Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$680.67

19.4%

Covers transactions:
2022-07-02 10:17:28 ..
2022-11-18 10:08:54 UTC
(SPIDs: [1838..1877])
Last Update:
2022-11-23 15:47:02 UTC --fnord666


Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

SLS/Orion mission will launch ...

  • Wednesday, November 16th
  • Saturday, November 19th
  • Friday, November 25th
  • Sometime in December
  • Sometime in 2023
  • Never
  • Other (please specify in comments)

[ Results | Polls ]
Comments:13 | Votes:68

posted by janrinok on Monday November 21, @10:07PM   Printer-friendly

https://www.theregister.com/2022/11/17/uk_forces_newport_fab_sale/

The UK's secretary of state for Business, Energy and Industrial Strategy has ordered that the Chinese owner of the Newport Wafer Fab sell off its interest in the facility on grounds of national security.

Secretary Grant Shapps on Wednesday published an order [PDF] in which he explained ownership of the facility represents a national security risk as:

i. technology and know-how that could result from a potential reintroduction of compound semiconductor activities at the Newport site, and the potential for those activities to undermine UK capabilities; and ii. the location of the site could facilitate access to technological expertise and know-how in the South Wales Cluster ("the Cluster"), and the links between the site and the Cluster may prevent the Cluster being engaged in future projects relevant to national security.

The Newport Wafer Fab is the UK's largest chipmaking facility. In July 2021 it was sold for £63 million ($111,500,000) to Dutch company Nexperia, which itself became a subsidiary of Chinese outfit Wingtech Technology in 2018.

News of the sale to Nexperia saw then-prime minister Boris Johnson promise to a conduct a national security investigation into the takeover. That probe led to a damning report titled "Sovereignty for sale: follow-up to the acquisition of Newport Wafer Fab" and allegations that the probe ordered by Johnson had amounted to nothing. A full assessment under the National Security and Investment Act was then instigated, with the result that Shapps has now ordered Nexperia to sell at least 86 percent of the Newport facility.

Nexperia has published a statement condemning the decision.


Original Submission

posted by janrinok on Monday November 21, @07:22PM   Printer-friendly

https://www.sciencenews.org/article/meteorite-uk-winchcombe-earth-water-asteroids

Late in the evening of February 28, 2021, a coal-dark space rock about the size of a soccer ball fell through the sky over northern England. The rock blazed in a dazzling, eight-second-long streak of light, split into fragments and sped toward the Earth. The largest piece went splat in the driveway of Rob and Cathryn Wilcock in the small, historic town of Winchcombe.

An analysis of those fragments now shows that the meteorite came from the outer solar system, and contains water that is chemically similar to Earth's, scientists report November 16 in Science Advances. How Earth got its water remains one of science's enduring mysteries. The new results support the idea that asteroids brought water to the young planet (SN: 5/6/15).

[...] "It's as pristine as we're going to get from a meteorite," King says. "Other than it landing in the museum on my desk, or other than sending a spacecraft up there, we can't really get them any quicker or more pristine."

After collecting about 530 grams of meteorite from Winchcombe and other sites, including a sheep field in Scotland, King and colleagues threw a kitchen sink of lab techniques at the samples. The researchers polished the material, heated it and bombarded it with electrons, X-rays and lasers to figure out what elements and minerals it contained.

[...] The meteorite is a type of rare, carbon-rich rock called a carbonaceous chondrite, the team found. It came from an asteroid near the orbit of Jupiter, and got its start toward Earth around 300,000 years ago, a relatively short time for a trip through space, the researchers calculate.

Chemical analyses also revealed that the meteorite is about 11 percent water by weight, with the water locked in hydrated minerals. Some of the hydrogen in that water is actually deuterium, a heavy form of hydrogen, and the ratio of hydrogen to deuterium in the meteorite is similar to that of the Earth's atmosphere. "It's a good indication that water [on Earth] was coming from water-rich asteroids," King says.

Researchers also found amino acids and other organic material in the meteorite pieces. "These are the building blocks for things like DNA," King says. The pieces "don't contain life, but they have the starting point for life locked up in them."

A. King et al. The Winchcombe meteorite, a unique and pristine witness from the outer solar system. Science Advances. Published online November 16, 2022. doi: 10.1126/sciadv.abq3925.


