SoylentNews

upstart writes:

Anti-Cheat Software Continues To Be The New DRM In Pissing Off Legit Customers:

Long-time readers here will know that one of the consistent themes over the years when it comes to video game DRM has been the absolute plethora of anecdotal stories you get about how DRM screwed up the playing experience for legitimate customers. Performance issues, inability to play online or single-player campaigns due to DRM failures, intrusive kernel-level access issues; the list goes on and on.

Well, if you've been paying attention over the last couple of years, anti-cheat software is quickly becoming the new DRM. Access to root layers of the computer complaints, complaints about performance effects, complaints about how the software tracks customer behavior, and now finally we have the good old "software isn't letting me play my game" type of complaint. This revolves around Kotaku's Luke Plunkett, whose writing I've always found valuable, attempting to review EA's latest FIFA game.

I have reviewed FIFA in some capacity on this website for well over a decade, but regular readers who are also football fans may have noticed I haven't said a word about it this year. That's because, over a month after the PC version's release, I am still locked out of it thanks to a broken, over-zealous example of anti-cheat protection.

Publisher EA uses Easy Anti-Cheat, which has given me an error preventing me from even launching the game that every published workaround—from running the program as an administrator to disabling overlays (?) to editing my PC's bios (??!!)—hasn't solved. And so for one whole month, a game that I own and have never cheated at in my life, remains unplayable. I've never even made it to the main menu.

upstart writes:

Poliovirus that paralyzed unvaccinated NY man in July is still spreading:

The same strain of poliovirus that paralyzed an unvaccinated young man in New York's Rockland County this summer is still spreading in several areas of the state as of early October, according to a wastewater surveillance study published by the Centers for Disease Control and Prevention on Friday.

The finding suggests that the virus continues to pose a serious threat to anyone in the area that is unvaccinated or under-vaccinated. The three counties with sustained transmission—Rockland, Orange, and Sullivan—have pockets of alarmingly low vaccination rates.

In Rockland, for instance, one county zip code has a polio vaccination rate among children under 2 years old of just 37 percent, according to state data. In Orange, a zip code has a vaccination rate of just 31 percent. County-wide vaccination rates of Rockland and Orange are 60 percent and about 59 percent, respectively.

Sullivan County hasn't provided the state with zip code-level vaccination rate data. But in a press release from August, the county's Public Health Director, Nancy McGraw, suggested some areas of the county have low rates similar to Rockland and Orange.

"Sullivan County has an overall 62.33 percent vaccination rate for polio, but there are some areas of the County with lower vaccination rates, and because polio can spread very easily, it's important that everyone is vaccinated," McGraw said at the time. "Public Health is offering a safe and proven vaccine available to children two months of age or older. We are working with the State to get vaccine to providers for adults. If adults need vaccine, we encourage then [sic] to contact their healthcare provider."

Most adults and children in the US are vaccinated against polio. Since 2000, the country has relied on inactivated polio vaccine (IPV), which is given in three doses before the age of 24 months, with a fourth shot between the ages of 4 and 6. Just the first three doses are 99 percent to 100 percent effective at preventing paralytic disease, though, and vaccination coverage rates report the percentage of 2-year-olds that have followed the recommended vaccination schedule for the first three shots.

Original Submission

upstart writes:

OpenSSL Release Patches Critical Vulnerability:

A critical vulnerability has been discovered in current versions of OpenSSL and will need to be patched immediately. The OpenSSL Project will release version 3.0.7 on Tuesday, November 1st, 2022. This is a critical update that needs to be made immediately.

To unpack that for you a little bit, OpenSSL is a software library that is widely leveraged to enable secure network connections. And by widely leveraged, I mean almost completely ubiquitous, if you're using HTTPS, chances are you're using OpenSSL. Almost everyone is.

[...] "CRITICAL Severity. This affects common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations. These issues will be kept private and will trigger a new release of all supported versions. We will attempt to address these as soon as possible."

As is pretty standard in these security situations, specifics are not available as to what the exact threat is or where the weakness may lie because they're trying to avoid tipping off opportunistic bad actors that could exploit the vulnerability before it's patched.

[...] Unfortunately, just how much time or how involved this update will be isn't something the OpenSSL project has told us yet. Regardless, Tuesday is going to be an important day, as the longer you go before updating the longer your network will potentially be vulnerable.

Original Submission

upstart writes:

Feds open criminal investigation into Tesla Autopilot claims:

Tesla's controversial Autopilot driver assist might have just gotten even more controversial. According to Reuters, the company has been under federal criminal investigation since 2021 for misleading people about Autopilot's capabilities. It's the latest in a string of state and federal investigations, coming at a time when the automaker is removing more sensors from the cars while increasing the price of its "full self-driving" (FSD) feature.

