2022-07-02 10:17:28 ..
2022-08-06 12:11:52 UTC
2022-08-13 22:40:55 UTC --fnord666
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Laboratory tests following a mass die-off of fish in the Oder River detected high levels of salinity but no mercury poisoning its waters, Poland's environment minister said Saturday as the mystery continued as to what killed tons of fish in Central Europe.
Anna Moskwa, the minister of climate and environment, said analyses of river samples taken in both Poland and Germany revealed elevated salt levels. Comprehensive toxicology studies are still underway in Poland, she said.
[...] The Oder River runs from Czechia to the border between Poland and Germany before flowing into the Baltic Sea. Some German media had suggested that the river have been be poisoned with mercury.
Polish Prime Minister Mateusz Morawiecki said Friday that "huge amounts of chemical waste" were probably dumped intentionally into his country's second-longest river, causing environmental damage so severe it would take years for the waterway to recover.
[...] "The extent of the fish die-off is shocking. This is a blow to the Oder as a waterway of great ecological value, from which it will presumably not recover for a long time," said Alex Vogel, the environment minister for Germany's Brandenburg state, along which the river runs.
The head of Polish waters, Poland's national water management authority, said Thursday that 10 tons of dead fish had been removed from the river. Hundreds of volunteers were working to help collect dead fish along the German side.
German laboratories said they detected "atypical" levels of "salts" that could be linked to the die-off but wouldn't fully explain them on their own.
A 2021 experiment achieved the landmark milestone of nuclear fusion ignition, which data analysis has now confirmed – but attempts to recreate it over the last year haven't been able to reach ignition again.
Exactly one year later, the scientific results of this record experiment have been published in three peer-reviewed papers: one in Physical Review Letters and two in Physical Review E, according to a press release by LLNL.
"The record shot was a major scientific advance in fusion research, which establishes that fusion ignition in the lab is possible at NIF," said Omar Hurricane, chief scientist for LLNL's inertial confinement fusion program.
"Achieving the conditions needed for ignition has been a long-standing goal for all inertial confinement fusion research and opens access to a new experimental regime where alpha-particle self-heating outstrips all the cooling mechanisms in the fusion plasma."
[...] Since their success last August, the researchers have been trying to recreate the record-breaking performance in order to understand its experimental sensitivities.
[...] While the researchers have not been able to recreate the same level of fusion yield as the August 2021 experiment, all of them have showcased capsule gain greater than unity with yields in the 430-700 kJ range, significantly higher than the previous highest yield of 170 kJ from February 2021.
"It is extremely exciting to have an 'existence proof' of ignition in the lab," Hurricane concluded. "We're operating in a regime that no researchers have accessed since the end of nuclear testing, and it's an incredible opportunity to expand our knowledge as we continue to make progress."
A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.
[...] The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.
When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom. But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom's signing certificate would be enough to pass the test — so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege.
[...] "To me that was kind of problematic [Zoom not responding to his disclosure for 8 months] because not only did I report the bugs to Zoom, I also reported mistakes and how to fix the code," Wardle told The Verge in a call before the talk. "So it was really frustrating to wait, what, six, seven, eight months, knowing that all Mac versions of Zoom were sitting on users' computers vulnerable."
If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system.
The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn't need one. Wardle found that Zoom's updater is owned by and runs as the root user.
It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. The problem is that by simply passing the verification checker the name of the package it was looking for ("Zoom Video ... Certification Authority Apple Root CA.pkg"), this check could be bypassed. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.
Wardle disclosed his findings to Zoom before his talk, and some aspects of the vulnerability were addressed, but key root access was still available as of Wardle's talk on Saturday. Zoom issued a security bulletin later that same day, and a patch for version Zoom 5.11.5 (9788) followed soon after. You can download the update directly from Zoom or click on your menu bar options to "Check for updates." We wouldn't suggest waiting for an automatic update, for multiple reasons.
Nearly nine months after Congress passed President Biden's $1 trillion infrastructure bill, the federal government has yet to allocate any of the $42.5 billion in funding the legislation set aside for expanding broadband service in underserved communities, according to The Wall Street Journal. Under the law, the Commerce Department can't release that money until the Federal Communications Commission (FCC) publishes new coverage maps that more accurately show homes and businesses that don't have access to high-speed internet.
