SoylentNews

upstart writes:

Automakers are pushing subscriptions, but consumer interest just isn't there:

The last decade or so has seen the creeping techification of the auto industry. Executives will tell you the trend is being driven by consumers, starry-eyed at their smartphones and tablets, although the 2018 backup camera law is the main reason there's a display in every new car.

But automakers have been trying to adopt more than just shiny gadgets and iterating software releases. They also want some of that lucrative "recurring revenue" that so pleases tech investors but makes the rest of us feel nickeled and dimed. Now we have some concrete data on just how much car buyers are asking for this stuff, courtesy of a new survey from AutoPacific. The answer is "very little."

AutoPacific asked people looking to buy a new vehicle about their interest in 11 different in-car connected features, starting with a data plan for the car for a hypothetical price of $15/month.

The results may chasten some of the investors demanding that the car companies keep traveling down this path. The most in-demand or desirable feature was Internet connection with a Wi-Fi hotspot—not an unreasonable demand for $15 per month. But only 30 percent of people looking to buy a new car said they were interested in paying for their car's Internet access.

[...] AutoPacific also broke down some of its data by age brackets. The 30- to 39-year-old group was consistently the most interested in connected subscription features for their cars—28 percent want to stream video directly to the infotainment screen, 20 percent want to play video games on the infotainment screen, and 18 percent want in-car video conferencing. As you might expect, the 60- to 69-year-old bracket was the least interested in any of this stuff; just 10 percent would want in-car video streaming, with video conferencing at 5 percent and in-car gaming at just 4 percent.

In other news, water is wet...

Original Submission

upstart writes:

Arm is tired of seeing device makers bring in billions while it makes millions:

What's in store for the future of chip maker Arm? The company's owner, Softbank, has been in financial trouble lately, and that has caused Arm to bounce from one dramatic possibility to another. Initially, Arm was put up for sale, and Nvidia was the front-runner to buy the company. That plan was shut down by regulators, and now "Plan B" is an IPO, which is supposed to happen on the New York Stock Exchange sometime this year. If you want to succeed on the stock market, you've got to show revenue, and while Arm enables the sale of billions of dollars of devices around the world, the company's chip licensing scheme only brings in a comparatively small amount of money—around $500 million a quarter.

The Financial Times has a report on Arm's "radical shake-up" of its business model. The new plan is to raise prices across the board and charge "several times more" than it currently does for chip licenses. According to the report, Arm wants to stop charging chip vendors to make Arm chips, and instead wants to charge device makers—especially smartphone manufacturers—a fee based on the overall price of the final product.

Let's say Motorola makes a phone with a Qualcomm Snapdragon Arm chip. Previously, Qualcomm would have signed a deal with Arm for an Arm license, and that license would extend to anyone that buys a Qualcomm Arm chip, like Motorola. Qualcomm contributes a lot to its own chip designs, but when it comes to the Arm license it is basically an Arm reseller. Arm would now want a licensing fee from Motorola (and not Qualcomm?), and it would ask Qualcomm to not sell chips to anyone that doesn't have a licensing agreement with Arm.

upstart writes:

In its bid to catch up with Starlink, the company plans to build as many as four satellites a day:

Amazon has applied to the FCC to increase its constellation to 7,774 satellites, which would allow it to cover regions further north and south, including Alaska, as Starlink does.

There are riches to be had: SpaceX currently charges $110 a month to access Starlink, with an up-front cost of $599 for an antenna to connect to the satellites. According to a letter to shareholders last year, Amazon is spending "over $10 billion" to develop Kuiper, with more than 1,000 employees working on the project. Andy Jassy, Amazon's current CEO, has said that Kuiper has a chance of becoming a "fourth pillar" for the company, alongside its retail marketplace, Amazon Prime, and its widely used cloud computing service, Amazon Web Services

"Amazon's business model relies on people having internet connectivity," says Shagun Sachdeva, an industry expert at the space investment firm Kosmic Apple in France. "It makes a lot of sense for them to have this constellation to provide connectivity."

