SoylentNews

upstart writes:

Meet the Windows servers that have been fueling massive DDoSes for months:

A small retail business in North Africa, a North American telecommunications provider, and two separate religious organizations: What do they have in common? They're all running poorly configured Microsoft servers that for months or years have been spraying the Internet with gigabytes-per-second of junk data in distributed-denial-of-service attacks designed to disrupt or completely take down websites and services.

In all, recently published research from Black Lotus Labs, the research arm of networking and application technology company Lumen, identified more than 12,000 servers—all running Microsoft domain controllers hosting the company's Active Directory services—that were regularly used to magnify the size of distributed-denial-of-service attacks, or DDoSes.

For decades, DDoSers have battled with defenders in a constant, never-ending arms race. Early on, DDoSers simply corralled ever-larger numbers of Internet-connected devices into botnets and then used them to simultaneously send a target more data than they can handle. Targets—be they game companies, journalists, or even crucial pillars of Internet infrastructure—often buckled at the strain and either completely fell over or slowed to a trickle.

Companies like Lumen, Netscout, Cloudflare, and Akamai then countered with defenses that filtered out the junk traffic, allowing their customers to withstand the torrents. DDoSers responded by rolling out new types of attacks that temporarily stymied those defenses. The race continues to play out.

One of the chief methods DDoSers use to gain the upper hand is known as reflection. Rather than sending the torrent of junk traffic to the target directly, DDoSers send network requests to one or more third parties. By choosing third parties with known misconfigurations in their networks and spoofing the requests to give the appearance they were sent by the target, the third parties end up reflecting the data at the target, often in sizes that are tens, hundreds, or even thousands of times bigger than the original payload.

What should the response be to those who run misconfigured servers? Should we try to help them secure their servers (at their cost, of course) or should the servers be shut down?

Original Submission

Arthur T Knackerbracket has processed the following story:

Christmas came a little early for NASA's InSight mission last December when the lander detected a massive quake on Mars.

Now, scientists know what caused the red planet to rumble. A meteoroid slammed into Mars 2,174 miles (3,500 kilometers) away from the lander and created a fresh impact crater on the Martian surface.

The ground literally moved beneath InSight on December 24, 2021, when the lander recorded a magnitude 4 marsquake. Before and after photos captured from above by the Mars Reconnaissance Orbiter, which has been circling Mars since 2006, spotted a new crater this past February.

When scientists connected the dots from both missions, they realized it was one of the largest meteoroid strikes on Mars since NASA began studying the red planet. Images from the orbiter's two cameras showed the blast zone of the crater, which allowed scientists to compare it with the epicenter of the quake detected by InSight.

The journal Science published two new studies describing theimpact and its effects on Thursday.

upstart writes:

Bot reveals rejected vanity license plates and the real DMV notes on why they were flagged:

Many, many years ago I wanted a vanity license plate for my vintage International Travelall. As I remember it, the first one I tried for, WAGESLV, got rejected right away. But the second one, BORACHA (a take on the Spanish slang for drunkard: borracho), went through. I forget what story I told the DMV about what it meant but I thought it was hilarious that it didn't get flagged. I waited and waited for the personalized plate and eventually got a notice that it had been rejected after all. I ended up with 4BIGRIG, a nod to my zine at the time, Bigrig Industries Manifesto.

So I was definitely tickled to learn about the California DMV Bot on Twitter. It randomly spits out real (and mostly) rejected personalized plates, the reasons people gave for wanting them, and the actual comments the DMV gave for accepting or denying them. It's my new favorite thing.

KQED:

The bot is the work of a Silicon Valley 15-year-old, going by "RJ," who recently discovered a trove of flagged DMV applications from 2015-2016 — the result of a public records request by journalist Samuel Braslow for a fascinating piece in Los Angeles Magazine. Without anything to do one weekend, and with "an insatiable curiosity of the inner workings of quite literally everything," RJ built the bot in one day.

