SoylentNews

Both upstart and Arthur T Knackerbracket processed the following story:

A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said.

CVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications, an open source project that provides JavaScript programming interfaces to enable real-time voice, text, and video communications capabilities between web browsers and devices. [...]

Avast said on Thursday that it uncovered multiple attack campaigns, each delivering the exploit in its own way to Chrome users in Lebanon, Turkey, Yemen, and Palestine. The watering hole sites were highly selective in choosing which visitors to infect. Once the watering hole sites successfully exploited the vulnerability, they used their access to install DevilsTongue, the name Microsoft gave last year to advanced malware sold by an Israel-based company named Candiru.

"In Lebanon, the attackers seem to have compromised a website used by employees of a news agency," Avast researcher Jan Vojtěšek wrote. "We can't say for sure what the attackers might have been after, however often the reason why attackers go after journalists is to spy on them and the stories they're working on directly, or to get to their sources and gather compromising information and sensitive data they shared with the press."

upstart writes:

We test an electric Mercedes that can go 747 miles on a single charge:

Mercedes wouldn't tell us the program's exact budget, simply warning us that the sole EQXX should be considered priceless [...]

[T]he aim was to build an electric vehicle capable of at least 621 miles (1,000km) on a single charge. Also like the Bugatti, it's road-legal: In April of this year, less than two years after the project was given the green light, the team drove the EV 625 miles (1,006 km) from Sindelfingen in Germany to Cassis, France, arriving with 15 percent state of charge in the battery.

Two months later, the team followed that up with a longer drive that involved descending down fewer mountains, driving from Stuttgart, Germany, to the Silverstone racetrack in the UK, where reigning Formula E champion Nyck de Vries then used the remaining charge to drive some hot laps. The car eventually completed 747 miles (1,202 km) before coming to a halt in the pit lane.

[...] The Vision EQXX is a one-off, a concept car come to life, but it's more fully realized than any other concept I've yet encountered. A pure engineering exercise or world record breaker wouldn't bother with a functional infotainment system that uses a single 44-inch 8K display, nor a completely trimmed interior, even if it's one that uses a cactus fiber fabric instead of leather, bamboo fiber carpets, and a biotech-derived silk, among other innovations.

Original Submission

upstart writes:

Nuclear power plants are struggling to stay cool:

From its humble start as a glacial trickle in the Swiss Alps, the Rhône River quickly transforms into one of the world's most industrialized waterways. As it winds through the south of France toward the Mediterranean Sea, its chilly water is drawn into boilers, sucked through pipes as coolant, deviated for agriculture. Among its biggest customers is a battalion of nuclear reactors. Since the 1970s, the river and its tributaries have helped generate about a quarter of France's atomic energy.

But in recent weeks that hasn't been the case. Amidst a slow-burning heat wave that has killed hundreds and sparked intense wildfires across Western Europe, and combined with already low water levels due to drought, the Rhône's water has gotten too hot for the job. It's no longer possible to cool reactors without expelling water downstream that's so hot as to extinguish aquatic life. So a few weeks ago, Électricité de France (EDF) began powering down some reactors along the Rhône and a second major river in the south, the Garonne. That's by now a familiar story: Similar shutdowns due to drought and heat occurred in 2018 and 2019. This summer's cuts, combined with malfunctions and maintenance on other reactors, have helped reduce France's nuclear power output by nearly 50 percent.

Of all the low-carbon energy sources that will likely be necessary to fight climate change, nuclear power is usually thought of as the least perturbable. It's the reinforcement that's called in when the weather doesn't cooperate with other zero-carbon energy sources, like wind and solar. But the nuclear industry faces its own climate risks.

The proposal to enforce AC posting for logged in members only on the main page was promulgated to all staff and members of the board 7 days ago. Thank you to all those who contributed to the earlier discussions and clearly expressed their own views, suggestions and potential enhancements. All are being studied for implementation, if feasible, when staffing and resources permit.

There has been unanimous agreement from all responses received in favour of the proposed restriction. However, it was also apparent that there was a wish that this will be only until other alternative methods of restricting spamming, abuse and other disruptions to discussions can be identified and implemented. This is unlikely to be achievable in the short to medium term; other sites are struggling unsuccessfully with the same problem. The long-term aim remains to include AC posting in all discussions if at all possible

Therefore, beginning immediately, all AC posting on the main site will be limited to registered members who have logged in to their account. We regret that this leaves a number of AC community members unable to contribute as they once did, but anonymity remains a personal choice.

This will not affect discussions in journals which will have no limits and will be open to all.

If there is a demand for it, I will look at alternative methods of publishing a small number of stories each day into a journal.

