2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
2022-10-05 14:04:11 UTC --fnord666
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Nation-state hackers based in China recently infected a certificate authority and several government and defense agencies with a potent malware cocktail for burrowing inside a network and stealing sensitive information, researchers said on Tuesday.
The successful compromise of the unnamed certificate authority is potentially serious, because these entities are trusted by browsers and operating systems to certify the identities responsible for a particular server or app. In the event the hackers obtained control of the organization's infrastructure, they could use it to digitally sign their malware to make it more easily slip past endpoint protections. They might also be able to cryptographically impersonate trusted websites or intercept encrypted data.
While the researchers who discovered the breach found no evidence the certificate infrastructure had been compromised, they said that this campaign was only the latest by a group they call Billbug, which has a documented history of noteworthy hacks dating back to at least 2009.
"The ability of this actor to compromise multiple victims at once indicates that this threat group remains a skilled and well-resourced operator that is capable of carrying out sustained and wide-ranging campaigns," Symantec researchers wrote. "Billbug also appears to be undeterred by the possibility of having this activity attributed to it, with it reusing tools that have been linked to the group in the past."
[...] Tuesday's post includes a host of technical details people can use to determine if they've been targeted by Billbug. Symantec is the security arm of Broadcom Software.
Remember that you can always edit/manage the list of trusted Certificate Authorities on your own machines.
After decades of population declines, the future is looking brighter for several tuna and billfish species, such as southern bluefin tuna, black marlins and swordfish, thanks to years of successful fisheries management and conservation actions. But some sharks that live in these fishes' open water habitats are still in trouble, new research suggests.
These sharks, including oceanic whitetips and porbeagles, are often caught by accident within tuna and billfish fisheries. And a lack of dedicated management of these species has meant their chances of extinction continue to rise, researchers report in the Nov. 11 Science.
[...] The team found that the extinction risk for tunas and billfishes increased throughout the last half of the 20th century, with the trend reversing for tunas starting in the 1990s and billfishes in the 2010s. These shifts are tied to known reductions in fishing deaths for these species that occurred at the same time.
[...] But shark species are floundering in these very same waters where tuna and billfish are fished, where the sharks are often caught as bycatch.
[...] "While we are increasingly sustainably managing the commercially important, valuable target species of tunas and billfishes," says Juan-Jordá, "shark populations continue to decline, therefore, the risk of extinction has continued to increase."
Some solutions going forward, says Juan-Jordá, include catch limits for some species and establishing sustainability goals within tuna and billfish fisheries beyond just the targeted species, addressing the issue of sharks that are incidentally caught. And it's important to see if measures taken to reduce shark bycatch deaths are actually effective, she says.
"There is a clear need for significant improvement in shark-focused management, and organizations responsible for their management need to act quickly before it is too late," Simpfendorfer says.
Cryptocurrency has always offered a strange mix of temptations and challenges for anyone trying to steal it. As digital cash, held in multibillion-dollar sums on hackable, internet-connected networks, it presents a lucrative target. But once it's stolen, the blockchains that almost every cryptocurrency is built on make it possible to follow that money's every movement and, very often, to identify the thieves. So after a massive heist pulled nearly half a billion dollars worth of funds out of the already collapsing FTX cryptocurrency exchange yesterday, the world's crypto tracers are now closely tracking where that loot ends up—and looking for any clues that reveal the thief to be an FTX insider or just an opportunistic hacker.
On Friday, hours after the major cryptocurrency exchange FTX had filed for bankruptcy in the wake of its epic, 10-figure collapse, FTX's remaining funds were drained of more than $663 million worth of cryptocurrency, much of which appears to have been stolen. "FTX has been hacked," wrote an administrator in FTX's Telegram channel. "FTX apps are malware. Delete them." [...]
[...] "We're definitely watching the movements of these funds," says Chris Janczewski, the head of investigations at TRM Labs and a former special agent at the IRS's criminal investigations division. "This potential thief has hundreds of millions of dollars. But it's like they went into a bank, took as much cash as they could carry, and then the dye packs went off. They've got all this money, but now everyone knows it's connected to this bank robbery. What can you actually do with it?"
