Tech Brew Ride Home - Wed. 10/11 – The Greatest DDoS Attack By Far
Episode Date: October 11, 2023The EU is warning Elon Musk over X content related to the Israel-Hamas war. The biggest DDoS attack of all time, by, like, 8x. New image models from Adobe. New PS5s from Sony. New rules from the FTC t...o help you avoid hidden fees. And checking in with the Sam Bankman Fried trial. Sponsors: Shopify.com/ride Links: EU warns Elon Musk of ‘penalties’ for disinformation circulating on X amid Israel-Hamas war (CNN) New technique leads to largest DDoS attacks ever, Google and Amazon say (The Record) Adobe Firefly can now generate more realistic images (TechCrunch) Sony’s new PS5 with a removable disc drive launches in November (The Verge) The End of Junk Fees? FTC Proposes New Rule (The Hollywood Reporter) Caroline Ellison, Adviser to Sam Bankman-Fried, Says He ‘Directed’ Her to Commit Crimes (NYTimes) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the Tech meme right home for Wednesday, October 11th, 2023. I'm Brian McCullough today. The EU is warning Elon Musk over X content related to the Israel Hamas War. The biggest DDoS attack of all time by like 8X. New image models from Adobe, new PS5s from Sony, new rules from the FTC to help you avoid hidden fees and checking in with the Sam Bankman-Fried trial. Here's what you miss today in the world of tech. The European Union is warning Elon Musk that X,
could face penalties under the DSA for hosting, quote, illegal content and disinformation, end quote,
about the Israel-Hamas war. Quoting CNN. In a letter addressed to ex-owner Elon Musk,
Tieri Breton, a top European commissioner, said X faces, quote, very precise obligations regarding
content moderation, and that the company's handling of the unfolding conflict so far has raised
doubts about its compliance. As a platform subject to Europe's Digital Services Act, or DSA, X could
face billions in fines if regulators conclude that violations have occurred. X didn't immediately
respond to a request for comment. The warning letter highlights X's potentially vast
legal exposure as it battles a wave of bogus claims linked to the war that have been attributed
to everything from fake White House press releases to false news reports and out of context
videos from unrelated conflicts or even video games. Much of the problematic content appears to stem from
platform changes made under Musk's supervision. Breton suggested in the letter which he shared on X.
For example, he wrote, X announced over the weekend that it was making it easier for accounts to
qualify for newsworthiness exceptions to its platform rules. The change to X's public interest
policy made it so that accounts no longer require a minimum of 100,000 followers to qualify.
They need only be, quote, high-profile accounts that, as before, represent current or potential
government officials, political parties, or political candidates. Removing the follower threshold
and replacing it with a celebrity standard leaves it, quote, uncertain what content particularly,
quote, violent and terrorist content that appears to circulate on your platform will be removed,
Breton wrote. Under the DSA, which became enforceable for large platforms in August, companies must
also act swiftly when officials highlight content that violates European laws, which X may not be
doing, Bertan warned. We have, from qualified sources, reports about potentially illegal content
circulating on your service, despite flags from relevant authorities, Bertan wrote. I remind you that
following the opening of a potential investigation and a finding of noncompliance, penalties can be
imposed, he added. In an exchange on X, Musk replied to Breton, quote,
Our policy is that everything is open source and transparent, an approach that I know the EU
supports, Musk wrote. Please list the violations you allude to on X so that the public can see them,
end quote. Bruton posted back, quote, you are well aware of your users and authorities,
reports on fake content and glorification of violence. Up to you to demonstrate that you walk the talk.
My team remains at your disposal to ensure,
DSA compliance, which the EU will continue to enforce rigorously, end quote.
Hey, Guinness Book of World Records. Amazon, Google, and Cloudflare say a DDoS attack hit
398 million requests per second back in August. That is around eight times larger than
the previous record for the biggest DDoS attack ever. Again, 398 million per second due to a new
flaw that Google apparently mitigated. So I think we're good now, but still, that's what you call
setting a new bar, quoting the record. Amazon, Google and Cloudflare said they detected the largest
distributed denial of service or DDoS attacks on record in August due to a newly discovered
vulnerability. The companies explained on Tuesday morning that a bug tracked as CVE 2023-44-8-7
allowed threat actors a fresh angle for overwhelming websites with a flood of traffic, making them
temporarily unavailable to users.
Exploitation of the vulnerability is known as HTP-2 Rapid Reset Attack.
The issue affects the HTP-T-P-2 protocol, a pivotal piece of internet infrastructure that
governs how most websites operate.
The attacks have not been attributed to any known hacking group.
Google's Jujo Snellman and Danielle I.M. Artino said the tech giant mitigated an attack
in August that was more than eight times as large as the previous record.
