SoylentNews

upstart writes in with an IRC submission:

Adobe Critical Code-Execution Flaws Plague Windows Users:

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.

Affected products include Adobe's Framemaker document processor, designed for writing and editing large or complex documents; Adobe's  Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.

"Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates," according to an Adobe spokesperson.

Adobe fixed a critical flaw (CVE-2021-21056) in Framemaker, which could allow for arbitrary code execution if exploited. The vulnerability is an out-of-bounds read error; which is a type of buffer-overflow flaw where the software reads data past the end of the intended buffer. An attacker who can read out-of-bounds memory might be able to get "secret values" (like memory addresses) that could ultimately allow him to achieve code execution or denial of service.

[...] Adobe also fixed three critical vulnerabilities in the desktop application version of Adobe Creative Cloud for Windows users.

upstart writes in with an IRC submission for c0lo:

World's First Supersonic Unmanned Combat Drone Reaches Speeds Of Over 1,500mph:

A new combat drone has been created that can hit speeds of more than 1,500mph [(2,400 kph)].

The drone is much bigger than the ones you'll have seen floating around your local parks, however, and looks more like a small spaceship.

Created by Kelley Aerospace, the supersonic drone is made up of carbon fibre and is completely unmanned; it can exceed the speed of sound, hitting an astonishing Mach 2.1

[...] Not only is the drone extremely fast, it's built for multiple combat or reconnaissance roles and 'is designed for a reduced radar cross-section and infrared signature,' the company explained. 'The carbon fibre and monocoque design endows the Arrow with outstanding strength and stiffness,' they added, MailOnline reports.

[...] The drone is able to fly almost 5,000km with a maximum take-off weight of 16,800kg (37,040lb) and still reach speeds of Mach 2.1.

Original Submission

upstart writes in with an IRC submission for Runaway1956:

LiquidVPN Faces Lawsuit for Allegedly Promoting Pirating Content:

LiquidVPN is now facing a lawsuit from pissed-off movie copyright holders that argue the provider purposefully billed itself as a haven for copyright infringers looking to pirate their favorite TV shows and movies and should be held liable for its users' misdeeds.

[...] The rights owners are suing 1701 Management and its owner Charles Muszynski, which they allege own LiquidVPN, for contributory and vicarious copyright infringement. In their complaint, they particularly call out several of the site's promotional materials that appear to fly in the face of the law.

"The LiquidVPN Defendants actively promote their LiquidVPN Service for the purpose of movie piracy, including of infringing Plaintiffs' Works. The LiquidVPN Defendants' website includes a statement that their VPN service is the 'Best VPN for Torrenting and P2P Filesharing today' over the image of the notorious movie piracy website Pirate Bay," the lawsuit reads.

Original Submission

upstart writes in with an IRC submission:

New Samsung 980 SSD improves on 970 EVO, EVO Plus performance:

Samsung's newest generation of midgrade consumer NVMe storage is out today—the new drive is simply dubbed the "Samsung 980," without any suffix. The reviewer guide Samsung provided us compares the new drive to last generation's 970 EVO—we didn't have a 970 EVO on hand, but we did have a 970 EVO Plus and a 970 Pro, so those are the prior-generation drives we'll compare the new 980 to today.

[...] As the data density of NAND cells goes up, their speed and write endurance decreases—it takes more time and effort to read or write one of eight discrete voltage levels to a cell than it does to get or set a simple, unambiguous on/off value.

To a certain degree, this disadvantage can be overcome with parallelism—by splitting the same 1MiB write between eight banks of NAND, you can get much lower latency and higher throughput than you would if the entire 1MiB had to be written to a single bank. This is the major reason that even within the same SSD model, larger capacity SSDs are almost always faster than smaller ones.

In order to accelerate writes beyond that, you need a faster buffer area—which you can get simply by configuring part of your NAND as faster-moving, higher-endurance SLC[*]. The physical media doesn't really need to be different; your SSD controller simply needs to know to treat it that way.