[...] But in the case of the high-profile FTX theft and the exchange's overall collapse, tracing the errant funds might help put to rest—or confirm—swirling suspicions that someone within FTX was responsible for the theft. The company's Bahamas-based CEO, Sam Bankman-Fried, who resigned Friday, lost virtually his entire $16 billion fortune in the collapse. According to an unconfirmed report from CoinTelegraph, he and two other FTX executives are "under supervision" in the Bahamas, preventing them from leaving the country. Reuters also reported late last week that Bankman-Fried possessed a "back door" that was built into FTX's compliance system, allowing him to withdraw funds without alerting others at the company.
[...] As the questions mount over whether—or to what degree—FTX's own management might be responsible for the theft, the case has begun to resemble, more than any recent crypto heist, a very old one: the theft of a half billion dollars worth of bitcoins, discovered in 2014, from Mt. Gox, the first cryptocurrency exchange. In that case, blockchain analysis carried out by cryptocurrency tracing firm Chainalysis, along with law enforcement, helped to pin the theft on external hackers rather than Mt. Gox's own staff. Eventually, Alexander Vinnik, a Russian man, was arrested in Greece in 2017 and later convicted of laundering the stolen Mt. Gox funds, exonerating Mt. Gox's embattled executives.
Whether history will repeat itself, and cryptocurrency tracing will prove the innocence of FTX's staff, remains far from clear. But as more eyes than ever scour the cryptocurrency economy's blockchains, it's a surer bet that the whodunit behind the FTX theft will, sooner or later, produce an answer.
Germany's antitrust watchdog has moved to widen an existing investigation of Amazon's business in the market in light of special abuse powers it confirmed are applicable to the ecommerce giant's business in the country this summer.
The Federal Cartel Office (FCO) said yesterday it is extending two ongoing "abuse control proceedings" against Amazon to include the application of "the new instrument for more effective oversight over large digital companies" (aka, Section 19a of the GWB; aka it's rebooted competition law) — which is a reference to a 2021 reform of German competition law that targets digital giants found to have so-called "paramount significance for competition across markets" with a proactive antitrust regime that outlaws practices such as self-preferencing, denying interoperability and exclusively bundling their own services to the detriment of rival offerings, among other ex ante prohibitions listed in Section 19b of the law.
The German law is similar to the pan-EU Digital Markets Act (DMA) which was recently adopted by the bloc — and will come into force next year — so the FCO is ahead of the curve here and its application of special abuse controls may offer a little taster of the extended scrutiny that's coming down the pipe across the continent for Big Tech.
The FCO has two open investigations of Amazon that are being extended to include scrutiny of whether they comply with the rebooted competition regime — one examining price control mechanisms it says are used by Amazon to algorithmically control price setting by third-party sellers on its marketplace; and another proceeding focused on what it dubs "brandgating", aka "possible disadvantages" for marketplace sellers as a result of various instruments applied by Amazon, such as agreements with (brand) manufacturers on whether individual sellers can or cannot sell (brand) products on the Amazon marketplace.
[...] A Europe Union competition investigation of the ecommerce giant's use of third party seller data has been grinding on for years — and an attempt by Amazon to settle the probe this summer, by offering a set of commitments, was swiftly denounced by dozens of civil society and digital rights groups as weak sauce.
A few days later Commission EVP and competition chief Margrethe Vestager warned the company its offer wasn't good enough.
The EU is still considering industry feedback on Amazon's commitments so it remains to be seen where that pan-EU antitrust procedure will land.
From combat clouds to drone swarm attacks, this year's Zhuhai air show demonstrated China's rapid advancements in uncrewed military technologies under President Xi Jinping.
China will "speed up the development of unmanned, intelligent combat capabilities," Xi had pledged in his written report to the Communist Party congress in October, where he began a rare third term at the party's helm.