Amazon is not yet disclosing the pricing of its service but has previously said a goal is to "bridge the digital divide" by bringing fast and affordable broadband to "underserved communities," an ambition Starlink has also professed. But whether costs will ever get low enough for that to be achievable remains to be seen. "Costs will come down, but to what extent is really the question,"  says Sachdeva. On March 14, the company revealed it was producing its own antennas at a cost of $400 each, although a retail cost has not yet been revealed.

guest reader writes:

Julia and Kokkos perform comparably with C/OpenMP on CPUs, while Julia implementations are competitive with CUDA and HIP on GPUs:

High-level dynamic languages such as Python, Julia, and R have been at the forefront of artificial intelligence/machine learning (AI/ML), data analysis, and interactive computing workflows in the last decade. Traditional high-performance computing (HPC) frameworks that power the underlying low-level computations for performance and scalability are written in compiled languages: C, C++, and Fortran.

[...] We analyze single node scalability on two systems hosted at the Oak Ridge Leadership Computing Facility (OLCF)1—Wombat, which uses Arm Ampere Neoverse CPUs and 2 NVIDIA A100 GPUs, and Crusher, which is equipped with AMD EPYC 7A53 CPUs and 8 MI250X GPUs and serves as a test bed for Frontier, the first exascale system on the TOP500 list.

[...] We run hand-rolled general matrix multiplication (GEMM) code for dense matrices using Julia, Python/Numba and Kokkos implementations and compare the performance with C for multithreaded CPU (OpenMP) and single GPU (CUDA/HIP) systems. GEMM is an important kernel in the Basic Linear Algebra Subprograms (BLAS) used across several deep learning AI frameworks, for which modern GPU architectures have been heavily optimized via tensor cores.

[...] For CPUs, Julia performance was comparable to C/OpenMP combined with LLVM-based ArmClang and AMDClang vendor compilers. For the AMD GPUs, Julia AMDGPU.jl performance was comparable to HIP. Nevertheless, there is still a performance gap on NVIDIA A100 GPUs for single-precision floating point cases.

[...] We observe that Python/Numba implementations still lack the support needed to reach comparable CPU and GPU performance on these systems, and AMD GPU support is deprecated.

Pre-print article:
William F. Godoy and Pedro Valero-Lara and T. Elise Dettling and Christian Trefftz and Ian Jorquera and Thomas Sheehy and Ross G. Miller and Marc Gonzalez-Tallada and Jeffrey S. Vetter and Valentin Churavy, Evaluating performance and portability of high-level programming models: Julia, Python/Numba, and Kokkos on exascale nodes, Accepted at the 28th HIPS workshop, held in conjunction with IPDPS 2023, 2023, 2303.06195, https://doi.org/10.48550/arXiv.2303.06195

Original Submission

upstart writes:

Beijing's Made in China drive fueled by Washington's export crackdowns:

Huawei has reportedly completed work on electronic design automation (EDA) tools for laying out and making chips down to 14nm process nodes.

Chinese media said the platform is one of 78 being developed by the telecoms equipment giant to replace American and European chip design toolkits that have become subject to export controls by the US and others.

EDA is an umbrella term for software, hardware, and services essential to the planning, design, and production of chips. While integrated circuits were largely designed by hand decades ago, chips became so complex that computer-aided design and automation was unavoidable, generally speaking.

Huawei's EDA platform was reportedly revealed by rotating Chairman Xu Zhijun during a meeting in February, and later confirmed by media in China. The Register reached out to Huawei's PR team for comment; we'll let you know if we hear anything back.

Today, the EDA market is largely controlled by three companies: California-based Synopsys and Cadence, as well as Germany's Siemens. According to the industry watchers at TrendForce, these three companies account for roughly 75 percent of the EDA market. And this poses a problem for Chinese chipmakers and foundries, which have steadily found themselves cut off from these tools.

