SoylentNews

upstart writes:

Russian Government Mulls Chinese Foundries, State Aid to Evade US Sanctions:

The Russian Federation government is considering adding chip designers Baikal Electronics and MCST to the list of 'backbone enterprises.' The status will provide Baikal and MSCT with numerous benefits, including subsidies. State aid might help these companies to transition the production of their chips from Taiwan to China. Meanwhile, it is unclear whether fabs like SMIC and Hua Hong are interested in making chips for Russian companies and risk additional sanctions.

"Such a move could also be aimed at transferring the production of Russian processors from the Taiwanese TSMC, which abandoned their production due to sanctions, to Chinese factories," a report by CNews reads.

Amid the global chip deficit, prominent Chinese foundries like SMIC and Hua Hong have landed large orders from existing and new clients. Officially, SMIC has been operating at over 100% capacity for several quarters now, so it is unclear whether it can even make chips for Baikal and MCST. Another question is whether those companies can legally produce those processors.

[...] While many media outlets highlight ASML, the world's largest supplier of lithography equipment, as the key maker of semiconductor production tools, there are a half-dozen U.S.-based companies (Applied Materials, KLA, Lam Research, etc.) that build fab equipment without which fabs cannot function. As a result, virtually all foundries in the world need to obtain an export license from the U.S. government if they want to make chips for companies like Huawei, Phytium, Sunway, or essentially all Russian chipmakers.

License applications to produce chips for the said companies are undertaken with a presumption of denial. So given the current attitude towards Russia, it is unlikely that SMIC and Hua Hong can actually help Russia to save its two major developers of CPUs. Furthermore, it is unclear from where Baikal could get contemporary Arm licenses as the U.K. has also imposed sanctions against the Russian high-tech industry.

Original Submission

Freeman writes:

https://arstechnica.com/tech-policy/2022/03/apple-employee-conspired-with-suppliers-stole-parts-in-10m-fraud-doj-says/

Under CEO Tim Cook's watchful eye, Apple has become famous for its tightly managed supply chain. Yet even the most finely tuned machines run into problems from time to time. The case of Dhirendra Prasad appears to be one of those times.
[...]
The alleged scam worked something like this: Prasad would receive a list of parts and services that Apple needed. He would then request quotes from vendors, negotiate with them, and choose which ones would get the business. From this position of power, Prasad could put his thumb on the scale, and he apparently gave Hansen's and Baker's companies a leg up in exchange for something on the side.
[...]
Prasad's alleged scheme appears to have ramped up as it went on. In 2017, Prasad reported that his income was $1,215,000, the government alleges. "In fact, as defendant knew and believed, defendant had taxable income for 2017 that was greater than the amount reported on the tax return."

US attorneys believe that Prasad attempted to launder that money by purchasing five properties, most of them in California's Central Valley, and stashing funds in various investment accounts, 529 college savings plans, and a retirement annuity. The seized assets are worth about $5 million, the government estimates.

Original Submission

pen-helm writes:

https://spectrum.ieee.org/neural-network-multiplex

Researchers find neural networks can process a lot more data - achieving up to an 18-fold speedup - by multiplexing many inputs into one feed. They don't yet know why this doesn't confuse the network.

Just as multiplexing can help a single communication channel carry many signals at the same time, a new study reveals that multiplexing can help neural networks—the AI systems that now often power speech recognition, computer vision, and more—scan dozens of streams of data simultaneously, letting them greatly boost the rate at which they analyze information.

In artificial neural networks, components dubbed "neurons" are fed data and cooperate to solve a problem, such as recognizing images. The neural net repeatedly adjusts the links between its neurons and sees if the resulting patterns of behavior are better at finding a solution. Over time, the network discovers which patterns are best at computing results. It then adopts these as defaults, mimicking the process of learning in the human brain. The features of a neural net that change with learning, such as the nature of the connections between neurons, are known as its parameters.

Recent research suggests that modern neural networks often have vastly more parameters than they need—potentially, they could prune the numbers of their parameters by more than 90 percent to reduce their sizes without harming their accuracy. This raised a question that researchers at Princeton University aimed to address—if neural networks possessed more computing power than they needed, could they each analyze multiple streams of information simultaneously to help learn a task, just as a radio channel can share its bandwidth to carry multiple signals at the same time?