On a more positive note, there is evidence that because of the recent restrictions on AC posting a significant number of existing accounts have returned and are commenting in the discussions. The quality of discussions (i.e. signal-to-noise ratio) is significantly better than it was several weeks ago. Although we have lost overall numbers of comments, the value of many of those lost comments appears to have been quite low. There has also been a noticeable improvement in moderations being awarded with more positive moderations being given when compared to negative ones. It is too early yet to draw any firm conclusions from other site statistics.

janrinok

takyon writes:

US launches environmental study for Thirty Meter telescope on Mauna Kea

The National Science Foundation will examine the environmental impacts of a proposed optical telescope on the summit of Hawaii's tallest mountain, a project that has faced strong opposition from Native Hawaiians who consider the area sacred.

Native Hawaiians have long protested the plan to build what would be one of the world's largest optical telescopes on Mauna Kea, and say the $2.65bn project will further defile an area already harmed by a dozen other observatories.

The National Science Foundation on Tuesday published a notice of its plans to prepare an environmental impact statement for the $2.65bn Thirty Meter telescope, along with another proposed telescope on Spain's Canary Islands. It will host several meetings on the Big Island of Hawaii in August and said only after it considers public input, the environmental review and the project's technical readiness, will it decide whether to fund the project.

Original Submission

upstart writes:

AMD Establishes New CPU Design Center in NY:

As AMD's sales skyrocketed in recent years, so did its Research and Development (R&D) budget. With hundreds of millions in R&D budget per quarter, AMD is undoubtedly looking for more personnel, and this time, it is opening up an all-new CPU design center in New York.

"AMD's CPU side is hiring as well- they're even building an entirely new site in Poughkeepsie, NY," wrote AMD's Mike Evans on Twitter (opens in new tab).

Based on the hiring entry at AMD's website, AMD's CPU division plans to hire verification engineers (most of them) and then even a CPU core performance architect (that's an important part!) as well as a 'senior Infinity Fabric verification engineer.' Given the diversity of positions and nature of those positions, we might be looking at the establishment of another AMD R&D site that is ready to grow.

Following the roaring success of Ryzen CPU for client devices and EPYC processor for data centers, AMD's R&D budget rose from about a billion U.S. dollars in 2016 to approximately $2.8 billion in 2021 (R&D expenses are a percentage of sales), which gives the company vast amounts of resources to develop hardware and software.

Original Submission

1st Polio Case Reported in US in Nearly a Decade Detected in New York State

upstart writes:

1st polio case reported in US in nearly a decade detected in New York state:

The first case of polio reported in the U.S. in nearly a decade was detected in New York state, health officials said Thursday.

The case is in a resident of Rockland County, the state health department said.

State health officials said sequencing determined that the newly detected case is an instance of vaccine-derived polio. The oral polio vaccine contains a weakened version of the polio virus that can be excreted in stool and transmitted.

That vaccine has not been administered in the U.S. since 2000, suggesting that the virus may have originated somewhere outside the U.S., health officials said.

The Rockland County polio patient is a young adult whose symptoms began a month ago, according to public health officials in Rockland County. The person is no longer contagious but has suffered some paralysis. It is unknown whether that will be permanent.

The infected person contracted polio through exposure to someone who was inoculated with the oral vaccine. The patient did not travel outside of the country, so the exposure was here,

upstart writes:

New "Data Safety" alternative runs on the honor system, and that's not good enough:

Last week, Google started more widely rolling out the new "Data Safety" screen in the Play Store, and it made waves in the tech world when we found out that the new section was a replacement for the normal app permissions display, not a new screen in addition to it. After the negative public reaction to the news, the official Android Developers Twitter account promised to revert the change and let the permissions screen display side by side with the new Data Safety display.

"Data Safety" is a new Play Store section that lets developers list what data an app collects, how that data is stored, and who the data is shared with. [...] The app permissions list is a factual, computer-generated record of what permissions an app can request, while the Data Safety section is written by the developer. You can't cheat the app permissions list, while Data Safety runs on the honor system.

[...] Google is a very data-hungry company, and the removal of the permissions screen was one more papercut for people trying to protect their privacy. Reinstating the permissions screen is a Band-Aid fix, and it still seems like Google should just apply its permissions detection to the Data Safety screen and then require developers to add details about why the data is collected and how it's stored. Google already built an automated permissions detection system, and instead of throwing the whole thing out, it could just let developers add details to it.

Original Submission

upstart writes:

Inquiry launched as Congress debates bill that could gut FCC's privacy authority:

Federal Communications Commission Chairwoman Jessica Rosenworcel has ordered mobile carriers to explain what geolocation data they collect from customers and how they use it. Rosenworcel's probe could be the first step toward stronger action—but the agency's authority in this area is in peril because Congress is debating a data privacy law that could preempt the FCC from regulating carriers' privacy practices.