Synopsys and Cadence's EDA tech is already subject to several of these export controls, which were stiffened by the US Commerce Department last summer to include state-of-the-art gate-all-around (GAA) transistors.

upstart writes:

The uncrewed capsule will fly again:

Blue Origin now has an explanation for the booster failure that cut a New Shepard flight short last September. Jeff Bezos' company has determined that a "thermo-structural failure" in the NS-23 rocket's engine nozzle was to blame. Operational temperatures for the nozzle climbed higher than expected following cooling system design changes, creating fatigue that misaligned the thrust and activated the crew capsule's escape system.

Engineers are already taking "corrective actions" that include redesigning the combustion chamber and operating conditions. Blue Origin has also tweaked the nozzle design to improve its structural integrity. The capsule wasn't damaged and will fly again, Blue Origin says.

The company says it hopes to resume flights "soon," but hasn't provided an exact date. It intends to restart operations by re-flying the research payload from the aborted mission. The Federal Aviation Administration has to accept the incident findings before Blue Origin can move forward.

There's plenty of pressure on Blue Origin to address the issues. The company recently obtained a NASA contract to fly a science mission to Mars using its yet-to-launch New Glenn rocket, and has been pushing for a lunar lander agreement. The sooner Blue Origin can prove that its rocketry is trustworthy, the sooner it can secure customers that include governments and space tourists.

Original Submission

guest reader writes:

Security researchers find bugs, big and small, in every industrial box probed:

Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers.

The researchers looked at 45 operational technology (OT) product lines used in government, healthcare, water, oil and gas, power generation, manufacturing, retail and other sectors from ten different major vendors. By reverse engineering the products, they were able to identify bad practices like unauthenticated protocols and weak cryptography.

From 53 identified CVEs: More than a third (21 CVEs) could facilitate credential compromise. Another 18 CVEs involved data manipulation, with 13 of these allowing firmware manipulation. And 10 CVEs provided a path to remote code execution.

Based on open source inquiries (e.g., using the Shodan search engine), the authors determined that a significant number of potentially vulnerable systems are exposed to the internet.

The vendors covered included: Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, Yokogawa, and Schneider Electric.

"Worryingly, many of these products are certified but suffer from vulnerabilities that should have been caught in the certification process," the researchers say in their paper, citing IEC 62443 labelled products that weren't compliant. "...This suggests that apart from what the standards may not cover, even the things they do cover are not always properly covered in practice."

The Biden administration has cited the need to protect critical infrastructure as part of its recently announced National Cybersecurity Strategy. That goal evidently remains a work in progress.

Pre-print paper:
Jos Wetzels, Daniel dos Santos, and Mohammad Ghafari. 2023. Insecure by Design in the Backbone of Critical Infrastructure. In Cyber-Physical Systems and Internet of Things Week 2023 – this is a preprint version, May 9–12, 2023, San Antonio, TX, USA. ACM, New York, NY, USA, 6 pages. https://doi.org/10.48550/arXiv.2303.12340

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2023/03/journalist-plugs-in-unknown-usb-drive-mailed-to-him-it-exploded-in-his-face/

It's no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we've seen them used to infiltrate an Iranian nuclear facility, infect critical control systems in US power plants, morph into programmable, undetectable attack platforms, and destroy attached computers with a surprise 220-volt electrical surge. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos.

As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated.
[...]
According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.

According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US's, use RDX, which "can be used alone as a base charge for detonators or mixed with other explosives, such as TNT." Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm.

Original Submission

hubie writes:

A new study has identified several characteristics typical of music associated with sleep, such as being quieter and slower than other music:

Many people say that they listen to music to help them fall asleep, raising the question of whether music chosen for this purpose shares certain universal characteristics. However, research on the characteristics of sleep music is limited, and prior studies have tended to be relatively small.

To better understand the characteristics of sleep music, Scarratt and colleagues analyzed 225,626 tracks from 985 playlists on Spotify that are associated with sleep. They used Spotify's API to compare the audio features of the sleep tracks to audio features of music from a dataset representing music in general.

This analysis showed that sleep music tends to be quieter and slower than other music. It also more often lacks lyrics and more often features acoustic instruments. However, despite these trends, the researchers found considerable diversity in the musical features of sleep music, identifying six distinct sub-categories.

