SoylentNews

upstart writes:

Results come from a lab that had an earlier superconductivity paper retracted:

On Wednesday, a paper was released by Nature that describes a mixture of elements that can superconduct at room temperature. The work follows a general trend of finding new ways of stuffing hydrogen into a mixture of other atoms by using extreme pressure. This trend produced a variety of high-temperature superconductors in previous research, though characterizing them was difficult because of the pressures involved. This new chemical, however, superconducts at much lower pressures than previous versions, which should make it easier for others to replicate the work.

The lab that produced the chemical, however, had one of its earlier papers on high-temperature superconductivity retracted due to a lack of details regarding one of its key measurements. So, it's a fair bet that many other researchers will try to replicate it.

The form of superconductivity involved here requires that electrons partner up with each other, forming what are called Cooper pairs. One of the things that encourages Cooper pair formation is a high-frequency vibration (called a phonon) among the atomic nuclei that these electrons are associated with. That's easier to arrange with light nuclei, and hydrogen is the lightest around. So finding ways to stuff more hydrogen into a chemical is thought to be a viable route toward producing higher-temperature superconductors.

The surest way of doing that, however, involves extreme pressures. These pressures can induce hydrogen to enter the crystal structure of metals or to form hydrogen-rich chemicals that are unstable at lower pressures. Both of these approaches have resulted in chemicals with very high critical temperatures, the highest point at which they'll support superconductivity. While these have approached room temperature, however, the pressures required were multiple Gigapascals—with each Gigapascal being nearly 10,000 times the atmospheric pressure at sea level.

In essence, this involves trading off impractical temperatures for impractical pressures.

Original Submission #1  Original Submission #2 

Freeman writes:

https://arstechnica.com/tech-policy/2023/03/musk-apologizes-for-mocking-and-firing-twitter-exec-with-muscular-dystrophy/

After a tweet exchange where Twitter CEO Elon Musk questioned a fired former Twitter executive's disabilities and work performance, Musk has issued a rare apology and offered to rehire former Senior Director of Product Design Haraldur "Halli" Thorleifsson.

Thorleifsson joined Twitter in 2021, saying on the podcast Fast Politics with Molly Jong-Fast that he decided to let his successful design agency Ueno get acquired by Twitter because he really believed that, much like Musk, Twitter had "never lived up to its potential." Until his exit from Twitter, Thorleifsson led an innovation team at Twitter, but Musk apparently was not familiar with the meaningful contributions Thorleifsson made to the company until after he let Thorleifsson go. Now Musk apparently regrets dismissing Thorleifsson.

[...] Before Thorleifsson got the official notification that he'd been fired from Twitter, he told the BBC that he had a theory explaining why it took Twitter nine days to respond to his inquiries about layoffs.

"My theory is they made a mistake and are now looking for anything they can find to make this a 'for cause' firing to avoid having to fulfill their contractual obligations," Thorleifsson told the BBC.

According to The New York Times, the cost of firing Thorleifsson may be greater to Twitter than the cost of keeping him on, which could be another factor motivating Musk's decision to try to rehire the former design executive. Twitter users have speculated that his severance package could be worth $100 million, and Thorleifsson seems willing to take the money and leave. He tweeted that he's OK with his exit from Twitter and asked Musk to confirm he'll receive his full severance.

Related:
Open Source Teams at Google Hit Hard by Layoffs: Was It the Algorithm?

Original Submission

owl writes:

https://www.righto.com/2023/02/how-8086-processor-determines-length-of.html

The Intel 8086 processor (1978) has a complicated instruction set with instructions ranging from one to six bytes long. This raises the question of how the processor knows the length of an instruction.1 The answer is that the 8086 uses an interesting combination of lookup ROMs and microcode to determine how many bytes to use for an instruction. In brief, the ROMs perform enough decoding to figure out if it needs one byte or two. After that, the microcode simply consumes instruction bytes as it needs them. Thus, nothing in the chip explicitly "knows" the length of an instruction. This blog post describes this process in more detail.

[...] The 8086 uses a 6-byte instruction prefetch queue to hold instructions, and this queue will play an important role in this discussion.3 Earlier microprocessors read instructions from memory as they were needed, which could cause the CPU to wait on memory. The 8086, instead, read instructions from memory before they were needed, storing them in the instruction prefetch queue. (You can think of this as a primitive instruction cache.) To execute an instruction, the 8086 took bytes out of the queue one at a time. If the queue ran empty, the processor waited until more instruction bytes were fetched from memory into the queue.