Inaccurate coverage data has long derailed efforts by the federal government to address the rural broadband divide. The previous system the FCC used to map internet availability relied on Form 477 filings from service providers. Those documents have been known for their errors and exaggerations. In 2020, Congress began requiring the FCC to collect more robust coverage data as part of the Broadband DATA Act. However, it wasn't until early 2021 that lawmakers funded the mandate and in August of that same year that the Commission published its first updated map.
Following a contractor dispute, the FCC will publish its latest maps sometime in mid-November. Once they're available, both consumers and companies will a chance to challenge the agency's data. As a result of that extra step, funding from the broadband plan likely won't begin making its way to ISPs until the end of 2023, according to one analyst The Journal interviewed.
There is growing recognition that rapid technology development is producing society-scale risks: state and private surveillance, widespread labor automation, ascending monopoly and oligopoly power, stagnant productivity growth, algorithmic discrimination, and the catastrophic risks posed by advances in fields like AI and biotechnology. Less often discussed, but in my view no less important, is the loss of potential advances that lack short-term or market-legible benefits. These include vaccine development for emerging diseases and open source platforms for basic digital affordances like identity and communication.
At the same time, as democracies falter in the face of complex global challenges, citizens (and increasingly, elected leaders) around the world are losing trust in democratic processes and are being swayed by autocratic alternatives. Nation-state democracies are, to varying degrees, beset by gridlock and hyper-partisanship, little accountability to the popular will, inefficiency, flagging state capacity, inability to keep up with emerging technologies, and corporate capture. While smaller-scale democratic experiments are growing, locally and globally, they remain far too fractured to handle consequential governance decisions at scale.
This puts us in a bind. Clearly, we could be doing a better job directing the development of technology towards collective human flourishing—in fact, this may be one of the greatest challenges of our time. If actually existing democracy is so riddled with flaws, it doesn't seem up to the task. This is what rings hollow in many calls to "democratize technology": Given the litany of complaints, why subject one seemingly broken system to governance by another?
At the same time, as we deal with everything from surveillance to space travel, we desperately need ways to collectively negotiate complex value trade-offs with global consequences, and ways to share in their benefits. This definitely seems like a job for democracy, albeit a much better iteration. So how can we radically update democracy so that we can successfully navigate toward long-term, shared positive outcomes?
The existing data economy (mirroring the digital economy as a whole) is a primary engine of shared growth and progress—and a leaky, power-concentrating, fractured mess. Data brokers sell and resell personal data with little oversight. Huge networks like Facebook and Google capture the information of billions of people and use it in the service of a few shareholders' narrow interests. It is only during brief moments of generosity during a crisis, like when Google provided mobility data to cities during the Covid pandemic, that the public can even see how vast these data stores are, and how helpful they might be in building shared safety and prosperity.
[...] From my vantage point within the tech governance ecosystem of the US, the situation often feels as polarized as our broader political system. Techno-solutionists eschew democracy while techno-pessimists eschew technology, resulting in a tech ecosystem increasingly divorced from the collective interest and a politics of technology increasingly against even the possibility of shared progress. But in reality, we are as far from the best democratic systems we could have as we are from the frontiers of technology-enabled flourishing. And we can't have one without the other—at least, not without embracing either a technocratic dystopia or a stagnant one.
This means we need to not only "fix democracy" and "fix technology," but find ways to leverage each toward the pursuit of the other. Getting there will require policymakers to initiate and finance positive alternatives, not just enact regulation to curb the harms of the current system. It will require political systems willing and able to raise and deploy funding into collective intelligence experimentation, via subsidies, sandboxes for fast innovation, and investment into basic research funding and digital public infrastructure. It will require technologists and researchers to develop metrics beyond artificial benchmarks or maximizing engagement; in turn, it will require funders and journals to reward research breakthroughs that augment collective intelligence and collaboration. It will require civil society organizations to expand beyond (necessary) criticism of existing technology ecosystems into convening communities to imagine and contribute to actionable, better futures. And it will require collective intelligence experiments of all kinds—from the local to the global, from the digital to the physical, from theory to practice. This isn't just a job for institutions; it's a job for all of us who are invested in both participation and progress.