One month later, it now posts juvenile license plate attempts like "TRD FURY" and "ASSMNKY" to over 25,000 followers, 24 hours a day.

Original Submission

hubie writes:

New study undermines the theory that depressed people are just more realistic:

Are depressed people simply more realistic in judging how much they control their lives, while others view the world through rose-colored lenses, living under the illusion that they have more control than they do?

That's the general idea behind "depressive realism," a theory that has held sway in science and popular culture for more than four decades.

The problem is, it's just not true, new research finds.

[...] The concept of depressive realism stems from a 1979 study of college students examining whether they could predict how much control they had over whether a light turned green when they pushed a button. The original research concluded that the depressed students were better at identifying when they had no control over the lights, while those who weren't depressed tended to overestimate their level of control.

Moore and his colleagues set out to try to replicate those findings as part of a broader effort to restore trust in scientific research, much of which is woven into the fabric of the scientific community and wider culture. Researchers are revisiting bedrock studies to shore up the most basic of scientific principles: Can the research—and its conclusions—be replicated?

[...] The results, Moore says, undermined his belief in depressive realism.

[...] While depression may not improve judgment, the issue of how to accurately gauge our level of control in various situations has broader implications throughout life, Moore says.

"We live with a great deal of uncertainty about how much control we have—over our careers, our health, our body weight, our friendships, or our happiness," says Moore. "What actions can we take that really matter? If we want to make good choices in life, it's very helpful to know what we control and what we don't."

Journal Reference:
Amelia S. Dev, Don A. Moore, Sheri L. Johnson, et al. Sadder ≠ Wiser: Depressive Realism Is Not Robust to Replication [open], Collabra: Psychology, 2022. DOI: 10.1525/collabra.38529

Original Submission

hubie writes:

VPNs do not provide the security properties people expect:

"VPNs were originally designed to get into a secure network, but companies have repurposed them so you can escape a restrictive internet service provider you don't trust and access a free and safe one instead," Crandall says. "So, the way people use VPNs today is kind of backwards."

Crandall notes this access is helpful when users are worried about their browsing data being monitored though their internet service provider, or ISP, or when users are in a country that censors their internet activity.

[...] "We're really just asking the fundamental questions like, 'When you repurpose VPNs in this way, do they actually have the security properties that people expect?'" he says, reiterating his work's focus on at-risk users who face severe consequences from censorship and surveillance policies. "The first part of the research that we did was looking at the VPN tunnel itself, which is an encrypted tunnel between the VPN server and the client, to see what kind of damage attackers can do from there."

[...] The team concluded that traffic can still be attacked from the tunnel in the same ways as if VPN were not being used, with attackers able to redirect connections and serve malware, which is what users believe VPN protects them from.

[...] "For people around the world, there can be a lot at stake when VPN providers market with false claims about their services. Our research exposed how VPN-based services, including the ones marketing their VPN service as 'invisible' and 'unblockable,' can be effectively blocked with little collateral damage," says Ensafi, an assistant professor of electrical engineering and computer science. [...]

"As VPNs continue experiencing increased usage, repressive countries have developed some of the most sophisticated censorship and surveillance technology in response," Mixon-Baca says. "This work is crucial to make progress toward understanding how these systems operate and developing defenses for attacks on the users who depend on VPNs."

USENIX presentation slides as well as a ten-minute video of the talk

Original Submission

upstart writes:

Facebook parent Meta fined $24.6M for violating Washington state's political ad disclosure law:

Meta, the parent company of Facebook, was fined the maximum penalty of $24.6 million on Wednesday for violating Washington state's campaign finance transparency law.

King County Superior Court Judge Douglass North found that Meta intentionally violated Washington law 822 times. Each fine carried a penalty of $30,000. Attorney General Bob Ferguson's office called the judgement "the largest campaign finance penalty anywhere in the country — ever."

"I have one word for Facebook's conduct in this case — arrogance," Ferguson said in a news release. "It intentionally disregarded Washington's election transparency laws. But that wasn't enough. Facebook argued in court that those laws should be declared unconstitutional. That's breathtaking.