The safety of Tesla's electric vehicles has been repeatedly extolled by Tesla CEO Elon Musk, who claimed his EVs are the safest cars on sale. However, those claims have been challenged by regulators such as the National Highway Traffic Safety Administration as well as by collated crash data.

Now, Reuters reports that "Justice Department prosecutors in Washington and San Francisco are examining whether Tesla misled consumers, investors and regulators by making unsupported claims about its driver assistance technology's capabilities," the sources said.

Although Tesla's website states that Autopilot requires active supervision and is not autonomous, it also features a video that claims, "The person in the driver's seat is only there for legal reasons. He is not doing anything. The car is driving itself," and Musk has repeatedly been interviewed from the driver's seat of a Tesla hands-free.

Whether the Department of Justice's investigation will result in criminal prosecutions is unknown.

Original Submission

Arthur T Knackerbracket has processed the following story:

Scientists from Skoltech developed a self-assembled 3D nanocomposite with outstanding in-plane and out-of-plane heat conductivity, high electrical resistivity, and good hydrophobicity, which have a wide range of potential uses in packaging and electronics for thermal management applications.

The last few decades have witnessed an advance in electronics technology, with the development of devices that are highly integrated, lightweight, and portable. However, as the devices get smaller, so does the space for accommodating the internal working components. This has created an issue of improper heat dissipation in devices, since conventional heat sink materials are bulky and cannot be integrated into them. Currently, several substrate materials can act as heat diffusers as thin films, but most diffuse heat in the in-plane direction isotropically. This could create thermal interference with neighboring components of a device.

Researchers from Skoltech found a solution to this problem through the development of 3D polyvinyl alcohol (PVA) aligned boron nitride (BN) aerogel framework nanocomposites. The composite showed excellent thermal conductivity, stability and wettability behavior, which is extremely pertinent to thermal management in electronics.

[...] Apart from the optimized thermal properties, other major advantages of the nanocomposite are high electrical resistivity and good hydrophobicity, explains Owais. "Good wettability and electrical insulation are significant parameters of the composite when the electronic motherboard with integrated circuits is vulnerable to short-circuiting and malfunctioning. We need thermal interface materials with good hydrophobicity when the ICs are subjected to water, making them water resilient."

More information:Mohammad Owais et al, Scalable Fabrication of Thermally Conductive Layered Nacre-like Self-Assembled 3D BN-Based PVA Aerogel Framework Nanocomposites, Polymers (2022). DOI: 10.3390/polym14163316

Original Submission

upstart writes:

RIP: Kathleen Booth, the inventor of assembly language:

Obituary Professor Kathleen Booth, one of the last of the early British computing pioneers, has died. She was 100.

Kathleen Hylda Valerie Britten was born in Worcestershire, England, on July 9, 1922. During the Second World War, she studied at Royal Holloway, University of London, where she got a BSc in mathematics in 1944. After graduating, she became a junior scientific officer at the Royal Aircraft Establishment, a research organization in Farnborough. Two years later she moved to Birkbeck College, first as a research assistant, and later a lecturer and then research fellow.

She also worked at the British Rubber Producers' Research Association (BRPRA), where she met and worked with mathematician and physicist Andrew Donald Booth, who later became her husband. After studying with X-ray crystallographer Professor J D Bernal – inventor of the Bernal Sphere – A D Booth was working out crystal structures using X-ray diffraction data, and finding the manual calculations very tedious; he built an analog computer to automate part of this.

In 1946, Britten and Booth collaborated at Birkbeck on a very early digital computer, the Automatic Relay Calculator (ARC), and in doing so founded what is now Birkbeck's Department of Computer Science and Information Systems.

The ARC was constructed in Welwyn Garden City, close to the BRPRA's headquarters. A D Booth designed it, but Kathleen Britten and her fellow research assistant Xenia Sweeting built the hardware. Bernal obtained funding from the Rockefeller Foundation for Booth and Britten to visit the Institute of Advanced Study at Princeton, where Booth reported that only Bernal's friend John von Neumann gave them any time. Von Neumann explained his concept of what is now called the von Neumann computer architecture.

[...] Youtube Video

[...] The Booth family moved to Canada in the early 1960s, where Kathleen and Andrew continued working in academia; she retired in the late 1970s.

