Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

What do you fear the most?

  • Walking alone at night
  • Becoming the victim of identity theft
  • Safety on the internet
  • Becoming the victim in a mass/random shooting
  • Public speaking
  • The future
  • I'm not afraid of anything
  • Other (please specify in the comments)

[ Results | Polls ]
Comments:146 | Votes:162

posted by hubie on Thursday March 13, @02:10PM   Printer-friendly

https://www.bleepingcomputer.com/news/software/mozilla-warns-users-to-update-firefox-before-certificate-expires/

  By Bill Toulas

        March 12, 2025 11:01 AM

Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.

The Mozilla certificate is set to expire this Friday, March 14, 2025, and was used to sign content, including add-ons for various Mozilla projects and Firefox itself.

Users need to update their browsers to Firefox 128 (released in July 2024) or later and ESR 115.13 or later for 'Extended Support Release' (ESR) users.

"On 14 March a root certificate (the resource used to prove an add-on was approved by Mozilla) will expire, meaning Firefox users on versions older than 128 (or ESR 115) will not be able to use their add-ons," warns a Mozilla blog post.

"We want developers to be aware of this in case some of your users are on older versions of Firefox that may be impacted."

A Mozilla support document explains that failing to update Firefox could expose users to significant security risks and practical issues, which, according to Mozilla, include:

        Malicious add-ons can compromise user data or privacy by bypassing security protections.
        Untrusted certificates may allow users to visit fraudulent or insecure websites without warning.
        Compromised password alerts may stop working, leaving users unaware of potential account breaches.

Users are recommended to check and confirm they're running Firefox version 128 and later via Menu > Help > About Firefox. This action should also automatically trigger a check for updates.

It is noted that the problem impacts Firefox on all platforms, including Windows, Android, Linux, and macOS, except for iOS, where there's an independent root certificate management system.

Mozilla says that users relying on older versions of Firefox may continue using their browsers after the expiration of the certificate if they accept the security risks, but the software's performance and functionality may be severely impacted.

"We strongly advise you to update to the latest version to avoid these issues and ensure your browser stays secure and efficient," advises Mozilla.

Mozilla has also set up a support thread for users who encounter problems or need help updating their Firefox browsers.

Users of Firefox-based browsers like Tor, LibreWolf, and Waterfox should also ensure they're running a version based on Firefox 128 and later.


Original Submission

posted by janrinok on Thursday March 13, @09:21AM   Printer-friendly

Woolly mice are cute and impressive – but they won't bring back mammoths or save endangered species:

US company Colossal Biosciences has announced the creation of a "woolly mouse" — a laboratory mouse with a series of genetic modifications that lead to a woolly coat. The company claims this is the first step toward "de-extincting" the woolly mammoth.

The successful genetic modification of a laboratory mouse is a testament to the progress science has made in understanding gene function, developmental biology and genome editing. But does a woolly mouse really teach us anything about the woolly mammoth?

Woolly mammoths were cold-adapted members of the elephant family, which disappeared from mainland Siberia at the end of the last Ice Age around 10,000 years ago. The last surviving population, on Wrangel Island in the Arctic Ocean, went extinct about 4,000 years ago.

The house mouse (Mus musculus) is a far more familiar creature, which most of us know as a kitchen pest. It is also one of the most studied organisms in biology and medical research. We know more about this laboratory mouse than perhaps any other mammal besides humans.

Colossal details its new research in a pre-print paper, which has not yet been peer-reviewed. According to the paper, the researchers disrupted the normal function of seven different genes in laboratory mice via gene editing.

Six of these genes were targeted because a large body of existing research on the mouse model had already demonstrated their roles in hair-related traits, such as coat colour, texture and thickness.

The modifications in a seventh gene — FABP2 — was based on evidence from the woolly mammoth genome. The gene is involved in the transport of fats in the body.

Woolly mammoths had a slightly shorter version of the gene, which the researchers believe may have contributed to its adaptation to life in cold climates. However, the "woolly mice" with the mammoth-style variant of FABP2 did not show significant differences in body mass compared to regular lab mice.

This work shows the promise of targeted editing of genes of known function in mice. After further testing, this technology may have a future place in conservation efforts. But it's a long way from holding promise for de-extinction.

Colossal Biosciences claims it is on track to produce a genetically modified "mammoth-like" elephant by 2028, but what makes a mammoth unique is more than skin-deep.

De-extinction would need to go beyond modifying an existing species to show superficial traits from an extinct relative. Many aspects of an extinct species' biology remain unknown. A woolly coat is one thing. Recreating the entire suite of adaptations, including genetic, epigenetic and behavioural traits that allowed mammoths to thrive in ice age environments, is another.

Unlike the thylacine (or Tasmanian tiger) — another species Colossal aims to resurrect — the mammoth has a close living relative in the modern Asian elephant. The closer connections between the genomes of these two species may make mammoth de-extinction more technically feasible than that of the thylacine.