"Where's the corporate responsibility?" Ferguson continued. "I urge Facebook to come to its senses, accept responsibility, apologize for its conduct, and comply with the law. If Facebook refuses to do this, we will beat them again in court."

[...] According to the attorney general, the law requires campaign advertisers, including entities such as Meta that host political ads, to make information about Washington political ads that run on their platforms available for public inspection in a timely manner. The state asserted that Meta violated the law repeatedly since December 2018 and committed hundreds of violations.

In court filings, Meta called Washington state "an outlier," arguing that the disclosure law violates the First Amendment by unfairly targeting political speech, and imposing onerous timelines for disclosing what Meta considers unreasonable degrees of detail to people who request information about political ads.

A judge rejected that argument in September and granted Washington's motion for summary judgment, resolving the case without trial.

Original Submission

hubie writes:

Mathematical Formula Tackles Complex Moral Decision-Making in AI:

An interdisciplinary team of researchers has developed a blueprint for creating algorithms that more effectively incorporate ethical guidelines into artificial intelligence (AI) decision-making programs. The project was focused specifically on technologies in which humans interact with AI programs, such as virtual assistants or "carebots" used in healthcare settings.

[...] "For example, let's say that a carebot is in a setting where two people require medical assistance. One patient is unconscious but requires urgent care, while the second patient is in less urgent need but demands that the carebot treat him first. How does the carebot decide which patient is assisted first? Should the carebot even treat a patient who is unconscious and therefore unable to consent to receiving the treatment?

"Previous efforts to incorporate ethical decision-making into AI programs have been limited in scope and focused on utilitarian reasoning, which neglects the complexity of human moral decision-making," Dubljević says. "Our work addresses this and, while I used carebots as an example, is applicable to a wide range of human-AI teaming technologies."

[...] To address the complexity of moral decision-making, the researchers developed a mathematical formula and a related series of decision trees that can be incorporated into AI programs. These tools draw on something called the Agent, Deed, and Consequence (ADC) Model, which was developed by Dubljević and colleagues to reflect how people make complex ethical decisions in the real world.

[...] "With the rise of AI and robotics technologies, society needs such collaborative efforts between ethicists and engineers. Our future depends on it."

Journal Reference:
Michael Pflanzer, Zachary Traylor, Joseph B. Lyons, et al. Ethics in human–AI teaming: principles and perspectives [open]. AI Ethics (2022). https://doi.org/10.1007/s43681-022-00214-z

Original Submission

upstart writes:

Most lithium deposits in the US are on or near tribal land:

From The Guardian (CC-BY-SA 2.0) :

[...] Three-quarters of all known deposits of lithium in America are found near tribal land, igniting fears that a decline in destructive fossil-fuel mining could simply be replaced by a new form of harmful extraction.

Plans for a major, controversial new lithium mine in northern Nevada – a 1,000-acre site called Thacker Pass – will "will turn what is left of my ancestral homelands into a sacrifice zone for electric car batteries", Shelley Harjo, a member of the Fort McDermitt Paiute and Shoshone Tribe, has warned, all still without meeting the burgeoning thirst for lithium.

Lithium demand is of course on the rise thanks to the mineral's role in battery stage and the ongoing global energy crisis. According to The Guardian, there's enough lithium at Silver Peak for 80,000 electric cars — that's not an insignificant contribution to decarbonization efforts! But there is some concern about the lithium battery production process, which involves massive water use and some higher emissions upfront. Even if it is ultimately a more environmentally-friendly option (assuming we can figure out better means of recycling or disposal), the threat of that resource extraction, particularly when the impact hits indigenous communities the hardest, is ... well, not great, to say the least, as evidenced by the entirety of US history.

Original Submission

upstart writes:

Another GeForce RTX 4090 16-pin Adapter Bites The Dust (Updated):

Update 10/26/2022 6:15 pm PT

Gigabyte has sent Redditor reggie gakil a replacement for his GeForce RTX 4090 Gaming OC. Next, the damaged graphics card and melted power adapter will make their way to Nvidia for inspection.