For all its flaws, the early internet, the foundation of many Collective Inteilligence instances today, was built with public funding, research, civil society input, and private innovation. It has gone on to restructure our age. The almost insurmountable challenges of this century will require coordination on an even more massive scale. But the rewards are likely to be even greater. We should invest accordingly.
A while back, retired journalist and octogenarian, Chris Biddle, had an excellent interview with author and digital rights activist Cory Doctorow about digital restrictions. They speak in particular about digital restrictions technologies which have been spread within agricultural equipment through the equipment's firmware. Their conversation starts out with mention of the use of network-connected firmware to brick the tractors which were looted from dealership sales lots in Ukraine by the invading Russian army. Cory gives a detailed overview of the issues hidden away by the mainstream press under the feel-good stories about the incident.
But was the bigger picture more worrying? I speak with Cory Doctorow, author, Guardian journalist with a special interest in protecting human rights in this digital age.
He says that whilst 'kill-switches' used to disable the machinery provide a security benefit, it is possible that widely available 'hacking' technology could also be used to disrupt the world's agricultural infrastructure by those with more sinister motives.
All of which feeds into the Right to Repair cases currently going through the US courts. It is also all about who owns the tractor, who owns data, and who owns the rights to the embedded software?
Deere contends that a customer can never fully own connected machinery because it holds exclusive rights to the software coding.
Some US farmers have attempted to unlock the embedded by purchasing illegal firmware –mostly developed by sophisticated hackers based in Ukraine!
The interview is just under 45 minutes.
(2022) New York State Passes First Electronics Right-to-Repair Bill
(2022) John Deere Remotely Disables Farm Equipment Stolen by Russians from Ukraine Dealership
(2022) A Fight Over the Right to Repair Cars Turns Ugly
(2021) Apple and John Deere Shareholder Resolutions Demand They Explain Their Bad Repair Policies
(2021) The FTC is Investigating Why McDonald's McFlurry Machines are "Always Broken"
(2020) Europe Wants a 'Right to Repair' Smartphones and Gadgets
(2019) New Elizabeth Warren Policy Supports "Right to Repair"
(2016) Sweden Wants to Fight Disposable Culture with Tax Breaks for Repairing Old Stuff
For decades now, privacy advocates warned we were creating a dystopia through our rampant over-collection and monetization of consumer data. And just as often, those concerns were greeted with calls of "consumers don't actually care about privacy" from overly confident white guys in tech.
Nothing has exposed those flippant responses as ignorant quite like the post-Roe privacy landscape, in which basic female health data can now be weaponized to ruin the lives of those seeking abortions, or those trying to help women obtain foundational health care. Either by states looking to prosecute them, or individual right wing hardliners who often have easy, cheap access to the exact same information.
The latest case in point: Gizmodo did a deep dive into the largely unaccountable data broker space and discovered there are currently 32 different data brokers selling pregnancy status data on 2.9 billion consumer profiles.
Via browsing, app, promotion, and location data, those consumers are quickly deemed "actively pregnant" or "shopping for maternity products." Another 478 million customer profiles are actively labeled "interested in pregnancy" or "intending to become pregnant." As is usually the case, companies (the ones that could be identified) claimed it was no big deal because the data is "anonymized":
The Five, Nine, and Fourteen Eyes are agreements between the surveillance agencies (the "eyes") of several countries. The original group is the Five Eyes (abbreviated as FVEY)—consisting of the U.S., the UK, Canada, Australia, and New Zealand—which shortly after the second world war signed a deal (the UKUSA pact) to share intelligence among each other.
Over the years, four other countries informally joined the original five (the Netherlands, France, Denmark, and Norway), making nine.
A few years after, five more joined (Belgium, Italy, Germany, Spain, and Sweden) to come to the grand total of 14.
However, these three groups are different from each other in what they share with each other.
Naturally, deals struck between spies aren't accessible to regular people, but we do know a fair bit about these three groups, especially the original five. This is because their founding document, the UKUSA agreement, was made public in 2010. The British National Archives has the full text.
Probably the most important thing to highlight is that this deal isn't explicitly between the governments of any of the countries involved, but between their spy agencies, particularly those tasked with what's called signals intelligence or SIGINT in spy-speak, which boils down to communications surveillance like wire-tapping. In the case of the U.S., it's the agency now called the NSA, while in Britain, this role is filled by GCHQ.
