SoylentNews

upstart writes:

For decades, coders wrote critical systems in C and C++. Now they turn to Rust:

Many software projects emerge because—somewhere out there—a programmer had a personal problem to solve.

That's more or less what happened to Graydon Hoare. In 2006, Hoare was a 29-year-old computer programmer working for Mozilla, the open-source browser company. Returning home to his apartment in Vancouver, he found that the elevator was out of order; its software had crashed. This wasn't the first time it had happened, either.

Hoare lived on the 21st floor, and as he climbed the stairs, he got annoyed. "It's ridiculous," he thought, "that we computer people couldn't even make an elevator that works without crashing!" Many such crashes, Hoare knew, are due to problems with how a program uses memory. [...]

Most of us, if we found ourselves trudging up 21 flights of stairs, would just get pissed off and leave it there. But Hoare decided to do something about it. He opened his laptop and began designing a new computer language, one that he hoped would make it possible to write small, fast code without memory bugs. He named it Rust, after a group of remarkably hardy fungi that are, he says, "over-engineered for survival."

Seventeen years later, Rust has become one of the hottest new languages on the planet—maybe the hottest. There are 2.8 million coders writing in Rust, and companies from Microsoft to Amazon regard it as key to their future. The chat platform Discord used Rust to speed up its system, Dropbox uses it to sync files to your computer, and Cloudflare uses it to process more than 20% of all internet traffic.

An Anonymous Coward writes:

Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution:

Antivirus software is supposed to be an important part of an organization's defense against the endless tide of malware.

Cisco's open source ClamAV can fill that role – once you patch the 9.8/10 rated arbitrary code execution flaw the networking giant revealed on Wednesday.

A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code," states Cisco's security advisory, which identifies the issue as CVE-2023-20032.

[...] ClamAV's blog reveals a second flaw in the software: CVE-2023-20052.

Both are patched in version 1.01 of the application, available here.

[...] But fixing ClamAV is not the end of the story. Addressing the faulty file parser also requires updates to other Cisco products, including the Secure Web Appliance hardware. The Secure Endpoint Private Cloud also needs a fix, as does Cisco's Secure Endpoint product (formerly known as Advanced Malware Protection for Endpoints) for Linux, Windows, and macOS.

Original Submission

upstart writes:

The capital injection is part of the $40 billion investment announced in December:

Taiwan Semiconductor Manufacturing Company (TSMC) board has approved a plan of capital injection of up to $3.5 billion to TSMC Arizona, the company said.

In December, the foundry behemoth announced its plans to open a second chip factory in Arizona, boosting its investment in the US threefold to $40 billion. This represented "the largest foreign direct investment in Arizona history and one of the largest foreign direct investments in the history of the United States," the company said.

The capital injection is part of the $40 billion investment announced in December.

"When complete, TSMC Arizona's two fabs will manufacture over 600,000 wafers per year, with estimated end-product value of more than US$40 billion," the company announced in its December statement.

TSMC's US investments are part of the chipmaker's strategic move to expand beyond Taiwan, due to the country's political tensions with China.

Last month, the company said it is considering opening its first plant in Europe and a second one in Japan. The Europe plant is likely to come up in the German city of Dresden.

Related: TSMC Triples Arizona Chip Plant Investment, Apple Confirms to Only Use Chips Made in the US

Original Submission

upstart writes:

Oh, Good: A Flying Robotic SPIDAR:

Robots with multimodal locomotion capability are almost always a compromise, because usually they're a hodgepodge of mobility systems that don't really work together. It'd be possible to make a legged robot fly by stapling a bunch of propellers to it, but at any given time, either the legs or the propellers are going to be mostly just awkward extra mass. Some robots make this compromise more elegantly than others, but it's still a compromise.

A new quadrupedal robot under development at the University of Tokyo called SPIDAR aims to minimize this compromise by combining legs and propellers and relying on that combination for both walking and flying locomotion: Instead of leg actuators, it's got vectorable leg thrusters that can both move leg joints individually and get the entire robot completely airborne.

SPIDAR, in what is perhaps one of the worst backronyms of all time, stands for "SPherIcally vectorable and Distributed rotors assisted Air-ground amphibious quadruped Robot." It is absolutely not a spider, since it has four legs rather than eight, but it does look sufficiently leggy to set off a similar squick response.

[...] Each of SPIDAR's limb sections has a spherically vectorable dual thruster attached. These thrusters can "roll" around the limb as well as rotating orthogonally to it, providing thrust in any direction. The joints do currently have small servos to actuate them a little bit, but this is mainly to simplify the dynamics of the system in order to run everything on board. The servos aren't strong enough to support the weight of the robot, and its mobility does depend primarily on the thruster system. In total, SPIDAR has eight links with 16 joints, and weighs in at a hefty 15 kilograms, which includes eight batteries distributed along the links. Total flight time is 9 minutes, and the robot can walk for more than double that.

