level.

Spotify now has systems designed to combat both AI-generated “slop” uploads and data scraping by companies seeking new content to train their generative AI models. Duboff confirmed that the company has a “big team” dedicated to identifying potential new attack vectors that could make life easier for spammers (or scraping bots).

The executive also provided several eye-opening figures highlighting the growing prevalence of AI-generated music on digital platforms. Every day, bots upload around 100,000 different “songs” to Spotify’s servers, and a large portion of these tracks are most likely “made” using generative AI services or custom LLM-based setups.

Advertisement

Duboff acknowledges that not every genAI track can simply be dismissed as slop. The 75 million songs removed last year were low-effort content with very little human creativity involved beyond a lazy chatbot prompt. However, “real” artists are increasingly using AI technology in their production workflows, blurring the lines between fake music and human-curated efforts.

Spotify is certainly embracing AI across its business these days. Earlier this year, co-CEO Gustav Söderström said that the company’s engineers are essentially allowing AI agents to handle much of their coding work. Spotify also said that AI tools approved by music labels are now fair game for creating remixes and covers that can then be sold on the platform.

Beyond Spotify’s growing pains with spammy tracks, generative AI is forcing the entire music industry to develop new solutions to the increasingly relevant AI slop problem. The International Federation of the Phonographic Industry, the RIAA, and other major trade organizations recently announced a “voluntary” program to properly label AI-generated music, giving listeners a clear indication when a song has been entirely created through a chatbot prompt. These labels should also identify “AI-assisted” music that was primarily created by human artists.

Advertisement

Source link

Continue Reading

Tech

Another Apple price hike just landed, this time on Apple One

Published

on

Apple has raised the monthly price of its Family and Premier Apple One bundles in the US. The Family plan now costs $27.95 per month, up from $25.95, while Premier has climbed from $37.95 to $39.95. Both plans are now $2 more expensive each month, adding another $24 to the annual bill. The Individual plan remains unchanged at $19.95 per month.

The increase arrives shortly after Apple raised subscription prices for Apple Music across its student, individual, and family plans. New AppleCare+ customers buying coverage for Macs and iPads have also been hit by higher prices recently.

What changed for Apple One subscribers?

Apple One Family includes Apple Music, Apple TV, Apple Arcade, and 200GB of iCloud+ storage. The services can be shared with up to five other family members.

The Premier plan includes the same services, alongside Apple News+, Apple Fitness+, and 2TB of iCloud+ storage.

Apple has not added any new services, storage, or other benefits to either bundle. Family subscribers will now spend $335.40 over a full year, while the Premier plan works out to $479.40 annually.

Apple’s subscription costs keep climbing

Apple has not explained why the two Apple One bundles have become more expensive. The company blamed its recent Apple Music increase on rising licensing costs, and the service is included in every Apple One plan. However, the unchanged Individual bundle suggests Apple Music is unlikely to be the only reason behind the latest adjustment.

Advertisement

The company has also raised AppleCare+ prices for new Mac and iPad customers by $0.50 per month or $5 per year. Those changes followed broader price increases across Apple’s Mac, iPad, Vision Pro, HomePod, and Apple TV lineups. Despite the price increases, Apple One still offers a discount compared to paying for every included service separately.

Source link

Advertisement
Continue Reading

Tech

EU Orders Google to Open Android to AI Rivals and to Share Search Data

Published

on

The European Commission on Thursday mandated that Google provide its competitors with greater access to AI capabilities on Android phones and to search data, saying the increased openness is needed to level the playing field in those areas.

The ruling stems from the European Union’s Digital Markets Act, which is designed to ensure that powerful tech companies, such as Google and Apple, can’t unfairly dominate markets through their size and their gatekeeping powers. In this case, the act requires Google to give third-party apps and services the same level of access to its software as it does for its own services. 

“With today’s measures, we want to support innovation and diversity in the European Union, enabling fair competition in the markets of AI assistants for Android devices and search engines,” Henna Virkkunen, the Commission’s executive vice president for tech sovereignty, security and democracy, said in a statement. “Thanks to these measures we hope to see emerging alternatives to Google Search and Google’s AI services, such as Gemini, and that users in the EU can enjoy greater choice of services.”

Advertisement
CNET AI Atlas badge; click to see more

Gemini AI has become inescapable in Google software and on Android devices. But AI assistants from other companies have had restricted access to key Android functions, which limits the kinds of services they can create and offer, putting them at an unfair disadvantage, according to the Commission. The new ruling would mean, for instance, that third-party AIs could be activated with a voice command similar to “Hey, Google” or could be delegated tasks such as booking a taxi, the Commission said.

The Commission noted that 60% of phone users in the EU have an Android device.

Thursday’s decision also requires Google to share its search data with third-party search engines and with AI chatbots that offer search functionality. That includes data Google uses to optimize its search engine. The Commission said this requirement is important for developing and optimizing third-party search engines, including privacy-focused alternatives. 

Google will also have to provide the data at a fair price and through a clear process, the Commission said.  

Advertisement

Google’s response 

In its response to the ruling, Google homed in on what it said are the dangers the DMA-driven changes would pose to users.

“Today’s decisions risk undermining vital privacy and security guardrails for millions of Europeans,” Kent Walker, president of global affairs for Google and parent company Alphabet, wrote in a blog post. “We have repeatedly offered solutions to safeguard users while satisfying the DMA’s goals, but these rulings discount extensive evidence of user harm.” 

In an email to CNET, a Google spokesperson reiterated the company’s privacy concerns and noted that the alternatives it suggested would ensure, for instance, that query-related data is passed along to recipients while providing better personal data protection. Google also proposed that anonymization be performed by technical and legal experts, but said the EC rejected the proposal. 

Google also said that AI agents already have access to choices, but that ultimately, phone-makers play a big role in protecting users by evaluating apps that could have system-level permissions and access to your data. It said that phone-makers provide that access, not Google. 

Advertisement

Apple last month said that because of a DMA ruling, access to its new Siri AI would not be available to users in the EU when iOS 27 and iPadOS 27 roll out later this year.

Under Thursday’s ruling, Google must start sharing data with search providers in January 2027 and make the Android changes effective as of July 2027.

Source link

Advertisement
Continue Reading

Trending

Copyright © 2025