Original Submission

hubie writes:

Study suggests that judgmental forecasting of trends in time-series data, such as weekly sales data, is lower when the information is displayed in bar chart format as opposed to a line graph or point graph:

A new study suggests that the format in which graphs are presented may be biasing people into being too optimistic or pessimistic about the trends in data that the graphs display.

Academics from City, University of London and University College London found that when people who were not experts about a set of data made predictions about how a trend in the data would develop over time, they made lower judgements when the trend was presented as a 'bar chart' type graph as compared to when exactly the same data was presented as a line graph or a graph consisting of a set of data points only.

Nevertheless, across many different types of trend participants consistently thought sales would be lower when the data were presented as bar charts than line graphs or point graphs.

The researchers wondered whether the reason was that in bar charts the area inside the bar is usually heavily shaded and hence visually draws attention to itself, lowering participants' estimates as compared to the other types of graph where there is no shading to attract the eye and attention.

However, in a third experiment, they found the same lower forecasts for bars even when the bars were left unshaded.

In a fourth experiment they tested a version of a bar chart where the bars emanated from the top of the graph rather than the bottom. While subtle trends in the data suggest this may reverse the bias, the findings were inconclusive.

Woodherd writes:

Better prospects are needed in universities and industry to make the most of valuable talent:

Japanese science has a problem: there are too many PhD holders and not enough senior roles in universities for them to move into. This is partly caused by a well-meaning, but flawed policy to promote Japanese research that dates back almost three decades.

In 1996, Japan began a plan to boost the number of its academic researchers with a PhD but who are not yet in permanent faculty positions. The country aimed to produce 10,000 of these postdoctoral roles and by 2006 it had exceeded this goal, creating more than 16,000 positions. This leaves a fairly obvious question; what happens to a researcher after they've completed a postdoc? There hasn't been a serious enough effort to create a career pathway for these researchers in academia. Employment in industry is also an uphill battle for them because — although progress has been made — Japanese businesses on the whole still don't fully appreciate PhDs as a qualification.

Some comparison:

Many students here in Japan increasingly believe that finding jobs in industry, even in pharmaceutical firms and other research-related companies, is easier without a PhD. This is because there can be a belief in industry that it's better and easier for a company to train newly hired employees from scratch, rather than training someone who already has their 'own way of doing things'. In the United States, 40.2% of PhD holders are employed in private industry, but in Japan that figure is just 14%. Hopefully, the 14% in Japan will prove how PhD holders can contribute to businesses so that more companies employ doctoral graduates, something that could also lead to greater collaboration between academia and industry.

Earning a PhD demands an excess of patience, imagination, flexibility and expertise. Surely these are enviable characteristics for any candidate seeking promotion, be that in academia or private industry.

Original Submission

upstart writes:

Rather than obtaining a warrant, the bureau purchased sensitive data:

Federal Bureau of Investigation has acknowledged for the first time that it purchased US location data rather than obtaining a warrant. While the practice of buying people's location data has grown increasingly common since the US Supreme Court reined in the government's ability to warrantlessly track Americans' phones nearly five years ago, the FBI had not previously revealed ever making such purchases.

The disclosure came today during a US Senate hearing on global threats attended by five of the nation's intelligence chiefs. Senator Ron Wyden, an Oregon Democrat, put the question of the bureau's use of commercial data to its director, Christopher Wray: "Does the FBI purchase US phone-geolocation information?" Wray said his agency was not currently doing so, but he acknowledged that it had in the past. He also limited his response to data companies gathered specifically for advertising purposes.

"To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising," Wray said. "I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that's not been active for some time." He added that the bureau now relies on a "court-authorized process" to obtain location data from companies.

It's not immediately clear whether Wray was referring to a warrant—that is, an order signed by a judge who is reasonably convinced that a crime has occurred—or another legal device. Nor did Wray indicate what motivated the FBI to end the practice.

In its landmark Carpenter v. United States decision, the Supreme Court held that government agencies accessing historical location data without a warrant were violating the Fourth Amendment's guarantee against unreasonable searches. But the ruling was narrowly construed. Privacy advocates say the decision left open a glaring loophole that allows the government to simply purchase whatever it cannot otherwise legally obtain. US Customs and Border Protection (CBP) and the Defense Intelligence Agency are among the list of federal agencies known to have taken advantage of this loophole.