Original Submission

An Anonymous Coward writes:

Australian science people and a bunch of teachers have discovered three new spider species in a remote alpine region. Given Australia has so many spiders, and indeed other deadly creatures, it is a wonder they look for more. One of the new spiders discovered is a 'jumping spider' that 'looks like a "liquorice-all-sort" and is a "ferocious hunter" that camouflages as a tree branch'. In typical Australian style, another looks like an eight eyed puppy. No, really.

Twenty scientists and teachers have travelled to the region near the border between Victoria and New South Wales on a 11-day 'Alpine Bush Blitz' to catalogue species and broadcast the expedition into Australian classrooms.

Three previously undescribed spider species were found by Museums Victoria Research Institute arachnologist Joseph Schubert who said he hoped to find more before the Blitz concludes.

[...] "Discovering and documenting undescribed species is crucial for their conservation and may prevent invisible species from becoming extinct.

"If a species is not known, it cannot be adequately protected."

A quote by an Australian minister in response to this find was that "Around three-quarters of Australia's biodiversity is still waiting to be discovered by science" which just makes Australia just that much more a joyful place to live (for the fauna).

Remind me, how exactly do Australians get through life without being eaten alive, poisoned, trapped or just killed by the wildlife?

Original Submission

owl writes:

Somewhat related to a recent journal article, this comes across the WSJ:

WSJ direct link

Archive line to above WSJ article

You can own a gadget, but its fate might well be controlled by the company that makes it.

In January, Arlo Technologies Inc. sent an email to customers of its internet-connected security cameras about a new "end-of-life policy." Starting April 1, the company would no longer support models that included no-fee seven-day rolling storage of video clips—a well-advertised selling point.

End-of-life policies for tech products are becoming more common. Apple Inc. and Samsung Electronics Co. have similar ones. But Arlo's abrupt announcement aggravated some customers. Forty days later, the company recanted, keeping the free video storage and extending software support.

[...] In late 2018, Ms. Clum spotted a five-pack of Arlo security cameras at Best Buy, with enticing offers printed on the packaging: "Including FREE cloud recording" and "With rolling seven days of FREE cloud recordings."

She purchased 30 cameras, totaling over $6,000, and spent hours wiring and mounting them throughout the kennel herself. Today, 26 are still running.

[...] This year, on New Year's Day, Ms. Clum received Arlo's email explaining that her five-year-old cameras would move to their "end-of-life stage" in April. Firmware updates, as well as the seven-day no-fee cloud storage benefit, would end. Instead, Arlo device owners could upgrade to one of the company's paid plans, starting at $13 a month or buy an add-on device to store videos.

PS - they recanted -- for now -- but how long do you expect it will be before they try all over again to EOL these cameras?

Previously: Arlo is Taking Away Security Camera Features You Paid for

Original Submission

upstart writes:

House Judiciary subpoenas Tim Cook & rest of big tech about alleged collusion:

House Judiciary Chairman Jim Jordan (R-OH) has subpoenaed Big Tech executives to try to discover if they colluded to suppress free speech.

The Committee is seeking documents and commucations from the CEOs of Alphabet, Amazon, Apple, Meta, and Microsoft to see if the companies worked with the federal government to censor content on their platforms. The Committee says it has repeatedly attempted to work with the companies since December, but they did not "adequately comply" with the requests.

The subpoenas require Sundar Pichai, Andy Jassy, Tim Cook, Mark Zuckberg, and Satya Nadella to turn over all requested documents and communications by March 23, 2023. According toThe Wall Street Journal, it's a probe to determine if the companies censored viewpoints on issues such as COVID-19 policy that disagreed with White House policy.

However, in November, Apple CEO met with GOP lawmakers that included Ohio's Jim Jordan, California's Darrel Issa, and Washington's Cathy McMorris Rogers. At the time, it wasn't clear what was on the agenda.

Notably, the Committee didn't request information from Twitter CEO Elon Musk, even though it's a popular social network. However, Jordan has publicly voiced his support for Musk in the past.

Original Submission

upstart writes:

Biden announced new rules today to standardize America's EV-charging experience:

Today, the Biden administration announced new standards for expanding the national electric vehicle (EV) charging network in order to encourage widespread EV adoption by providing a "predictable" user experience. All charging stations will soon be required to adopt the same connector types, payment methods, and data privacy assurances. These new standards have pushed Tesla, for the first time, to make part of its proprietary charging network compatible with non-Tesla EVs in the United States.

Joining other industry stakeholders in supporting Biden's goal to build 500,000 EV chargers nationwide by 2030, Tesla has pledged to make "at least 7,500 chargers available for all EVs by the end of 2024," Biden's announcement said. This will include 3,500 new and existing 250 kW "superchargers" along highway corridors and 4,000 slower "destination chargers" at hotels and restaurants in urban and rural areas.