Kathleen Booth died September 29, 2022, and is survived by a daughter as well as her son. ®

Original Submission

upstart writes:

SpaceX becomes NASA’s second-largest vendor, surpassing Boeing:

NASA obligated $2.04 billion to SpaceX in fiscal year 2022, which ended last month, according to new federal procurement data.

For the first time, the amount paid by the space agency to SpaceX exceeds that paid to Boeing, which has long been the leading hardware provider to NASA. Boeing received $1.72 billion during the most recent fiscal year, based on data first reported by Aviation Week's Irene Klotz.

The California Institute of Technology, which manages the Jet Propulsion Laboratory field center for NASA, remains the agency's No. 1 contractor, with $2.68 billion in funding. The academic institution is responsible for operating the California-based NASA field center and distributing funding for myriad robotic spacecraft missions such as Mars Perseverance and the Europa Clipper.

On the one hand, the ascension of SpaceX to the No. 2 spot on NASA's contractor list represents a major shakeup in the order of things. For a long time, NASA's human spaceflight and exploration programs were dominated by Boeing, Lockheed Martin, Aerojet, Northrop Grumman, and a handful of other traditional defense aerospace contractors.

upstart writes:

Leaked data from TheTruthSpy stalkerware network reveals its Android apps tracked the calls, locations, and other information of hundreds of thousands of people:

A massive cache of leaked data reveals the inner workings of a stalkerware operation that is spying on hundreds of thousands of people around the world, including Americans.

The leaked data includes call logs, text messages, granular location data and other personal device data of unsuspecting victims whose Android phones and tablets were compromised by a fleet of near-identical stalkerware apps, including TheTruthSpy, Copy9, MxSpy and others.

These Android apps are planted by someone with physical access to a person's device and are designed to stay hidden on their home screens but will continuously and silently upload the phone's contents without the owner's knowledge.

Given that victims had no idea that their device data was stolen, TechCrunch extracted every unique device identifier from the leaked database and built a lookup tool to allow anyone to check if their device was compromised by any of the stalkerware apps up to April 2022, which is when the data was dumped.

TechCrunch has since analyzed the rest of the database. Using mapping software for geospatial analysis, we plotted hundreds of thousands of location data points from the database to understand its scale. Our analysis shows TheTruthSpy's network is enormous, with victims on every continent and in almost every country. But stalkerware like TheTruthSpy operates in a legal gray area that makes it difficult for authorities around the world to combat, despite the growing threat it poses to victims.

Freeman writes:

After 19 years of work, Juan Gilbert says he has invented the most secure voting machine

In late 2020, a large box arrived at Juan Gilbert's office at the University of Florida. The computer science professor had been looking for this kind of product for months. Previous orders had yielded poor results. This time, though, he was optimistic.

Gilbert drove the package home. Inside was a transparent box, built by a French company and equipped with a 27-inch touchscreen. Almost immediately, Gilbert began modifying it. He put a printer inside and connected the device to Prime III, the voting system he has been building since the first term of the George W. Bush administration.

After 19 years of building, tinkering, and testing, he told Undark this spring, he had finally invented "the most secure voting technology ever created."

[...] By this point, Gilbert had published a video of his ballot-marking device, or BMD, in action, but he was unsure how the hacking community would respond. "There's a part of that community that's very confident in what they do," he said. "And if they hear how it works, they may run away from it."

[...] The latest version of the machine, which Gilbert and his students finalized this year, has all the parts of a normal voting machine: a touch screen for voters to make their selections and a printer to create a paper ballot that is then fed into a scanner.

The machine also has some more distinctive security features. The touchscreen is transparent, allowing voters to watch the machine print their ballot, in real-time, and notice any issues. The whole machine is also encased in fully transparent glass, making it difficult to insert, say, a malicious USB drive undetected. And the machine's operating system, software, printer connection, and ballot information are stored on a read-only Blu-ray Disc. Unlike a typical hard drive, which voting technology skeptics say could be manipulated to change a person's votes, the disc cannot be overwritten, modified, or changed in any way. "I have taken away that ability," said Gilbert. "You cannot change it."

Arthur T Knackerbracket has processed the following story:

Stradivarius violins are highly prized collector’s items. According to some musicians, they produce elegant music with a level of clarity that is unparalleled by modern instruments. And it’s the finishing touches — mysterious treatments applied hundreds of years ago by Antonio Stradivari — that contribute to their unique look and sound. In a step toward unraveling the secret, researchers report on nanometer-scale imaging of two of Stradivari’s violins, revealing a protein-based layer between the wood and varnish. The study was published on October 17 in ACS’ Analytical Chemistry.