Original Submission

posted by janrinok on Monday November 21, @04:38PM   Printer-friendly
from the one-at-the-time dept.

Last week Bruce Schneier published An Untrustworthy TLS Certificate in Browsers and now Ian Carroll has published Security concerns with the e-Tugra certificate authority.

Ian is best known for the death of the EV (Extended Validation) certificates. He legally registered a colliding entity name and then got an EV certificate for his site stripe.ian.sh. As this site is not online any more, a good write up of this is Extended Validation Certificates are (Really, Really) Dead by Troy Hunt.

Troy Hunt is also known for his website ';--have i been pwned?.

Schneier suggests that it might be time to disable / remove trust for the following Certificate Authorities (CAs):

  • TrustCor
  • E-Tugra

Cory Doctorow gives a very good explanation the the problem in general and its causes here. Basically, we are just too trusting and we believe that others are looking after our interests. It appears that they are not.


Original Submission

posted by janrinok on Monday November 21, @01:54PM   Printer-friendly
from the burn-baby-burn dept.

There's a change in behavior when the plasma starts burning, and nobody knows why:

[...] Now, researchers have analyzed the properties of the plasma as it experiences these high-energy states. And to their surprise, they found that burning plasmas appear to behave differently from those that have experienced ignition. At the moment, there's no obvious explanation for the difference.

In the experiments, the material being used for fusion is a mix of tritium and deuterium, two heavier isotopes of hydrogen. These combine to produce a helium atom, leaving a spare neutron that's emitted; the energy of the fusion reaction is released in the form of a gamma ray.

The fusion process is triggered by a short, extremely intense burst of laser light that targets a small metallic cylinder. The metal emits intense X-rays, which vaporize the surface of a nearby pellet, creating an intense wave of heat and pressure on the pellet's interior, where the deuterium and tritium reside. These form a very high-energy plasma, setting the conditions for fusion.

If everything goes well, the energy imparted ignites the plasma, meaning that no additional energy is needed for the fusion reactions to continue for the tiny fraction of a second that passes before the whole thing blows apart. At even higher energies, the plasma reaches a state called burning, where the helium atoms that are forming carry so much energy that they can ignite the nearby plasma. This is considered critical because it means the rest of the energy (in the form of neutrons and gamma rays) can potentially be harvested to produce useful power.

While we have detailed models of the physics that goes on under these extreme conditions, we need to compare those models to what's going on inside the plasma. Unfortunately, given that both the plasma and the materials that formerly surrounded it are in the process of exploding, that's a significant challenge. To get a picture of what might be going on, researchers have turned to one of the products of the fusion reaction: the neutrons it emits, which can pass through the wreckage and be picked up by nearby detectors.

Hartouni, E.P., Moore, A.S., Crilly, A.J. et al. Evidence for suprathermal ion distribution in burning plasmas. Nat. Phys. (2022). DOI: 10.1038/s41567-022-01809-3 (About DOIs).


Original Submission

posted by janrinok on Monday November 21, @11:10AM   Printer-friendly

India follows EU's example in requiring USB-C charging for smart devices

India is on a path to require USB-C charging ports in almost all smart devices following actions taken by an inter-ministerial task force.

Rohit Kumar Sing, Secretary of the Department of Consumer Affairs, said the move is "in the interest of consumer welfare and prevention of avoidable e-waste."

The broad consensus in the meeting was that USB-C would be required for electronic devices like smartphones, tablets, and laptops – but "feature phones" could end up with a different charging option. A sub-committee was formed to determine the fate of wearable devices.

But things won't change overnight. The move toward USB-C will be done in phases to ensure industry and consumers alike have time to adapt.

Previously: USB-C to be Mandatory for Phones Sold in the EU by Autumn 2024
UK Will Not Copy EU Demand for Common Charging Cable
Apple to Put USB-C Connectors in iPhones to Comply With EU Rules


Original Submission

posted by NCommander on Monday November 21, @08:25AM   Printer-friendly
from the Let's-figure-this-out dept.

So, to say the last week has been a dumpster fire is drastically underselling what I've been through. This, combined with having to put things in place to migrate off Twitter, and otherwise deal with all the fallout of that hot mess has, to put it frankly, put free time at something of a premium, hence why this post took so long. For those who missed it, I did fairly long overhaul of our backend, upgrading boxes from Ubuntu 14.04, and rebuilding and replacing others.