Freeman writes:

https://arstechnica.com/cars/2023/03/tesla-under-new-federal-investigation-for-steering-wheels-that-detach/

Tesla has yet another federal headache to contend with. On March 4, the National Highway Traffic Safety Administration's Office of Defects Investigation opened a preliminary investigation after two reports of Tesla Model Y steering wheels detaching in drivers' hands while driving.

NHTSA's ODI says that in both cases, the model year 2023 Model Ys each required repairs on the production line that involved removing their steering wheels. The wheels were refitted but were only held in place by friction—Tesla workers never replaced the retaining bolt that affixes the steering wheel to the steering column. In 2018, Ford had to recall more than 1.3 million vehicles after an incorrectly sized bolt resulted in a similar problem.

The ODI document states that "sudden separation occurred when the force exerted on the steering wheel overcame the resistance of the friction fit while the vehicles were in motion" and that both incidents occurred while the electric vehicles still had low mileage.

Related:
Tesla recalls all cars with FSD (full self driving) option (Elon Tweet:"Definitely. The word "recall" for an over-the-air software update is anachronistic and just flat wrong!")
Feds Open Criminal Investigation Into Tesla Autopilot Claims
NHTSA Investigation Into Telsa Autopilot Intensifies
Tesla's Radar-less Cars Investigated by NHTSA After Complaints Spike
Tesla Under Federal Investigation Over Video Games That Drivers Can Play
Tesla Must Tell NHTSA How Autopilot Sees Emergency Vehicles
NHTSA Opens Investigation into Tesla Autopilot after Crashes with Parked Emergency Vehicles
Tesla Recall is Due to Failing Flash Memory
Tesla Crash Likely Caused by Video Game Distraction
Autopilot Was Engaged In The Crash Of A Tesla Model S Into A Firetruck In LA, NTSB Says
Tesla to Update Battery Software after Recent Car Fires
Tesla Facing Criminal Probe
Former Tesla Employee's Lawyer Claims His Client Was Effectively "SWATted"
NHTSA Finishes Investigation, Declares Tesla Has No Fault in Deadly Crash
Tesla Says Autopilot System Not to Blame for Dutch Crash

Original Submission

Freeman writes:

https://arstechnica.com/science/2023/03/moderna-ceo-says-private-investors-funded-covid-vaccine-not-billions-from-govt/

Moderna CEO Stéphane Bancel on Monday pushed back on criticism of the company's plans to raise the price of its mRNA-based COVID-19 vaccines by 400 percent, arguing that the billions of dollars in federal funding the company received played little role in the vaccine's development.

Speaking at the Wall Street Journal Health Forum, Bancel suggested that the vaccine's development is thanks to private investors and that the federal funding merely hastened development that would have occurred regardless.
[...]
While the government most recently paid $26 per dose of Moderna's updated booster, the company is planning to raise the price of its shots to $110 to $130 per dose.

Related:
"Pure and Deadly Greed": Lawmakers Slam Pfizer's 400% Price Hike on COVID Shots

Original Submission

upstart writes:

Hiatus hacking campaign has infected roughly 100 Draytek routers:

Researchers have uncovered advanced malware that's turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe.

Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote-access Trojan that allows the attackers to download files and run commands of their choice. The backdoor also enables attackers to funnel data from other servers through the router, turning the device into a covert proxy for concealing the true origin of malicious activity.

"This type of agent demonstrates that anyone with a router who uses the Internet can potentially be a target—and they can be used as proxy for another campaign—even if the entity that owns the router does not view themselves as an intelligence target," researchers from security firm Lumen's Black Lotus Labs wrote. "We suspect that threat actors are going to continue to utilize multiple compromised assets in conjunction with one another to avoid detection."

[...] Black Lotus still doesn't know how devices are getting hacked in the first place. Once (and however) that happens, the malware gets installed through a bash script that's deployed post-exploitation. It downloads and installs the two main binaries.

[...] Hiatus is mainly targeting DrayTek routers running an i386 architecture. The researchers, however, have uncovered prebuilt binaries compiled for ARM, MIPS64 big endian, and MIPS32 little endian platforms.

upstart writes:

The gene-editing tool is being tested in people, and the first treatment could be approved this year:

Forget about He Jiankui, the Chinese scientist who created gene-edited babies. Instead, when you think about gene editing you should think of Victoria Gray, the African-American woman who says she's been cured of her sickle-cell disease symptoms.

[...] But the designer-baby debate is a distraction from the real story of how gene editing is changing people's lives, through treatments used on adults with serious diseases.

In fact, there are now more than 50 experimental studies underway that use gene editing in human volunteers to treat everything from cancer to HIV and blood diseases, according to a tally shared with MIT Technology Review by David Liu, a gene-editing specialist at Harvard University.

