SoylentNews

Arthur T Knackerbracket has found the following story:

The Khronos Group has pushed out the Open CL 3.0 provisional specification, a major update to the cross-platform API used for accelerating software performance by using the concurrent programming capabilities of GPUs and CPUs.

[...] The ability to do general-purpose computing on GPUs, which are optimised for parallel processing, as well as easily taking advantage of multi-threading on a CPU, can make a massive difference in performance, not only at the high end in supercomputers, but also on PCs and mobiles. That said, even OpenCL 1.2, released in 2011, appears to be good enough for many developers.

"OpenCL 1.2 has proven itself as the baseline needed by all vendors and markets," said Neil Trevett, president of the Khronos Group. Therefore, OpenCL 3.0 [PDF] "makes all functionality beyond version 1.2 optional". While this may seem like a backward step, the idea is that a broad range of devices can have OpenCL 3.0-compliant drivers, and that developers will query for additional features, such as those introduced in OpenCL 2.x, using them only if they are available. This also means it is easy for implementers to "upgrade" drivers, simply by adding any missing OpenCL 2.x queries.

The change is a reaction to issues with the "monolithic" OpenCL 2.x specifications, which were a deterrent to adoption since it was challenging to implement everything. Khronos even suggests in its presentation [PDF] that implementers "may choose to drop OpenCL 2.x features if not relevant to target markets, to reduce costs and increase quality."

The risk is that OpenCL 1.2 is now set in stone as a base API and developers may be reluctant to move beyond it.

[...] With OpenCL 3.0, less is more: the key feature is to make the specification modular so that future enhancements can be introduced gradually and implemented by a subset of drivers according to what is appropriate for the targeted devices. This means that adoption of OpenCL 3.0 should in theory be quick, because of the ease of migrating OpenCL 1.2 drivers, even if actual functionality is little changed.

Also at AnandTech.

-- submitted from IRC

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

The COVID-19 shutdown is making weather prediction more difficult:

The World Meteorological Organization's Global Observing System -- one third of the WMO's overarching World Weather Watch program -- was established in 1963 and provides a variety of atmosphere and ocean surface measurements to the WMO's 193 member states. These measurements are gathered from satellite and ground-based observation platforms, as well as commercial aircraft. They're then disseminated via the WMO's Global Telecommunication System (GTS) before being processed by the Global Data-processing and Forecasting System (GDPFS).

The ground and satellite components of that system are largely automated and generally immune to at least the immediate impacts of the COVID-19 pandemic. Lars Peter Riishojgaard, Director, Earth System Branch in WMO's Infrastructure Department believes that the impact of losing those aerial observations will still be "relatively modest." However, he explained in a recent press release, "as the decrease in availability of aircraft weather observations continues and expands, we may expect a gradual decrease in reliability of the forecasts."

[...] More immediate is the problem with the system's aircraft-based sensors; primarily that they're no longer in the sky, collecting vital ambient temperature, wind speed and direction readings. Aircraft rely on the Aircraft Meteorological Data Relay program (AMDAR) to collect the necessary data using onboard sensors, process and transmit it to relay stations on the ground via radio or satellite link.

[...] "As of March 31, the daily output of meteorological data from U.S. commercial aircraft has decreased to approximately half of normal levels," the NOAA rep continued. They were also quick to point out that "even though a decrease in this critical data will possibly negatively impact forecast model skill, it does not necessarily translate into a reduction in forecast accuracy since National Weather Service meteorologists use an entire suite of observations and guidance to produce an actual forecast."

[...] Thankfully, meteorologists won't be flying completely blind with so many airlines effectively out of commission. The ECMWF began pulling wind data from the Aeolus satellite in January. As for the NOAA, "while the automated weather reports from commercial aircraft provide exceptionally valuable data for forecast models, we also collect billions of Earth observations from other sources that feed into our models, such as weather balloons, surface weather observation network, radar, satellites and buoys," the spokesperson told Engadget. "Additionally, NOAA will soon be using COSMIC-2 GPS radio occultation satellite data to further increase observations throughout the depth of the tropical atmosphere."

Original Submission

Arthur T Knackerbracket has found the following story:

Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could [have] allowed an inside attacker to weaponized a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts.

The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept (PoC) of the attack.