Three of the sub-categories, including ambient music, align with the typical characteristics identified for sleep music.

However, music in the other three subcategories was louder and had a higher degree of energy than average sleep music. These tracks included several popular songs, including "Dynamite" by the band BTS, and "lovely (with Khalid)" by Billie Eilish and Khalid.

[...] Overall, this study suggests that there is no "one-size-fits-all" when it comes to the music people choose for sleep. The findings could help inform future development of music-based strategies to help people sleep.

So what's on your sleep playlist?

Journal Reference:
Rebecca Jane Scarratt, et al., The audio features of sleep music: Universal and subgroup characteristics [open], Plos One, 2023. DOI: https://doi.org/10.1371/journal.pone.0278813

Original Submission

upstart writes:

Newly-revealed coronavirus data has reignited a debate over the virus's origins:

Data collected in 2020—and kept from public view since then—potentially adds weight to the animal theory. It highlights a potential suspect: the raccoon dog. But exactly how much weight it adds depends on who you ask. New analyses of the data have only reignited the debate, and stirred up some serious drama.

The current ruckus starts with a study shared by Chinese scientists back in February 2022. In a preprint (a scientific paper that has not yet been peer-reviewed or published in a journal), George Gao of the Chinese Center for Disease Control and Prevention (CCDC) and his colleagues described how they collected and analyzed 1,380 samples from the Huanan Seafood Market.

These samples were collected between January and March 2020, just after the market was closed. At the time, the team wrote that they only found coronavirus in samples alongside genetic material from people.

There were a lot of animals on sale at this market, which sold more than just seafood. The Gao paper features a long list, including chickens, ducks, geese, pheasants, doves, deer, badgers, rabbits, bamboo rats, porcupines, hedgehogs, crocodiles, snakes, and salamanders. And that list is not exhaustive—there are reports of other animals being traded there, including raccoon dogs. We'll come back to them later.

But Gao and his colleagues reported that they didn't find the coronavirus in any of the 18 species of animal they looked at. They suggested that it was humans who most likely brought the virus to the market, which ended up being the first known epicenter of the outbreak.

But....

upstart writes:

A 13-sided shape called 'the hat' forms a pattern that never repeats:

A 13-sided shape known as "the hat" has mathematicians tipping their caps.

It's the first true example of an "einstein," a single shape that forms a special tiling of a plane: Like bathroom floor tile, it can cover an entire surface with no gaps or overlaps but only with a pattern that never repeats.

"Everybody is astonished and is delighted, both," says mathematician Marjorie Senechal of Smith College in Northampton, Mass., who was not involved with the discovery. Mathematicians had been searching for such a shape for half a century. "It wasn't even clear that such a thing could exist," Senechal says.

Although the name "einstein" conjures up the iconic physicist, it comes from the German ein Stein, meaning "one stone," referring to the single tile. The einstein sits in a weird purgatory between order and disorder. Though the tiles fit neatly together and can cover an infinite plane, they are aperiodic, meaning they can't form a pattern that repeats.

With a periodic pattern, it's possible to shift the tiles over and have them match up perfectly with their previous arrangement. An infinite checkerboard, for example, looks just the same if you slide the rows over by two. While it's possible to arrange other single tiles in patterns that are not periodic, the hat is special because there's no way it can create a periodic pattern.

canopic jug writes:

The National Labor Relations Board has clarified that non-disparagement clauses attached to severance packages are null and void. Companies will not be able to stifle criticism by ex-employees through clauses asking them to waive their inherent rights.

The general counsel of the National Labor Relations Board issued a clarifying memo on Wednesday regarding the "scope" of a February ruling by the federal agency's board that said employers cannot include blanket non-disparagement clauses in their severance packages, nor demand laid-off employees keep secret the terms of their exit agreements.

Such provisions have become increasingly common in recent years, muzzling employees and otherwise stopping them from speaking up about working conditions by dangling a few weeks or months of pay in front of them at the exact moment they are losing their job.