At the moment, the site is mostly working, with two exceptions, site search is still down, and IRC is still down. Deucalion has taken up the task of rebuilding the IRCd on modern server software, so it's time to lay down the road going forward past this point.

Read past the fold for more information ...

State of the Backend

Right now, the backend is mostly built on an outdated version of mod_perl 2.2, and MySQL cluster, which is very much not a good place to be. Originally as envisioned, I planned this site to be able to be easily scalable, with a larger user base. That's why the infrastructure was designed to be as scalable as it was, with the downside of having a much higher overhead than a more traditional setup has. Furthermore, rehash (the code that powers this site) is, uh, to put it frankly, a beast to work on. It's a 90s era Perl code base and pretty much everything else that implies; if it wasn't for the fact that rehash is one of the main reasons to use SoylentNews, I'd argue it might be time to replace it.

Right now, I'm working on doing another round of server hardening. As it is at the moment, I've got rehash and Apache running in an AppArmor jail, and everything is pretty well sandboxed from everything else, but I still need to go through and adjust a lot of firewalls, and finish decommissioning out a bunch of the boxes. That said, the site is running faster than it has in a long while since a lot of small things got corrected as we went. Sometime this weekend, I'm going to finish adjusting the firewalls to lock it down further, and that should mostly get back to the point where I might have restful sleep again. That being said, there's still a fair bit more to do.

Moving ahead, we need to get off MySQL cluster, and either onto the current mod_perl, or, ideally, FastCGI, to end the Apache dependency entirely. Unfortunately, working on Rehash is quite difficult, and it requires a very specific setup to be viable. My current plan here is to basically get it working in Docker, so its easy to spin up and spin down instances, and return to a less cursed variant of MySQL. This is probably a few hours of work, but I'm hoping that overall it is going to be easy and straightforward to do since most of the backend is fairly well documented at this point. This also leaves me in a decent position to implement a couple of long overdue features, but modernization efforts come first. I'm hoping to livestream my efforts on this on the weeks to come, and I will make stream announcements as I go along.

Policy and Code Changes

My intent, based off the policy changes that were made to disallow ACs to post on stories is to sunlight the feature entirely, including in journals and more. The decision to have ACs on SoylentNews was made in 2014, when the Snowden leaks were only a few months old. Furthermore, we've seen from experience that the karma system doesn't go far enough at keeping bad actors from still getting a +2 status. By and large, the numbers underpinning the system need a rework. My general thought is to cap karma at either 10 or 15, and drastically decrease how far into the basement you can go, as well as uncapping posts in moderation to be able to go to -5.

As a rule, incredibly bad takes do get moderated out of existence, but because there's no real penalty for doing so, we get constant shitposts. Time to make this a bit harder to abuse. I've documented the antispam measures on the site before, but the site keeps track of IP addresses and subnets in the form of hashed /24, and /16s (/64 and /48 for IPv6), which has a karma number attached to them. If an IP range goes too far into the basement, it ends up posting at 0 or -1. By adjusting the caps, it should allow this threshold to be reached much more easily, and help bring the signal to noise ratio back to something more "positive".

Furthermore, I believe its generally in the site's interests to allow editors to delete comments. This functionality is actually built into rehash, but has been long disabled. At the time, I felt the community was best self-moderating, but I think on the whole, its better to treat this like a moderated subreddit, and have messages get a notice that they've in-fact been deleted ala reddit. This is a fairly large departure for the site as a whole, but I think one justified given the state of the Internet on 2022. I am open to discussions on all of this, but let me see what all your thoughts are like.

Final Notes

I do intend to keep livestreaming my progress with the site as we go along; and we raised another ~500 dollars towards Trevor Project during the last livestream. I've left that stream unlisted until I've had a chance to finish implementing all the hardening measures I've discussed, but I'm hoping at the end of it, I'll have a pretty good documentary on what it takes to modernize an aging website. As usual, if you want to support me directly: Ko-fi is available for one time donations, or Patreon for a recurring donation.