Of course, most of the governments involved were aware of the deal, though not all. The Australian government was kept in the dark until 1973, for example, which gives you an idea of the impunity with which these surveillance agencies were operating.
The purpose of the Five eyes was and is to automatically share information through the STONEGHOST network, as well as share technology and methods. The other two associations, the Nine and Fourteen Eyes, are removed one and two steps away from this inner circle, respectively.
Again, details are sketchy, but it appears the four extra members that make up the Nine Eyes have to request permission to get information and don't receive everything, while the five that make up the Fourteen Eyes get even less.
On top of these "official" members, there also seem to be deals in place with countries like Israel and South Korea, though we don't know much beyond that.
The U.S. government said it will offer up to $10 million for information related to five people believed to be high-ranking members of the notorious Russia-backed Conti ransomware gang.
The reward is offered as part of the U.S. State Department's Rewards for Justice (RFJ) program, which on Thursday shared an image of a known Conti ransomware operator known as "Target," marking the first time the U.S. government has publicly identified a Conti operative. The program, which specifically seeks information on national security threats, is offering up to $10 million for information leading to the identification and location of Target, along with four other alleged Conti members known as "Tramp," "Dandis," "Professor," and "Reshaev."
[...] The gang rebranded from Ryuk to Conti in 2020, and later sided with Russia in its war against Ukraine, pledging to respond to any cyber attacks on the Russian government or the country's critical infrastructure. But this backfired when a disgruntled Conti member leaked over 170,000 internal chat conversations between other Conti members and the source code for the ransomware itself.
This breach led to the eventual shutdown of the Conti ransomware brand in June this year, though it's believed members of the gang have quietly moved into other ransomware operations including Hive, AvosLocker, BlackCat, and Hello Kitty.
The RFJ's bounty program was initially launched to gather information on national security threats and terrorists targeting U.S. interests and has expanded to offer rewards for information on cyber criminals. It's also offering bounties for information on the Russia-backed REvil and Evil Corp hacking groups.
One of the most popular media player software and streaming media server VLC media player, developed by VideoLAN project, is banned in India. As per a report by MediaNama, VLC Media Player has been banned in India, but this happened nearly 2 months ago. However, if you have the software installed on your device, it should still be working. Meanwhile, neither the company nor the Indian government revealed any details about the ban.
Some reports suggest that VLC Media Player has been banned in the country because the platform was used by China-backed hacking group Cicada for cyber attacks. Just a few months ago, security experts discovered that Cicada was using VLC Media Player to deploy a malicious malware loader as part of a long-running cyber attack campaign.
[...] In 2020, the Indian government banned hundreds of Chinese apps, including PUBG Mobile, TikTok, Camscanner and more. In fact, the PUBG Mobile Indian version dubbed BGMI has also been banned in India recently and removed from the Google Play store and Apple App store. The reason behind blocking these apps is that the government feared these platforms were sending user data to China. Notably, VLC Media Player is not backed by a Chinese company. It is developed by VideoLAN, a Paris-based firm.
A digital vulnerability in the computer systems used on some Boeing Co aircraft that could have allowed malicious hackers to modify data and cause pilots to make dangerous miscalculations has been fixed, security researchers said on Friday, Trend reports with reference to Reuters.
Older versions of a digital tool used to calculate landing and take-off speeds on some aircraft could be tampered with by hackers with direct access to an "Electronic Flight Bag," or EFB, a tablet device used by pilots to plan flights, cybersecurity firm Pen Test Partners said in a report.
"If data modification occurs, and the resulting miscalculations are not detected during the crew's required cross check or verification process, an aircraft could land on a runway too short, or take off at incorrect speeds potentially resulting in a tail strike or runway excursion," said the report, which was presented at the DEF CON hacker convention in Las Vegas on Friday.
In a statement, Boeing said it was not aware of any airplane that had been affected by the issue, but had released a software update to address it.
Are you among the one in three Americans who gulps down a multivitamin every morning, probably with a sip of water? The truth about this popular habit may be hard to swallow.
"Most people would be better off just drinking a full glass of water and skipping the vitamin," says Pieter Cohen, an associate professor of medicine at Harvard Medical School and an internist at Harvard-affiliated Cambridge Health Alliance. In addition to saving money, you'll have the satisfaction of not succumbing to misleading marketing schemes.