In earlier versions of Samsung SSDs, the SLC buffer area was fixed—but beginning with the 960 EVO, Samsung controllers introduced what it brands "Intelligent" Turbowrite, which is a dynamic amount of SLC buffer configurable by the controller itself. In the 960 EVO and 970 EVO, the "Intelligent" buffer area was a subset of the total SLC cache—the 980 introduces a much larger and, for the first time, entirely dynamic SLC cache.

[*] SLC: Single-Level Cell
MLC: Multi-Level Cell
TLC: Triple-Level Cell

Original Submission

upstart writes in with an IRC submission:

A potential model for a real physical warp drive:

A pair of researchers at Applied Physics has created what they describe as the first general model for a warp drive, a model for a space craft that could travel faster than the speed of light, without actually breaking the laws of physics.

[...] Imagine a napkin. If you had to traverse its entire surface, it would take a certain amount of time. But what if you folded the napkin in half and moved through and across the folds? You could get to your destination in almost no time. In this new effort, the researchers have taken a previous idea based on warping space-time a step further to create a model for a warp drive that they believe could be feasible in the future.

[...] Bobrick and Martire suggest instead that a massive gravitational force could be used to bend space time. The trick is finding a way to compress a planet-sized mass to a manageable spacecraft-module size in order to use its gravity. Because of the implied difficulties, a warp drive created from the model developed by the researchers could not be built today, but it does suggest that someday it might be possible.

Journal Reference:
Alexey Bobrick, Gianni Martire. Introducing Physical Warp Drives, Classical and Quantum Gravity (DOI: 10.1088/1361-6382/abdf6e)

Original Submission

upstart writes in with an IRC submission for c0lo:

Bill would mandate rooftop solar on new homes and commercial buildings:

Massachusetts lawmakers proposed a bill that would require rooftop solar on new residential and commercial buildings.

The Solar Neighborhoods Act (H.D.3098) would mandate that solar panels be installed on the roofs of newly built homes, apartments, and office buildings. A companion bill, S.D.159, was filed in the Senate.

A bill summary said that all new buildings would need to be built “solar-ready.” Within one year of the bill’s passage, the Department of Energy Resources (DOER) would develop and adopt amendments to the state’s building code to ensure that roofs are strong enough to support solar panels, that available roof space is maximized, and that buildings can make room for necessary electrical infrastructure.

For single-family homes, the solar energy system would need to produce enough electricity each year to meet 80% of the average demand for similar houses. For other buildings, DOER would set minimum solar energy system requirements.

Buildings may be exempted if the roof is too shaded, if a solar hot water system or other renewable energy technology is installed, or if the building has a green roof. The DOER also could grant exemptions to affordable housing developments.

[...] The House bill is modeled after a similar policy in California.

Original Submission

canopic jug writes:

curl developer Daniel Stenberg has gone through his project's security problems and calculated that 51 out of curl's 98 security vulnerabilities have been C mistakes. The total number of bugs in the database is about 6.6k, meaning that not quite 1.5% have been security flaws.

Let me also already now say that if you check out the curl security section, you will find very detailed descriptions of all vulnerabilities. Using those, you can draw your own conclusions and also easily write your own blog posts on this topic!

This post is not meant as a discussion around how we can rewrite C code into other languages to avoid these problems. This is an introspection of the C related vulnerabilities in curl. curl will not be rewritten but will continue to support backends written in other languages.

It seems hard to draw hard or definite conclusions based on the CVEs and C mistakes in curl's history due to the relatively small amounts to analyze. I'm not convinced this is data enough to actually spot real trends, but might be mostly random coincidences.

After the stats and methodology, he goes into more detail about the nature of the 51 bugs and the areas in the program (and library) where they occur. In general, the problems sort out into buffer overreads, buffer overflows, use after frees, double frees, and NULL mistakes.