~ NCommander


[ If you are an AC and wish to make a constructive comment, please see my journal. janrinok ]

posted by hubie on Monday November 21, @05:38AM   Printer-friendly

https://techcrunch.com/2022/11/15/apple-emergency-sos-via-satellite-hands-on/

Months after it was announced at an event in September, Emergency SOS via satellite, Apple's service for the iPhone 14 and iPhone 14 Pro that uses satellite to route emergency calls, launched today. Supported iPhones in the U.S. and Canada updated with the latest iOS 16 can send an SOS even when they're off the grid, no dish required, thanks to an upgraded wireless chipset and Apple's partnership with satellite service provider Globalstar.

Emergency SOS via satellite will expand to France, Germany, Ireland and the U.K. next month, Apple announced [recently].

As my colleague Devin Coldewey noted in his coverage of Emergency SOS earlier this year, the service differs from the satellite-based data and text connectivity offered by Lynk and T-Mobile and Starlink. While those rely on cell towers strong enough to reach and receive a satellite signal, Emergency SOS — via Globalstar — uses bands that normally require a special antenna.

It's a costly venture. Apple recently pledged $450 million through its Advanced Manufacturing Fund toward expanding the infrastructure powering Emergency SOS, including the satellite network and ground stations. A part of the funding went toward installing custom-built antennas designed to receive signals transmitted by Globalstar's satellite constellation.

One presumes that Apple intends to eventually recoup its investment. But for now, Emergency SOS is fee-free. Existing iPhone 14 and iPhone 14 Pro owners won't have to pay for at least two years from today, while new iPhone owners will receive free service for two years from when they activate their phones.


Original Submission

posted by janrinok on Monday November 21, @02:54AM   Printer-friendly
from the eager-beavers dept.

American beaver populations are booming and their prolific dam building benefits river water quality so much, it outweighs the damaging influence of climate-driven droughts:

As climate change worsens water quality and threatens ecosystems, the famous dams of beavers may help lessen the damage.

That is the conclusion of a new study by Stanford University scientists and colleagues, publishing Nov. 8 in Nature Communications. The research reveals that when it comes to water quality in mountain watersheds, beaver dams can have a far greater influence than climate-driven, seasonal extremes in precipitation. The wooden barriers raise water levels upstream, diverting water into surrounding soils and secondary waterways, collectively called a riparian zone. These zones act like filters, straining out excess nutrients and contaminants before water re-enters the main channel downstream.

This beneficial influence of the big, bucktoothed, amphibious rodents looks set to grow in the years ahead. Although hotter, arid conditions wrought by climate change will lessen water quality, these same conditions have also contributed to a resurgence of the American beaver in the western United States, and consequently an explosion of dam building.

"As we're getting drier and warmer in the mountain watersheds in the American West, that should lead to water quality degradation," said the study's senior author Scott Fendorf, a professor of Earth system science at Stanford University. "Yet unbeknownst to us prior to this study, the outsized influence of beaver activity on water quality is a positive counter to climate change."

[...] "Completely by luck, a beaver decided to build a dam at our study site," said Dewey, who is now a postdoctoral scholar at Oregon State University (whose mascot, incidentally, is a beaver). "The construction of this beaver dam afforded us the opportunity to run a great natural experiment."

[...] To understand how beaver dams may affect water quality in a future where global warming produces more frequent droughts and extreme swings in rainfall, the researchers compared water quality along a stretch of the East River during a historically dry year, 2018, to water quality the following year, when water levels were unusually high. They also compared these yearlong datasets to water quality during the nearly three-month period, starting in late July 2018, when the beaver dam blocked the river.

[...] While in place, the beaver dam boosted removal of unwanted nitrogen from the studied East River section by 44% over the seasonal extremes. Nitrogen is an especially pernicious problem for water quality as it promotes overgrowth of algae, which when decomposed starve water of the oxygen needed to support diverse animal life and a healthy ecosystem.

[...] "We would expect climate change to induce hydrological extremes and degradation of water quality during drought periods," said Fendorf, "and in this study, we're seeing that would have indeed been true if it weren't for this other ecological change taking place, which is the beavers, their proliferating dams, and their growing populations."