Meanwhile, a fifth GeForce RTX 4090 owner has come forward on Reddit to report a similar meltdown on his power adapter. He accidentally discovered it when disconnecting his Asus TUF Gaming GeForce RTX 4090 OC Edition to install his newly acquired Core i9-13900K Raptor Lake processor.

The Redditor's photograph showed that some pins had experienced excessive heat. The corner terminals look slightly backed out, whereas one of the ports has already started to melt. The user shared another photograph of his system, and the power adapter appears to be seated properly, and the cable isn't overly bent, which discards a bad installation.

Original Article:

[...] Previously, two GeForce RTX 4090 owners have reported experiencing 16-pin power adapter meltdowns. Both owned custom models, with the first owner rocking a Gigabyte GeForce RTX 4090 Gaming OC and the second user with an Asus TUF Gaming GeForce RTX 4090 OC Edition. The third report comes from a Facebook user Charlie Woods (then tweeted via WCCF's Hassan Mujtaba), who coincidentally has an Asus TUF Gaming GeForce RTX 4090. According to the owner's recount of the facts, he was benchmarking when he smelled the smoke from the power adapter. Fortunately, he could pull the connector out before it did any damage to the graphics card.

upstart writes:

Ancient 15,000-Year-Old Viruses Found in Melting Tibetan Glaciers:

Ancient creatures are emerging from the cold storage of melting permafrost, almost like something out of a horror movie.

From incredibly preserved extinct megafauna like the woolly rhino, to the 40,000-year-old remains of a giant wolf, and bacteria over 750,000 years old.

Not all of these things are dead.

Centuries-old moss was able to spring back to life in the warmth of the laboratory. So too, incredibly, were tiny 42,000-year-old roundworms.

These fascinating glimpses of organisms from Earth's long distant past are revealing the history of ancient ecosystems, including details of the environments in which they existed.

But the melt has also created some concerns about ancient viruses coming back to haunt us.

Arthur T Knackerbracket has processed the following story:

Taiwan is in a "precarious" position in the technology industry, Intel Chief Executive Pat Gelsigner said Monday as part of his company's continuing push for more geographic diversity in electronics manufacturing.

[...] Taiwan is home to Taiwan Semiconductor Manufacturing Co. (TSMC), the global leader in the semiconductor industry. It makes processors for tech giants including Apple, Nvidia, Qualcomm, AMD, Tesla and even Intel itself. But Taiwan is headquarters to plenty of other big players, including PC makers Acer and Asus, TSMC chipmaking rival United Microelectronics, and Hon Hai Precision Industry Co., better known as Foxconn, which assembles iPhones at Chinese facilities.

Intel, of course, stands to benefit from any shift in chip manufacturing away from Taiwan. It's pledged to build chips for other companies, not just itself. To meet expected demand, Intel is building new chip fabrication plants, called fabs, in Ohio, Arizona and Germany. That chip "foundry" effort is new to Intel, but it's the core business for TSMC and Intel's other top rival, Samsung in South Korea.

[...] Taiwan's independence from China has come under greater scrutiny with Russia's invasion of neighboring Ukraine, which helped undermine the assumption that economic fallout would deter countries from going to war. [...]

upstart writes:

SpaceX "will add a donate option to Starlink" for places in need:

The Pentagon has reportedly held talks with SpaceX about funding Starlink in Ukraine, though SpaceX CEO Elon Musk wrote in a tweet yesterday that "SpaceX has already withdrawn its request for funding." Musk also said he'll seek Starlink donations for places in need.

[...] Musk wrote in another tweet that "25,300 terminals were sent to Ukraine, but, at present, only 10,630 are paying for service." He also wrote that SpaceX "will add a donate option to Starlink" for those who "want to donate Starlinks to places in need."

