SoylentNews

upstart writes:

Open source community sets out path to secure software:

The open source community has presented a 10-point plan to improve the security and resilience of its software, bringing together more than 90 executives from 37 organisations, alongside US government officials, at a summit in Washington DC.

[...] OpenSSF executive director Brian Behlendorf added: "What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it. The plan we have put together represents the 10 flags in the ground as the base for getting started. We are eager to get further input and commitments that move us from plan to action."

The 10-point plan, which can be read in full on OpenSSF's website, is as follows:

1. To deliver baseline secure software development education and certification;
2. To establish a public, supplier-neutral, objective-metrics-based risk assessment dashboard for 10,000 widely used open source software (OSS) components;
3. To accelerate the adoption of digital signatures on OSS releases;
4. To eliminate the root causes of many vulnerabilities by replacing non-memory-safe languages;
5. To establish an OpenSSF-backed incident response team to help open source projects respond to vulnerability disclosures;
6. To improve the ability of maintainers and experts to discover new vulnerabilities in open source projects;
7. To establish a programme of third-party code audits and remediation for up to 200 of the most-critical OSS components;
8. To coordinate industry-wide data sharing to improve how the community goes about determining what the most-critical OSS components actually are;
9. To improve the adoption of software bill of materials (SBOM) tooling and training;
10. And finally, to enhance the 10 most-critical OSS build systems, package managers and distribution systems with improved supply chain security tools and practices.

Commenting on the plan, Mike Hanley, chief security officer (CSO) at GitHub, said: "Securing the open source ecosystem starts with empowering developers and open source maintainers with tools and best practices that are instrumental to securing the software supply chain.

Original Submission

upstart writes:

The Good, the Bad, and the Ugly: Twitter Users React to Elon Musk Putting Buyout Deal 'On Hold':

Following Tesla CEO Elon Musk's announcement Friday that he has placed his buyout of Twitter "on hold," many across social media were quick to react to the news.

Breitbart News reported earlier today that Tesla and SpaceX CEO Elon Musk has tweeted that his deal to purchase Twitter is currently "on hold" while an investigation into the number of bots and spam accounts on Twitter is completed. Twitter claimed in a recent filing that less than five percent of its daily active users were fake or spam accounts, now Musk appears to want to confirm this claim, which is lower than most estimates.

"Twitter deal temporarily on hold pending details supporting calculation that spam/fake accounts do indeed represent less than 5% of users," Musk said in a tweet. He later added, "Still committed to acquisition."

Original Submission

hubie and upstart both write:

Findings may lead to reconsideration of how we treat acute pain:

Using anti-inflammatory drugs and steroids to relieve pain could increase the chances of developing chronic pain, according to researchers from McGill University and colleagues in Italy. Their research puts into question conventional practices used to alleviate pain. Normal recovery from a painful injury involves inflammation and blocking that inflammation with drugs could lead to harder-to-treat pain.

[...] "In analyzing the genes of people suffering from lower back pain, we observed active changes in genes over time in people whose pain went away. Changes in the blood cells and their activity seemed to be the most important factor, especially in cells called neutrophils," says Luda Diatchenko a Professor in the Faculty of Medicine, Faculty of Dentistry, and Canada Excellence Research Chair in Human Pain Genetics.

"Neutrophils dominate the early stages of inflammation and set the stage for repair of tissue damage. Inflammation occurs for a reason, and it looks like it's dangerous to interfere with it," says Professor Mogil, who is also a member of the Alan Edwards Centre for Research on Pain along with Professor Diatchenko.

AnonTechie writes:

The National Security Agency's cybersecurity chief has claimed that next-generation encryption standards under development in the US will be unbreachable, even by the American government's own spies. The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards.

"There are no backdoors," said Rob Joyce, the NSA's director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.

The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today's computers can't. But it's also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked.

Bloomberg

[Related]:
EXECUTIVE ORDER 14028, IMPROVING THE NATION'S CYBERSECURITY

QUANTUM HEGEMONY ? China's Ambitions and the Challenge

Would you agree with the un-breachable encryption FUD that is being brandied about in this article ? If it is encrypted by humans, it can be decrypted by humans !!

Original Submission

takyon writes:

UK's Royal Mail to deliver post by drone on 50 new routes

The UK's Royal Mail has announced plans to open 50 postal routes serviced by delivery drones over the next three years as part of a wider objective of deploying over 500 UAVs to carry letters and parcels to remote localities in the country.