[...] It was reported in previous studies that some stringed instruments built by Stradivari have a hidden coating underneath the shiny varnish. By filling in and smoothing out the wood, this coating would influence the wood’s resonance and the sound that’s produced. Knowing the components of this film could be key to replicating the historic instruments in modern times. So, Lisa Vaccari, Marco Malagodi, and colleagues wanted to find a technique that would determine the composition of the layer between the wood and varnish of two precious violins — the San Lorenzo 1718 and the Toscano 1690.

Using synchrotron radiation Fourier-transform infrared spectromicroscopy, a technique previously used on historic violins, the research team discovered that both samples had an intermediary layer. However, this method couldn’t differentiate the layer’s composition from the adjacent wood.

Next, they turned to infrared scattering-type scanning near field microscopy (IR s-SNOM) to analyze the samples. The IR s-SNOM apparatus includes a microscope that collects images tens of nanometers wide and measures the infrared light scattered from the coating layer and the wood to collect information about their chemical composition. The results of the new method revealed that the layer between the wood and varnish of both instruments contained protein-based compounds, congregating in nano-sized patches.

Reference: “A Nanofocused Light on Stradivari Violins: Infrared s-SNOM Reveals New Clues Behind Craftsmanship Mastery” by Chiaramaria Stani, Claudia Invernizzi, Giovanni Birarda, Patrizia Davit, Lisa Vaccari, Marco Malagodi, Monica Gulmini and Giacomo Fiocco, 17 October 2022, Analytical Chemistry.
DOI: 10.1021/acs.analchem.2c02965

Original Submission

Arthur T Knackerbracket has processed the following story:

A common chemical found in urine can be used to kick-start large-scale production of proteins such as hormones and antibodies used by biotech companies.

Researchers at the University of Birmingham and Aston University, in the U.K., have developed a system that uses urea to trigger the production of these proteins in the large quantities needed by the biotech industry.

Typically, in this process, small pieces of DNA are introduced into bacteria such as E.coli to persuade them to overproduce certain proteins. It is a well-understood technology that was first developed in the 1970s. Overproduction, however, is typically triggered by "inducer" molecules, which can be costly, and often need careful handling, such as refrigeration.

By using urea instead, the researchers have developed a method that is cheaper, more straightforward, and uses easily accessible materials.

[...] The study builds on earlier work in which the team successfully demonstrated that nitrate, a cheap, stable and abundant inorganic ion, could also be used as a trigger. Nitrate is commonly found in many commercial fertilizers and even in some garden fertilizers, meaning that it is always readily available, even in areas where other types of promoter chemicals might be inaccessible.

Co-author Dr. Joanne Hothersall, also in the School of Biosciences, added, "Both urea and nitrate will be much more readily available, and easy to use, in locations where infrastructure limits access, for example where maintaining a cold supply chain is challenging. We hope these new approaches will open up new avenues of research for biotech industries."

A versatile substance indeed:
    Should We be Trying to Create a Circular Urine Economy?
    In Space, Pee Is for Power
    World's First Biobricks Grown from Human Urine
    Testing the Use of Human Urine as a Natural Fertilizer for Crops
    Geopolymer Concrete: Building Moon Bases with Astronaut Urine and Regolith

Journal Reference:
Joanne Hothersall, Alexander Osgerby, Rita E. Godfrey, et al. New vectors for urea-inducible recombinant protein production, New Biotechnology (2022). DOI: 10.1016/j.nbt.2022.10.003

Original Submission

upstart writes:

Meet the Windows servers that have been fueling massive DDoSes for months:

A small retail business in North Africa, a North American telecommunications provider, and two separate religious organizations: What do they have in common? They're all running poorly configured Microsoft servers that for months or years have been spraying the Internet with gigabytes-per-second of junk data in distributed-denial-of-service attacks designed to disrupt or completely take down websites and services.

In all, recently published research from Black Lotus Labs, the research arm of networking and application technology company Lumen, identified more than 12,000 servers—all running Microsoft domain controllers hosting the company's Active Directory services—that were regularly used to magnify the size of distributed-denial-of-service attacks, or DDoSes.

For decades, DDoSers have battled with defenders in a constant, never-ending arms race. Early on, DDoSers simply corralled ever-larger numbers of Internet-connected devices into botnets and then used them to simultaneously send a target more data than they can handle. Targets—be they game companies, journalists, or even crucial pillars of Internet infrastructure—often buckled at the strain and either completely fell over or slowed to a trickle.