That could include Ukraine and other countries. Musk's tweet about adding a donation option came in response to Ham Serunjogi, co-founder and CEO of a company that runs a service for sending and receiving money in Africa. "I'd be glad to commit $$ to donate Starlink to schools & hospitals in Uganda," Serunjogi wrote.

[...] Musk seemed to backtrack on Saturday, albeit grudgingly. "The hell with it... even though Starlink is still losing money & other companies are getting billions of taxpayer $, we'll just keep funding Ukraine govt for free," he wrote.

[...] The Pentagon said last week that it's considering other satellite options, too. "There are certainly other Satcom capabilities that exist out there," Pentagon Deputy Press Secretary Sabrina Singh said, according to the Financial Times. "There's not just SpaceX; there are other entities that we can certainly partner with when it comes to providing Ukraine with what they need on the battlefield."

Original Submission

An Anonymous Coward writes:

Australian companies involved in serious or repeated breaches could face penalties of a minimum $50m under new proposed legislation intended to curb the current plethora of serious data breaches. Attorney-General Mark Dreyfus has been quoted as stating that recent major data breaches at companies, including Optus and Medibank, had shown current measures to be insufficient, while commenting "When Australians are asked to hand over their personal data they have a right to expect it will be protected.". It is expected that these penalties defined in the Privacy Act 1988 will be introduced to parliament within the next month. The proposed changes will not be retrospective. The bill will also provide government entity, the Australian Information Commissioner, with greater information gathering and sharing powers to help resolve privacy breaches.

I trust every company who asks for my name, DOB, current address, previous address, place of birth, medicare number, passport number, credit card numbers, bank account numbers, phone numbers, social media account names, email addresses, significant other's name (Neko Neko Floppy Ears btw), driver's licence, and of course a high resolution scan of the above for permanent safe keeping. Don't you?

Original Submission

takyon writes:

Apple to put USB-C connectors in iPhones to comply with EU rules

Apple will ditch the Lightning connector on its iPhones, the company has confirmed, after European regulators decided all smartphones should have USB charging as standard in two years' time.

New EU rules require all phones sold after autumn 2024 to use the USB-C connector for their charging ports. The oval-shaped plugs are already standard on other consumer electronics such as e-readers, games consoles, laptops and the vast majority of new Android phones.

[...] Now, Apple's head of marketing, Greg "Joz" Joswiak, says the company is conceding defeat. "Obviously we'll have to comply, we have no choice," he told a technology conference in California.

But, he argued, it "would have been better environmentally and better for our customers to not have a government be that prescriptive".

Related:
    UK Will Not Copy EU Demand for Common Charging Cable
    USB-C to be Mandatory for Phones Sold in the EU by Autumn 2024
    Apple May Finally Fix its Flimsy iPhone Charger Cables

Original Submission

upstart writes:

The ships full of gas waiting off Europe's coast:

The huge tankers are waiting. Off the coasts of Spain, Portugal, the UK and other European nations lie dozens of giant ships packed full of liquefied natural gas (LNG). Cooled to roughly -160C for transportation, the fossil fuel is in very high demand. Yet the ships remain at sea with their prized cargo.

After invading Ukraine in February, Russia curtailed gas supplies to Europe, sparking an energy crisis that sent the price of gas soaring. That led to fears of energy shortages and eye-watering bills for consumers.

[...] So why are ships loaded with LNG just hanging around Europe, exactly? The answer, as you might have guessed, is a little complicated.

Someone else who has watched the accumulation of vessels is Fraser Carson, a research analyst at Wood Mackenzie. This month, he counted 268 LNG ships on the water worldwide - noticeably above the one-year average of 241. Of those currently at sea, 51 are in the vicinity of Europe.

He explains that European nations plunged into a gas-buying spree over the summer that aimed to fill onshore storage tanks with gas. This was to ensure that heaps of fuel would be available to cover energy needs this winter.

The original target was to fill storage facilities to 80% of their total capacity by 1 November. That target has been met, and exceeded, far ahead of schedule. The latest data suggests storage is now at nearly 95% in total.