Royal Mail said drone delivery of post will initially be introduced to the Shetland Islands, Orkney Islands, Hebrides, and the Isles of Scilly. That latter destination was selected by the 507-year-old public service last year to first trial postal flights by UAVs between Cornwall and the archipelago, located 30 miles to the south. Since then, Royal Mail has additionally operated test programs to Scotland's Isle of Mull and Orkney Islands.

Most of those Royal Mail trials have been in partnership with drone delivery and air taxi infrastructure company Skyports, which operated the Mull flights after earlier transporting medical materials to far-flung UK destinations during spikes in the COVID-19 pandemic.

Pending approval from the UK's Civil Aviation Authority, Royal Mail will start phasing in postal drone deliveries across more than 50 designated routes in coming months. It will operate flights with drone manufacturer and service provider Windracers, which participated in earlier trials.

The company's 10-meter, fixed wing UAVs can carry up to 100 kg of post over a maximum range of 70 miles. The craft were used in a trial last month to the Orkney island of Unst, flying 50 miles each way.

Original Submission

upstart writes:

Some top 100,000 websites collect everything you type:

When you sign up for a newsletter, make a hotel reservation, or check out online, you probably take for granted that if you mistype your email address three times or change your mind and X out of the page, it doesn't matter. Nothing actually happens until you hit the Submit button, right? Well, maybe not. As with so many assumptions about the web, this isn't always the case, according to new research: A surprising number of websites are collecting some or all of your data as you type it into a digital form.

Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States. They found that 1,844 websites gathered an EU user's email address without their consent, and a staggering 2,950 logged a US user's email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.

[...] "If there's a Submit button on a form, the reasonable expectation is that it does something—that it will submit your data when you click it," says Güneş Acar, a professor and researcher in Radboud University's digital security group and one of the leaders of the study. "We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far."

upstart writes:

These Nanobots Can Swim Around a Wound and Kill Bacteria:

[...] It turns out, the nanobots are among us. For over a decade, Samuel Sánchez, a chemist with the Institute for Bioengineering of Catalonia, in Barcelona, has been envisioning nanobots that could carry useful payloads, like cancer drugs or antibiotics, through the body’s viscous fluids.

Picture a spherical particle of silica, which functions as a chassis. Sánchez has shown that you can dot its surface with a mess of special proteins that propel the particle through fluid, like little motors. His lab has experimented with different chassis, motors, and cargo. In research published in late April, they joined forces with antibiotics researchers. The team loaded silica nanobots with experimental antibiotics—including one derived from wasp venom—to treat infected wounds on mice. The nanobots, which were dropped onto one end of an infected wound, traveled through the skin to treat the entire area—the first report of nanobots killing bacteria in animals.

“We see that the whole wound gets covered. The machines can actually travel around the wound and clear the infection as they go,” says ‪César de la Fuente, a bioengineer at the University of Pennsylvania who led the project with Sánchez.

That matters, because drugs normally depend on diffusion, or the process of passively spreading through the body’s fluids. If the most perfect antibiotic in the world can diffuse only as well as a brick in a tub of jelly—well, it’s not perfect.

Journal Reference:
Xavier Arqué et al., Autonomous Treatment of Bacterial Infections in Vivo Using Antimicrobial Micro- and Nanomotors, American Chemical Society, 2022 (DOI: https://pubs.acs.org/doi/10.1021/acsnano.1c11013)
Ana C. Hortelão et al., Enzyme-Powered Nanobots Enhance Anticancer Drug Delivery, 2017 (DOI: https://doi.org/10.1002/adfm.201705086)
Ana C. Hortelao et al., Swarming behavior and in vivo monitoring of enzymatic nanomotors within the bladder, 2021 (DOI: https://doi.org/10.1126/scirobotics.abd2823)
Marcelo D. T. Torres et al., The wasp venom antimicrobial peptide polybia-CP and its synthetic derivatives display antiplasmodial and anticancer properties, 2020 (DOI: https://doi.org/10.1002/btm2.10167)

Original Submission

upstart writes:

Antibiotics can lead to fungal infection because of disruption to the gut's immune system:

Using immune-boosting drugs alongside the antibiotics could reduce the health risks from these complex infections say the researchers.

The life-threatening fungal infection invasive candidiasis is a major complication for hospitalised patients who are given antibiotics to prevent sepsis and other bacterial infections that spread quickly around hospitals (such as C. diff). Fungal infections can be more difficult to treat than bacterial infections, but the underlying factors causing these infections are not well understood.