But whether or not a woolly mouse brings us any closer to that prospect, this story forces us to consider some important ethical questions. Even if we could bring back the woolly mammoth, should we? Is the motivation behind this effort conservation, or entertainment? Is it ethical to bring a species back into an environment that may no longer sustain it?

In Australia alone, we've lost at least 100 species to extinction since European colonisation in 1788, largely due the introduction of feral predators and land clearing.

The idea of reversing extinction is understandably appealing. We might like to think we could undo the past.

Journal Reference: Rui Chen, Kanokwan Srirattana, Melissa L. Coquelin, et al., Multiplex-edited mice recapitulate woolly mammoth hair phenotypes, bioRxiv, https://doi.org/10.1101/2025.03.03.641227


Original Submission

posted by hubie on Thursday March 13, @04:37AM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

Rust is alive and well in the Linux kernel and is expected to translate into noticeable benefits shortly, though its integration with the largely C-oriented codebase still looks uneasy.

In a hopeful coda to the recent maintainer drama that raised questions about the willingness of Linux maintainers to accommodate Rust code, Josh Aas, who oversees the Internet Security Research Group's Prossimo memory-safety project, late last week hailed Miguel Ojeda's work to advance memory safety in the kernel without mentioning the programming language schism.

"While our goal was never to rewrite the entire kernel in Rust, we are glad to see growing acceptance of Rust's benefits in various subsystems," said Aas. "Today, multiple companies have full time engineers dedicated to working on Rust in the Linux kernel."

Since at least September last year, when Microsoft software engineer Wedson Almeida Filho left the Rust for Linux project citing "non-technical nonsense," it's been clear that acceptance had limits. Tensions between Rust and C kernel contributors flared again in January over concerns about the challenges of maintaining a mixed language codebase – likened to cancer by one maintainer. Urged to intervene, Linux creator Linux Torvalds did so, making his annoyance known to both parties and prompting their departures as Linux maintainers.

Amid all that, Ojeda, who helms the Rust for Linux project, published a "Rust kernel policy" as a way to clarify that those contributing Rust code to the Linux kernel should stay the course and to underscore that Linux leaders still support the initiative.

According to Aas, the presence of Rust code is increasing in various Linux subsystems, including: PHY drivers, the null block driver, the DRM panic screen QR code generator, the Android binder driver, the Apple AGX GPU driver, the NVMe driver, and the Nova GPU driver.

"We expect that one of them will be merged into the mainline kernel in the next 12-18 months," said Aas, pointing to remarks from Linux lieutenant Greg Kroah-Hartman last November suggesting that the availability of Rust driver bindings represented a tipping point that would allow most driver subsystems to start getting Rust drivers.

Once this happens, said Aas, "the goal of the effort will start to be realized: Products and services running Linux with Rust drivers will be more secure, and that means the people using them will be more secure, too."

[...] "The good news is that with the rare exception of code that must be written in assembly for performance and/or security reasons (eg, cryptographic routines), we know how to get rid of memory safety vulnerabilities entirely: write code in languages that don't allow for those kinds of mistakes. It's a more or less solved research problem, and as such we don't need to suffer from this kind of thing any more. It can be relegated to the past like smallpox, we just have to do the work."

Between evocations of cancer and smallpox, it sounds like the Linux and Rust communities still have some issues to work out.


Original Submission

posted by hubie on Wednesday March 12, @11:52PM   Printer-friendly
from the embellish-extend-extinguish dept.

Arthur T Knackerbracket has processed the following story:

Researchers have criticised Microsoft's new Majorana 1 quantum computer, saying it has made claims about the way it works that aren't fully backed up by scientific evidence

Last month Microsoft announced, with fanfare, that it had created a new kind of matter and used it to make a quantum computer architecture that could lead to machines “capable of solving meaningful, industrial-scale problems in years, not decades”.

But since then, the tech giant has increasingly come under fire from researchers who say it has done nothing of the sort. “My impression is that the response of the expert physics community has been overwhelmingly negative. Privately, people are just outraged,” says Sergey Frolov at the University of Pittsburgh, Pennsylvania.

Microsoft’s claim rests on elusive and exotic quasiparticles called Majorana zero modes (MZMs). These can theoretically be used to create a topological qubit, a new type of quantum bit – the building blocks of information processing within a quantum computer. Because of their inherent properties, such qubits could excel at reducing errors, addressing a big shortcoming of all quantum computers in use today.

MZM’s have been theorised to emerge from the collective behaviour of electrons at the edges of thin superconducting wires. Microsoft’s new Majorana 1 chip contains several such wires and, according to the firm, enough MZMs to make eight topological qubits. A Microsoft spokesperson told New Scientist that the chip was “a significant breakthrough for us and the industry”.

Yet researchers say Microsoft hasn’t provided enough evidence to support these claims. Alongside its press announcement, the company published a paper in the journal Nature that it said confirmed its results. “The Nature paper marks peer-reviewed confirmation that Microsoft has not only been able to create Majorana particles, which help protect quantum information from random disturbance, but can also reliably measure that information from them,” said a Microsoft press release.

