SoylentNews

martyb writes:

(NB: Follow real-time graphical updates by zooming in at https://www.vesselfinder.com/?imo=9811000

Grounded 'Mega Ship' Blocking Suez Canal in Both Directions:

An ultra-large containership is aground and blocking ship traffic in the Suez Canal.

AIS[*] data shows the MV Ever Given is stuck sideways towards the south end of the canal near Suez, Egypt, preventing ships from passing in either direction. Several tugs have been on scene for several hours working to dislodge the ship.

Shipping agent GAC reports that the grounding occurred at 7:40 a.m. local time on Tuesday (March 23) at kilometer 151 after the vessel suffered a black out while transiting.

It seems the Ever Given had just begun its transit of the waterway as part of a northbound convoy when the incident occurred.

“The 199,489 GT ship was fifth in the northbound convoy. None of the vessels before it were affected, but the 15 behind it were detained at anchorages waiting for the Canal to be cleared. The southbound convoy was also blocked,” GAC reported.

At 400-meters-long and a little over 20,000 TEU capacity, the Panama-registered MV Ever Given is among the largest of so-called “mega ships”, aka ultra-large container vessels (ULCVs), currently in operation.

upstart writes in with an IRC submission:

NASA to offer funding for initial studies of commercial space stations - SpaceNews:

WASHINGTON — NASA is shifting direction in its effort to support development of commercial space stations in low Earth orbit, with plans to issue a series of awards for initial studies before later purchasing services.

At a March 23 industry briefing, agency officials outlined what it calls the Commercial LEO Development (CLD) program, which will start with a set of two to four funded Space Act Agreements with companies to help with the initial design of their proposed orbital facilities. A draft announcement of proposals is scheduled for release in April followed by the final version in May.

Those awards, planned for the fourth quarter of 2021 with a combined value of $300 million to $400 million, will cover work from fiscal years 2022 to 2025 to advance the design of proposed commercial space stations to at least the preliminary design review level. The studies will also help NASA understand both the potential supply of commercial LEO destinations as well as the mix of customers who would use them alongside NASA.

upstart writes in with an IRC submission:

TikTok wants to keep tracking iPhone users with state-backed workaround:

Some of China's biggest technology companies, including ByteDance and Tencent, are testing a tool to bypass Apple's new privacy rules and continue tracking iPhone users without their consent to serve them targeted mobile advertisements.

Apple is expected in the coming weeks to roll out changes it announced last June to iPhones that it says will give users more privacy. Until now, apps have been able to rely on Apple's IDFA system to see who clicks on ads and which apps are downloaded.

In the future, they will have to ask permission to gather tracking data, a change that is expected to deal a multibillion-dollar bombshell to the online advertising industry and has been fought by Facebook, since most users are expected to decline to be tracked.

In response, the state-backed China Advertising Association, which has 2,000 members, has launched a new way to track and identify iPhone users called CAID, which is being widely tested by tech companies and advertisers in the country.

ByteDance, the owner of the social video app TikTok, referred to CAID in an 11-page guide to app developers obtained by the Financial Times, suggesting that advertisers "can use the CAID as a substitute if the user's IDFA is unavailable."

People close to Tencent and ByteDance confirmed the companies were testing the system, but both companies declined to comment.

[...] "The big picture is that there is simply too much money at stake," [Dina Srinivasan] said. "There will always be an arms race to track consumers. Only legislation can make it stop."

Original Submission

upstart writes in with an IRC submission:

NASA lays out plans for its first flights on Mars:

On Tuesday, the Jet Propulsion Laboratory (JPL) hosted a press conference where it detailed the plans for the Ingenuity drone that hitched a ride to Mars attached to the underside of the Perseverance rover. The scientists and engineers behind the drone announced that they've now picked a site for what is expected to be the first powered flight on another planet. With the site settled, they're now targeting April 8 for the flight, which will be the first in a month long series of test flights to validate the technology.

[...] Håvard Grip, Ingenuity's chief pilot, said that the test flights required two distinct areas, both of which needed to be flat. The inner part, which he called the airfield, had to have very little material that could interfere with landings. That needed to be surrounded by a larger area, called the flight zone, that had to have enough material in it that the drone's onboard image-processing system could track individual features in order to assist with navigation.