A team in the University's Institute of Immunology and Immunotherapy, in conjunction with researchers at the National Institutes of Health, discovered that antibiotics disrupt the immune system in the intestines, meaning that fungal infections were poorly controlled in that area. Unexpectedly, the team also found that where fungal infections developed, gut bacteria were also able to escape, leading to the additional risk of bacterial infection.

Journal Reference:
Rebecca A. Drummond et al., Long-term antibiotic exposure promotes mortality after systemic fungal infection by driving lymphocyte dysfunction and systemic escape of commensal bacteria, Cell Host & Microbe, 2022
DOI: 10.1016/j.chom.2022.04.013

Original Submission

upstart writes:

Russian troops are proving that cell phones in war zones are a very bad idea:

It’s been a nightmare scenario for U.S. commanders for years: An amphibious readiness group sails stealthily towards its objective, one reckless Marine or sailor goes topside and uses a personal cell phone to check Facebook, revealing the position of the assault ship. The Chinese or Russians quickly detect the cell phone signal in the middle of the ocean and realize they can’t miss. The enemy fires its anti-ship ballistic or cruise missiles at Pfc./Seaman Schmuckatelli as he posts a meme and suddenly the entire ship along with thousands of sailors and Marines are lying on the ocean floor.

To some, this type of scenario may seem as hyperbolic as warnings that wearing white socks in combat could give away your location to the enemy, but Russian troops in Ukraine have shown the perils of using cell phones in modern-day warzones.

The Ukrainians claim to have killed 12 general Russian officers since late February, in part because the Russians have resorted to using cell phones when their communications systems break down.

“It is not hard to geo-locate someone on a phone talking in the clear,” retired Army Gen. Ben Hodges, former commander of U.S. Army Europe, told the New York Times.

Original Submission

upstart writes:

Judge brings dismissed Steam antitrust lawsuit back from the dead:

Last November, Western District of Washington Judge John Coughenour sided with Valve in dismissing a Steam antitrust lawsuit that had been filed by indie developer (and Humble Bundle creator) Wolfire Games. Now, that same judge is showing new respect for Wolfire's arguments, allowing parts of an amended version of the complaint to move forward.

In a May 6 ruling (noted by Bloomberg Law), Judge Coughenour said that the allegations in Wolfire's initial lawsuit were "anecdotal and threadbare" but that an amended lawsuit "provides additional context" and lays out a case that is "sufficient to plausibly allege unlawful conduct." As such, the judge has refused to dismiss large parts of that amended case, letting it move forward through the long judicial process.

In his original ruling, Judge Coughenour dismissed Wolfire's claims that Steam's 30 percent fee to publishers was higher than what the company would take in a more competitive market. At the time, the judge noted that Steam's fees had remained the same from its launch in 2003 through its alleged "market dominance" in 2013 and beyond.

In his new ruling, though, Judge Coughenour was receptive to the argument that Steam's fees relative to the competition have changed during that time, writing, "In those early days, Defendant was competing against brick-and-mortar game distributors, [but] the [amended complaint] makes it clear that Defendant did not need market power to charge a fee well above its cost structure because those brick-and-mortar competitors had a far higher cost structure."

Original Submission

upstart writes:

MakerBot and Ultimaker announce plans to merge – TechCrunch:

Desktop 3D printing firms MakerBot and Ultimaker this morning announced plans to merge. The new single company will be backed by NPM Capital and MakerBot-owner Stratasys and co-led by existing CEOs Nadav Goshen and Jürgen von Hollen. Existing offices will also be maintained in both Brooklyn and The Netherlands.

Both firms rode an initial wave of excitement around additive manufacturing 10 to 15 years ago, becoming two of the most prominent players in the desktop 3D printing space. MakerBot was founded in 2008 as an offshoot of the open source RepRap project. In 2013, the company was acquired by industrial 3D printing giant Stratasys. Founded in Utrecht, Netherlands in 2011, Ultimaker's team was similarly formed around attempts to productize the RepRap project.

[...] The newly formed company will spin out from Stratasys, though the parent company will maintain a minority (45.6%) stake. NPM Capital will control the other 54.4%.

[...] Pending regulator approvals, the deal is expected to close in Q2 or Q3.

Are any of our community 3D printer users? What are you experiences? Has it lived up to your expectations? And the question that I'm sure everyone has asked - what have you made?

Original Submission

upstart writes:

Crypto crash: almost $1 trillion wiped off markets as Bitcoin hits lowest level since 2020:

It's been a nightmare week for cryptocurrency holders as the market crashes and Bitcoin hits its lowest price since December 2020. Ethereum, BNB, XRP, and many other digital coins have also fallen to their lowest levels in a long time. The crisis came after stablecoin Terra, designed to trade 1:1 with the US dollar, collapsed.