Journal Reference:
Dewey, C., Fox, P.M., Bouskill, N.J. et al. Beaver dams overshadow climate extremes in controlling riparian hydrology and water quality. Nat Commun 13, 6509 (2022). DOI: 10.1038/s41467-022-34022-0


Original Submission

posted by janrinok on Sunday November 20, @10:11PM   Printer-friendly
from the consistently-inconsistent dept.

https://www.extremetech.com/internet/340982-first-ever-isp-study-reveals-arbitrary-costs-fluctuating-speeds-lack-of-options

Does anyone in the United States actually like their internet service provider (ISP)? If new research is anything to go off of, the answer is probably no. The results from a first-of-its-kind nationwide ISP study were published Thursday, and in what will come as a surprise to absolutely no one reading this site, consumers' reliance on this modern necessity is being widely exploited.

Consumer Reports, an independent nonprofit research organization best known for its product reviews, launched its Fight for Fair Internet study in July 2021. At its core, the study sought to publicize what Americans pay for internet service and (more importantly) what their money actually gets them. We'll avoid any fanfare here: Things aren't great. After analyzing more than 22,000 internet bills from all 50 states, the District of Columbia, Puerto Rico, and the US Virgin Islands, Consumer Reports found that arbitrary pricing and other disturbing practices are commonplace. Worse, the magazine found this to be true across many of the 526 domestic ISPs examined during the study—including all 26 of the largest providers, which cover more than 90 percent of the country's services.

One anonymized AT&T bill from the published study illustrates how consumers are issued discounts seemingly at random and without information on how to keep the discount. The bill shows that the customer was given two $10 discounts on their original bill of $80: One for bundling and another for "loyalty." Most of us appreciate a good discount, but without any explanation as to what "loyalty" involves—was the customer made aware of the discount? Is the discount permanent?—it's difficult to compare pricing with other ISPs, which stymies competition.

Some ISPs even use these arbitrary discounts to make it appear as though their customers are getting a better deal when they actually aren't. More than half of the AT&T and Verizon bills Consumer Reports analyzed included some sort of discount, while Google Fiber bills never did...even though some Google Fiber customers paid lower prices for the same level of service.

[...] "The unavoidable fees are especially problematic because consumers may believe they are government-imposed when, in fact, many are company-imposed and distinguished from the core service price at the provider's discretion," Consumer Reports said. "They can surprise consumers when they appear on monthly bills, and can enable providers to raise prices without seeming to violate marketing or contractual price commitments."

ISPs often boast higher speeds than their competitors'—a factor that increasingly weighs on consumers' minds as more people work and attend school online. But many of these companies regularly fail to provide the megabits per second (Mbps) promised in ads and service agreements. This is particularly the case for consumers who pay extra for "premium" plans, who reportedly receive less than half the download speed they're paying for. Consumers who subscribed to plans promising 940 to 1,200Mbps often end up receiving median speeds of between 360 and 373Mbps.


Original Submission

posted by janrinok on Sunday November 20, @05:25PM   Printer-friendly
from the waste-not-want-not dept.

https://www.extremetech.com/extreme/340991-researchers-grew-bigger-vegetables-using-exhaled-co2-as-fertilizer

Scientists recently tested the effect of funneling carbon dioxide-rich exhaust toward a vegetable garden, and the results were (literally) huge.

A team of agricultural researchers at Boston University came up with the idea while brainstorming ways to make urban environments more sustainable. As cities become denser, humans require more resources, and climate change worsens, buildings will likely require modifications to serve multiple purposes and recycle resource byproducts. Busy lecture halls with indoor climate control systems, it turns out, are a perfect example of such modifications. The building's exhaust contains high levels of CO2, which plants convert to energy during photosynthesis.

Rather than releasing that CO2 into the environment uncontrolled, the researchers thought to direct their building's exhaust toward an experimental rooftop garden. The garden, nicknamed BIG GRO, contained beds of spinach and corn. While both are common edible plants, corn photosynthesizes in a way that requires less CO2 than spinach, allowing it to serve as a control while the spinach ideally revealed the system's advantages and disadvantages.

[...] The plants that had been exposed to the building's exhaust had grown up to four times larger than the plants placed next to a control fan. The spinach in particular had quadruple the biomass of its control; the corn, despite its own special brand of photosynthesis, had two to three times the biomass of its control. Though the corn's growth causes the team to think the extra CO2 wasn't the only reason their experiment succeeded, there's now concrete reason to believe rooftop farms like BIG GRO could benefit from buildings' otherwise wasted exhaust.