Rosenworcel sent letters of inquiry Tuesday "to the top 15 mobile providers," the FCC announced. The chairwoman's letters asked carriers "about their policies around geolocation data, such as how long geolocation data is retained and why and what the current safeguards are to protect this sensitive information," the FCC said.

The letters also "probe carriers about their processes for sharing subscriber geolocation data with law enforcement and other third parties' data-sharing agreements. Finally, the letters ask whether and how consumers are notified when their geolocation information is shared with third parties," the FCC said.

[...] The FCC inquiry is important "in light of the long history of abuses by carriers selling this kind of detailed and hyper-accurate information to law enforcement, bounty hunters, and even stalkers," said Harold Feld, senior VP of consumer advocacy group Public Knowledge. Mobile carriers "have unique access to highly accurate geolocation information—known as A-GPS—designed so that 911 responders can find a caller with pinpoint accuracy," and have "access to other information that can be combined with geolocation to produce a detailed picture of a person's activities far beyond what applications on the handset can provide," Feld said.

Arthur T Knackerbracket has processed the following story:

At the last Farnborough International Airshow in 2018, the United Kingdom started the countdown to the first orbital launch from the country. The U.K. Space Agency announced it selected a site near the town of Sutherland in northern Scotland to host a vertical launch facility, and awarded $38 million to two companies to perform launches there. Other launch companies and prospective spaceports also announced plans to develop and launch rockets in the county.

Four years later, as the aerospace industry prepares to squeeze onto trains and line up for shuttle buses to return to Farnborough, that countdown still hasn’t reached zero. The Sutherland launch site hasn’t been built yet, while British companies that might use it or other launch sites are still working on their vehicles. The first orbital launch from the U.K. now appears likely to be performed by a U.S. company, Virgin Orbit, whose LauncherOne air-launch system is scheduled to fly from Spaceport Cornwall as soon as September.

Launch companies in the U.K., though, are not deterred by that slow progress. While lagging American launch vehicle developers, they see themselves at the forefront of the European small launch industry, with ambitions to begin launches in the next year or two.

One of the companies that received awards from the U.K. government in 2018 was Orbex, which is developing a small launch vehicle called Prime it plans to launch from Sutherland, capable of placing up to 180 kilograms into orbit. [...]

In close competition with Orbex is Skyrora. It is working on Skyrora XL, a three-stage rocket designed to place payloads weighing up to 315 kilograms into sun-synchronous orbit. It is also working on Skylark L, a suborbital sounding rocket intended to test some of the technologies needed for the larger Skyrora XL.

Arthur T Knackerbracket has processed the following story:

The world is still reeling from the release of the James Webb Space Telescope's (JWST) first images. These provided a comprehensive overview of the kind of science operations that Webb will conduct over its 20-year mission. They included the most sensitive and detailed look at some iconic astronomical objects, spectra from an exoplanet atmosphere, and a deep field view of some of the most distant galaxies in the universe. Since their release, we've also been treated to glimpses of objects in the solar system captured by Webb's infrared instruments.

Meanwhile, the JWST collaboration released a full report titled titled "Characterization of JWST science performance from commissioning," in which they examined everything Webb has accomplished so far and what they anticipate throughout the mission. This paper recently appeared online and covers everything from the telescope's navigation and pointing to the performance of its many instruments. An interesting tidbit, which was not previously released, is how Webb suffered a series of micrometeoroid impacts, one of which caused "uncorrectable change" in one mirror segment.

[...] "During commissioning, wavefront sensing recorded six localized surface deformations on the primary mirror that are attributed to impact by micrometeoroids. These occurred at a rate (roughly one per month) consistent with pre-launch expectations. Each micrometeoroid caused degradation in the wavefront of the impacted mirror segment, as measured during regular wavefront sensing. Some of the resulting wavefront degradation is correctable through regular wavefront control; some of it comprises high spatial frequency terms that cannot be corrected."

hubie writes:

No, scientists still don't know what dark matter is. But MSU scientists helped uncover new physics while looking for it.

"We started out looking for dark matter and we didn't find it," he said. "Instead, we found other things that have been challenging for theory to explain."

[...] In particular, the team confirmed that when an atom's core, or nucleus, is overstuffed with neutrons, it can still find a way to a more stable configuration by spitting out a proton instead.

[...] When people imagine a nucleus, many may think of a lumpy ball made up of protons and neutrons, Ayyad said. But nuclei can take on strange shapes, including what are known as halo nuclei.

Beryllium-11 is an example of a halo nuclei. It's a form, or isotope, of the element beryllium that has four protons and seven neutrons in its nucleus. It keeps 10 of those 11 nuclear particles in a tight central cluster. But one neutron floats far away from that core, loosely bound to the rest of the nucleus, kind of like the moon ringing around the Earth, Ayyad said.