Previously:
(2020) curl up 2020 and Other Conferences Go Online Only
(2019) Google to Reimplement Curl in Libcrurl
(2018) Daniel Stenberg, Author of cURL and libcurl, Denied US Visit Again
(2018) Twenty Years of cURL on March 20, 2018
(2018) Reducing Year 2038 Problems in curl
(2017) Eric Raymond: "The long goodbye to C"

Original Submission

takyon writes:

Seagate: 100TB HDDs Due in 2030, Multi-Actuator Drives to Become Common

Seagate is on track to deliver ~50TB hard disk drives by 2026, ~100TB HDDs by 2030, and 120TB+ units early next decade, according to the company's recently revealed product and technology roadmaps. To hit capacity targets, Seagate will have to adopt new magnetic recording technologies. To ensure the high performance of its future drives, the company plans to leverage its multi-actuator technology more broadly. This tech doubles the performance of its hard drives, and it could become a standard feature on some of the company's product lines.

[...] Today's [heat-assisted magnetic recording (HAMR)] media is expected to enable drives featuring 80TB ~ 100TB capacity, according to developers. But, for 3.5-inch HDDs with a ~105TB capacity and 5 ~ 7Tb/in² areal density, new ordered-granular magnetic films will be needed as grains will get very small and tracks will get very narrow. But ordered-granular media is expected to be a relatively short stop before 'fully' bit patterned media (BPM) technology comes into play with an 8Tb/inch² areal density.

[...] A straightforward way to increase the [input/output operations per second (IOPS)]-per-TB performance of an HDD is to use more than one actuator with read/write heads, and this is exactly what Seagate is set to do. Using two actuators instead of one can almost double throughput as well as IOPS-per-TB performance, which is tremendously important for data centers. Furthermore, doubling the number of actuators also halves the time Seagate needs to test a drive before shipping, as it is faster to inspect eight or nine platters using two independent actuators, which lowers costs.

Previously: Western Digital to Use Microwave Assisted Magnetic Recording to Produce 40 TB HDDs by 2025
Seagate to Stay the Course With HAMR HDDs, Plans 20 TB by 2020, ~50 TB Before 2025
Seagate Plans 36 TB HAMR HDDs by 2022, 48 TB by 2024

Related: Toshiba Announces 16 TB and 18 TB Microwave-Assisted Magnetic Recording (MAMR) Hard Drives

Original Submission

takyon writes:

What's An NFT? And Why Are People Paying Millions To Buy Them?

The artist Grimes recently sold a bunch of NFTs for nearly $6 million. An NFT of LeBron James making a historic dunk for the Lakers garnered more than $200,000. The band Kings of Leon is releasing its new album in the form of an NFT.

At the auction house Christie's, bids on an NFT by the artist Beeple are already reaching into the millions. And on Friday, Twitter CEO Jack Dorsey listed his first-ever tweet as an NFT.

[...] It stands for "non-fungible token." Non-fungible, meaning you can't exchange it for another thing of equal value. A $10 bill can be exchanged for two $5 bills. One bar of gold can be swapped for another bar of gold of the same size. Those things are fungible. An NFT, though, is one of a kind.

[...] What exactly do you get when you buy an NFT? This question unleashes a fury of debate among NFT enthusiasts. The answer is not simple.

Are you buying what amounts to an Internet trophy? Clout? A feeling? A digital collector's item? Perhaps, but you are also purchasing a kind of barcode, almost a certificate of authenticity that serves as proof that a certain version of something in uniquely yours.

"The underlying thing that you're buying is code that manifests as images," said Donna Redel, who teaches courses on crypto-digital assets at Fordham Law School. "You're buying a different format of art."

It's not a scam, it's just liberating money from people with too much of it.

Original Submission

upstart writes in with an IRC submission for c0lo:

The who, what and where of Elon Musk's $100 million prize money for carbon capture innovation:

The details behind Elon Musk's $100 million prize for the best carbon capture technology are coming into focus.

