Thomas Hawk posted a photo:
photograph I acquired from a large archive of negatives from a San Francisco Bay based commercial photographer taken mostly in the 1960s to 1970s.
In de rechtbankserie ‘Portobello’ legt regisseur Marco Bellocchio wederom recente Italiaanse geschiedenis vast: een geruchtmakende gerechtelijke dwaling in de jaren tachtig, waardoor tv-presentator Enzo Tortora ten val kwam.
/s3/static.nrc.nl/wp-content/uploads/2026/02/16131051/170226CUL_2031550836_portobello.jpg)
Here are three papers describing different side-channel attacks against LLMs.
“Remote Timing Attacks on Efficient Language Model Inference“:
Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user’s conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI’s ChatGPT and Anthropic’s Claude we can distinguish between specific messages or infer the user’s language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work.
“When Speculation Spills Secrets: Side Channels via Speculative Decoding in LLMs“:
Abstract: Deployed large language models (LLMs) often rely on speculative decoding, a technique that generates and verifies multiple candidate tokens in parallel, to improve throughput and latency. In this work, we reveal a new side-channel whereby input-dependent patterns of correct and incorrect speculations can be inferred by monitoring per-iteration token counts or packet sizes. In evaluations using research prototypes and production-grade vLLM serving frameworks, we show that an adversary monitoring these patterns can fingerprint user queries (from a set of 50 prompts) with over 75% accuracy across four speculative-decoding schemes at temperature 0.3: REST (100%), LADE (91.6%), BiLD (95.2%), and EAGLE (77.6%). Even at temperature 1.0, accuracy remains far above the 2% random baseline—REST (99.6%), LADE (61.2%), BiLD (63.6%), and EAGLE (24%). We also show the capability of the attacker to leak confidential datastore contents used for prediction at rates exceeding 25 tokens/sec. To defend against these, we propose and evaluate a suite of mitigations, including packet padding and iteration-wise token aggregation.
“Whisper Leak: a side-channel attack on Large Language Models“:
Abstract: Large Language Models (LLMs) are increasingly deployed in sensitive domains including healthcare, legal services, and confidential communications, where privacy is paramount. This paper introduces Whisper Leak, a side-channel attack that infers user prompt topics from encrypted LLM traffic by analyzing packet size and timing patterns in streaming responses. Despite TLS encryption protecting content, these metadata patterns leak sufficient information to enable topic classification. We demonstrate the attack across 28 popular LLMs from major providers, achieving near-perfect classification (often >98% AUPRC) and high precision even at extreme class imbalance (10,000:1 noise-to-target ratio). For many models, we achieve 100% precision in identifying sensitive topics like “money laundering” while recovering 5-20% of target conversations. This industry-wide vulnerability poses significant risks for users under network surveillance by ISPs, governments, or local adversaries. We evaluate three mitigation strategies – random padding, token batching, and packet injection – finding that while each reduces attack effectiveness, none provides complete protection. Through responsible disclosure, we have collaborated with providers to implement initial countermeasures. Our findings underscore the need for LLM providers to address metadata leakage as AI systems handle increasingly sensitive information.
Boards demand measurable ROI as budgets, bonuses, and jobs hang in the balance
The clock is ticking for AI projects to either prove their worth or face the chopping block.…
Ian & Marg has added a photo to the pool:
Wallangarra railway station is a heritage-listed disused railway station located on both the Southern line and the former Main North line, which served the Granite Belt town of Wallangarra in Queensland, and the New England town of Jennings in New South Wales. It was built in 1877 at and across the inter-state border.
Historically, Wallangarra railway station was on the only railway route between Sydney and Brisbane and had to handle the break-of-gauge where Queensland Railways' 1,067 mm (3 ft 6 in) Southern line met the New South Wales Government Railways' 1,435 mm (4 ft 8+1⁄2 in) Main Northern line. Wallangarra was the terminating point for the Sydney Mail, with passengers transferring to the Brisbane Limited for the remainder of the journey to Sydney.
There are two platforms, one for each gauge: Wallangarra platform for the Queensland system, and Jennings platform for the NSW system.