[...] In 2019, the researchers launched an experiment at Canada's national particle accelerator facility, TRIUMF [...] It looked like the beryllium-11's loosely bound neutron was ejecting an electron like normal beta decay, yet the beryllium wasn't following the known decay path to boron.

The team hypothesized that the high probability of the decay could be explained if a state in boron-11 existed as a doorway to another decay, to beryllium-10 and a proton. For anyone keeping score, that meant the nucleus had once again become beryllium. Only now it had six neutrons instead of seven.

Arthur T Knackerbracket has processed the following story:

We all became familiar with the idea of "bending a curve" thanks to the COVID-19 pandemic. Now it seems another US curve needs bending: that of US traffic fatalities, which have been up strongly and abnormally over the last couple of years. The low-hanging fruit when it comes to changing that might not be in the car as much as around it.

[...] Thanks in large part to in-car safety tech like airbags, antilock brakes, stability control and, more recently, automatic emergency braking, US traffic fatalities have generally been on a long decline since 1970. The 52,000 such deaths recorded 52 years ago shrank to 36,000 in 2019 even as the US population and vehicle miles driven both increased dramatically. But 2020 and 2021 saw the biggest spike in over 50 years to a total of almost 43,000 per year, turning the roadway fatality clock back to 2002. In short, something's not working as well as it did.

"We need regulations related to vehicle design and street design," says Yonah Freemark, senior research associate at the Urban Institute, a nonprofit think tank focused on urban mobility and equity. "Those two play a really important role in how likely people are to get killed in streets, especially pedestrians (and cyclists) that are struck by cars." 

Speed cameras are common in several countries outside the US, often using technology that calculates average speed of a given vehicle based on the time stamps when it passes two or more places on the roadway.

In-vehicle safety technologies that protect occupants have only become more prevalent over the last couple of years, so Freemark looks at pedestrian and cyclist fatalities in collisions with cars as the next key area for improvement. Three-quarters of US auto buyers select a light truck that is typically heavier and larger than the sedan or coupe they may have chosen as their previous purchase, a formula for a more brutal impact with someone outside of the vehicle. In the future, many more electric cars will be sold and their well-known weight problem could exacerbate the seriousness of collisions.

[...] That difference plays out when you compare roadway fatality stats outside the US. "Over the last 20 years or so we've seen quite a divergence between other developed countries, like France," Freemark said of a comparison he's focused on. He noted other countries' taxation schemes that disincentivize the purchase of large, heavy vehicles as well as automatic speeding cameras and the presence of far more traffic circles that still befuddle most US drivers.

Original Submission

WHO Declares Monkeypox A Global Emergency Amid Surge In Cases

Arthur T Knackerbracket has processed the following story:

The World Health Organization (WHO) has declared the monkeypox outbreak in more than 70 countries an “emergency of international concern”.

The WHO label – a “public health emergency of international concern” – is designed to sound an alarm that a coordinated international response is needed and could unlock funding and global efforts to collaborate on sharing vaccines and treatments.

Governments are advised to raise awareness among doctors and hospitals, take protective measures in suspected cases and educate members of the population on how to protect themselves from infection.

WHO Director-General Tedros Adhanom Ghebreyesus made the decision to issue the declaration despite a lack of consensus among experts serving on the UN health agency’s emergency committee. It was the first time the chief of the UN health agency has taken such an action.

Announcing his decision to declare the health emergency during a media briefing in Geneva, Tedros confirmed that the committee had failed to reach a consensus, with nine members against and six in favour of the declaration.

“We have an outbreak that has spread around the world rapidly through new modes of transmission about which we understand too little and which meets the criteria in the international health regulations,” Tedros said on Saturday.

upstart writes:

Hardcoded password in Confluence app has been leaked on Twitter:

What's worse than a widely used Internet-connected enterprise app with a hardcoded password? Try said enterprise app after the hardcoded password has been leaked to the world.

Atlassian on Wednesday revealed three critical product vulnerabilities, including CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that allows users to quickly receive support for common questions involving Atlassian products. The company warned the passcode was "trivial to obtain."

The company said that Questions for Confluence had 8,055 installations at the time of publication. When installed, the app creates a Confluence user account named disabledsystemuser, which is intended to help admins move data between the app and the Confluence Cloud service. The hardcoded password protecting this account allows for viewing and editing of all non-restricted pages within Confluence.

"A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to," the company said. "It is important to remediate this vulnerability on affected systems immediately."

A day later, Atlassian was back to report that "an external party has discovered and publicly disclosed the hardcoded password on Twitter," leading the company to ratchet up its warnings.

"This issue is likely to be exploited in the wild now that the hardcoded password is publicly known," the updated advisory read. "This vulnerability should be remediated on affected systems immediately."