On Jan. 21 when the Tesla CEO tweeted he would be donating $100 million toward a prize for the best carbon capture technology, he piqued interest, but also left many questions unanswered.

On Monday, the nonprofit organization which is running the contest, the XPRIZE Foundation, started to fill in some of those blanks. The XPRIZE has been running innovation prizes since 1994 in the areas of space, oceans, learning, health, energy, environment, transportation, safety and robotics.

The innovation prize will be awarded for the best technology created for removing carbon dioxide directly from the atmosphere or oceans and store that carbon in a safe, cost-effective way.

It will run for four years, launching on April 22, 2021 (Earth Day) and run through Earth Day 2025, XPRIZE says. Musk provided the $100 million prize purse.

"We want to make a truly meaningful impact. Carbon negativity, not neutrality," said Musk, in a written statement released Monday by XPRIZE. "This is not a theoretical competition; we want teams that will build real systems that can make a measurable impact and scale to a gigaton level. Whatever it takes. Time is of the essence."

Also at The Verge.

Original Submission

aristarchus writes:

Premature announcement? Article at Wired says Microsoft is retracting Quantum computing claim.

A Microsoft-led team of physicists has retracted a high-profile 2018 paper that the company touted as a key breakthrough in the creation of a practical quantum computer, a device that promises vast new computing power by tapping quantum mechanics.

The retracted paper came from a lab headed by Microsoft physicist Leo Kouwenhoven at Delft University of Technology in the Netherlands. It claimed to have found evidence of Majorana particles, long-theorized but never conclusively detected. The elusive entities are at the heart of Microsoft's approach to quantum computing hardware, which lags behind that of others such as IBM and Google.

WIRED reported last month that other physicists had questioned the discovery after receiving fuller data from the Delft team. Sergey Frolov, from the University of Pittsburgh, and Vincent Mourik, at University of New South Wales, in Australia, said it appeared that data that cast doubt on the Majorana claim was withheld.

Cherrypicking through the windows? Say it ain't so, Bill!

Monday, the original authors published a retraction note in the prestigious journal Nature, which published the earlier paper, admitting the whistleblowers were right. Data was "unnecessarily corrected," it says. The note also says that repeating the experiment revealed a miscalibration error that skewed all the original data, making the Majorana sighting a mirage. "We apologize to the community for insufficient scientific rigor in our original manuscript," the researchers wrote.

Also at Retraction Watch

Journal Reference:
Hao Zhang, Chun-Xiao Liu, Sasa Gazibegovic, et al. RETRACTED ARTICLE: Quantized Majorana conductance, Nature (DOI: 10.1038/nature26142)

Foreseen here: Microsoft’s Big Win in Quantum Computing Was an ‘Error’ After All

Original Submission

upstart writes in with an IRC submission for c0lo:

Software Workers at Glitch Get a Historic Union Contract:

Glitch, the software company behind Trello and Stack Overflow, now has a collective bargaining agreement with the Communications Workers of America (CWA). The news is extraordinary, not just because they claim to be the first software workers to have secured a collective bargaining agreement, but because the lead-up to ratification has been so quiet: no leaked memos of smear campaigns, no evidence of union-busting firms. Wonderful, and eerie.

The contract is the outcome of an overwhelming majority vote to unionize under the CWA in March 2020, just before Glitch laid off about a third of its staff, citing the economic downturn. In a joint press release, Glitch workers and the CWA describe Glitch as an unusually willing partner in the negotiations. "Glitch's management, which voluntarily recognized the union after it was announced, is an exception and should serve as a model for executives at other tech companies," it reads.

[...] Over the past few years, unions have gone from taboo to a conceivable future for tech. Along with a wave of media outlets, workers at the podcasting company Gimlet (under Spotify) voted to unionize in 2019. Recently, Medium workers (primarily engineers) lost a unionization effort by one vote but plan to keep moving forward. Meanwhile, a union tide has also swept online media outlets.