In 1930 New South Wales's North Coast line from Sydney to Brisbane was completed; as it used only standard gauge for the whole route, it was a more efficient and shorter route it resulted in the decline of Wallangarra station. However, Wallangarra continued to be served by passenger trains until the services from Brisbane and from Sydney were truncated at Toowoomba and Tenterfield respectively on 1 February 1972.
There are no trains today!
As an assembly member, Mamdani backed the Stop Fakes Act. Now, the NYPD has admitted to spying online – but wielding actual power as mayor is complex
When Zohran Mamdani was a New York state assembly member, he sponsored the Stop Fakes Act, which would have prohibited law enforcement from creating fake electronic communication service accounts and collecting users’ account information.
“Digital dragnet surveillance is widespread and dangerous, yet it continues to go unregulated,” Mamdani co-wrote in a 2023 City & State op-ed. “Although the NYPD claimed in a Department of Justice report to keep detailed records of its undercover accounts, the department refuses to provide any documentation of its social media surveillance policies or practices for public review.”
Continue reading...Huge project by Norwegian-owned Scottish Sea Farms gets go-ahead amid concerns over the environmental cost of fish farming and threat to traditional way of life
At Collafirth, north Shetland, Sydney Johnson is unloading bags of two-dozen scallops by throwing them over his head like medicine balls to the pier above. Johnson, who has just finished a 10-hour shift on his boat, the Golden Shore, is concerned that plans for a new salmon farm will put fishers like him and his two sons out of business.
“They say it’s just one farm,” says Johnson. “But it’s one farm more. There’s only so much water and we’re at saturation point.”
Continue reading...A man accused of having placed secret cameras in Altach’s changing room is appearing in court next week
A man who has been accused of having videos from secret cameras in the changing room and showers of the Altach women’s team is appearing in court next week in a case that has shaken football in Austria.
About 30 women have been identified on the recordings, according to the Public Prosecutor’s Office in Feldkirch, and some are considering a civil lawsuit against the accused. The team play in the top division in Austria.
This is an extract from our free email about women’s football, Moving the Goalposts. To get the full edition, visit this page and follow the instructions. Moving the Goalposts is delivered to your inboxes every Tuesday and Thursday.
Continue reading...De Kansspelautoriteit (Ksa) roept het Amerikaanse platform Polymarket op direct de "illegale activiteiten" te staken. Als dit niet gebeurt, krijgt het bedrijf achter de website een dwangsom van 420.000 euro per week opgelegd. Op Polymarket kunnen gebruikers wedden op onder meer wie naar huis gaat met de Oscar voor beste film, het aantal X-posts van Elon Musk in een week, wie de gemeenteraadsverkiezingen van Amsterdam wint en of Jezus Christus terugkeert voor 2027.
Het bedrijf heeft geen vergunning voor het aanbieden van kansspelen in Nederland. Adventure One, het bedrijf achter de voorspelsite, stelt zelf dat het geen kansspelen aanbiedt. Polymarket noemt zichzelf een voorspelplatform. Maar de Ksa ziet dat anders en heeft in een eerder stadium het bedrijf benaderd. "Na contact met het bedrijf over de illegale activiteiten op de Nederlandse markt is geen zichtbare verandering opgetreden en is het aanbod nog steeds beschikbaar." De last onder dwangsom bedraagt maximaal 840.000 euro en kan worden omgezet in een omzetgerelateerde boete.
Voorspelplatform
Met een vergunning mag het platform dit soort weddenschappen overigens ook niet aanbieden, verduidelijkt directeur vergunningen en toezicht bij de Ksa Ella Seijsener. "Prediction markets zijn in opkomst, ook in Nederland. Dit soort bedrijven biedt weddenschappen aan die op onze markt hoe dan ook niet zijn toegestaan, ook niet door vergunninghouders."
Begin dit jaar kwam Polymarket in het nieuws toen een anonieme gokker ruim 400.000 dollar won door te gokken op de gevangenneming van de Venezolaanse president Nicolás Maduro. Volgens het platform zette de gokker zo'n 34.000 dollar in. Wie datzelfde bedrag op de terugkeer van Jezus Christus inzet, kan ruim 8 ton winnen.