But editors at Nature made it explicitly clear that this statement is incorrect. A publicly available report on the peer-review process states: “The editorial team wishes to point out that the results in this manuscript do not represent evidence for the presence of Majorana zero modes in the reported devices.”

In other words, Microsoft and Nature are directly contradicting each other. “The press releases have said something totally different [than the Nature paper],” says Henry Legg at the University of St Andrews in the UK.

[...] This isn’t the only unorthodox aspect of Microsoft’s paper. Legg points out that two of the four peer reviewers initially gave rather critical and negative feedback which, in his experience, would typically disqualify a paper from publication in the prestigious journal. The peer-review report shows that by the last round of editing, one reviewer still disagreed with publication of the paper, while the other three signed off on it. A spokesperson for Nature told New Scientist that the ultimate decision to publish came down to the potential they saw for experiments with future MZMs in Microsoft’s device, rather than necessarily what it had achieved so far.


Original Submission

posted by hubie on Wednesday March 12, @07:09PM   Printer-friendly

DOGE axes CISA 'red team' staffers amid ongoing federal cuts:

Elon Musk's Department of Government Efficiency (DOGE) has fired more than a hundred employees working for the U.S. government's cybersecurity agency CISA, including "red team" staffers, two people affected by the layoffs told TechCrunch.

The people, who asked not to be named, said affected employees were axed immediately when their network access was revoked with no prior warning.

The layoffs, which happened in late February and early March, are the latest round of staff cuts to hit the federal cybersecurity agency since the start of the Trump administration.

CISA spokesperson Tess Hyre declined to comment on the latest round of job cuts affecting the agency and wouldn't say how many employees had been affected. Hyre told TechCrunch that CISA's red team "remains operational" but said the agency is "reviewing all contracts to ensure that they align with the priorities of the new administration."

One of the people affected told TechCrunch that CISA red team employees, who simulate real-world attacks to identify security weaknesses in networks before attackers do, were affected by the DOGE-enforced cuts.

Another person affected by the layoffs, who asked to remain anonymous due to fear of government retaliation, told TechCrunch that laid-off employees also include staffers who worked for CISA's Cyber Incident Response Team (CIRT), which is responsible for penetration testing and vulnerability management of networks belonging to U.S. federal government departments and agencies.

[...] This is by our count the third known round of job cuts to affect CISA employees since January 20. More than 130 CISA employees were cut by DOGE earlier in February, according to reports, and several CISA employees working on election security were placed on leave in January.


Original Submission

posted by hubie on Wednesday March 12, @02:21PM   Printer-friendly

Where will the 'Blood Moon' total lunar eclipse be visible in March 2025?A total lunar eclipse on March 13-14, 2025, will be visible across Earth's night side:

A total lunar eclipse will occur on March 13-14, 2025 — the first on Earth since 2022 — but only the night side of the planet will get to see it. During this global event, which will occur at the same time across the world, the lunar surface will turn reddish for 65 minutes — a phenomenon often dubbed a "blood moon."

Although the point of greatest eclipse will be in the Pacific Ocean, North America and South America will get the best views. Some areas of Europe will get a slight view of the moonset, and East Asia will glimpse the spectacle at moonrise.

[...] The total lunar eclipse on March 13-14, 2025, will last just over six hours, beginning with a penumbral eclipse — when the moon enters Earth's fuzzy outer shadow and loses brightness — from 11:57 p.m. to 1:09 a.m. EDT (03:57 to 05:09 UTC). There will then be a partial phase — when the moon begins to enter Earth's darker umbral shadow and starts to turn red — from 1:09 a.m. to 2:26 a.m. (05:09 to 06:26 UTC). Totality — when the whole moon is within Earth's umbra — will last 65 minutes, from 2:26 a.m. to 3:31 a.m. EDT (06:26 to 07:31 UTC). The spectacle then reverses, with totality followed by a partial phase from 3:31 to 4:47 a.m. (07:31 to 08:47 UTC) and a penumbral phase from 4:47 to 6 a.m. EDT (08:47 to 10:00 UTC).

The entire eclipse will be visible — and at its best — across most of the Americas, with glimpses for Europe, Africa and East Asia. Here's a breakdown of the eclipse's visibility by region:

  • North America: All phases of the eclipse will be visible across all 50 U.S. states (including Alaska and Hawaii), Canada and Mexico.
  • South America: Most of the continent will witness the entire event, with totality visible from Brazil, Argentina and Chile starting after midnight on March 14.
  • Europe: Western Europe — including Spain, France and the U.K. — will see totality as the moon sets early on the morning of March 14.
  • Africa: Extreme Western Africa — including Cape Verde, Morocco and Senegal — will see totality as the moon sets early on the morning of March 14.
  • Oceania: New Zealanders will see the eclipse in its later stages, with the moon already in partial shadow as it rises on March 14.

