SoylentNews

upstart writes:

89% of the department's high-value assets didn't use multi-factor authentication:

More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.

[...] The results weren't encouraging. In all, the auditors cracked 18,174—or 21 percent—of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees. In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department's user accounts.

The audit uncovered another security weakness—the failure to consistently implement multi-factor authentication (MFA). The failure extended to 25—or 89 percent—of 28 high-value assets (HVAs), which, when breached, have the potential to severely impact agency operations.

Original Submission

upstart writes:

Examining the Impact of 6G Telecommunications on Society:

With greater global connectivity, the case for 6G telecommunications has become more apparent than ever before. The generations of wireless cellular technology (or the Gs) have been incrementing every 10 years: 1G prior to 1990, 2G in 1990, 3G in 2000, 4G in 2010, and 5G in 2020. We expect 6G to roll out in 2030.

[...] The pace of technological development is now swifter than ever, but societal implications often become afterthoughts.

[...] In the lead-up to announcing the SDGs, Jeffrey D. Sachs—while he was special advisor to the U.N. secretary-general—proposed in April 2015 an integrated vision for sustainable development. The integrated approach would advance a "holistic vision of systems analysis, where we have to understand how natural, technological, and sociopolitical systems interact," Sachs said.

[...] A recent example that illustrates the point was the rollout of 5G in 2020. It required the installation of cellphone towers or masts. Because community members did not understand the benefits of the installations or were not sufficiently consulted, several of the towers were not renewed. Some even were set on fire. With fast advancements in AI expected thanks to 6G, the fear of technology and what it might or might not do continues to be discussed in many parts of the world.

Original Submission

upstart writes:

Over 120 PLC models contain a serious vulnerability—and no fix is on the way:

In 2009, the computer worm Stuxnet crippled hundreds of centrifuges inside Iran's Natanz uranium enrichment plant by targeting the software running on the facility's industrial computers, known as programmable logic controllers. The exploited PLCs were made by the automation giant Siemens and were all models from the company's ubiquitous, long-running SIMATIC S7 product series. Now, more than a decade later, Siemens disclosed today that a vulnerability in its S7-1500 series could be exploited by an attacker to silently install malicious firmware on the devices and take full control of them.

The vulnerability was discovered by researchers at the embedded device security firm Red Balloon Security after they spent more than a year developing a methodology to evaluate the S7-1500's firmware, which Siemens has encrypted for added protection since 2013. Firmware is the low-level code that coordinates hardware and software on a computer. The vulnerability stems from a basic error in how the cryptography is implemented, but Siemens can't fix it through a software patch because the scheme is physically burned onto a dedicated ATECC CryptoAuthentication chip. As a result, Siemens says it has no fix planned for any of the 122 S7-1500 PLC models that the company lists as being vulnerable.

Siemens says that because the vulnerability requires physical access to exploit on its own, customers should mitigate the threat by assessing "the risk of physical access to the device in the target deployment" and implementing "measures to make sure that only trusted personnel have access to the physical hardware." The researchers point out, though, that the vulnerability could potentially be chained with other remote access vulnerabilities on the same network as the vulnerable S7-1500 PLCs to deliver the malicious firmware without in-person contact. [...]

upstart writes:

The FTC has scheduled a hearing for August 2, well after the deal is supposed to close:

The US Federal Trade Commission (FTC) has thrown a monkey wrench into Microsoft's plan to acquire Activision. According to a scheduling order filed last week, the FTC's antitrust lawsuit hearing against the deal will not begin until August 2. This date is well past the contracted deadline of July 18, 2023, effectively triggering a breach in the agreement.

Technically, a failed closure would require Microsoft to pay Activision a $3 billion "breakup fee." However, since something outside of Microsoft's and Activision's control is causing the delay, it's more likely the two will have to start over and cut a new deal. What that means is as yet unclear.

The original agreement was to pay Activision $95 per share, a 40-percent premium over its then $65 market price. Since then, Activision's stock has traded in the mid-to-high 70s. It is currently priced at $76.90, theoretically putting Activision in a better bargaining position for a redeal.

However, Activision's public stance has been that it wants the merger just as much as Microsoft does. So it's within the realm of possibility that the two shake hands and say, "Same deal."

Microsoft and Activision agreed to the merger nearly a year ago. At the time, both companies expected to have the acquisition closed as early as November 2022. However, the record-breaking $68.7 billion buyout immediately got the attention of multiple regulators in several countries, including the FTC.