True to this goal, the China International Aviation and Aerospace Exhibition in Zhuhai, which ended Sunday, featured an extensive display of cutting-edge weaponry. But it also highlighted some ways that China is falling short, suggesting that it still may take years to build a military that rivals America's in quality as well as quantity.
Defense contractors and civilian companies alike brought to the show a bevy of uncrewed vehicles, from aircraft to tanks, in a wide range of sizes. But unlike last year, they focused not only on the drones' individual capabilities, but also their connectivity to crewed assets and remote command centers.
A concept similar to the "combat cloud" under development in the U.S. was also presented. China appears to be working on better precision-guided weapons, information transfers and sensor capabilities, integrating artificial intelligence into weapons systems to enhance military operations.
China North Industries Group (Norinco) displayed a combat system aimed at minimizing human casualties through the use of interconnected drones, uncrewed tanks, loitering munitions and four-legged transporters. [...]
The tiny animated duck is a replica of a toy created by the company's founders:
On average, Lego produces about 20 billion plastic bricks and building elements every year, and most come from injection molding machines that are so precise that just 18 of every million parts produced are rejected. It's the secret to Lego's enduring appeal and quality standards, but the approach also has its limits, which is why the company is starting to experiment with other manufacturing techniques.
The process is fast, taking just 10 seconds to create a new Lego element, which allows Lego to churn them out by the millions. But creating those highly-accurate molds is a very expensive and time-consuming process, and before commissioning a new minifig or type of piece, Lego needs to know it will sell enough sets to justify the costs of developing the mold for it. It's why new Lego building elements are few and far between and often a big deal, but it doesn't necessarily have to be that way.
[...] Availability of the 3D printed element will be limited, and visitors wanting to purchase the unique souvenir will need to sign up in advance for the chance to spend 89 DKK—or about US $12—on one. On top of that, those who purchase the duck will be asked to complete a survey that asks questions about their experience with it, and how it compares to Lego elements manufactured using more traditional techniques.
In some ways, C and C++ run the world. You'd never know it from all the hype about other programming languages, such as Python and Go, but the vast majority of high-performance mass-market desktop applications and operating systems are written in C++, and the vast majority of embedded applications are written in C. We're not talking about smartphone apps or web applications: these have special languages, such as Java and Kotlin for Android and Objective-C and Swift for iOS. They only use C/C++ for inner loops that have a crying need for speed, and for libraries shared across operating systems.
C and C++ have dominated systems programming for so long, it's difficult to imagine them being displaced. Yet many experts are saying it is time for them to go, and for programmers to embrace better alternatives. Microsoft Azure CTO Mark Russinovich recently made waves when he suggested that C and C++ developers should move to Rust instead. "The industry should declare those languages as deprecated," Russinovich tweeted.
Many developers are exploring Rust as a production-ready alternative to C/C++, and there are other options on the horizon. In this article, we'll consider the merits and readiness of the three most cited C/C++ language alternatives: Rust, Carbon, and cppfront. First, let's take a look back through the history and some of the pain points of C/C++.
[...] The Rust-lang homepage declares three major reasons to choose Rust: performance, reliability, and productivity. Rust was designed to be fast, safe, and easy to use, with the overarching goal of empowering everyone to build reliable and efficient software.
As far as performance goes, Rust is both fast and memory-efficient: with no runtime or garbage collector, it can power performance-critical services, run on embedded devices, and easily integrate with other languages. On the reliability side, Rust's rich type system and ownership model guarantee memory safety and thread safety—which developers can use to eliminate many classes of bugs at compile-time. For productivity, Rust boasts great documentation, a friendly compiler with useful error messages, and top-notch tooling—an integrated package manager and build tool, smart multi-editor support with auto-completion and type inspections, an auto-formatter, and more.
[...] The stated goals of the Carbon language project are: performance-critical software; software and language evolution; code that is easy to read, understand, and write; practical safety and testing mechanisms; fast and scalable development; modern OS platforms, hardware architectures, and environments; and interoperability with and migration from existing C++ code.