Where to begin?

How about at the beginning? Would that be https://soylentnews.org/~martyb/journal/60? That was the first journal article I posted to SoylentNews. I am talking still earlier than that. That would be the day I created my account on the site — it was a few days before we went live. I have been active ever since. Well, up until about a couple weeks ago.

That was when I experienced a medical condition that has precluded my continued participation here.

Since that day, janrinok (our former Editor-in-Chief) has ably filled my shoes in my absence. That is until Fnord666 (our Alternate-Editor-in-Chief) could take the reins.

I ask you to extend to them the same kindness and support you have shown me. I've grown creatively and professionally in ways I had never even imagined! Thank You!

Freeman writes:

https://arstechnica.com/gadgets/2022/03/steam-on-chromebooks-is-ready-for-testing-comes-with-steep-requirements/

After prematurely announcing that Steam on Chromebooks was ready for testing last week, Google is making the release official today. The alpha version of Steam on Chrome OS is currently available in the Chrome OS 14583.0.0 Dev channel, as announced via a post in Google's Chrome Developers Community.

Not all Chromebooks will be able to run Steam, however. [...] These requirements limit Steam on Chrome OS to the pricier tier of Chromebooks. You can currently find HP's G2 Chromebook for $849 and Acer's Chromebook 514 for $780 or its Chromebook 515 for $772.

[...] Google said it doesn't recommend trying Steam on Chrome OS on a "Chromebook that you rely on for work, school, or other daily activities."

Expect "crashes, performance regressions," and bugs, Google said. As this is an alpha, "anything can break," Google said, highlighting the Dev channel's "inherent instability" and the fact that Steam on Chrome OS is a work in progress.

Original Submission

upstart writes:

The universe's background starlight is twice as bright as expected:

Even when you remove the bright stars, the glowing dust and other nearby points of light from the inky, dark sky, a background glow remains. That glow comes from the cosmic sea of distant galaxies, the first stars that burned, faraway coalescing gas — and, it seems, something else in the mix that's evading researchers.

Astronomers estimated the amount of visible light pervading the cosmos by training the New Horizons spacecraft, which flew past Pluto in 2015, on a spot on the sky mostly devoid of nearby stars and galaxies (SN: 12/15/15). That estimate should match measurements of the total amount of light coming from galaxies across the history of the universe. But it doesn't, researchers report in the March 1 Astrophysical Journal Letters.

"It turns out that the galaxies that we know about can account for about half of the level we see," says Tod Lauer, an astronomer at the National Science Foundation's NOIRLab in Tucson, Ariz.

[...] While Lauer's group previously noted a discrepancy, this new measurement reveals a wider difference, and with smaller uncertainty. "There's clearly an anomaly. Now we need to try to understand it and explain it," says coauthor Marc Postman, an astronomer at the Space Telescope Science Institute in Baltimore, Md.

There are several astronomical reasons that could explain the discrepancy. Perhaps, says Postman, rogue stars stripped from galaxies linger in intergalactic space. Or maybe, he says, there is "a very faint population of very compact galaxies that are just below the detection limits of Hubble." If it's the latter case, astronomers should know in the next couple years because NASA's recently launched James Webb Space Telescope will see these even-fainter galaxies (SN: 10/6/21).

Another possibility is the researchers missed something in their analysis. "I'm glad it got done; it's absolutely a necessary measurement," says astrophysicist Michael Zemcov of the Rochester Institute of Technology in New York who was not involved in this study. Perhaps they're missing some additional glow from the New Horizons spacecraft and its LORRI instrument, or they didn't factor in some additional foreground light. "I think there's a conversation there about details."

Original Submission

upstart writes:

Hope fading for recovery of European radar imaging satellite - SpaceNews:

European Space Agency officials said prospects are dimming for the recovery of a radar imaging satellite that malfunctioned nearly three months ago, but that efforts to save the spacecraft continue.