Original Submission

fliptop writes:

The latest version of Pi's mainstream camera module has autofocus, HDR and wide angle:

Raspberry Pi has released an updated camera, Camera Module 3 (aka Camera v3 or Camera Module v3), with an MSRP of $25 for standard or $35 for the wide angle version. The new module brings more pixels, rivalling the High Quality Camera's 12MP while keeping the smaller sensor-on-a-board form factor. What's new about this tiny camera is autofocus. This is the first official Raspberry Pi camera with autofocus, though Arducam's High Resolution camera delivered that functionality last year.

The Raspberry Pi camera was the first official accessory from Raspberry Pi, way back in 2013. The original 5MP model was updated to v2 in 2016 which brought 8MP to the game. Then the cameras got a bit more "serious" with the 12MP Raspberry Pi High Quality Camera in 2020; this version brought interchangeable lenses and a plethora of choices for the keen photographer, but it's pricey and doesn't come with a lens.

Fast forward to 2023 and we have a new mainstream Pi camera, the Raspberry Pi Camera v3 which updates the original camera's sensor-on-a-board form factor to pack a 12MP Sony IMX708 sensor and auto focus. It also comes in four flavors: standard, wide angle, NOIR and NOIR wide angle.

Specs, comparisons to legacy cameras and test results available at Tom's Hardware.

Previously:

• Arducam Reveals Hawk-Eye, a 64MP Raspberry Pi Camera
• Raspberry Pi Launches Camera With Interchangeable Lens System for $50

Original Submission

JoeMerchant writes:

With all the bruhaha around ChatGPT, GPT-3 and friends like: Jasper, Article Forge and growthbar, let me just reminisce about the summer of 1984 when I made a word-salad generator that would log on to (teenage enemy) BBSs at 4 in the morning and fill their pages with uncanny valley residing content peppered with local usernames and hot topics of the day, fed at a semi-human imitating 140-240 baud with occasional pauses "for thought" - sysops would sometimes listen to their servers and content dumped in at full speed sounds different than human driven keyboard output, but humans can be imitated...

Swerving back to the title content: Garage Band, similar to AI story writers, Garage Band is one of many Digital Audio Workstation programs out there, used by the likes of Moby, Ed Sheeran, Trent Reznor, and let's be honest: "Avid Pro Tools is the DAW of choice, being used by producers on 65% of the top 100 albums from the past 10 years." The thing about Garage Band is: if you have any recent Apple gear (we still have a 6 year old iPad mini), then you have it included with your OS: for free. If not, there are many many free, low cost, and not so low cost DAW tools out there, but focusing on the "so free it's bundled with the OS" Garage Band, which has gadzillions of tutorials available, let me just hit the high points of what I discovered yesterday after basically ignoring the depth of what DAWs have become over the last 40 years.

See, in 1983 I was directly programming the 4 channel sound synthesizer on Atari 400/800 computers, in 1989 I built a MIDI controlled sound synthesizer out of some PLDs and a (fixed point 16 bit) TI DSP. I briefly opened various DAW softwares over the years since then, including Garage Band about 5-6 years ago - even bought a little keyboard as controller input to Garage Band for the kids to see if they would take an interest (they didn't). At that time, I went just deep enough into the software to see the drum sequencer and the thousands upon thousands of synthesizer voices, fancy real instrument interfaces, etc. What I didn't discover at that time were the Autoplayers - which basically give the DAW operator a studio full of session musicians who can drum in various styles and auto-play appropriate melody lines, chord progressions, etc. on basically all the instruments, started with a single click, then tunable in three to thirty dimensions to whatever you may be looking for in your musical production.

Couple this with ChatGPT writing lyrics and a good singing synthesizer or two, and Pop music is going to have a hard time keeping up with the flood of semi-original studio quality productions coming out of pre-teens' bedrooms.

upstart writes:

Netflix yanks back senior managers' ability to see their coworkers' pay:

The streaming giant's director-level executives—senior managers who are neither C-suite execs nor vice presidents—have long had the ability to see their colleagues' salaries. Now they're in the same boat as the rest of us, the Wall Street Journal reported Wednesday.