Microsoft neutralized the threat last Monday, updating misconfigured DNS records, after researchers reported the vulnerability on March 23.“Even if an attacker doesn’t gather much information from a [compromised] Teams’ account, they could use the account to traverse throughout an organization (just like a worm),” wrote Omer Tsarfati, CyberArk cyber security researcher, in a technical breakdown of its discovery Monday. “Eventually, the attacker could access all the data from your organization Teams accounts – gathering confidential information, competitive data, secrets, passwords, private information, business plans, etc.”

The attack involves malicious actors being able to abuse a JSON Web Token (“authtoken”) and a second “skype token”. The combination of these two tokens are used by Microsoft to allow a Teams user to see images shared with them – or by them – across different Microsoft servers and services such as SharePoint and Outlook.

[...] “Now with both tokens, the access token (authtoken) and the Skype token, [an attacker] will be able to make APIs calls/actions through Teams API interfaces – letting you send messages, read messages, create groups, add new users or remove users from groups, change permissions in groups,” researchers wrote.

[...] Researchers [...] said Microsoft quickly deleted the misconfigured DNS records of the two subdomains, which mitigated the problem.

Original Submission

An Anonymous Coward writes:

UN: Consequences Remain Decades After Chernobyl Disaster:

The United Nations says persistent and serious long-term consequences remain more than 30 years after the explosion and fire at the Chernobyl nuclear power plant in Ukraine.

The world body is marking International Chernobyl Disaster Remembrance Day on April 26, the 34th anniversary of the accident that spread a radioactive cloud over large parts of Belarus, Ukraine, and Russia.

Chernobyl: How did the world's worst nuclear accident happen?:

Efforts to downplay the scale of the disaster began within government itself — infamously exemplified by the Soviet foreign affairs minister's attempt to allay a more senior official's concern for residents' health with the assertion that they were celebrating weddings, gardening, and "fishing in the Pripyat River".

Three days later, the alarm was raised by Sweden, where the radiation was picked up at a nuclear plant.

The Soviet Union denied that an incident had occurred, but with Denmark, Finland and Norway also voicing concerns shortly afterwards, it eventually became impossible to hide the accident from the international community.

However, Moscow continued to downplay the true scale of the catastrophe, failing to tell even its own citizens to stay indoors and allowing the capital's May Day parade to go ahead a week later. The ensuing secrecy surrounding the handling of the disaster in the years that followed, and the reluctance to warn citizens of the scale of the danger they continued to face, means the true toll is continually being revised.

Original Submission

hubie writes:

The 26th of April marks the centenary of the Great Debate regarding the nature of the universe. At the end of the 19th Century, the general consensus was that the Milky Way Galaxy was the extent of the known universe. There were these known fuzzy spiral nebular disks that were not stars or planets, or even anything interesting like a comet, and there was quite a bit of speculation earlier in the century whether they were close objects or very very far away, but by the end of the century all the objects in the sky were thought to belong to a single great system. This opinion was summarized by one of the great science writers of the day, Agnes Clerke, who wrote in 1890

The question whether nebulæ are external galaxies hardly any longer needs discussion. It has been answered by the progress of discovery. No competent thinker, with the whole of the available evidence before him, can now, it is safe to say, maintain any single nebula to be a star system of coordinate rank with the Milky Way.

At the beginning of the 20th Century the young astronomer Curtis Heber studied these nebulae and his observations suggested that these spiral-shaped objects were further away than the size of the known universe. He believed that the Milky Way, if looked at from a sufficient distance, would appear the same as the spiral nebulae he was observing. As more observations came in, the National Academy of Sciences decided to host a debate on the topic. Heber didn't dispute the size of the Milky Way and argued that the nebulae were the famed "island galaxies". The counterpoint was provided by astronomer Harlow Shapley. Shapley argued that the Milky Way was indeed much larger than the known size (300,000 vs. 30,000 light years) and thus the nebulae were part of the Milky Way.

Twenty-five years ago in celebration of the 75th anniversary of this event, Virginia Trimble wrote an informative historical summary of the debate and noted

As is often the case for classic dichotomies, the wisdom of hindsight reveals that each of the speakers was right about some things and wrong about others, both in choosing which data to take most seriously and in drawing conclusions from those data. Modern (mostly casual) discussions of the 1920 event leave the impression that Shapley was, on the whole, the winner. But the two men's reactions to Hubble's discovery of Cepheids in the Andromeda galaxy makes clear that both felt that the issue of existence of external galaxies (on which Curtis had been more nearly correct) was one of greater long-term importance than the size of the Milky Way (on which Shapley had been more nearly correct). Shapley is much the better known today and is generally credited in text books with the Copernican task of getting us out of the center of the galaxy. Under modern conditions, he would probably also have gotten most of the press notices. Curtis's repeated theme, "More data are needed," is remarkably difficult, then as now, to turn into a headline.