Grip said the search for an appropriate area started within a few hours of Perseverance's landing. That's because knowing where Perseverance was helped Grip and his colleagues search satellite imagery of the surrounding area. Once the rover was operational, the drone provided higher-resolution imagery of potential sites.

In the end, things couldn't be much more convenient, as the rover landed on what will be the edge of the flight zone, which extends north from the landing site.

[...] If everything goes well with depositing Ingenuity and its systems check out, the earliest we could see a flight is in two weeks, on April 8. A month has been set aside for five flights, with extensive checkouts of the system between each. During this time, however, Perseverance won't be able to move on to its main science mission.

Original Submission

upstart writes in with an IRC submission for Runaway1956:

Scientists Detect 55 Chemicals Never Before Reported in People – 42 "Mystery Chemicals" Whose Sources Are Unknown:

The chemicals most likely come from consumer products or other industrial sources. They were found both in the blood of pregnant women, as well as their newborn children, suggesting they are traveling through the mother's placenta.

[...] "These chemicals have probably been in people for quite some time, but our technology is now helping us to identify more of them," said Tracey J. Woodruff, PhD, a professor of obstetrics, gynecology and reproductive sciences at UCSF.

A former U.S. Environmental Protection Agency scientist, Woodruff directs the Program on Reproductive Health and the Environment (PRHE) and the Environmental Research and Translation for Health (EaRTH) Center, both at UCSF.

[...] The scientific team used high-resolution mass spectrometry (HRMS) to identify human-made chemicals in people.

upstart writes in with an IRC submission for c0lo:

Instagram is ‘most invasive app’, new study shows:

Cloud storage firm pCloud made the discovery after analysing the recently introduced App Privacy labels that companies are now required to include within Apple’s App Store.

The study found that Instagram collects 79 per cent of its users’ personal data and shares it with third parties, including search history, location, contacts and financial info.

“Any information you agree to be gathered by an app when signing up can be analysed for their benefit and even shared. Everything from your browsing history, to your location, your banking details, your contact details, and your fitness levels can be valuable for apps to store, use, or sell on,” Ivan Dimitrov, a digital manager at pCloud, wrote in a blog post detailing the research.

In second place? Facebook.

Original Submission

takyon writes:

Microsoft in talks with Discord over $10 billion-plus acquisition: report

Microsoft is in discussions with Discord to acquire the gaming-focused chat software for more than $10 billion, according to sources talking to Bloomberg. Xbox chief Phil Spencer is said to be talking to Discord about the potential deal.

VentureBeat reported earlier today that Discord was exploring a $10 billion-plus sale after multiple potential buyers expressed interest, and that it had signed an exclusive acquisition discussion with one party, suggesting a deal could be close. Bloomberg's sources say the deal isn't imminent, however, with one person saying Discord would be more likely to take itself public than seek an acquisition.

Bloomberg names Epic Games and Amazon as companies that have also held discussions with Discord in the past.

"Discord is a Voice over Internet Protocol (VoIP), instant messaging and digital distribution platform designed for creating communities."

The new Skype?

Also at Ars Technica, Bloomberg, and c|net.

Related:

*SPOILER* (click to show) *SPOILER* (click to hide)

Microsoft Office and Skype to be Preinstalled on More Android Devices
Microsoft Adds Signal Protocol End-to-End Encryption to Skype
Discord Takes Down "Deepfakes" Channel, Citing Policy Against "Revenge Porn"
How Microsoft Turned Consumers Against Skype
Discord Confirms Layoffs After Internal Restructuring
Discord 'Spidey Bot' Malware Is Stealing Usernames, Passwords on Windows
Slack Has Filed an Antitrust Complaint Over Microsoft Teams in the EU
Wormable, Zero-Click Vulnerability in Microsoft Teams

Original Submission

DannyB wrote in with a submission which greatly inspired this story.

Europe is starting to freak out about the launch dominance of SpaceX:

A little more than a week ago, the European Space Agency[(ESA)] announced an initiative to study "future space transportation solutions." Basically, the agency provided about $600,000, each, to three companies—ArianeGroup, Avio, and Rocket Factory Augsburg—to study competitive launch systems from 2030 onward.