According to the Journal's sources at Netflix, the walkback stemmed from the vast expansion of director-level hires in recent years, some of whom demanded explanations for their pay discrepancies. Despite rounds of layoffs, Netflix employed 11,300 full-time workers at the end of 2021, representing a nearly 60% headcount growth from 2018.

The move comes as an embattled Netflix attempts to tighten its belt after hemorrhaging subscribers in the first half of 2022. The revoke of access, instituted late last year, is a contradictory move by a company that, as the Journal puts it, has heretofore "offered a rare degree of transparency to its workforce." That was mainly thanks to its co-CEO Reed Hastings, who has said transparency is vital to a healthy company culture.

"Transparency has become [our employees'] biggest symbol of how much we trust them to act responsibly," Hastings wrote in his 2020 book, No Rules Rules. Netflix has historically relied on a laissez-faire approach to leadership and management, he wrote, which necessitated "increasing organizational transparency and eliminating company secrets."

upstart writes:

NASA's Juno Spacecraft Suffered an Alarming Memory Glitch:

The problem was likely caused by a radiation spike produced by Jupiter's tumultuous magnetosphere, according to the space agency.

NASA'S Jupiter mission is back in action after suffering from an acute case of spacecraft amnesia, which caused the Juno spacecraft to temporarily lose access to data stored in its memory.

The NASA spacecraft resumed its regular operations on December 29, the space agency announced on Tuesday. Juno went into safe mode on December 17 due to a memory anomaly that took place following the spacecraft's 47th close flyby of Jupiter and its moon Io.

After completing its flyby on December 14, Juno began the process of sending science data to ground control, but the downlink was disrupted. The solar-powered orbiter had difficulty accessing the memory stored in its onboard computer. The glitch was likely caused by Juno flying through a radiation-heavy area in Jupiter's magnetosphere, causing a radiation spike that messed with its systems, NASA explained in its statement.

NASA's mission control rebooted the spacecraft and put it in safe mode until the issue was resolved. Shortly after, ground control was able to recover the science data collected during the last flyby and successfully downlink it to Earth, with only a tiny bit of data being corrupted by the memory glitch, according to NASA.

"The science data from the solar-powered spacecraft's most recent flyby of Jupiter and its moon Io appears to be intact," NASA wrote in the statement. "Instrument recovery activities are now complete, and the spacecraft is functioning nominally."

Original Submission

upstart writes:

Pendant held 5 tiny silk and linen packets with bone shards, likely religious relics:

In 2008, archaeologists excavating a medieval refuse pit in Mainz, Germany, discovered a heavily corroded pendant likely made in the late 12th century. But they were loath to open the pendant to find out what might be inside, lest they damage an already fragile artifact. Now technology has come to the rescue. Researchers from the Technical University of Munich scanned the pendant using neutron tomography, among other methods, and discovered it contained bone splinters—likely religious relics, i.e., the purported bones of saints. The findings were published in the interim meeting of the International Council of Museums-Committee for Conservation (ICOM-CC) Metals Working Group.

Neutron tomography works much the same way as X-ray and gamma-ray imaging methods, except it uses a neutron beam. A target object is shot with a beam of radiation, and some parts interact with the sample while others pass through. The ones that pass through collide with an imaging target to create what's known as an attenuation pattern—essentially an image of the interior of the sample. Neutron tomography is not as sensitive to the density of materials as X-ray and gamma-ray imaging, and unlike those methods, neutrons interact strongly with very light elements like hydrogen. So some things easily visible with neutron imaging may be challenging or impossible to see with X-ray imaging (and vice versa).

upstart writes:

France imposes a fine of $5.4 million on TikTok for inappropriate cookies and online tracking:

It seems that TikTok just can't catch a break. After getting banned from state-owned computers and mobile devices in over 20 states in the United States of America, where it faces a possible federal-level ban, the social media company was fined $5.4 million by France for inappropriate handling of cookies and online tracking.

France's CNIL or National Commission on Informatics and Liberty, the protection watchdog whose job it is to ensure that all companies operating in France abide by the nation's data laws, said that its investigation only concerned the website tiktok.com and not the service's much more heavily used smartphone applications.

The CNIL discovered that TikTok users who used the web version, found it more difficult to reject internet trackers than to accept them. Additionally, the authority determined that internet users were not adequately notified about TikTok's usage of cookies.

[...] According to regulations set forth by the European Union, websites must expressly request internet users' permission before using cookies, which are little data files saved when a user is browsing the web.