[...] Europe gets a poor view of this total lunar eclipse. In London, the penumbral phase will be viewable from 3:47 a.m. GMT on March 14 and the partial phase from 5:09 a.m. GMT. However, the full moon will set at 6:22 a.m. GMT, just before totality begins, so the only spectacle will be a barely distinguishable line of Earth's shadow across the moon as it sinks into the western horizon. Locations farther west get a slightly better view. From Cardiff, Wales, totality will begin at 6:26 a.m. GMT, 10 minutes before the local moonset, while in Dublin, the local moonset isn't until 6:48 a.m. GMT.

Arguably, the only locations in Europe to see this eclipse in an impressive way are Iceland and Greenland. From Reykjavik, Iceland, totality occurs between 06:26 and 7:31 a.m. GMT, and the local moonset isn't until 7:58 a.m.


Original Submission

posted by hubie on Wednesday March 12, @09:35AM   Printer-friendly
from the another-day-another-exploit dept.

The Hacker News has an interesting article on a PHP-CGI RCE flaw that is being exploited in the wild.

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.

"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical report published Thursday.

"The attacker utilizes plugins of the publicly available Cobalt Strike kit 'TaoWu' for-post exploitation activities."

Targets of the malicious activity encompass companies across technology, telecommunications, entertainment, education, and e-commerce sectors in Japan.

[...] "We assess with moderate confidence that the attacker's motive extends beyond just credential harvesting, based on our observation of other post-exploitation activities, such as establishing persistence, elevating to SYSTEM level privilege, and potential access to adversarial frameworks, indicating the likelihood of future attacks," Raghuprasad said.


Original Submission

posted by hubie on Wednesday March 12, @04:50AM   Printer-friendly

Disney is reportedly cutting staff across ABC News Group and its entertainment network as media layoffs continue:

The popular political poll news and analysis website, 538, is being shut down as part of a broader shuttering effort across ABC News and Disney Entertainment, the Wall Street Journal reported on Tuesday night.

Disney is reportedly cutting 200 positions across ABC News Group and Disney Entertainment Networks, including shutting down the data-driven 538.

[...] FiveThirtyEight, which is named after the number of electors in the US electoral college, has become a popular website for predictions, analysis and watching the polls in the months and days leading up to election night.

But the website's workforce had been slowly dwindling for a couple of years. The 15 employees still with the outlet make up less than half of the team from 2023, when it had about 35 employees.

The decline began when 538's founder, Nate Silver, left the company two years ago when his Disney contract expired.

[...] The broader media landscape has been hit with mass layoffs seemingly nonstop for months. Last month, MSNBC announced a massive shakeup at the network that included letting go of Joy Reid and her production team, as well as no longer using the Spanish-language network Telemundo.


Original Submission

posted by hubie on Wednesday March 12, @12:05AM   Printer-friendly

Short-cut method pinpoints a galaxy apparently formed from just hydrogen and helium:

Staring deep into space and far back in time, a team of astronomers may have spotted a galaxy full of stars made from only the primordial gas created in the Big Bang. Such "population III stars" would have formed from hydrogen and helium and nothing else, and researchers have been searching for them for decades, racking up many disputed sightings. If confirmed, the discovery, made with NASA's JWST space observatory, opens a window on the starting point of the chemical enrichment of the universe, in which the heavier elements needed to make planets and life began to be forged in stellar explosions.

"It's very exciting," says astronomer Elka Rusta of the University of Florence. "We hypothesize that [population III stars] exist from theory, but they have never been directly observed."

The nature of population III stars remains uncertain. Most theorists think they were huge, with masses up to 1000 times that of the Sun, 10 times larger than any star around today. That's because a cloud of gas collapsing to form a star needs to cool, which requires ionizing the atoms in the gas when they collide. But tightly bound hydrogen and helium atoms are hard to ionize, unlike the heavier elements found in later generations of stars. So a cloud of primordial gas would just keep growing as it pulled in more gas under its own gravity, reaching an enormous size before finally becoming dense enough to ignite nuclear fusion in its core.

The gigantic stars that resulted would also burn hot and fast, ending in a supernova explosion after just a few million years. That brief first flash of population III stars is hard for astronomers to spot in galaxies that went on to shine steadily for billions of years with smaller, longer lived stars. But the spectrum of the light from the giant stars might give them away. Different elements absorb and emit characteristic wavelengths of light. Population III stars would produce very strong emission lines for hydrogen and helium and would lack completely spectral lines produced by heavier elements.

[...] The team still refers to it as a candidate because without a detailed spectrum it's impossible to rule out other, less exciting possibilities. For example, GLIMPSE-16043 could be a cloud of lingering primordial gas that is being energized by light from a black hole gorging on matter. Or it could simply be a smaller cluster of stars much closer to Earth that is mimicking a population III spectrum. To settle the issue, "ultimately, you will need spectroscopy," Sobral says. Naidu says JWST officials have awarded the project some high-priority observing time in June to get a spectrum.