The Sentinel-1B spacecraft malfunctioned in December, keeping the spacecraft from collecting C-band synthetic aperture radar (SAR) imagery. ESA said in January that they were investigating a problem with the power system for the SAR payload on the satellite, launched in April 2016.

In a Feb. 25 update, ESA said work was continuing to investigate problems with both the main and backup power system for the payload but that effort had yet to identify a root cause of the anomaly. The problem doesn't affect operations of the spacecraft itself, which has remained under control.

ESA leaders were not optimistic about the prospects of recovering Sentinel-1B. "The situation doesn't look very good, but we have not given up hope yet," Josef Aschbacher, director general of ESA, said in response to a question about the status of the satellite. "We are still looking into technical options of what the root cause could be."

Original Submission

upstart writes:

Android password-stealing malware infects 100,000 Google Play users:

A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download.

The Android malware is disguised as a cartoonifier app called 'Craftsart Cartoon Photo Tools,' allowing users to upload an image and convert it into a cartoon rendering.

Over the past week, security researchers and mobile security firm Pradeo discovered that the Android app includes a trojan called 'FaceStealer,' which displays a Facebook login screen that requires users to log in before using the app.

upstart writes:

Nasty Linux netfilter firewall security hole found:

Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal.

Nick Gregory, a Sophos threat researcher, found this hole recently while checking netfilter for possible security problems. Gregory explains in great detail his bug hunt, and I recommend it for those who want insight into finding C errors. But, for those of you who just want to cut to the chase, here's the story.

This is a serious bug. Specifically, it's a heap out-of-bounds write problem with the kernel's netfilter. Gregory said it's " exploitable to achieve kernel code execution (via ROP [return-oriented programming]), giving full local privilege escalation, container escape, whatever you want." Yuck!

[...] This vulnerability is present in the Linux kernel versions 5.4 through 5.6.10. It's listed as Common Vulnerabilities and Exposures (CVE-2022-25636), and with a Common Vulnerability Scoring System (CVSS) score of 7.8), this is a real badie.

How bad? In its advisory, Red Hat  said, "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat." So, yes, this is bad.

Original Submission

upstart writes:

Google allegedly hid documents from search monopoly lawsuit, DOJ claims:

Google employees have been improperly using attorney-client privilege to hide documents from discovery in litigation and government investigations, according to fresh allegations laid by the US Justice Department (DOJ).

"Google has explicitly and repeatedly instructed its employees to shield important business communications from discovery by using false requests for legal advice," DOJ attorneys wrote in a court filing for its search monopoly lawsuit against Google.

According to the court filing [PDF], Google taught employees to slap an attorney-client privilege label and generic "request" for counsel's advice label on any sensitive business communications that Google might wish to shield from discovery. Slapping these labels onto communications prevents them from being provided for discovery in litigation.

This practice has allegedly been used throughout all levels of Google's hierarchy, with the DOJ claiming Google parent company Alphabet's CEO Sundar Pichai copied Google chief legal officer Kent Walker onto an email to YouTube CEO Susan Wojcicki about how to respond to a press inquiry, with "Attorney Client Privileged" at the top.

In these "camouflaged" communications, the attorney allegedly remained silent on a frequent basis, which the DOJ claims underscored that these communications were not genuine requests for legal advice but rather "an effort to hide potential evidence".

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2022/03/annoying-desktop-watermark-comes-to-users-of-unsupported-windows-11-pcs/

Windows 11 has stricter system requirements than any Windows version before it, dropping support for a wide range of pre-2018 PCs in the name of improving the Windows platform's security baseline. You can work around these requirements to install Windows 11 on unsupported PCs relatively easily, but Microsoft added warnings to its installer and has threatened to withhold updates from these systems. So far, the company hasn't followed through on that threat. But using Windows 11 on these somewhat older computers is about to get more annoying.

A new Windows 11 update adds a "system requirements not met" watermark to the desktop of unsupported PCs, similar to the watermark you might see if you were running an early beta or unactivated version of Windows. This message will presumably appear when your PC doesn't meet one or more of the operating system's core security requirements: a supported Intel, AMD, or ARM processor; Secure Boot support; and TPM 2.0 hardware or firmware.