TerraUSD (UST), the 11th largest cryptocurrency by market cap, is an algorithmic stablecoin that uses a set of smart contracts to ensure its value stays as close to $1 as possible. But after hovering at around $1 for about a year, it crashed to 29 cents yesterday, plunging its market cap from more than $45 billion to less than $5 billion. It has since rallied to 62 cents, but that's still far from $1.

Terra's support coin, Luna, has also plummeted in dramatic style, going from $86 at the start of the week to its current price of 20 cents. Terra is designed so traders can exchange 1 UST for $1 worth of Luna, no matter the price of UST

[...] Do Kwon, co-founder of Terra developer Terraform Labs, tweeted: "I understand the last 72 hours have been extremely tough on all of you - know that I am resolved to work with every one of you to weather this crisis, and we will build our way out of this."

Terra's collapse has impacted many cryptocurrencies, the most notable being the biggest one of all: Bitcoin. At the time of writing, BTC is at $27,236, its lowest value since before the crypto boom at the end of 2020. Bitcoin has now lost nearly two-thirds of its value since peaking at $69,000 in November 2021.

[...] The good news for non-crypto-owning gamers is that the freefall will doubtlessly make mining less profitable, and should push graphics card prices even closer to MSRP.

Original Submission

upstart writes:

1,600-Feet Asteroid, Bigger Than Most Buildings, Heading Towards Earth:

Space scientists have warned that a huge asteroid is heading towards the Earth. According to American space agency NASA (National Aeronautics and Space Administration), which is monitoring it, the giant space rock Asteroid 388945 (2008 TZ3) will make close approach to our planet at 2.48am on May 16.

NASA further said that the asteroid is 1,608 feet wide. In comparison, New York's iconic Empire State building stands at 1,454 feet. It is also bigger than the Eiffel Tower and dwarf the Statue of Liberty too.

The space rock can cause huge damage if it hits the Earth. But space scientists' calculations say it will pass us from a distance of about 2.5 million miles away.

Though it may sound a huge distance, in space terms it is not. And that is why, NASA has flagged this as "close approach".

This is not the first time that Asteroid 388945 has paid us a visit. It passed very close to Earth in May 2020 - at a distance of 1.7 million miles.

Original Submission

upstart writes:

A first: Scientists grow plants in soil from the Moon:

In a new paper published in the journal Communications Biology, University of Florida researchers showed that plants can successfully sprout and grow in lunar soil. Their study also investigated how plants respond biologically to the Moon's soil, also known as lunar regolith, which is radically different from soil found on Earth.

This work is a first step toward one day growing plants for food and oxygen on the Moon or during space missions. More immediately, this research comes as the Artemis Program plans to return humans to the Moon.

[...] "For future, longer space missions, we may use the Moon as a hub or launching pad. It makes sense that we would want to use the soil that's already there to grow plants," Ferl said. "So, what happens when you grow plants in lunar soil, something that is totally outside of a plant's evolutionary experience? What would plants do in a lunar greenhouse? Could we have lunar farmers?"

[...] The complication: The scientists only had 12 grams -- just a few teaspoons -- of lunar soil with which to do this experiment. On loan from NASA, this soil was collected during the Apollo 11, 12 and 17 missions to the Moon. Paul and Ferl applied three times over the course of 11 years for a chance to work with the lunar regolith.

[...] Before the experiment, the researchers weren't sure if the seeds planted in the lunar soils would sprout. But nearly all of them did.

upstart writes:

Practical bruteforce of AES-1024 military grade encryption:

I recently presented work on the analysis of a file encryption solution that claimed to implement "AES-1024 military grade encryption". Spoiler alert: I did not break AES, and this work does not concern the security of AES. You may find advanced research regarding this topic.

This project started during a forensic analysis. One of my colleagues came with a USB stick containing a vault encrypted with SanDisk Secure Access software. He asked me if it was possible to bruteforce the password of the vault to recover the content. I did not know this software thus, I started to research. It appeared that this solution is distributed by Sandisk by default on any storage device you buy from them.

The solution is convenient, it allows a user to run the binary on the disk and after entering her correct password her vault is unlocked and the files are accessible. Once the software is closed, the files are encrypted back and not accessible anymore. So far nothing uncommon, but one thing drew my attention. In the Options menu, you can choose your "Preferred encryption method".

[...] They claimed to provide "Ultimate encryption using 1024 bit AES keys, Military grade". Thus for all those reasons, I decided to analyze the solution to figure out how it was implemented.