Original Submission

posted by hubie on Sunday November 20, @12:41PM   Printer-friendly
from the gotta-wake-up-and-smell-the-collective-coffee dept.

Morning light helps keep our internal clocks on track. Daylight saving time throws that off:

Daylight saving time has ended, and most Americans have turned their clocks back an hour. My sixth-grader is in heaven.

At 6:50 a.m. these days, our once testy tween zombie is now ... moderately awake and relatively lucid.

Instead of rising to gauzy predawn light, she's got glowy morning sunshine beaming around her curtains. When she sets off for school, the sun has been up nearly a full hour. Just a 60-minute change has lightened both the morning and her mood. At breakfast today, I think I even spied a smile.

On November 6, every state in the United States except Hawaii and most of Arizona switched from daylight saving time, or DST, to standard time (those two states don't observe DST). That switch shifted an hour of light from the evening to the morning. In March, we'll move in the other direction when we "spring forward," trading morning light for brighter evenings.

The United States' biannual time change has been lighting up headlines since the U.S. Senate's unanimous vote in March to make daylight saving time permanent. The Sunshine Protection Act would forgo turning clocks to and fro, repeating an unpopular experiment Congress tried in the 1970s and prioritizing evening light throughout the year. But the health case for staying on daylight saving time is pretty dim. And what such a shift could mean for adolescents is especially gloomy.

Even the name "daylight saving time" isn't quite right, says Kenneth Wright, a sleep and circadian expert at the University of Colorado Boulder. There's no change in the amount of daylight, he says. "What we're doing is changing how we live relative to the sun." When we move our clocks forward an hour, noon no longer represents when the sun is near its highest point in the sky. Suddenly, people's schedules are solarly out of sync.

That's a big deal biologically, Wright says. Humans evolved with a daily cycle of light and dark. That sets the rhythms of our bodies, from when we sleep and wake to when hormones are released. Morning light, in particular, is a key wake-up signal. When we tinker with time, he says, "we're essentially making the choice: Do we want to go with what we've evolved with, or do we want to alter that?"

From a health perspective, if he had to rank permanent daylight saving time, permanent standard time or our current practice of biannual clock changing, Wright says, "I think the answer is incredibly clear." Permanent standard time is healthiest for humans, he says. In his view, permanent daylight saving time ranks last.


Original Submission

posted by hubie on Sunday November 20, @07:54AM   Printer-friendly
from the real-job dept.

Scheduling the daily five-letter puzzle is more demanding than you might think

On the surface, there are few word games that would seem to need active editing less than Wordle. After all, the daily Wordle puzzle boils down to just a single five-letter word. Picking that word each day doesn't exactly require the skill or artistry of, say, crafting an entire crossword puzzle or designing a more algorithmic game like Knotwords.

Despite this, on Monday, The New York Times announced that "Wordle finally has an editor." Which kind of leads to an obvious follow-up question: What does a Wordle editor actually do all day?


Original Submission

posted by hubie on Sunday November 20, @03:09AM   Printer-friendly
from the yotta-see-these-hellagood-prefixes dept.

Earth now weighs six ronnagrams:

Say hello to ronnagrams and quettametres: International scientists gathered in France voted on Friday for new metric prefixes to express the world's largest and smallest measurements, prompted by an ever-growing amount of data.

It marks the first time in more than three decades that new prefixes have been added to the International System of Units (SI), the agreed global standard for the metric system.

Joining the ranks of well-known prefixes like kilo and milli are ronna and quetta for the largest numbers -- and ronto and quecto for the smallest.

The change was voted on by scientists and government representatives from across the world attending the 27th General Conference on Weights and Measures, which governs the SI and meets roughly every four years at Versailles Palace, west of Paris.

[...] Brown said he had the idea for the update when he saw media reports using unsanctioned prefixes for data storage such as brontobytes and hellabytes. Google in particular has been using hella for bytes since 2010.

[...] The new prefixes should "future proof the system" and satisfy the world's need for higher numbers -- at least for the next 20 to 25 years, he added.


Original Submission

posted by janrinok on Saturday November 19, @10:18PM   Printer-friendly
from the stay-safe-and-secure dept.