This is a follow up to last month's statment and could prove significant for some employers with a high rate of turn over and decades of in-house dirt. *cough*m$*cough*

Original Submission

upstart writes:

A 'new deal for the night' needed:

Increasing levels of light pollution means Earth's surface has almost no practical locations for astronomical observatories, a group of astronomers said on Monday.

Artificial light emitted from buildings, streetlights, and reflected from satellite constellations are making the night sky brighter for earth-bound skywatchers. The Milky Way was visible to pretty much everyone less than 100 years ago, but is now drowned out by human-made light to most, according to the International Dark Sky Association.

[...] "Today, due to the rise of light pollution, there are almost no more remote places available on Earth that simultaneously meet all the characteristics needed to install an observatory (namely, the absence of light pollution, a high number of clear nights, and good seeing)," a team of astronomers said in Nature Astronomy.

The authors urged astronomers, companies, politicians, and lawmakers around the world to work together to reach a global agreement to limit artificial light. Light pollution should be treated in the same way that other types of pollutants, like greenhouse gases, they argued. Governments around the world should and can tackle light pollution in the same ways they address climate change: with international treaties and goals to restrict levels of other pollutants.

[...] "As it is not too late to stop this, we as scientists and first as citizens should act to stop this attack, from above with satellites and from below with [artificial light at night], on the natural night and on the intangible cultural heritage of humankind's starry skies," they concluded.

"Now is the time to consider the prohibition of mega-constellations and to promote a significant reduction in [artificial light at night] and the consequent light pollution. Our world definitely needs a 'new deal' for the night."

Journal Reference:
Falchi, F., Bará, S., Cinzano, P. et al. A call for scientists to halt the spoiling of the night sky with artificial light and satellites [open]. Nat Astron 7, 237–239 (2023). https://doi.org/10.1038/s41550-022-01864-z

Original Submission

guest reader writes:

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023:

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA's Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

The STAR Labs team (@starlabs_sg) demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Synacktiv (@Synacktiv) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla – Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.

Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000).

Last but not least, Marcin Wiązowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.

Throughout the Pwn2Own Vancouver 2023 contest, security researchers will target products in enterprise applications, enterprise communications, local escalation of privilege (EoP), server, virtualization, and automotive categories.

[...] After zero-day vulnerabilities are demoed and disclosed during Pwn2Own, vendors have 90 days to create and release security fixes for all reported flaws before Trend Micro's Zero Day Initiative publicly discloses them.

During last year's Vancouver Pwn2Own contest, security researchers earned $1,155,000 after hacking Windows 11 six times, Ubuntu Desktop four times, and successfully demonstrating three Microsoft Teams zero-days.

Previous:
Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input
Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
It's March 2018 and Your Windows PC Can Be Pwned By a Web Article

Original Submission

hubie writes:

Urban inequality in Europe and the United States is so severe that urban elites claim most of the benefits from the agglomeration effects that big cities provide, while large parts of urban populations get little to nothing:

In recent years, researchers from across disciplines have identified striking and seemingly universal relationships between the size of cities and their socioeconomic activity. Cities create more interconnectivity, wealth, and inventions per resident as they grow larger. However, what may be true for city populations on average, may not hold for the individual resident.

"The higher-than-expected economic outputs of larger cities critically depend on the extreme outcomes of the successful few. Ignoring this dependency, policy makers risk overestimating the stability of urban growth, particularly in the light of the high spatial mobility among urban elites and their movement to where the money is", says Marc Keuschnigg, associate professor at the Institute for Analytical Sociology at Linköping University and professor at the Institute of Sociology at Leipzig University.

[...] An individual's productivity depends on the local social environments in which they find themselves in. Because of the greater diversity in larger cities, skilled and specialized people are more likely to find others whose skills are complementary to their own. This allows for higher levels of productivity and greater learning opportunities in larger cities.

But, not everyone can access the productive social environments that larger cities provide. Different returns from context accumulate over time which gives rise to substantial inequality.

[...] Consequently, the initially successful individuals in the bigger cities increasingly distanced themselves from both the typical individual in their own city, creating inequality within the big cities, and the most successful individuals in smaller cities, creating inequality between cities.