[...] Herb Sutter has served for a decade as chair of the ISO C++ standards committee. He is a software architect at Microsoft, where he's led the language extensions design of C++/CLI, C++/CX, C++ AMP, and other technologies. With Cpp2 and cppfront, Sutter says his "goal is to explore whether there's a way we can evolve C++ itself to become 10 times simpler, safer, and more toolable." He explains:
If we had an alternate C++ syntax, it would give us a "bubble of new code that doesn't exist today" where we could make arbitrary improvements (e.g., change defaults, remove unsafe parts, make the language context-free and order-independent, and generally apply 30 years' worth of learnings), free of backward source compatibility constraints.
[...] Rust, Carbon, and Cppfront all show promise as C++ alternatives. For Carbon, we're probably looking at a five-year development cycle until it's released for production. Cppfront might be available for production sooner, and Rust is already there.
All three languages are (or will be) interoperable with C++ at a binary level. That implies that all three languages could allow you to make gradual improvements to existing C++ programs by adding new non-C++ modules.
On Tuesday, researchers published findings that, for the first time, break TTE's [Time-Triggered Ethernet] isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA's Johnson Space Center.
"Our evaluation shows that successful attacks are possible in seconds and that each successful attack can cause TTE devices to lose synchronization for up to a second and drop tens of TT messages—both of which can result in the failure of critical systems like aircraft or automobiles," the researchers wrote. "We also show that, in a simulated spaceflight mission, PCspooF causes uncontrolled maneuvers that threaten safety and mission success."
PCspooF can be built onto as little as a 2.5 cm×2.5 cm area of a single-layer printed circuit board and requires minimal power and network bandwidth, which allows a malicious device to blend in with all the other best-effort devices connected to the network. The researchers privately reported their findings to NASA and other big stakeholders in TTE. In an email, a NASA representative wrote, "NASA teams are aware of the findings from research on TTE and have taken proactive measures to ensure potential risks to spacecraft are appropriately mitigated."
The article goes into detail on what TTE is and how it's used in spacecraft.
Eugen Rochko looks exhausted. The 29-year-old German programmer is the founder of Mastodon, a distributed alternative to Twitter that has exploded in popularity in recent weeks as Elon Musk's ownership of the platform has rained chaos on its users.
Rochko began developing Mastodon shortly after leaving university in 2016. He was a fan of Twitter but wanted to create a platform not controlled by any single company or person, reasoning that online communication is too important to be at the whim of commercial interests or CEOs. He believed that the lack of profit motive and canny design could discourage harassment and abuse, and provide users more control.
[...] Mastodon grew slowly after the first code was released in 2017, appealing mostly to free software enthusiasts. Then Elon Musk took control of Twitter for $44 billion. His promises to weaken moderation, deep staff cuts, and chaotic changes to the platform turned many dedicated Twitter users off the platform. In the past few weeks, Rochko says, some 800,000 new Mastodon accounts have been created, overwhelming popular servers and flooding existing users' timelines with introductions, questions, and complaints from newbies. Last year, donations to the nonprofit that runs Mastodon and where Rochko is CEO totaled 55,000 euros; it spent only 23,000 euros.
Since Musk took over Twitter, Rochko has been working long hours to keep his own server, Mastodon.Social, running, while also preparing a major upgrade to Mastodon, but he took time to videochat with WIRED from his home in Germany. The conversation has been edited for length and clarity. [...]
India has lifted the download ban on VLC, more than nine months after it mysteriously blocked the official website of the popular media playback software in the South Asian market. VideoLAN, the popular software's developer, filed a legal notice last month seeking an explanation from the nation's IT and Telecom ministries for the block order.
The Ministry of Electronics and IT has removed its ban on the website of VLC media player, New Delhi-based advocacy group Internet Freedom Foundation, which provided legal support to VideoLAN, said on Monday. VideoLAN confirmed the order.