We all know that when somebody gets unauthorised access to your computer hardware that security is out of the window! But what if you have to leave your hardware unattended but ostensibly in a 'secure' location - your hotel room or somebody else's home? fab23 has submitted this article on what you can do if that is the case:

The SANS Internet Storm Center published the guest diary Evil Maid Attacks - Remediation for the Cheap:

The so-called evil maid attack is an attack against hardware devices utilizing hard- and/or software. It is carried out when the hardware is left unattended, e.g., in a hotel room when you're out for breakfast. The attacker manipulates the device in a malicious way, e.g.:

There are several ways to minimize the risk of an unnoticed, successful evil maid attack. Which road you go depends on your personal threat model (and your budget, of course).

[...] If you want to have a cheap solution to be reasonably sure nobody messes unnoticed with your device when you have to leave it alone, you may carry out some countermeasures, e.g.:

Seal all screws with nail polish or glue with glitter pieces in it, and take pictures that are stored offline so that you will be able to spot manipulations

Seal not needed peripheral interfaces (e.g. USB ports)

Lock needed peripheral ports with tamper-proof solutions (e.g. one-time locks which have to be destroyed to access the port)

Leave the device in the bootup password prompt of the FDE (Full Disk Encryption) password:

  • Reboot your device to the FDE password prompt

  • and enter the first few chars of the correct password (important!)

  • make sure the device stays in this mode till you return (e.g. has enough power or the power supply is plugged in, disable energy saving settings, ...)

  • When you're back, enter the rest of the FDE password, and if the device boots, then you could be reasonably sure it hasn't been tampered with. Of course, you have to examine the device physically thoroughly, e.g., the screws, peripheral ports, seals, etc. One important precondition for this to work is that the FDE boot code allows the password prompt to stay as it is after entering some chars. Fedora 7 and Ubuntu 20.04 seem to work, but Bitlocker (Windows) does not. Is this bulletproof? No. Will this be reasonably secure? Depends on your threat model. But it's definitely better than doing nothing, having the OS left up and running, or having the device powered off completely. Stay safe and secure!

So, if you absolutely have no other option, what do you do to ensure that your data remains as secure as possible?


Original Submission

posted by janrinok on Saturday November 19, @05:35PM   Printer-friendly
from the take-your-protein-pills-and-put-your-helmet-on dept.

'Protein hunger' drives overeating, large-scale population study shows:

A year-long study of the dietary habits of 9,341 Australians has backed growing evidence that highly processed and refined foods are the leading contributor of rising obesity rates in the Western world.

The new study, in the latest issue of the journal Obesity conducted by the University of Sydney's Charles Perkins Centre (CPC), was based on a national nutrition and physical activity survey undertaken by the Australian Bureau of Statistics (ABS), and further backs the 'Protein Leverage Hypothesis'.

First put forward in 2005 by professors Raubenheimer and Stephen Simpson, the Protein Leverage Hypothesis argues that people overeat fats and carbohydrates because of the body's strong appetite for protein, which the body actively favours over everything else. Because so much of modern diets consist of highly processed and refined foods – which are low in protein – people are driven to consume more energy-dense foods until they satisfy their protein demand.

[...] "It's increasingly clear that our bodies eat to satisfy a protein target," added Professor David Raubenheimer, the Leonard Ullmann Chair in Nutritional Ecology at the School of Life and Environmental Sciences.

"But the problem is that the food in Western diets contains increasingly less protein. So, you have to consume more of it to reach your protein target, which effectively elevates your daily energy intake.

[...] Participants with a lower proportion of protein than recommended at the first meal consumed more discretionary foods – energy-dense foods high in saturated fats, sugars, salt, or alcohol – throughout the day, and less of the recommended five food groups (grains; vegetables/legumes; fruit; dairy and meats). Consequently, they had an overall poorer diet at each mealtime, with their percentage of protein energy decreasing even as their discretionary food intake rose – an effect the scientists call 'protein dilution'.

Journal Reference:
Amanda Grech, Zhixian Sui, Anna Rangan, et al., Macronutrient (im)balance drives energy intake in anobesogenic food environment: An ecological analysis [open], Obesity, 30, 11, 2022. DOI: 10.1002/oby.23578


Original Submission