[...] Opening its charging network to all EVs could position Tesla as the clear industry leader across America, analysts told Reuters, but adopting the CCS standard could also diminish some consumers' incentive to buy Teslas. Tesla drivers have enjoyed exclusive access to the nation's largest and fastest network of "superchargers," but soon any EV owner can enjoy that same benefit without buying a Tesla.

Despite this seeming risk to its EV sales, Tesla CEO Elon Musk seemed "very open" to helping Biden meet his ambitious EV charging goals, White House Infrastructure Coordinator Mitch Landrieu said at a press briefing today. With so much funding available to competitors, Tesla otherwise might have risked a rival creating a larger charging network, thus losing Tesla drivers' incentive of exclusivity either way.

upstart writes:

Thirteen thousand members of the United States Army were reportedly caught up in a Reply-All email storm in early February:

Khaki-hued news and recruitment site Military.com last week published an account of the email swarm penned by a serving member of the Army who was granted anonymity to avoid backlash from brass.

The report states that the Reply-All storm started when an Army captain replied to a message from a distribution list called "FA57 Voluntary Transfer Incentive Program". Tragically, the unnamed soldier hit Reply-All instead of just Reply.

Their response soon reached 13,000 inboxes belonging to Army captains, "some newly promoted majors, a single chief warrant officer, a Space Force captain, and a specialist".

As is often the case, the storm grew in power as some recipients of the unwanted email also used Reply-All to relay their requests for the flood of emails to stop, while others used Reply-All with ironic intent – to both celebrate and complicate the mess. There are always a few, aren't there.

[...] "There are far too many technically illiterate captains who would benefit from learning how to use Microsoft Outlook (particularly how to set up sorting rules) instead of replying like boomers using new technology," the anonymous author opined.

[...] The author concluded with the observation that "This event proves the point that if you put a bunch of soldiers or officers of the same rank in one room (including generals), they will revert to acting like privates within 15 minutes."

Original Submission

Motor Trend and probably many other sources report on the recall of all Teslas with FSD, https://www.motortrend.com/news/tesla-admits-full-self-driving-crashes-recalls-360000-cars/

On February 15, 2023, the National Highway Transportation Safety Administration (NHTSA) posted a notice that Tesla will recall 362,758 of its Model S, Model X, Model 3, and Model Y vehicles—the entirety of its current lineup—from model years ranging between 2016 and 2023, and equipped with the Full Self-Driving Beta software suite. This driver assistance software, which is technically in beta, has been under investigation for years. NHTSA and Tesla have determined that the system "allows a vehicle to exceed speed limits or travel through intersections in an unlawful or unpredictable manner [that] increases the risk of a crash."

At the bottom there is a link to a Tweet by Elon:

Definitely. The word "recall" for an over-the-air software update is anachronistic and just flat wrong!

I remember at least one Soylentil commenting about turning off over-the-air updates from Tesla because they remove features. For the same reason the same owner never took their car to Tesla for service because of the likelihood of updates being applied against their wishes. Not sure if this applies in that case?

Original Submission

upstart writes:

Debian 12 "Bookworm" Enters Its Soft Freeze:

Debian 12 "Bookworm" Enters Its Soft Freeze After last month's initial Debian 12 freeze, this week the "Bookworm" Linux distribution release entered its soft freeze.

From this point on all uploads for Debian 12 need to be small, targeted fixes and no new source packages are to be allowed into Bookworm. Source packages in the Bookworm archive are also no longer allowed to add or drop binary packages.

The soft freeze was announced on Friday to the mailing list. In that release team update it was also noted:

The state of bookworm is pretty good. We ask everybody to keep working on fixing the remaining RC bugs (and please find and file those that are currently unreported). Link has the list we should drive down to zero together. Please try out upgrading your bullseye systems to bookworm now and report issue you encounter.

In the Bookworm archive is GNOME 43 packages, KDE Plasma 5.26.90 at the moment, the Linux 6.1 LTS kernel, Mesa 22.3, LLVM 15, and many other newer packages compared to what has been shipping in Debian 11.

The Debian 12.0 release should be out later this year [...] .

Original Submission

An Anonymous Coward writes:

https://scitechdaily.com/scientists-prove-that-there-is-no-second-law-of-entanglement/

The second law of thermodynamics is widely considered one of the most universally true physical laws. It dictates that the entropy, a measure of physical disorder, of any isolated system can never decrease over time. It adds an 'arrow of time' to everyday occurrences, determining which processes are reversible and which are not. It explains why an ice cube on a hot stove will always melt and why compressed gas will always escape its container and never return when a valve is opened to the atmosphere.