If population III stars prove to be big and bright, the ultraviolet light they emit could have played a key role in the youthful universe: ionizing the neutral hydrogen gas between galaxies. And small primordial galaxies like GLIMPSE-16043 could be the predecessors of ultrafaint dwarf galaxies close to our own Milky Way that appear to contain very ancient stars only slightly enriched by heavier elements, notes Tim Beers of the University of Notre Dame. Some astrophysicists think those current stars are the children of population III stars, Beers says, and by studying them astrophysicists could learn about their ancient forebears. "I find it exciting that you can draw a straight line from what we see around the Milky Way to this proposed birthplace."

arXiv Reference: https://doi.org/10.48550/arXiv.2501.11678


Original Submission

posted by janrinok on Tuesday March 11, @07:23PM   Printer-friendly
from the self-hosting-for-the-win dept.

These days most ISPs allow self-hosting to some extent. Programmer Mira Welner has published a 15-step tutorial to getting a working static web site up and running on a Raspberry Pi:

While tutorials abound in regards to getting a basic webserver set up, there is a difference between a functional server and a good usable website. I've been working on getting my personal site set up over the course of the past five years, spending an hour or so every month working on improving the Pi. I never intended for this personal project to become so lengthy or complex, but eventually I ended up with a fairly robust system for running, maintaining, and editing my website. This tutorial will describe what I've learned throughout the process of creating this site in 15 steps, so that you can use it to create and maintain your own sites.

This tutorial assumes that you already know how to use the command line, and that you have some understanding of HTML and CSS. That is about it.

Any always-on system is going to need to draw as little current as possible, and it is hard to beat a Raspberry Pi Zero 2 W which uses under 150 mA. This tutorial stands out as better than most others because of the small details filled in necessary to go from "Hello, World" page to a working, public web site.

Previously:
(2025) AI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore Robots.Txt
(2025) A Better DIY Seismometer Can Detect Faraway Earthquakes
(2024) How the Raspberry Pi is Transforming Synthesizers
(2023) Free Raspberry Pi 4B in Abandoned Scooters
... and many more.


Original Submission

posted by janrinok on Tuesday March 11, @02:34PM   Printer-friendly
from the there's-always-an-alternative-option dept.

X Outage: Thousands Report Issues With Elon Musk's Platform

X outage: Thousands report issues with Elon Musk's platform:

Elon Musk's social media platform X, formerly known as Twitter, experienced massive outages throughout Monday morning that impacted thousands of users in the US and UK.

The outage came as platform monitor Downdetector said it had seen tens of thousands of reports from US users of technical issues affecting the platform.

There were more than 8,000 outage reports from UK users shortly before 14:00 GMT, following a brief but notable surge of reports on Monday morning.

Connection issues lasted for some users into the afternoon.

Many users trying to access the platform and refresh feeds on its app and desktop site during Monday's outages were met with a loading icon.

Musk claims the outages stemmed from a "massive cyber-attack" that originated "in the Ukraine area".

But the technology billionaire, who has been a frequent critic of Ukraine and its President Volodymyr Zelensky, offered no evidence to support the claim and did not say whether or not he thought state actors were involved.

Earlier, he posted on X that "either a large, coordinated group and/or a country is involved".

[...] "We're not sure exactly what happened but there was a massive cyber-attack to try and bring down the X system with [Internet Protocol] addresses originating in the Ukraine area," Musk said in an interview with the Fox Business channel.

Alp Toker, director of Netblocks, which monitors the connectivity of web services, said its own metrics suggested the outages could well be linked to a cyber-attack.

"What we've been seeing is consistent with what we've seen in past denial of service attacks, rather than a configuration or coding error in the platform," he told the BBC.

Elon Musk Claims X Being Targeted in 'Massive Cyberattack' as Service Goes Down

Elon Musk claims X being targeted in 'massive cyberattack' as service goes down:

Elon Musk's X social media platform is experiencing multiple outages. Downdetector.com says more than 28,000 users reported an outage at 11:28 a.m.

The social media platform X (FKA Twitter) went down three separate times with the longest outage lasting several hours starting around 7 a.m. PT/10 a.m. ET.

No official words has come from X save for a single tweet from owner Elon Musk claiming that the outage was due to a 'massive cyberattack.'

More than 40,000 Downdetector reports poured in from users during the second outage — around 35,000 during the third outage — stating that they couldn't even get the X website to load, and it spiked hard again for a third one.

Elon Musk Says DOGE Involvement is Making It Harder to Run His Businesses

Elon Musk says DOGE involvement is making it harder to run his businesses:

In an interview with Fox's Larry Kudlow on Monday, billionaire Elon Musk admitted that his involvement with the Department of Government Efficiency (DOGE), Donald Trump's initiative to reduce federal spending, is making it tougher to run his many businesses: X, Tesla, xAI, SpaceX, The Boring Company, Neuralink, and Starlink.

"How are you running your other businesses?" Kudlow asked at one point. "With great difficulty," Musk replied. "Frankly, I can't believe I'm here doing this."