Original Submission

upstart writes in with an IRC submission for GrandFireWizard:

Google has reportedly removed more than 100 apps:

Google has reportedly removed more than 100 apps with tens of millions of downloads after allegations the apps were part of a co-ordinated group that may have violated store policies.

The group allegedly involves at least 27 separate app developers (that could also be pseudonyms), according to tech outlet CyberNews.

The outlet alleges the apps were made (and often ripped off from other developers, including some in the alleged network) to generate ad revenue.

Most of the apps are simple ones focusing on things like scanning PDFs and making photo collages, likely deliberately chosen because they provide sought after services people want quickly and are likely to download them without thinking too hard about it.

The research alleges the group's apps were downloaded 69 million times and could have been generating $US10,000 a month, or even up to $US1 million, though they say it's likely to be on the lower end of that spectrum.

But the apps don't appear to require much work to make and publish on the Google Play Store, which is what initially raised the suspicions of the researchers, after discovering links between different developers.

The app developers mostly have a first name-last name style developer name usually featuring Western-style names, which might seem like a tenuous link at first, but it goes deeper.

[...] The research doesn't conclusively reveal where the network is based, but all the evidence seems to point towards Asia, with Vietnamese postcodes on some developer pages, and references to Chinese telecoms in the code of some actual apps.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

AT&T CEO retiring as telco plans for three years of cost cuts and layoffs:

AT&T CEO Randall Stephenson is retiring at the end of June and handing the reins to executive John Stankey, who will lead the telco through a multi-year cost-cutting program. Stankey, the company president and COO, will become CEO on July 1, AT&T announced today. Stephenson "will serve as Executive Chairman of the Board of Directors until January 2021 to ensure a smooth leadership transition."

Stephenson, 60, has been AT&T's CEO since 2007; he began his AT&T career in 1982 with Southwestern Bell Telephone, a subsidiary.

"Stankey's selection as AT&T's next CEO completes the final phase of a succession planning process that AT&T's Board began in 2017, which included a thorough evaluation of internal and external candidates," today's announcement said.

Stankey, 57, has been with AT&T since 1985 and has been president and COO since October 2019. He has recently taken on a more prominent role as part of succession planning. Last month, Stankey detailed a cost-cutting plan to "generate double digits of billions over a 3-year planning cycle." That will include job cuts, which Stankey called "headcount rationalization."

[...] In today's succession announcement, Stephenson said he looks forward to working with Stankey "as the leadership team moves forward on our strategic initiatives while navigating the difficult economic and health challenges currently facing our country and the world. John has the right experiences and skills, and the unflinching determination every CEO needs to act on his convictions."

Stankey said he "couldn't be more excited about the new opportunities we have to serve our customers and communities and create value for our shareholders."

Meanwhile...

takyon writes:

Interstellar asteroids found hiding in plain sight

A new study has identified the first known permanent population of asteroids originating from outside our Solar System. The objects are believed to have been captured from other stars billions of years ago, and have been orbiting our Sun in disguise ever since. The work is published in the journal Monthly Notices of the Royal Astronomical Society.

The first interstellar visitor, the asteroid known as 'Oumuamua, hit the headlines in 2017, however it was just passing through. The newly-identified asteroids on the other hand are thought to have been present almost since the birth of our Solar System, 4.5 billion years ago in a star cluster where each sun had its own planets and asteroids.

"The close proximity of the stars meant that they felt each others' gravity much more strongly in those early days than they do today," explained Dr Fathi Namouni, lead author of the study. "This enabled asteroids to be pulled from one star system to another."

Also at ScienceAlert.

An interstellar origin for high-inclination Centaurs (open, DOI: 10.1093/mnras/staa712) (DX)

Original Submission

upstart writes in with an IRC submission for The Mighty Buzzard:

Wine 5.7 Released With More Progress On D3D Vulkan Backend, USB Device Driver - Phoronix:

As reported a few days ago, there has been progress on the WineD3D Vulkan back-end for allowing D3D9/D3D10/D3D11 calls to go through Vulkan rather than OpenGL. It's similar aim to DXVK but not nearly as mature. The Vulkan support for WineD3D is still being brought up and isn't yet ready for end-users/gamers but progress is being made.