It involved 398 million requests per second or RPS. In August 2022, they had reported stopping an attack that peaked at 46 million requests per second. That one was equivalent to, quote, receiving all of the daily requests to Wikipedia, one of the top 10 trafficked websites in the world in just 10 seconds, they said. The incidents involving the HTTP 2 vulnerability, quote, were largely stopped at the edge of our network by Google's global load balancing infrastructure and did not lead to any outages. While the impact, the impact.
was minimal. Google's DDoS response team reviewed the attacks and added additional protections
to further mitigate similar attacks. Snellman and Ian Martino said,
HTTP2 manages how browsers interact with websites, allowing them to request to view things like
images and text quickly, and all at once, no matter how complex the website, according to
Cloudflare officials. An older version of the protocol, HTTP1.1, could only read a request,
process it, write a response, and only then read and process the next request, while HTP2 can handle
multiple concurrent streams on a single connection. This new attack works by making hundreds of
thousands of requests and immediately cancel them, Cloudflare said. By automating this
request cancel, request cancel pattern at scale, threat actors overwhelm the websites and are able to
knock anything that uses HTTP2 offline, end quote. The August attack alarmed experts who noted that
HTP2 is part of about 60% of all web applications and determines the speed and quality of how
users see and interact with websites, end quote. Adobe has debuted the Firefly Image 2 model in Firefly
for the web. The model is larger than its predecessor, better at rendering humans, and is coming
soon to Creative Cloud, quoting TechCrunch. Adobe also today announced that Firefly's users have now
generated 3 billion images since the service launched about half a year ago, with 1 billion
generated last month alone. The vast majority of Firefly users around 90% are also net new to Adobe's
products. The majority of these users surely use the Firefly web app, which helps explain why
a few weeks ago the company decided to turn what was essentially a demo site for Firefly into
a full-fledged Creative Cloud service. Alexander Koston, Adobe's VP for Generative AI and
Senai told me that the new model wasn't just trained on more recent images from Adobe stock
and other commercially safe sources, but also that it is significantly larger. Firefly is an
ensemble of multiple models, and I think we've increased their sizes by a factor of three,
he told me. So it's like a brain that's three times larger and we'll know how to make these
connections and render more beautiful pixels, more beautiful details for the user, end quote.
The company also increased the dataset by almost a factor of two, which in turn,
should give the model a better understanding of what users are asking for. That larger model is obviously
more resource intensive, but Kostin noted that it should run at the same speed as the first model.
We're continuing our explorations and investment in the distillation, pruning, optimization, and quantization.
There's a lot of work going into making sure customers get a similar experience, but we don't
balloon the cloud costs too much, end quote. Right now, though, Adobe's focus is on quality over
optimization. For now, the new model will be available through the Firefly web app, but it will also come
to Creative Cloud apps like Photoshop, where it powers popular features like generative fill in the near
future. That's also something cost and stressed. The way Adobe thinks about generative AI isn't so much
about content creation, but generative editing, he said, end quote. Sony has announced a new $500
PS5 model with a detachable disk drive, one terabyte of internal storage, and a slightly
slimmer and shorter design. This is shipping in November. Quoting the Verge. Often referred to as the
PS5 Slim, this new model is slightly slimmer and shorter than the existing one, but will crucially
replace both the PS5 and PS5 Digital Edition. In the U.S., the new model will cost $499, with the
drive included, while the PS5 Digital Edition is 449. The new PS5 has a significant overall reduction in
volume by more than 30% and an up to 24% reduction in weight, depending on which model you pick.
Sony now has a bulge at the side of the PS5 for the disc drive, which can be removed and replaced
with a side panel. There are four separate cover panels with the top portion in a glossy look,
while the bottom remains in Matt, said Sid Schumann, Senior Director of SIEC Content Communications
in a blog post. If you purchase the base PS5 digital edition, you can add the Blu-ray Disc Drive
at a later date as Sony is selling it separately for $79.
There are now two slits on each side and a dual USBC port at the front instead of the
single USBC and USBA ports that are available on current PS5s.
A horizontal stand will be included with this new PS5 model and a new vertical one that
works on all PS5 models will be sold separately for $299.
Both new PS5 models also include 1 terabyte of storage now instead of the 825 gigabytes
found on the existing PS5. The new PS5 model will be released in November in the U.S.
at Select Retailers and at Sony's PlayStation Direct site for $449 without a drive or $499 with one.
It will continue to roll out globally in the following months, says Schumann.