Most of these studies—about 40 of them—involve CRISPR, the most versatile of the gene-editing methods, which was developed only 10 years ago.

[...] To scientists, CRISPR is a revelation because of how it can snip the genome at specific locations. It's made up of a cutting protein paired with a short gene sequence that acts like GPS, zipping to a predetermined spot in a person's chromosomes.

[...] The first generation of CRISPR treatments are also limited in another way. Most use the tool to damage DNA, essentially shutting off genes—a process famously described as "genome vandalism" by Harvard biologist George Church.

[...] Liu's lab is working on next-generation gene-editing approaches. These tools also employ the CRISPR protein, but it's engineered not to cut the DNA helix, but instead to deftly swap individual genetic letters or make larger edits. These are known as "base editors."

[...] Now that gene editing has had its first successes, Urnov says, there's an "urgent need" to open a "path to the clinic for all."

Original Submission

upstart writes:

A large percentage of employees are dissatisfied with their experience of joining a company:

New employees who start a job feeling undertrained and disconnected from their work environment are far more likely to quit than those who have a good onboarding experience.

With the unemployment rate lower than it has been in decades — even more so in technology fields — job candidates more often than not field multiple offers. So, if the onramp to a new job is bumpy, they're far more likely to reconsider staying with the organization, even in the short term.

According to research firm Gartner, 63% of new hires are satisfied with their onboarding experience. A recent survey by payroll and human resources provider Paychex showed onboarding experience affected how quickly they would quit after taking a position.

The survey of about 1,000 Americans by Paychex, released last month, found half (50%) of newly hired employeesplan to quit soon.

[...] Among the percentage of remote workers who said they're likely to leave their current job soon, 88% described their latest onboarding experience as boring, 78% called it confusing, and 74% saw it as a failure. On-site and hybrid employees fare better; only 36% of them viewed the onboarding process as confusing.

Remote workers are most likely to feel disoriented (60%) and devalued (52%) after onboarding, the survey found.

[...] Without a streamlined and supportive process, employees can be left frustrated, she said, which can muddle a new hire's first experience in a new position and affect their morale.

[...] "You need a two-way connection where they're not only learning about the company, but the company [is] learning about the employee and tailoring the onboarding experience to them. In that, they're also learning what the new hire brings to the table," Kohn said. "It works a lot better when a new hire comes in and sees a manager and a team already recognizes [that the new hire] brings strengths to the table."

Original Submission

upstart writes:

There's never enough time or staff to scan code repositories:

Software dependencies, or a piece of software that an application requires to function, are notoriously difficult to manage and constitute a major software supply chain risk. If you're not aware of what's in your software supply chain, an upstream vulnerability in one of your dependencies can be fatal.

A simple React-based Web application can have upward of 1,700 transitive NodeJS "npm" dependencies, and after a few months "npm audit" will reveal that a relatively large number of those dependencies have security vulnerabilities. The case is similar for Python, Rust, and every other programming language with a package manager.

I like to think of dependencies as decaying fruit in the unrefrigerated section of the code grocer, especially npm packages, which are often written by unpaid developers who have little motivation to put in more than the bare minimum of effort. They're often written for personal use and they're open sourced by chance, not by choice. They're not written to last.

[...] Not all hope is lost. For known (reported and accepted) vulnerabilities, tools exist, such as pip-audit, which scans a developer's Python working environment for vulnerabilities. Npm-audit does the same for nodeJS packages. Similar tools exist for every major programming language and, in fact, Google recently released OSV-Scanner, which attempts to be a Swiss Army knife for software dependency vulnerabilities. Whether developers are encouraged (or forced) to run these audits regularly is beyond the scope of this analysis, as is whether they actually take action to remediate these known vulnerabilities.

However, luckily for all of us, automated CI/CD tools like Dependabot exist to make these fixes as painless as possible. These tools will continually scan your code repositories for out-of-date packages and automatically submit a pull request (PR) to fix them. Searching for "dependabot[bot]" or "renovate[bot]" on GitHub and filtering to active PRs yields millions of results! However, 3 million dependency fixes versus hundreds of millions of active PRs at any given time is an impossible quantification to attempt to make outside of an in-depth analysis.

fliptop writes:

BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits:

Researchers on Wednesday announced a major cybersecurity find—the world's first-known instance of real-world malware that can hijack a computer's boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.