"This ban was put into place without any prior notice and without giving VideoLAN the opportunity of a hearing, which went against the 2009 Blocking Rules and the law laid down by the Supreme Court in Shreya Singhal v. Union of India. This was strange because VLC Media Player is an open-source software which is used by nearly 80 million Indians," IFF said in a statement.
Indian telecom operators began blocking VideoLAN's official website, where it lists links to downloading VLC, in February of this year, VideoLAN president and lead developer Jean-Baptiste Kempf told TechCrunch in an earlier interview. India is one of the largest markets for VLC.
[...] Last month, VideoLAN and Internet Freedom Foundation used legal means to get answers and redressal surrounding the ban. India's IT ministry never made public the order of the ban, yet all telecom operators in the country complied with it. In its legal notice last month, VideoLAN sought a copy of the blocking order.
US President Joe Biden has said it is "unlikely" that a missile that killed two people in Poland on Tuesday was fired from Russia.
Russia has denied it was to blame for the missile that landed in Przewodow, on the Ukrainian border.
Poland said it was Russian-made, but US officials said initial findings indicated it was fired by Ukrainian air defences.
More than 90 Russian missiles were fired at Ukraine on Tuesday, Kyiv said.
Although the military said 77 were shot down, some of the missiles hit Lviv, not far from Ukraine's western border with Poland.
During the Russian attacks, two Polish workers were killed in a blast at a farm building in Przewodow, 6km (4 miles) from the border.
Earlier reported story:
KYIV, Ukraine (AP) — Russia pounded Ukraine's energy facilities Tuesday with its biggest barrage of missiles yet, striking targets across the country and causing widespread blackouts, and a U.S. official said missiles crossed into NATO member Poland, where two people were killed.
A defiant Ukrainian President Volodymr Zelenskyy shook his fist and declared: "We will survive everything."
Polish government spokesman Piotr Mueller did not immediately confirm the information from a senior U.S. intelligence official, who spoke on condition of anonymity because of the sensitive nature of the situation. But Mueller said top leaders were holding an emergency meeting due to a "crisis situation."
Polish media reported that two people died Tuesday afternoon after a projectile struck an area where grain was drying in Przewodów, a Polish village near the border with Ukraine.
Neighboring Moldova was also affected. It reported massive power outages after the strikes knocked out a key power line that supplies the small nation, an official said.
I bet the reaction will be "Mmrrr-hhhhh... not enough/too soon for Article 5".
The big tech layoffs are continuing apace, and it seems nobody is safe. Following this month's massive staff cuts at Twitter and Meta, the New York Times reports that Amazon is now planning to let go of approximately 10,000 employees. Happy holidays, I guess.
Amazon's upcoming job cuts will reportedly impact its corporate employees, specifically its retail division, human resources, and the team working on the company's devices (which includes voice assistant Alexa).
Considering that Amazon employs over 1.5 million people across the globe, 10,000 workers laid off may not seem like a significant percentage from the company's perspective. It amounts to about 0.7 percent of Amazon's employees, which is a considerably smaller relative reduction than Twitter's Elon Musk-induced layoffs that cut its workforce by around 50 percent.
A reduction in force, or perhaps they're making room for picking up some of the high performing Twitter talent who were let go? [hubie]
Red Cross Wants Digital Symbols to Deter Hackers From Healthcare Institutions
The international organization proposed three options that could serve as a digital equivalent of the red cross symbol
The International Committee of the Red Cross proposed creating a digital equivalent to its distinctive red symbol to warn off hackers who attempt to break into medical institutions' networks. Such a digital emblem would deter some but not all hackers, Red Cross advisers say, at a time when hospitals are frequently hit with cyberattacks.
The emblem wouldn't provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers, but it would signal to hackers that a cyberattack on those protected networks during an armed conflict would violate international humanitarian law, experts say, Tilman Rodenhäuser, a legal adviser to the International Committee of the Red Cross, said at a panel discussion hosted by the organization on Thursday.
"No one should mistake it as a silver bullet, it's simply a symbol of protection," he said.
Interesting discussion at: A Digital Red Cross
Do you think such a thing would work ?