[...] there now appears to be increasing concern in Europe that the Ariane 6 and Vega-C rockets will not be competitive in the launch market of the near future. This is important, because while member states of the European Space Agency pay for development of the rockets, after reaching operational status, these launch programs are expected to become self-sufficient by attracting commercial satellite launches to help pay the bills.

Economic ministers in France and Italy have now concluded that the launch market has changed dramatically since 2014, when the Ariane 6 and Vega-C rockets were first designed. According to a report in Le Figaro newspaper, the ministers believe the ability of these new European rockets to compete for commercial launch contracts has significantly deteriorated since then.

It would seem that ESA's payback plan didn't expect an agile competitor to disrupt the entire market with efficiencies that governments seem unable to match. But, there's more.

SpaceX’s Starlink satellite internet in talks for a place in the UK’s $6.9 billion ‘Project Gigabit’:

Elon Musk’s SpaceX is in talks with the United Kingdom for the company’s Starlink satellite unit to potentially earn funding as a part of the government’s new $6.9 billion internet infrastructure program, CNBC confirmed.

Original Submission

MrPlow writes in with a submission, via IRC, for TheMightyBuzzard.

An Entire Game Inside Of A Font:

Where’s the last place you’d expect to be able to play a game on your computer? The word processing program? Image editor? How about your text editor? That’s right — you can fight your Fontemons in any program that makes use of fonts, because mad genius [Michael Mulet] has created a game that exists entirely within a single Open Type font file. [Michael] has harnessed the power of ligatures to create a choose-your-own-adventure-style turn-based game that pokes fun at both Pokemon and various typeface names. You start by choosing between Papyromaniac, Verdanta, and Proggito and face off against enemies like Helvetikhan and Scourier.

The Verge provides the additional instructions:

The experience is not as “smooth” as a modern Pokémon game or even the original Game Boy entries, but it is sort of reminiscent of typing on a typewriter, with user interface elements and half-font / half-monsters plopping down on the screen as if they were slammed there by a type bar. The Minnesota elements might feel out of place, but they’re pretty funny overall. You’ll battle your way through Ottowa, Lakeville, and a pair of “Twin Cities” and be treated to instances of Minnesota Nice and hotdish.

[...] Playing Fontemon is as simple as typing — whether it’s in the game’s webpage or in your own word processor or image editor with a downloadable version of the font. The easiest way to progress through the story is by not trying to type coherently, though. The game will putter along through the usual Pokémon milestones of receiving a starter monster and heading out to your first gym battles with a string of nonsense characters. Just make sure to type the correct letters once you’re in a battle. Of course, if you mess up or lose, you can also just hit backspace to undo your mistake.

Original Submission

upstart writes in with an IRC submission:

~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet:

Criminals are upping the potency of distributed denial-of-service attacks[*] with a technique that abuses a widely used Internet protocol that drastically increases the amount of junk traffic directed at targeted servers.

DDoSes are attacks that flood a website or server with more data than it can handle. The result is a denial of service to people trying to connect to the service. As DDoS-mitigation services develop protections that allow targets to withstand ever-larger torrents of traffic, the criminals respond with new ways to make the most of their limited bandwidth.

[...] DDoS mitigation provider Netscout said on Wednesday that it has observed DDoS-for-hire services adopting a new amplification vector. The vector is the Datagram Transport Layer Security, or D/TLS, which (as its name suggests) is essentially the Transport Layer Security for UDP data packets. Just as TLS prevents eavesdropping, tampering, or forgery of TLS packets, D/TLS does the same for UDP data.

DDoSes that abuse D/TLS allow attackers to amplify their attacks by a factor of 37. Previously, Netscout saw only advanced attackers using dedicated DDoS infrastructure abusing the vector. Now, so-called booter and stressor services—which use commodity equipment to provide for-hire attacks—have adopted the technique. The company has identified almost 4,300 publicly reachable D/LTS servers that are susceptible to the abuse.

The biggest D/TLS-based attacks Netscout has observed delivered about 45Gbps of traffic. The people responsible for the attack combined it with other amplification vectors to achieve a combined size of about 207Gbps.