Only states of equal entropy and energy can be reversibly converted from one to the other. This reversibility condition led to the discovery of thermodynamic processes such as the (idealized) Carnot cycle, which poses an upper limit to how efficiently one can convert heat into work, or the other way around, by cycling a closed system through different temperatures and pressures. Our understanding of this process underpinned the rapid economic development during the Western Industrial Revolution.

[...] Resolving this long-standing open question, research carried out by Lami (previously at the University of Ulm and currently at QuSoft and the University of Amsterdam) and Bartosz Regula (University of Tokyo) demonstrates that manipulation of entanglement is fundamentally irreversible, putting to rest any hopes of establishing a second law of entanglement. This new result relies on the construction of a particular quantum state which is very 'expensive' to create using pure entanglement. Creating this state will always result in a loss of some of this entanglement, as the invested entanglement cannot be fully recovered. As a result, it is inherently impossible to transform this state into another and back again. The existence of such states was previously unknown.

Because the approach used here does not presuppose what exact transformation protocols are used, it rules out the reversibility of entanglement in all possible settings. It applies to all protocols, assuming they don't generate new entanglement themselves. Lami explains: "Using entangling operations would be like running a distillery in which alcohol from elsewhere is secretly added to the beverage."

Journal Reference:
Lami, L., Regula, B. No second law of entanglement manipulation after all. Nat. Phys. 19, 184–189 (2023). https://doi.org/10.1038/s41567-022-01873-9

Original Submission

quietus writes:

It is now legal to hack into any company or government institution in Belgium, but only under certain circumstances.

That's the result of a new law on whistleblower protection that came into effect on February 15. Under the law, any citizen with the Belgian nationality is allowed to breach networks of Belgian legal entities without any previous notification or consent, provided he/she describes and reports the breach to the Centre for Cybersecurity Belgium within 72 hours, and does not request a reward for it.

This new framework allows any natural or legal person, acting without fraudulent or malicious intent, to investigate and report existing vulnerabilities in networks and information systems located in Belgium, provided that certain conditions are strictly respected (see detailed explanations).

Do you think those hacking misfits should have any protection at all? Which legal framework exists for hackers in your country?

[Editor's Comment: The new law is specifically targeted at pen testers or 'ethical hackers' - it applies only to those acting "without fraudulent or malicious intent". There are specific "obligations in the context of the search for and reporting of a vulnerability" which are fully explained in the linked article. Whether or not such obligations will be abused or ignored is yet to be seen. --JR]

Original Submission

takyon writes:

Responsible use of AI in the military? US publishes declaration outlining principles

On Thursday, the US State Department issued a "Political Declaration on Responsible Military Use of Artificial Intelligence and Autonomy," calling for ethical and responsible deployment of AI in military operations among nations that develop them. The document sets out 12 best practices for the development of military AI capabilities and emphasizes human accountability.

The declaration coincides with the US taking part in an international summit on responsible use of military AI in The Hague, Netherlands. Reuters called the conference "the first of its kind." At the summit, US Under Secretary of State for Arms Control Bonnie Jenkins said, "We invite all states to join us in implementing international norms, as it pertains to military development and use of AI" and autonomous weapons.

In a preamble, the US declaration outlines that an increasing number of countries are developing military AI capabilities that may include the use of autonomous systems. This trend has raised concerns about the potential risks of using such technologies, especially when it comes to complying with international humanitarian law.

Freeman writes:

https://arstechnica.com/gadgets/2023/02/app-founder-quits-google-says-company-doesnt-serve-users-anymore/

Here's some insight into what Google's problems are like lately, direct from an ex-employee. Praveen Seshadri, a founder whose company was acquired by Google, recently quit and dropped a scathing Medium post on his way out the door, detailing the problems he saw in his time at the company. Seshadri says Google is "trapped in a maze of approvals, launch processes, legal reviews, performance reviews, exec reviews," and other bureaucratic processes, and while the employees are capable, they "get very little done quarter over quarter, year over year."

Seshadri is the founder of AppSheet, a "no-code development platform" that he started in 2014. After several years of development, Seshadri's company was acquired by Google Cloud in 2020, and Seshadri spent the next three years turning the app into Google AppSheet. Seshadri left Google the second his "three year mandatory retention period" was up, saying, "I have left Google understanding how a once-great company has slowly ceased to function."

Seshadri outlines his big problems with the company:

The way I see it, Google has four core cultural problems. They are all the natural consequences of having a money-printing machine called "Ads" that has kept growing relentlessly every year, hiding all other sins.

(1) no mission, (2) no urgency, (3) delusions of exceptionalism, (4) mismanagement.

[...] The post says that "risk mitigation trumps everything else" at Google, echoing a 2021 New York Times article saying CEO Sundar Pichai built "a paralyzing bureaucracy" while running the company.

Original Submission