Dubbed BlackLotus, the malware is what's known as a UEFI bootkit. These sophisticated pieces of malware hijack the UEFI— short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC's device firmware with its operating system, the UEFI is an OS in its own right. It's located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch.

[...] The second thing standing in the way of UEFI attacks is UEFI Secure Boot, an industry-wide standard that uses cryptographic signatures to ensure that each piece of software used during startup is trusted by a computer's manufacturer. Secure Boot is designed to create a chain of trust that will prevent attackers from replacing the intended bootup firmware with malicious firmware. If a single firmware link in that chain isn't recognized, Secure Boot will prevent the device from starting.

While researchers have found Secure Boot vulnerabilities in the past, there has been no indication that threat actors have ever been able to bypass the protection in the 12 years it has been in existence. Until now.

[...] To defeat Secure Boot, the bootkit exploits CVE-2022-21894, a vulnerability in all supported versions of Windows that Microsoft patched in January 2022. The logic flaw, referred to as Baton Drop by the researcher who discovered it, can be exploited to remove Secure Boot functions from the boot sequence during startup. Attackers can also abuse the flaw to obtain keys for BitLocker, a Windows feature for encrypting hard drives.

Previously:

• Custom-Made UEFI Bootkit Found Lurking in the Wild
• First-Ever UEFI Rootkit Tied To Sednit APT

Original Submission

mhajicek writes:

https://www.science.org/content/article/ai-re-creates-what-people-see-reading-their-brain-scans

As neuroscientists struggle to demystify how the human brain converts what our eyes see into mental images, artificial intelligence (AI) has been getting better at mimicking that feat. A recent study, scheduled to be presented at an upcoming computer vision conference, demonstrates that AI can read brain scans and re-create largely realistic versions of images a person has seen. As this technology develops, researchers say, it could have numerous applications, from exploring how various animal species perceive the world to perhaps one day recording human dreams and aiding communication in people with paralysis.

Many labs have used AI to read brain scans and re-create images a subject has recently seen, such as human faces and photos of landscapes. The new study marks the first time an AI algorithm called Stable Diffusion, developed by a German group and publicly released in 2022, has been used to do this. Stable Diffusion is similar to other text-to-image "generative" AIs such as DALL-E 2 and Midjourney, which produce new images from text prompts after being trained on billions of images associated with text descriptions.

For the new study, a group in Japan added additional training to the standard Stable Diffusion system, linking additional text descriptions about thousands of photos to brain patterns elicited when those photos were observed by participants in brain scan studies.

[...] Finally, the researchers tested their system on additional brain scans from the same participants when they viewed a separate set of photos, including a toy bear, airplane, clock, and train. By comparing the brain patterns from those images with those produced by the photos in the training data set, the AI system was able to produce convincing imitations of the novel photos. (The team posted a preprint of its work in December 2022.)

"The accuracy of this new method is impressive," says Iris Groen, a neuroscientist at the University of Amsterdam who was not involved with the work.

I'm wondering how this sort of ability will effect copyright, in the long term, when it becomes possible to extract high-enough fidelity copies of media from people's brains, which they have observed before and remember. If someone views an image, listens to a song, or watches a movie, and then downloads a copy from their brain to share, is that copyright infringement? Is the copy in their head infringement? Will the law determine a percentage fidelity limit?

Original Submission

Snotnose writes:

Seems the DHS has a secret program to spy on American citizens

For years, the Department of Homeland Security has run a virtually unknown program gathering domestic intelligence, one of many revelations in a wide-ranging tranche of internal documents reviewed by POLITICO.

Those documents also reveal that a significant number of employees in DHS's intelligence office have raised concerns that the work they are doing could be illegal.

Under the domestic-intelligence program, officials are allowed to seek interviews with just about anyone in the United States. That includes people held in immigrant detention centers, local jails, and federal prison. DHS's intelligence professionals have to say they're conducting intelligence interviews, and they have to tell the people they seek to interview that their participation is voluntary. But the fact that they're allowed to go directly to incarcerated people — circumventing their lawyers — raises important civil liberties concerns, according to legal experts.

That specific element of the program, which has been in place for years, was paused last year because of internal concerns. DHS's Office of Intelligence and Analysis, which runs the program, uses it to gather information about threats to the U.S., including transnational drug trafficking and organized crime. But the fact that this low-profile office is collecting intelligence by questioning people in the U.S. is virtually unknown.

IMHO, when your own employees are afraid they're breaking the law by doing their jobs; and those same people fear punishment if they speak up, says a lot about the ethics of this bullshit.

Original Submission