Skilled attackers with their own attack infrastructure typically discover, rediscover, or improve amplification vectors and then use them against specific targets. Eventually, word will leak into the underground through forums of the new technique. Booter/stressor services then do research and reverse-engineering to add it to their repertoire.

Original Submission

upstart writes in with an IRC submission:

After Cracking the "Sum of Cubes" Puzzle for 42, Mathematicians Solve Harder Problem That Has Stumped Experts for Decades:

The 21-digit solution to the decades-old problem suggests many more solutions exist.

What do you do after solving the answer to life, the universe, and everything? If you're mathematicians Drew Sutherland and Andy Booker, you go for the harder problem.

In 2019, Booker, at the University of Bristol, and Sutherland, principal research scientist at MIT, were the first to find the answer to 42. The number has pop culture significance as the fictional answer to "the ultimate question of life, the universe, and everything," as Douglas Adams famously penned in his novel "The Hitchhiker's Guide to the Galaxy." The question that begets 42[*], at least in the novel, is frustratingly, hilariously unknown.

In mathematics, entirely by coincidence, there exists a polynomial equation for which the answer, 42, had similarly eluded mathematicians for decades. The equation x³+y³+z³=k is known as the sum of cubes problem. While seemingly straightforward, the equation becomes exponentially difficult to solve when framed as a "Diophantine equation" — a problem that stipulates that, for any value of k, the values for x, y, and z must each be integers.

When the sum of cubes equation is framed in this way, for certain values of k, the integer solutions for x, y, and z can grow to enormous numbers. The number space that mathematicians must search across for these numbers is larger still, requiring intricate and massive computations.

upstart writes in with an IRC submission:

Judge grants class-action status to MacBook butterfly-keyboard suit:

A judge has granted class-action status to a suit against Apple over its controversial, allegedly defective MacBook "butterfly" keyboard design, agreeing that owners of any affected model in seven states qualify for the class.

Beginning in 2018, several MacBook owners in seven states filed suits against Apple, claiming that the company knew the butterfly-style switches were defective. In an order (PDF), made public on Friday, Judge Edward J. Davila of US District Court for the Northern District of California agreed to grant class-action status to the suit. All customers residing in California, New York, Florida, Illinois, New Jersey, Michigan, or Washington state who purchased a 2015-2017 MacBook, a 2016-2019 MacBook Pro, or a 2018-2019 MacBook Air now qualify for the class.

[...] The plaintiffs in the suit allege that Apple's actions, as well as internal documents from the company, show that Apple knew the design was defective. They argue that the company violated several states' consumer protection laws when it kept selling the defective products to consumers.

[...] In June 2018, Apple acknowledged the butterfly-style switches were causing problems, and the company launched a keyboard service program specifically to address those issues. The program allowed for affected MacBook owners to have their keyboards repaired or replaced at no charge for the next four years, and some customers who had previously paid for those repairs became eligible to request refunds.

Original Submission

upstart writes in with an IRC submission:

$16 attack shows how easy carriers make it to intercept text messages:

In a new article titled "A Hacker Got All My Texts for $16," Vice reporter Joseph Cox detailed how the white-hat hacker—an employee at a security vendor—was able to redirect all of his text messages and then break into online accounts that rely on texts for authentication.

This wasn't a SIM swap scam, in which "hackers trick or bribe telecom employees to port a target's phone number to their own SIM card," Cox wrote. "Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him."

This method tricked T-Mobile into redirecting Cox's text messages in a way that might not have been readily apparent to an unsuspecting user. "Unlike SIM jacking, where a victim loses cell service entirely, my phone seemed normal," Cox wrote. "Except I never received the messages intended for me, but he did."

The hacker, who goes by the mononym "Lucky225," is director of information at Okey Systems, a security vendor. "I used a prepaid card to buy [Sakari's] $16-per-month plan and then after that was done it let me steal numbers just by filling out LOA info with fake info," the Okey employee told Cox. The "LOA" is "a Letter of Authorization, a document saying that the signer has authority to switch telephone numbers," Cox wrote.