Original Submission

upstart writes in with an IRC submission for c0lo:

FedEx plans for an all-electric delivery fleet by 2040:

FedEx will replace its current delivery trucks with electric models until its entire fleet is made up of zero—emission vehicles by 2040. The company is making the transition as a way to help it achieve its goal to reach carbon neutral status in the same year. In its announcement, FedEx says its will slowly phase out its existing parcel delivery trucks and that 50 percent of its global vehicle purchases will be electric by 2025. All its vehicle purchases will be EVs by 2030, and it's aiming to retire its gas-powered trucks completely 10 years after that.

[...] FedEx also plans to work with customers to make their supply chains sustainable with carbon–neutral shipping offerings and sustainable packaging solutions. In addition, it will invest money into making its facilities worldwide more efficient and to give them the capability to run on renewable energy.

Related:
UPS Buying Thousands of Electric Vans; Teaming Up with Waymo to Accelerate the Future of Delivery
USPS Picks Oshkosh Defense for Greener Mail Trucks

Original Submission

upstart writes in with an IRC submission:

100Mbps uploads and downloads should be US broadband standard, senators say:

Four US senators called on the Biden administration Thursday to establish a "21st century definition of high-speed broadband" of 100Mbps both upstream and downstream. This would be a big upgrade over the Federal Communications Commission broadband standard of 25Mbps downstream and 3Mbps upstream, which was established in 2015 and never updated by former President Trump's FCC chair, Ajit Pai.

Today's letter was sent to FCC Acting Chairwoman Jessica Rosenworcel and other federal officials by two Democrats, one independent who caucuses with Democrats, and one Republican. Noting that "the pandemic has reinforced the importance of high-speed broadband and underscored the cost of the persistent digital divide in our country," they wrote:

Going forward, we should make every effort to spend limited federal dollars on broadband networks capable of providing sufficient download and upload speeds and quality, including low latency, high reliability, and low network jitter, for modern and emerging uses, like two-way videoconferencing, telehealth, remote learning, health IoT, and smart grid applications. Our goal for new deployment should be symmetrical speeds of 100 megabits per second (Mbps), allowing for limited variation when dictated by geography, topography, or unreasonable cost.

"We should also insist that new networks supported with federal funds meet this higher standard, with limited exceptions for truly hard-to-reach locations," the senators wrote later in the letter. "For years, we have seen billions in taxpayer dollars subsidize network deployments that are outdated as soon as they are complete, lacking in capacity and failing to replace inadequate broadband infrastructure."

[Note: all footnotes refer to the original journal article in Nature.--Ed]

DannyB writes:

Facial recognition technology can expose political orientation from naturalistic facial images:

Abstract
Ubiquitous facial recognition technology can expose individuals' political orientation, as faces of liberals and conservatives consistently differ. A facial recognition algorithm was applied to naturalistic images of 1,085,795 individuals to predict their political orientation by comparing their similarity to faces of liberal and conservative others. Political orientation was correctly classified in 72% of liberal–conservative face pairs, remarkably better than chance (50%), human accuracy (55%), or one afforded by a 100-item personality questionnaire (66%). Accuracy was similar across countries.

[...] Introduction
There is a growing concern that the widespread use of facial recognition will lead to the dramatic decline of privacy and civil liberties^[1]

Pervasive surveillance is not the only risk brought about by facial recognition. Apart from identifying individuals, the algorithms can identify individuals' personal attributes, as some of them are linked with facial appearance. Like humans, facial recognition algorithms can accurately infer gender, age, ethnicity, or emotional state.^[2],^[3] Unfortunately, the list of personal attributes that can be inferred from the face extends well beyond those few obvious examples.

A growing number of studies claim to demonstrate that people can make face-based judgments of honesty^[4], personality^[5], intelligence^[6], sexual orientation^[7], political orientation^[8],^[9],^[10],^[11],^[12], and violent tendencies^[13].