Musk and DOGE, which has around 100 staffers — a number that Musk expects to climb to 200 — have been criticized for overpromising and underdelivering on spending cuts across U.S government agencies. Government contracting experts say that DOGE's online record of reductions contains inaccurate information and inflates claims of "savings" by including misleading math about contract cancellations.

DOGE has also put the U.S.'s data and computing infrastructure at risk through its work, according to cybersecurity analysts. DOGE staffers, some of whom have little experience working with government systems, have reportedly accessed agency data through insecure means and copied that data onto unprotected servers.

[...] While Musk complains that his work advising DOGE has stretched him thin, the billionaire has been accused of using the initiative to weaken regulations that oversee his business ventures.

When asked by Kudlow if he would extend his involvement in DOGE by "another year," Musk said, "Yeah." "We're just getting things done, as opposed to writing a report," Musk added. "Like, reports don't mean anything. You've got to actually take action."


Original Submission #1Original Submission #2Original Submission #3

posted by janrinok on Tuesday March 11, @09:50AM   Printer-friendly

A Paleoarchaean Impact Crater in the Pilbara Craton, Western Australia

A Paleoarchaean impact crater in the Pilbara Craton, Western Australia:

The role of meteorite impacts in the origin, modification, and destruction of crust during the first two billion years of Earth history (4.5–2.5 billion years ago; Ga) is disputed. Whereas some argue for a relatively minor contribution overall, others have proposed that individual giant impactors (10–50 km diameter) can initiate subduction zones and deep mantle plumes, arguably triggering a chain of events that formed cratons, the ancient nuclei of the continents. The uncertainty is compounded by the seeming absence of impact structures older than 2.23 Ga, such that the evidence for the terrestrial impact flux in the Hadean and Archaean eons is circumstantial. Here, we report the discovery of shatter cones in a complex, dominantly metasedimentary layer, the Antarctic Creek Member (ACM), in the centre of the East Pilbara Terrane, Western Australia, which provide unequivocal evidence for a hypervelocity meteorite impact. The shocked rocks of the crater floor are overlain by (unshocked) carbonate breccias and pillow lavas, stratigraphically constraining the age of the impact to 3.47 Ga and confirming discovery of the only Archaean crater known thus far.

With more than a million craters exceeding 1 km in diameter, and around forty more than 100 km across1,2, the Moon preserves an exquisite record of the intense bombardment endured by bodies in the inner solar system during the first billion years or so of its history (Fig. 1a)3. On Earth, this early impact record has seemingly been lost, reflecting the destructive efficiency of erosion and subduction in recycling primary (basaltic, oceanic) crust back into the convecting mantle. Nevertheless, the oldest parts of many cratons, the ancient Archaean (4.0–2.5 billion years ago; Ga) nuclei of the continents, formed at or before 3.5 Ga4, and should preserve some evidence for an impact flux that would have exceeded that of a similar area of the Moon of comparable age5,6,7 (Fig. 1a). However, the oldest recognized terrestrial impact structure, at Yarrabubba, Western Australia, is dated at 2.23 Ga8. Where are all the Archaean craters?

Finding direct evidence for Archaean impacts (i.e., craters or impact structures8), and thereby better constraining the Archaean impact flux, is important. Large impactors (here bodies or  10 km in diameter) travelling in excess of 10 km.s–1 deliver enormous quantities of kinetic energy, most of which will decay to heat, warming the crust and upper mantle9, with potential consequences for plausible tectonic modes on the early Earth10,11. Further, numerical models have shown that individual bolide impacts can instigate subduction, mantle upwellings (plumes), and voluminous production of primary (basaltic) crust12,13,14. Moreover, impacts provide a ready mechanism to fracture (brecciate) the crust and, in the presence of a hydrosphere15, drive intense hydrothermal alteration of this regolith, concentrating key mineral deposits16. Notably, impact craters may have provided the physical and chemical environments required for life to emerge on Earth and elsewhere17,18.

The East Pilbara Terrane (EPT), part of the Pilbara Craton of Western Australia, is a near-pristine, approximately 200 km diameter fragment of (mostly) Paleoarchaean (3.53–3.23 Ga) cratonic crust comprising domes of sodic granite (TTG) separated by steeply-inclined greenstone belts dominated by ultrabasic to basic volcanic rocks19 (Fig. 1b). Many interpret the EPT as a long-lived volcanic plateau formed by polyphase plume-driven magmatism, probably involving short-lived episodes of (proto)subduction19,20,21. More recently, it has been argued that the EPT ultimately formed at the site of a large bolide impact22, and that such an origin for the initiation of cratons may be generally applicable22,23.

Here, we report the discovery of an impact crater at the North Pole Dome, near the centre of the EPT (Fig. 1b, c). Exceptionally preserved shatter cones within a dominantly siliciclastic horizon (Fig. 2a, b), the Antarctic Creek Member (ACM), which has previously been shown to contain spherules (quenched and devitrified impact-melt droplets)24,25, provide unequivocal evidence for a hypervelocity meteorite impact 3.47 billion years ago. Both spherules and shatter cones are found within the same siliciclastic unit within the ACM, requiring at least two (one proximal, one distal) Paleoarchaean or earlier impact events7,26.