Original Submission

upstart writes:

New PCR Test Can Identify All COVID-19 Variants in a Positive Patient Sample:

[...] Identifying specific strains reveals important information such as the length of incubation period, length of contagious period, transmissibility, pathogenicity, and even changes in the predominant symptoms.

Information on strain types is generally reported by the international community or a few states with large populations that perform genetic sequencing. The deep sequencing needed to identify SARS-CoV-2 strains is accurate and can identify each mutation present in a sample, but it is costly, slow and requires specialized equipment. Yet knowledge of the strain type provides important information for public health professionals, policymakers, and individuals.

[...] Using real-time PCR probes designed by Rutgers University and already used around the world for many purposes, Rutgers designed the Rutgers-RP RT-PCR assay to detect mutations in SARS-CoV-2 that have been shown to increase immune escape, avoid neutralization, and increase transmissibility. They pioneered the use of molecular beacons to identify specific genetic mutations. Molecular beacons are hairpin-shaped molecules that can be designed to selectively bind to a specific mutant sequence, avoiding wild-type sequences that often differ by a single nucleotide.

Nine mutations were selected for testing, and the beacon for each has differently colored dyes. Every original variant of concern – alpha, beta, gamma, delta, and omicron — has a unique combination of these mutations. and when the beacon binds to its target molecule, its distinct color can be detected by the assay.

Journal Reference: "Multiplex PCR Assays for Identifying all Major Severe Acute Respiratory Syndrome Coronavirus 2 Variants" by Ryan J. Dikdan, Salvatore A.E. Marras, Amanda P. Field, Alicia Brownlee, Alexander Cironi, D. Ashley Hill and Sanjay Tyagi, 1 February 2022, Journal of Molecular Diagnostics.
DOI: 10.1016/j.jmoldx.2022.01.004

Original Submission

upstart writes:

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible:

We've had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-trueadvice goes, check that the site's URL shows "https," indicating that the site is secured with TLS/SSL encryption.

If only it were that easy to avoid phishing sites. In reality, URL reliability hasn't been absolute for a long time, given things like homograph attacks that swap in similar-looking characters in order to create new, identical-looking but malicious URLs, as well as DNS hijacking, in which Domain Name System (DNS) queries are subverted.

Now, there's one more way to trick targets into coughing up sensitive info, with a coding ruse that's invisible to the naked eye. The novel phishing technique, described last week by a penetration tester and security researcher who goes by the handle mr.d0x, is called a browser-in-the-browser (BitB) attack.

upstart writes:

Australia's big move on cryptocurrency:

Australia will make its next move towards regulating cryptocurrency after the government promised the biggest overhaul of the nation's payment systems since the early days of the internet.

A taxation system for cryptocurrency, protections for investors from unscrupulous dealers and methods of regulating digital banks, crypto exchanges and brokers are all on the table under the proposed changes.

"The government can't guarantee your crypto any more than it can guarantee a painting or a share in a company, and nor should it," Financial Services Minister Jane Hume said on Sunday.

"But we can make sure Australian exchanges, custodians and brokers – Australian players in the crypto ecosystem – work within a regulatory framework that is better, safer and more secure."

Survey data from 2021 suggested that 25 per cent of Australians held or had previously held cryptocurrencies, making Australia one of the biggest adopters of cryptocurrencies on a per capita basis.

Original Submission

upstart writes:

How will climate change impact American companies? The SEC thinks you have a right to know:

Groundbreaking federal regulation expected to be unveiled Monday could change how Americans—and American companies—think about climate change. The Securities and Exchange Commission will meet to discuss whether public companies must disclose the risks they face from global warming.

Much as homebuyers are protected by rules requiring a seller to disclose problems, the new SEC rule would allow investors to judge how well or poorly a company is prepared for the future costs of a warming planet.

The anticipated rule would require publicly traded U.S. companies to tell investors about their greenhouse gas emissions and how they manage risks related to climate change and future climate regulations.

"There's increasing concern that investors are not fully informed of the climate risks companies face," said Michael Gerrard, faculty director of the Sabin Center for Climate Change Law at Columbia University. "These disclosures will shine a harsh light on companies that have climate exposure who maybe would rather lurk in the dark."