Another significant step forward [...] is better USB device support. The start of this USB device driver is still early but hopefully will come together for Wine 6.0 considering the heavy lifting is being done by libusb.

Get it at: WineHQ.org

Original Submission

upstart writes in with an IRC submission for nutherguy:

Magic Leap's $2.6 billion bait and switch – TechCrunch:

Two years ago I attended an "Innovation in Immersive Storytelling" event at Industrial Light & Magic, featuring the Chief Game Wizard of Magic Leap. I should have known then, from all the strained corporate sorcery in that sentence, that their demise was inevitable. But in fact I went into that talk a Magic Leap skeptic, and came out ... less so.

Magic Leap drew in a lot of true believers over the years; $2.6 billion worth. Investors included Andreessen Horowitz, Kleiner Perkins, Google (not Google Ventures — Google itself) and many many more. Sundar Pichai joined Magic Leap's board. And did they rave. I mean, it's a VC's job to rave about their portfolio companies, but this was different:

Now there is something new. Not just an order-of-magnitude more pixels or a faster frame rate, but – thanks to sensors and optics and mobile phone volumes and breakthroughs in computer vision – something I always dreamed of ... The product is amazing ... this is different

— Bing Gordon of Kleiner Perkins.

It was incredibly natural and almost jarring — you're in the room, and there's a dragon flying around, it's jaw-dropping and I couldn't get the smile off of my face

— Legendary Pictures CEO Thomas Tull

Legendary and a16z had previously invested in Oculus Rift. Tull even told TechCrunch "Magic Leap takes a completely different approach." This is especially interesting because when Magic Leap finally — finally, after 5 years and $1.6 billion — released a product, Oculus's Palmer Luckey wrote a truly scathing teardown of the Magic Leap One. Again, yes he would do so ... but the details are quite striking ...

They call it the "Lightwear". This is the part that has gotten the most hype over the years, with endless talk of "Photonic Lightfield Chips", "Fiber Scanning Laser Displays", "projecting a digital light field into the user's eye", and the holy-grail promise of solving vergence-accommodation conflict, an issue that has plagued HMDs for decades ... TL;DR: The supposed "Photonic Lightfield Chips" are just waveguides paired with reflective sequential-color LCOS displays and LED illumination, the same technology everyone else has been using for years, including Microsoft in their last-gen HoloLens. The ML1 is a not a "lightfield projector" or display by any broadly accepted definition

What happened to that "completely different approach?"

See also:

*SPOILER* (click to show) *SPOILER* (click to hide)

Magic Leap press release: "Charting a New Course"
Magic Leap's consumer retreat is good news for the AR/XR industry
Instead Of Being Acquired For Billions, Magic Leap Lays Off Over 50% Of Workforce
What happens if Magic Leap shuts down?
Augmented Reality Startup Magic Leap Cuts Half of Staff Across Company (Report)
As Once-Hyped Magic Leap Flounders, [Ad] Agencies Say the AR Market Has Passed It By
Magic Leap Slashes Workforce, Causing 80–120 Animation Job Losses (EXCLUSIVE)
Augmented reality hits economic reality in the case of Magic Leap

Previously:

*SPOILER* (click to show) *SPOILER* (click to hide)

Magic Leap Bashed for Being Vaporware
Magic Leap Finally Announces a Product, But is It Still Vaporware?
Magic Leap Opens Up Orders for $2,295 "Creator Edition" Augmented Reality Headset
Magic Leap Accuses Chinese Company of Copying Trade Secrets
2020: The Year of AR? "$2.6 Billion Flop" Magic Leap Pivots to Enterprise

Original Submission

Phoenix666 writes:

Dolphins reclaim Bosphorus as virus silences Istanbul:

A lull in boat traffic and a fishing ban in Istanbul forced by the coronavirus pandemic has proved good news for some of the city's most-loved inhabitants—the dolphins that swim in the fish-rich waters of the Bosphorus Strait between Europe and Asia.

[...]Spotting dolphins in the Bosphorus—a usually very busy narrow waterway connecting the Mediterranean to the Black Sea right through the heart of Istanbul—is often a source of joy for the city's residents.

But the lockdown has meant fewer ships and more fish in the water, encouraging the mammals to come closer to shore and prompting more frequent sightings.

How long before deer are sighted in Central Park?