At the base of the Pilbara Supergroup, the 10–15 km thick Warrawoona Group is dominated by weakly metamorphosed ultramafic to mafic volcanic rocks with subordinate felsic volcanic/volcaniclastic rocks and chert19 (Fig. 1b, c). Pillow lavas near its base are pervasively hydrothermally altered and cut by chert–barite veins and overlain by chemical sediments (mostly chert) containing the oldest known (stromatolite) fossils27. At higher stratigraphic levels, within the core of a structural dome (the North Pole Dome; Fig. 1c), a 2–3 km thick sequence of ultramafic–mafic volcanic rocks (the Mount Ada Basalt) contains a thin (up to 20 m) sedimentary unit, the Antarctic Creek Member, which consists of (silicified and carbonate-altered) felsic to mafic volcaniclastic rocks, chert, argillite, arenite and jaspilite intruded by dolerite19,28.

The ACM preserves evidence for the oldest known meteorite impact in the form of one or more layers containing spherules19,24, interpreted by most as globally-distributed airfall impact ejecta19,24,25,29,30, but whose petrogenesis is debated31,32. It contains detrital zircon grains with 207Pb/206Pb ages of 3470 ± 2 Ma24, providing a maximum depositional age, but has not been dated directly. However, underlying felsic rocks near the base of the Mount Ada Basalt (3469 ± 3 Ma), and at the base of the overlying sequence of felsic volcanic rocks (the Duffer Formation; 3468 ± 2 Ma constrain deposition of the ACM to around 3470 Ma (3469.2 + 1.8/–1.2 Ma; ref. 19).

Fieldwork in 2021 in a small area of the North Pole Dome identified shatter cones throughout most of the thickness of the ACM (Fig. 2a; Supplementary Fig. 1). The shatter cones crop out more-or-less continuously for at least several hundred metres extending broadly northeast from where the ACM crosses the track at 21° 02' 54" S, 119° 23' 35" E (Fig. 1c). At outcrop, the variably curved surfaces of the shatter cones are smooth, with divergent and branching ribs and a mean apical angle of around 90° (Fig. 2a; Supplementary Information Fig. 1a–d; see also a 3D model at: https://sketchfab.com/3d-models/shatter-cone-2-cd89206c6d6b4765be766659a6e377da), similar to the average of literature values33. Although the orientation of individual cone axes varies, almost all are steeply inclined and splay (the ribs diverge) downwards (Fig. 2a; Supplementary Fig. 1a–d)33, consistent with a right-way-up stratigraphy19. On a larger scale, the cones are clearly visible as hut-like structures, some several metres tall, which extend across the hillside (Supplementary Fig. 1e).

Immediately overlying the shocked (shatter cone-bearing) ACM is a 5–10 m thick stratabound sequence of polymictic carbonate breccias (occupying the more strongly eroded gully in Supplementary Information Fig. 1e) containing angular fragments of underlying rocks, conspicuously chert (Supplementary Information Fig. 2). The stratabound layer of carbonate breccias is clearly distinct from the (very recent) calcrete deposits that cover the surface of many exposures, and includes distinctive orange dykes up to a metre thick (Supplementary Fig. 2b) that extend for many tens of metres into the footwall. Directly overlying the carbonate breccias are hydrothermally altered basalts (the upper part of the Mount Ada Basalt), which are pillowed near their base (Supplementary Fig. 1e, f) and contain layers of chert at higher stratigraphic levels. We have found no shatter cones in either the pillow basalts or carbonate breccias/dykes.

Shatter cones are the only unequivocal macroscopic indicator of a hypervelocity bolide impact33,34,35. Those discovered at the North Pole Dome (Fig. 2a, b; Supplementary Fig. 1), a structure interpreted by some as a volcanic edifice27, are exceptionally well preserved, retaining delicate features including striated and 'horse-tailed' conical fractures that rival those at the type locality at Steinheim, Germany36. The shatter cones occur within a lithologically and structurally complex, dominantly (at least locally) siliciclastic unit, the ACM, with very low zircon yield24, which we interpret as (subsequently silicified and lithified) subaqueous regolith formed by disaggregation of the uppermost basaltic crust (locally the lower Mount Ada Basalt) by impacts, of which portions were likely reworked, possibly by later impacts or their consequences (e.g., fall out, debris flows, tsunamis).[...]

This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material.

Oldest Crater on Earth May Rewrite Textbooks on Plate Tectonics

YouTube summary: Oldest Crater on Earth May Rewrite Textbooks on Plate Tectonics


Original Submission #1Original Submission #2

posted by hubie on Tuesday March 11, @05:06AM   Printer-friendly

https://www.theregister.com/2025/03/10/infosec_in_brief/

Infosec in Brief -- Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.

Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms.

"These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub," according to Microsoft's threat research team.

GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths.

Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."

The attackers built four to five redirect layers in the campaign, each of which followed on from the GitHub dropper to install more nastiness that it appears were designed to steal information including stored browser credentials.

Microsoft noted that the malicious repos have since been taken down, and provided plenty of indicators of compromise and other valuable information in its report to aid in hunting down and stopping related campaigns.


Original Submission

posted by janrinok on Tuesday March 11, @12:20AM   Printer-friendly
from the shit-decision dept.

US supreme court weakens rules on discharge of raw sewage into water supplies:

The US supreme court has weakened rules on the discharge of raw sewage into water supplies in a 5-4 ruling that undermines the 1972 Clean Water Act.

The CWA is the principal law governing pollution control and water quality of the nation's waterways.

The Republican super majority court ruled on Tuesday that the Environmental Protection Agency (EPA) cannot employ generic, water body-focused pollution discharge limits to Clean Water Act permit holders, and must provide specific limitations to pollution permittees.

The ruling is a win for San Francisco, which challenged nonspecific, or "narrative," wastewater permits that the EPA issues to protect the quality of surface water sources like rivers and streams relied upon for drinking water.

In a 5-4 ruling written by Justice Samuel Alito, the court blocked the EPA from issuing permits that make a permittee responsible for surface water quality, or "end result" permits – a new term coined by the court.

"The agency has adequate tools to obtain needed information from permittees without resorting to end-result requirements," wrote Justice Samuel Alito, who was joined by Chief Justice John Roberts and Justices Clarence Thomas and Brett Kavanaugh, along with Justice Neil Gorsuch, who joined part of the majority opinion.

The EPA issued San Francisco a permit allowing it to discharge pollutants from its combined sewer system into the Pacific Ocean. The permit's conditions include prohibitions on discharges that contribute to a violation of applicable water quality standards. The permit included generic prohibitions on the impacts to water quality, as part of the EPA's efforts to halt San Francisco's releases of raw sewage into the Pacific Ocean during rainstorms.

San Francisco challenged these conditions, arguing that EPA lacks statutory authority to impose them. The US Court of Appeals for the ninth circuit in July 2023 upheld EPA's authority to issue generic limits on discharges under the Clean Water Act. San Francisco took the case to the supreme court.

The case drew the attention of powerful business groups including the National Mining Association and US Chamber of Commerce, which wrote amicus briefs in support of San Francisco's position. It was the first case to grapple with Clean Water Act regulations since the court struck down Chevron deference in Loper Bright Enterprises v Raimondo in June 2024, though it was barely mentioned during oral arguments.

"The city is wrong," according to Justice Amy Coney Barrett, who wrote the dissenting opinion, which was joined by the three Democratic justices, Sotomayor, Kagan and Jackson. "The relevant provision of the Clean Water Act directs EPA to impose any more stringent limitation that is necessary to meet... or required to implement any applicable water quality standard."


Original Submission

posted by janrinok on Monday March 10, @07:35PM   Printer-friendly

[Ed note: Most of the headlines for this story uses the security vendor's description of this is a "backdoor", which is getting called out as deliberate clickbait and hype given the physical access needed to load malicious code --hubie]

Undocumented commands found in Bluetooth chip used by a billion devices

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

In their RootedCON presentation, the Tarlogic researchers explained that interest in Bluetooth security research has waned but not because the protocol or its implementation has become more secure.

Instead, most attacks presented last year didn't have working tools, didn't work with generic hardware, and used outdated/unmaintained tools largely incompatible with modern systems.

Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.

Armed with this new tool, which enables raw access to Bluetooth traffic, Targolic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.

In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake.

The risks arising from these commands include malicious implementations on the OEM level and supply chain attacks.

Depending on how Bluetooth stacks handle HCI commands on the device, remote exploitation of the backdoor might be possible via malicious firmware or rogue Bluetooth connections.

This is especially the case if an attacker already has root access, planted malware, or pushed a malicious update on the device that opens up low-level access.

In general, though, physical access to the device's USB or UART interface would be far riskier and a more realistic attack scenario.

"In a context where you can compromise an IOT device with as ESP32 you will be able to hide an APT inside the ESP memory and perform Bluetooth (or Wi-Fi) attacks against other devices, while controlling the device over Wi-Fi/Bluetooth," explained the researchers to BleepingComputer.

"Our findings would allow to fully take control over the ESP32 chips and to gain persistence in the chip via commands that allow for RAM and Flash modification."

"Also, with persistence in the chip, it may be possible to spread to other devices because the ESP32 allows for the execution of advanced Bluetooth attacks."

BleepingComputer has contacted Espressif for a statement on the researchers' findings, but a comment wasn't immediately available.

= https://www.documentcloud.org/documents/25554812-2025-rootedcon-bluetoothtools/
= https://reg.rootedcon.com/cfp/schedule/talk/5
= https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/


Original Submission