That's because for the average American adult, a daily multivitamin doesn't provide any meaningful health benefit, as noted recently by the US Preventive Services Task Force (USPSTF). Their review, which analyzed 84 studies involving nearly 700,000 people, found little or no evidence that taking vitamin and mineral supplements helps prevent cancer and cardiovascular disease that can lead to heart attacks and stroke, nor do they help prevent an early death.
"We have good evidence that for the vast majority of people, taking multivitamins won't help you," says Cohen, an expert in dietary supplement research and regulation.
[...] Surveys suggest people take vitamins to stay healthy, feel more energetic, or gain peace of mind, according to an editorial that accompanied the USPSTF review. These beliefs stem from a powerful narrative about vitamins being healthy and natural that dates back nearly a century.
"This narrative appeals to many groups in our population, including people who are progressive vegetarians and also to conservatives who are suspicious about science and think that doctors are up to no good," says Cohen.
Russian company Prombit has unveiled the BITBLAZE Titan BM15 Arm Linux Laptop equipped with Baikal-M1 octa-core Arm Cortex-A57 processor manufactured by TSMC, up to 128GB RAM [disputed: may only be 32 GB], SSD storage, and a 15.6-inch Full HD display.
[...] There's no mention of the operating system used on the product page, but the laptop most certainly runs the same Astra Linux distribution as the Baikal M hardware launched last year with the Russian office application package, and other programs all approved by the "Ministry of Digital Development, Communications, and Mass Media".
However, the laptop may end up being a collector item, as Tom's Hardware reports TSMC will not manufacture chips for Russian companies due to current sanctions. But we'll have to see, as Chinese companies such as SMIC should still be able to manufacture processors on a 28nm process despite (again) more sanctions. Tom's Hardware further mentions that the laptop is expected to cost between 100,000 and 120,000 rubles (or about $1,600 – $1,930 at current exchange rates), so the price/performance ratio is less than impressive, but that may be the cost of independence. Productions samples, scheduled "earlier than November" may cost less.
Also at Notebookcheck.
During the 41st session of the General Conference, UNESCO launched its latest global report on education.
Sparking a timely global debate was precisely the goal of the International Commission, led by H.E. Ms Sahle-Work Zewde, President of the Federal Democratic Republic of Ethiopia, that spent two years preparing the report, titled Reimagining our Futures Together: A New Social Contract for Education.
More than a million people – experts, young people and teachers but also civil society, government and economic actors – were tapped in the global consultation that informed it.
Reimagining Our Futures Together upholds the tradition of past landmark UNESCO reports that have structured education policies around the world. The Faure report, Learning to Be, in 1972, and the Delors report, Learning: The Treasure Within, in 1996, are key references in the debate on learning. The report recommends an urgent, sweeping reform of education globally to repair past injustices and enhance our capacity to act together for a more sustainable future. The report finds that today's teaching and learning methods are outdated and even counterproductive. Education could contribute so much more to creating just and peaceful societies, a healthy planet and shared progress that benefits us all. Instead, how we educate is in effect causing some of our difficulties to address today's challenges.
As we face grave risks to the future of humanity and the living planet itself, we must urgently reinvent education to help us address common challenges. This act of reimagining means working together to create futures that are shared and interdependent.says The Report
What we need is a new social contract for education so that we can think differently about learning and the relationships between students, teachers, knowledge and the world. Forging this contract begins with a shared vision: it must be based on human rights; uphold the principles of lifelong quality education and of education as a public common good; and champion the role of teachers.
[...] This report is intended as an invitation to think and imagine, not as a blueprint. The questions it raises must be debated by countries, communities, schools and every kind of educational programme and system around the world. Since its publication, the report has already inspired various forms of dialogue and action.
Following GCC 12 introducing LoongArch support earlier this year, Linux 5.19 adding the initial LoongArch port, and Glibc 2.36 adding LoongArch, LibreOffice is now the latest high-profile open-source project adding support for this Chinese processor ISA that started out derived from MIPS64.
Loongson as the company behind LoongArch contributed the native support for running the LibreOffice open-source office suite on LoongArch 64-bit hardware.