On Monday, Cerebras Systems unveiled its 13.5 million core Andromeda AI supercomputer for deep learning, reports Reuters. According Cerebras, Andromeda delivers over one 1 exaflop (1 quintillion operations per second) of AI computational power at 16-bit half precision.
The Andromeda is itself a cluster of 16 Cerebras C-2 computers linked together. Each CS-2 contains one Wafer Scale Engine chip (often called "WSE-2"), which is currently the largest silicon chip ever made, at about 8.5-inches square and packed with 2.6 trillion transistors organized into 850,000 cores.
Cerebras built Andromeda at a data center in Santa Clara, California, for $35 million. It's tuned for applications like large language models and has already been in use for academic and commercial work. "Andromeda delivers near-perfect scaling via simple data parallelism across GPT-class large language models, including GPT-3, GPT-J and GPT-NeoX," writes Cerebras in a press release.
Previously: Cerebras "Wafer Scale Engine" Has 1.2 Trillion Transistors, 400,000 Cores
Cerebras Systems' Wafer Scale Engine Deployed at Argonne National Labs
Cerebras More than Doubles Core and Transistor Count with 2nd-Generation Wafer Scale Engine
The Trillion-Transistor Chip That Just Left a Supercomputer in the Dust
When a sensory stimulus reaches our brain, it doesn't drop in calm waters - brains are always agitated with spontaneous activity. Like a surfer, the stimulus has to catch the right wave of activity at the right time to emerge into consciousness. Right in between two waves is the perfect time to do so, argue Giovanni Rabuffo and Pierpaolo Sorrentino of the Human Brain Project.
We know from extensive experiments that the brain can perceive sensory stimuli even when we are not aware of them: while some information reaches the 'consciousness threshold', other simply does not, even given comparable incoming stimuli.
[...] How come the same stimulus reaches consciousness in certain moments, and fails to do so in others? As this stimulus is the same, it must depend on something changing in the brain.
[...] In recent years, neuroimaging has shown that 'becoming aware of a stimulus' comes with a burst of activations that spread across the brain. However, similar such bursts spontaneously stretch across the brain at all times, even in the absence of stimuli. These bursts are often referred to as 'neuronal avalanches'', borrowing the concept of avalanches from statistical mechanics. And we experience these spontaneous avalanches during rest, while we are typically conscious. Is there a way to unify conscious perception, spontaneous brain activity, and neuronal avalanches?
The activation of a neuron and the consequent widespread effects across the brain might be approached with the same methods for studying the spread of a wildfire through a forest, or the compression waves traveling during an earthquake.
Or a rough sea. Surfing is popular in Marseille, so the metaphor comes up naturally for the researchers. Imagine you are a surfer that wants to ride the next wave. If you wait until the apex of the wave has reached you, you are already too late, it will pass you by. You need to start moving before that, in the interval between two waves. "We posit that something similar is happening to sensory signals reaching the brain," says Sorrentino. "The signal is the surfer, and the spontaneous neuronal avalanches are the waves. If the signal reaches the brain at the same time as one of the bursts reaches its peak, the brain would be too busy to notice, and it's less likely that the signal will reach consciousness. In the former scenario, the information is collected, but not experienced. But if the signal arrives before that, it will ride the incoming wave and be more likely to be perceived consciously." This would account for the aforementioned 'failure of ignition' that happens seemingly at random: the two signals were the same but only one was able to catch a favorable wave, at the right time and place.
Rabuffo and Sorrentino haven't put their hypothesis to test with their proposed experiment yet, but they expect it to work. If confirmed, the hypothesis could solve ongoing conundrums in both consciousness and critical thresholds, bridging gaps in the theoretical neuroscience landscape.
Reference: Giovanni Rabuffo, Pierpaolo Sorrentino, Christophe Bernard and Viktor Jirsa, Spontaneous neuronal avalanches as a correlate of access consciousness, Frontiers Psychology, doi.org/10.3389/fpsyg.2022.1008407