The fine comes just a day after TikTok's CEO, Shou Zi Chew met a contingent of EU officials in Brussels and assured them that TikTok takes data privacy seriously and will work closely with officials to safeguard users.

Original Submission

upstart writes:

More than 500 UAP reports have been cataloged:

The Office of the Director of National Intelligence (ODNI) has published its 2022 annual report on unidentified aerial phenomena (UAP), the government's new phrase for UFOs. In addition to the 144 UAP reports covered in the ODNI's preliminary assessment from June 2021, there have been an additional 247 new reports and another 119 that were either since discovered or reported outside the preliminary collection period.

As of August 30, 2022, a total of 510 UAP reports have been cataloged and even more information is supplied in the classified version of this report, the agency said.

According to an initial analysis, 26 reports where characterized as unmanned aircraft system (UAS) or UAS-like entities, 163 were characterized as balloon or balloon-like entities and six were attributed to clutter (birds, weather events, or airborne debris like plastic bags). Notably, initial characterization does not mean positively resolved or unidentified.

The ODNI and the newly established All-Domain Anomaly Resolution Office (AARO), which will serve as the DoD's focal point for UAP, will use the initial characterization to efficiently and effectively leverage resources against the remaining 171 uncharacterized and unattributed UAP reports, some of which appear to have demonstrated unusual flight characteristics or performance capabilities that require further analysis.

The ODNI and AARO acknowledge that a select number of UAP incidents may be attributable to sensor irregularities or variances, such as operator or equipment error.

fliptop writes:

YouTube is rethinking its approach to colorful language after an uproar:

In a statement to The Verge, the Google brand says it's "making some adjustments" to a profanity policy it unveiled in November after receiving blowback from creators. The rule limits or removes ads on videos where someone swears within the first 15 seconds or has "focal usage" of rude words throughout, and is guaranteed to completely demonetize a clip if swearing either occurs in the first seven seconds or dominates the content.

[...] YouTube hasn't said just what it plans to change, so it's not clear if the revised policy will satisfy those affected. For now, creators won't have much recourse beyond watching their use of cuss words. The uncertainty isn't necessarily prompting an exodus, but it is leading some video makers to reduce their dependence on YouTube as a source of income.

Personally, YT's crackdown has ruined one of my favorite channels.

Original Submission

owl writes:

https://www.windytan.com/2012/11/the-sound-of-dialup-pictured.html

If you ever connected to the Internet before the 2000s, you probably remember that it made a peculiar sound. But despite becoming so familiar, it remained a mystery for most of us. What do these sounds mean?

As many already know, what you're hearing is often called a handshake, the start of a telephone conversation between two modems. The modems are trying to find a common language and determine the weaknesses of the telephone channel originally meant for human speech.

Original Submission

upstart writes:

Most new construction must include gigabit internet, while pre-existing tenants no longer have to wait for a landlord's approval for an upgrade:

Good news for those across the pond: Home internet in the UK is getting an upgrade. Two new regulations will now require most new housing construction projects to include gigabit internet, while pre-existing tenants will also have easier access to a high-speed connection.

The United Kingdom's Department for Digital, Culture, Media, & Sport announced the new laws earlier this week, with ministers having amended Building Regulations 2010 to include the first of two new laws—that new housing developers in England must future-proof new construction by including a gigabit internet connection.

[...] Likewise, the department says that the Telecommunications Infrastructure (Leasehold Property) Act of 2021 (TILPA) will help tenants in rental homes get access to faster internet more easily. This law allows a telecommunications firm to obtain a court order to enter a property if a landlord is unresponsive.

Previously, tenants were required to wait for the landlord's approval before a new internet connection could be installed, and the department says that telecommunication companies would receive no response from a landlord 40% of the time.

Original Submission

Freeman writes:

Text-to-speech model can preserve speaker's emotional tone and acoustic environment:

On Thursday, Microsoft researchers announced a new text-to-speech AI model called VALL-E that can closely simulate a person's voice when given a three-second audio sample. Once it learns a specific voice, VALL-E can synthesize audio of that person saying anything—and do it in a way that attempts to preserve the speaker's emotional tone.

Its creators speculate that VALL-E could be used for high-quality text-to-speech applications, speech editing where a recording of a person could be edited and changed from a text transcript (making them say something they originally didn't), and audio content creation when combined with other generative AI models like GPT-3.

Original Submission