Once inventory of the current PS5 model has sold out, the new PS5 will become the only model
available. In Europe, it will be priced at 449 euros for the digital edition and 549 euros
with the drive and in the UK, it's 479 pounds with the drive or 389 pounds for the PS5
Digital Edition, end quote. The FTC has proposed a new rule to require ticket sellers and others
to show the total price to users up front. Ticketmaster and seat geek have pledged to support
this sort of all-end pricing, quoting the Hollywood Reporter. The rule would not set a limit on the
fees, but rather would require broader disclosures, including detailing the purpose of the fees
and whether or not they are refundable. This action comes as President Biden has made cutting down
on the so-called junk fees, one of the priorities of his administration. Major ticket sellers,
such as Ticketmaster and Seatgeek, have already committed to all-end pricing after Biden
convened a meeting of consumer-facing companies, which also included Airbnb and others to discuss
the issue in June. If the FTC rule is approved, a company that does not comply could face
monetary penalties, and the consumer may be eligible for a refund. The proposed rule is subject to a
60-day comment period before the FTC decides on next steps, end quote. Finally today, your mileage may
vary on the story, but I don't believe we have mentioned that the Sam Bankman-Fried trial has begun,
where yesterday Caroline Ellison testified that SBF directed her to commit crimes, like using FTCS client
funds for Alameda Research Venture Investments and Loan Repayments.
Quoting the New York Times.
Ms. Ellison, 28, took the stand for about four hours on the fifth day of Mr. Bankman
Freed's fraud trial in federal court.
She began by taking more than 10 seconds to identify Mr. Bankman Fried when a prosecutor
asked her to point him out.
Then, within the first 15 minutes of her testimony, Ms. Ellison repeatedly blamed Mr.
Bankman Fried 31 for crimes that led to FTX's implosion.
She testified that he instructed her to use FTX customer deposits to finance venture investments and loan repayments by Alameda Research, a crypto hedge fund that she oversaw for him.
She said Alameda took around $14 billion, only some of which it was able to repay.
He directed me to commit these crimes, Ms. Ellison said, as Mr. Bankman-Feed sat across the room flanked by his lawyers.
As the government's star witness and by far Mr. Bankman-Freed's most widely discussed associate, Ms.
Ellison is a key figure in the trial, and her testimony was a highly anticipated moment.
In her testimony on Tuesday, Ms. Ellison explained her history with Mr. Bankman-Fried
and delved into the details of their relationship, often in highly personal terms.
Shortly after starting at Alameda, Ms. Ellison said,
she realized the company was, quote, in much worse shape than Mr. Bankman-Fried had conveyed
to her.
The firm had suffered large losses and was desperate for new sources of capital, she said.
She said Mr. Bankman-Freed was very ambitious.
telling her that he wanted his companies to be successful and that there was a, quote,
five percent chance that he would become president of the United States.
He had an unusual approach to risk, she added. At one point, she testified, Mr. Bankman-Fried,
said he would happily perform a coin flip if heads meant the world would become twice as good,
even if tails meant the world would be destroyed. When prosecutors questioned Ms. Ellison
about her relationship with Mr. Bankman-Fried, Ms. Ellison's voice became softer.
She said that she had little power in the relationship and that Mr. Bankman-Freed didn't want other people to know they were dating.
He was the person I reported to, she said.
He owned the company, and he set my compensation and had the ability to fire me.
Ms. Ellison said dating, quote, created some awkward situations because Mr. Bankman-Freed was her boss.
She said she ultimately broke up with him because, quote, he often felt distant or wasn't paying attention to me.
Alameda had dipped into FTC's customer funds for years.
Ms. Ellison said, at a meeting in Hong Kong in 2021, she said Mr. Bankman-Fried authorized the use of
FTX customer deposits to buy back about $2 billion in shares of the exchange that were owned by
the rival crypto company, Binance. We have to get it done, she recalled him saying.
Ms. Ellison also recounted several times that she questioned the use of FTX customer funds to pay
lenders or make investments, only for Mr. Bankman-Fried to reassure her that it was the right move.
As a trader, I was a customer on exchanges, and if I knew this was,
was happening at another exchange, I would be uncomfortable leaving money there, she said, end quote.
So I'm on my way to the airport to head home. I have to say that the AI engineer summit
was one of the best conferences I've ever been to. Hats off to friend of this show, Swicks.
One of the things I learned this week is that everyone calls him Swix. So I got to stop calling him Sean,
even though my kids call him Sean, the guy that they showed Tears of the Kingdom to.
If you're interested in the AI space at all, head over to AI. Engineer and look out for their next conference.
It's happening this spring, I believe, the AI Engineer World's Fair. Look it up.
Good on you, Swix. Met so many cool people. Chris Messina messed with my bookmarks on my browser.
It was a good week. Gotta go. Got to get a cab.
Talk to you tomorrow.