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Latest Apple Text-Bomb Crashes iPhones via Message Notifications:

Apple devices are vulnerable to a “text bomb” attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices.

[...] The problem occurs in a number of different scenarios, including if the character string shows up in a text message – in fact, just looking at a message notification containing a message preview will crash the system. Viewing messages within apps leads to the same outcome, as does reading social media posts on one's phone or Mac. As for the latter point, Threatpost editors were able to independently confirm that looking at tweets containing the characters will indeed shut down an iPhone.

Cluley noted that completely rebooting the device fixes the problem – until another booby-trapped message comes along.

[...] Apple has had similar linguistic issues in the past; in 2013, certain combinations of Arabic characters were found to crash Macs and iPhones; while in 2018, messages containing letters of the south Indian language of Telugu were discovered to do the same thing.

Other text-bomb attacks that don't relate to Unicode symbols have made the rounds in the past: The chaiOS bug in 2018 for instance allowed attackers to crash or freeze phones just by sending a text message containing a hyperlink to malicious code hosted on GitHub. Recipients only needed to receive the malicious messages for the flaw to work: Clicking on the link wasn't required.

And last year, an Apple iMessage bug made the rounds that allowed attackers to brick iPhones running older iOS versions, by sending a specially crafted message to a vulnerable device.

In this case, Apple hasn't yet issued a public statement on the problem, but according to Cluley, the latest beta version of iOS fixes the issue.

See Also:
An unusual character string is causing Apple devices to crash:

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Instacart has a problem with third-party apps letting shoppers pay for early access to orders – TechCrunch:

Kara Carmichael has been an Instacart shopper for years in Orlando, Fla. It's how she's been able to support her family, she told TechCrunch. But she says she has noticed an increase in third-party bot activity that has made shopping "nearly impossible."

Despite the high demand for Instacart amid the COVID-19 pandemic, shoppers like Carmichael are facing difficulties claiming orders within the shopper app. This is the result of what appears to be some sophisticated work by third-party apps like Ninja Hours, Sushopper and others.

"They grab the batches within a blink of an eye," Carmichael said. "I can barely see the amounts offered. Sometimes I may even just receive a notification because the batch has been taken before it was even registered in my app."

Ninja Hours appeared on the scene about a year ago in the Little Havana community in Miami, according to Logan B., an Instacart shopper with experience using Ninja Hours. Shoppers could pay Ninja Hours about $25 to $35 a week to get access to hours for the following week and in exchange, Ninja Hours would take over the shopper’s app to claim hours on their behalf. This was during a time when Instacart required shoppers to claim hours rather than on-demand orders.

An Anonymous Coward writes:

Dolly Parton secretly produced Buffy the Vampire Slayer, and fans have only just found out:

While Parton was not herself credited as a producer on the long-running fantasy series, a company she co-created and owned was responsible for it coming to television.

Sandollar Entertainment, which is listed on the end credits of every episode of the show, was created by Parton and her friend and former business partner Sandy Gallin in 1986. It produced a number of films, including Father of the Bride (1991) and Fly Away Home (1996), as well as several Parton projects – most recently her Netflix anthology series Dolly Parton's Heartstrings.

It also produced the original Buffy the Vampire Slayer movie, released in 1992 to dismal reviews. It was Gail Berman, then an executive at Sandollar, who still believed there was potential in the property, and proposed launching the concept as a TV series.

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Valve confirms code leak for two online games [Updated]:

A major source code leak for Valve's biggest competitive PC multiplayer games—Counter-Strike: Global Offensive and Team Fortress 2—began making the rounds late Tuesday. Amid worries that this code leak for active online games would lead to hackers finding exploits and developing remote code executions (RCEs), Valve issued a statement on Wednesday that such worries were moot.

[...] We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security). We will continue to investigate the situation and will update news outlets and players if we find anything to prove otherwise. In the meantime, if anyone has more information about the leak, the Valve security page (https://www.valvesoftware.com/en/security) describes how best to report that information.

[...] Thanks to this vacuum of official word on TF2's state, fans are left to refer to panicky responses from major voices in the TF2 community. In particular, two popular community-run server hubs, Redsun.tf and Creators.tf, have temporarily shut down their operations due to "the uncertainty surrounding security of our infrastructure, as well as a potential for damage to be caused to your computer." In Redsun's case, a widely circulated comment from one of its moderators says that their team is waiting for "Valve [to] give us the clear" before resuming operations.