Companies like Lumen, Netscout, Cloudflare, and Akamai then countered with defenses that filtered out the junk traffic, allowing their customers to withstand the torrents. DDoSers responded by rolling out new types of attacks that temporarily stymied those defenses. The race continues to play out.

One of the chief methods DDoSers use to gain the upper hand is known as reflection. Rather than sending the torrent of junk traffic to the target directly, DDoSers send network requests to one or more third parties. By choosing third parties with known misconfigurations in their networks and spoofing the requests to give the appearance they were sent by the target, the third parties end up reflecting the data at the target, often in sizes that are tens, hundreds, or even thousands of times bigger than the original payload.

What should the response be to those who run misconfigured servers? Should we try to help them secure their servers (at their cost, of course) or should the servers be shut down?

Original Submission

Arthur T Knackerbracket has processed the following story:

Christmas came a little early for NASA's InSight mission last December when the lander detected a massive quake on Mars.

Now, scientists know what caused the red planet to rumble. A meteoroid slammed into Mars 2,174 miles (3,500 kilometers) away from the lander and created a fresh impact crater on the Martian surface.

The ground literally moved beneath InSight on December 24, 2021, when the lander recorded a magnitude 4 marsquake. Before and after photos captured from above by the Mars Reconnaissance Orbiter, which has been circling Mars since 2006, spotted a new crater this past February.

When scientists connected the dots from both missions, they realized it was one of the largest meteoroid strikes on Mars since NASA began studying the red planet. Images from the orbiter's two cameras showed the blast zone of the crater, which allowed scientists to compare it with the epicenter of the quake detected by InSight.

The journal Science published two new studies describing theimpact and its effects on Thursday.

upstart writes:

Bot reveals rejected vanity license plates and the real DMV notes on why they were flagged:

Many, many years ago I wanted a vanity license plate for my vintage International Travelall. As I remember it, the first one I tried for, WAGESLV, got rejected right away. But the second one, BORACHA (a take on the Spanish slang for drunkard: borracho), went through. I forget what story I told the DMV about what it meant but I thought it was hilarious that it didn't get flagged. I waited and waited for the personalized plate and eventually got a notice that it had been rejected after all. I ended up with 4BIGRIG, a nod to my zine at the time, Bigrig Industries Manifesto.

So I was definitely tickled to learn about the California DMV Bot on Twitter. It randomly spits out real (and mostly) rejected personalized plates, the reasons people gave for wanting them, and the actual comments the DMV gave for accepting or denying them. It's my new favorite thing.

KQED:

The bot is the work of a Silicon Valley 15-year-old, going by "RJ," who recently discovered a trove of flagged DMV applications from 2015-2016 — the result of a public records request by journalist Samuel Braslow for a fascinating piece in Los Angeles Magazine. Without anything to do one weekend, and with "an insatiable curiosity of the inner workings of quite literally everything," RJ built the bot in one day.

One month later, it now posts juvenile license plate attempts like "TRD FURY" and "ASSMNKY" to over 25,000 followers, 24 hours a day.

Original Submission

hubie writes:

New study undermines the theory that depressed people are just more realistic:

Are depressed people simply more realistic in judging how much they control their lives, while others view the world through rose-colored lenses, living under the illusion that they have more control than they do?

That's the general idea behind "depressive realism," a theory that has held sway in science and popular culture for more than four decades.

The problem is, it's just not true, new research finds.

[...] The concept of depressive realism stems from a 1979 study of college students examining whether they could predict how much control they had over whether a light turned green when they pushed a button. The original research concluded that the depressed students were better at identifying when they had no control over the lights, while those who weren't depressed tended to overestimate their level of control.

Moore and his colleagues set out to try to replicate those findings as part of a broader effort to restore trust in scientific research, much of which is woven into the fabric of the scientific community and wider culture. Researchers are revisiting bedrock studies to shore up the most basic of scientific principles: Can the research—and its conclusions—be replicated?

[...] The results, Moore says, undermined his belief in depressive realism.

[...] While depression may not improve judgment, the issue of how to accurately gauge our level of control in various situations has broader implications throughout life, Moore says.

"We live with a great deal of uncertainty about how much control we have—over our careers, our health, our body weight, our friendships, or our happiness," says Moore. "What actions can we take that really matter? If we want to make good choices in life, it's very helpful to know what we control and what we don't."

Journal Reference:
Amelia S. Dev, Don A. Moore, Sheri L. Johnson, et al. Sadder ≠ Wiser: Depressive Realism Is Not Robust to Replication [open], Collabra: Psychology, 2022. DOI: 10.1525/collabra.38529

Original Submission