"A few minutes after they entered my T-Mobile number into Sakari, [the hacker] started receiving text messages that were meant for me," Cox wrote. "I received no call or text notification from Sakari asking to confirm that my number would be used by their service. I simply stopped getting texts."

[...] Cox's story is not the first reminder about the insecurity of text messages. SIM-swapping attacks and flaws in the SS7 telephone protocols already made it risky to use text messages for authentication, but many websites and other online services still rely on texts to verify users' identities. Customers can set up account PINs with T-Mobile and other carriers to prevent unauthorized access to their cellular accounts, but it isn't clear whether doing so would have prevented the type of attack that redirected Cox's text messages.

Original Submission

upstart writes in with an IRC submission:

Attackers are trying awfully hard to backdoor iOS developers' Macs:

Researchers said they've found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers.

It came in the form of a malicious project the attacker wrote for Xcode, a developer tool that Apple makes freely available to developers writing apps for iOS or another Apple OS. The project was a copy of TabBarInteraction, a legitimate open source project that makes it easier for developers to animate iOS tab bars based on user interaction. An Xcode project is a repository for all the files, resources, and information needed to build an app.

Alongside the legitimate code was an obfuscated script, known as a "Run Script." The script, which got executed whenever the developer build was launched, contacted an attacker-controlled server to download and install a custom version of EggShell, an open source back door that spies on users through their mic, camera, and keyboard.

Researchers with SentinelOne, the security firm that discovered the trojanized project, have named it XcodeSpy. They say they've uncovered two variants of the customized EggShell dropped by the malicious project. Both were uploaded to VirusTotal using the web interface from Japan, the first one on August 5 and the second one on October 13.

"The later sample was also found in the wild in late 2020 on a victim's Mac in the United States," SentinelOne researcher Phil Stokes wrote in a blog post Thursday. "For reasons of confidentiality, we are unable to provide further details about the ITW [in the wild] incident. However, the victim reported that they are repeatedly targeted by North Korean APT actors and the infection came to light as part of their regular threat hunting activities."

So far, company researchers are aware of only one in-the-wild case, from a US-based organization. Indications from the SentinelOne analysis suggest the campaign was "in operation at least between July and October 2020 and may also have targeted developers in Asia."

Original Submission

upstart writes in with an IRC submission:

Someone defeated the anti-crypto-coin-mining protection for Nvidia's 'gamers only' RTX 3060 ... It was Nvidia:

Cryptocurrency miners found a way to sidestep Nvidia's anti-mining protections for its RTX 3060 graphics card, and craft coins to their hearts' content.

A day before its 3060 went on sale, Nvidia announced the GPU would require a GeForce driver designed to detect whether the hardware was running proof-of-work algorithms used to mine Ethereum. If this code was observed, the driver would force the chipset to slash its mining efficiency, or hash rate, crippling its ability to produce digital currency.

It was hoped that these measures would deter crypto-miners from snapping up all of these relatively cheap cards at launch, and leave a few more for gamers. It was a little bit obvious that miners would just buy the RTX 3060s anyway in hope that the driver-level protection would be defeated eventually.

And not only did the miners get their hands on the gear, they discovered a way, in some circumstances, to subvert the driver to successfully mine Ethereum. The trick is surprisingly trivial: use another driver. Nvidia recently released a technology preview driver, compatible with the RTX 3060, that included CUDA support for the latest Windows Subsystem for Linux (WSL 2), allowing applications to tap into the graphics processor to accelerate things like machine-learning algorithms.

This driver also doesn't impose the Ethereum hashing limitations, and so switching to this software evades Nvidia's crackdown, depending on how you've set up your rig. "A developer driver inadvertently included code used for internal development which removes the hash rate limiter on RTX 3060 in some configurations," an Nvidia spokesperson confirmed to The Register on Tuesday. "The driver has been removed."

Previously:
Nvidia Says It Won't Nerf the Ethereum Mining Performance of Existing GPUs
Nvidia Cripples Ethereum Mining Capability for Upcoming RTX 3060, Announces Dedicated Mining Cards
Nvidia GeForce RTX 30 Series Laptop Shortages Likely as Ethereum Hunters Turn to Mobile Mining

Original Submission