SoylentNews

upstart writes:

Kernel 6.2 ditched a useful defense against ghostly chip design flaw:

The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.

On Thursday, Eduardo (sirdarckcat) Vela Nava, from Google's product security response team, disclosed a Spectre-related flaw in version 6.2 of the Linux kernel.

The bug, designated medium severity, was initially reported to cloud service providers – those most likely to be affected – on December 31, 2022, and was patched in Linux on February 27, 2023.

"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains. The consequence of that attack is potential information exposure (e.g., leaked private keys) through this pernicous problem.

The moniker Spectre [PDF] describes a set of vulnerabilities that abuse speculative execution, a processor performance optimization in which potential instructions are executed in advance to save time.

canopic jug writes:

MEP Patrick Breyer (Germany, Pirate Party), one of the few representatives fighting for preserving rights online rather than against them, has posted a summary about the EU Parliament's assessment of the proposed "Chat Control" legislation. In short, the "Chat Control" proposal violates basic human rights:

The experts made clear that an "increase in the number of reported contents does not necessarily lead to a corresponding increase in investigations and prosecutions leading to better protection of children. As long as the capacity of law enforcement agencies is limited to its current size, an increase in reports will make effective prosecution of depictions of abuse more difficult."

In addition, the study finds: "It is undisputed that children need to be protected from becoming victims of child abuse and depictions of abuse online... but they also need to be able to enjoy the protection of fundamental rights as a basis for their development and transition into adulthood." It warns: „With regards to adult users with no malicious intentions, chilling effects are likely to occur."

There is an obfuscated link at the bottom of his post to the study, Proposal for a regulation laying down the rules to prevent and combat child sexual abuse: Complementary Impact Assessment. He also has older overview of the problems with the proposed legislation at his blog, too.

Original Submission

NotSanguine writes:

[Editor's Note: This is not connected to the Kodi Linux Operating System. JR]

Bleeping Computer reports that Kodi has revealed (on 8 April 2023) that their forum [N.B. the forum itself is now gone and replaced with a blog post about the breach] database was breached and is for sale online.

From the Bleeping Computer article:

The Kodi Foundation has disclosed a data breach after hackers stole the organization's MyBB forum database containing user data and private messages and attempted to sell it online.

Kodi is a cross-platform open-source media player, organizer, and streaming suite, that supports a vast array of third-party add-ons enabling the users to access content from various sources or customize their experience.

The now-shut down Kodi forum has roughly 401,000 members who used it to discuss media streaming, exchange tips, offer support, share new add-ons, and more in 3 million posts.

According to an announcement published by the platform on Saturday, hackers stole the forum database by logging into the Admin console using an inactive staff member's credentials.

Once they gained access to the admin panel, they created and downloaded database backups multiple times in 2023.

"MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February," explains Kodi in a message to its users.

"The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full-backups of the database."

The Kodi team confirmed that the actual account owner did not perform these actions on the admin console, indicating that the staff member's credentials were likely stolen.

"If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site."

So Soylentils, do (or, in the case of the forum, did) you use Kodi or, more importantly, their forum?

If so, will this breach affect how/whether or not you (continue) to use Kodi?

Original Submission

upstart writes:

There's confusion over which companies will be affected:

The law requires social media companies that earn more than $100 million in annual revenue to work with third-party services to verify new account holders' personal information. This is done using "any commercially reasonable age verification method" or government-issued IDs such as photo IDs or driver's licenses. Current account holders won't be affected.

The law states that social media companies are defined as any online forum that lets users create public profiles and interact with each other through digital content.

CNN reports that in the final days of negotiations over the bill, Arkansas lawmakers approved an amendment that appears to exempt some of the world's biggest social media companies. Given all the concern over TikTok's influence and its links with China, it's surprising to see that social media platforms that permit users to "generate short video clips of dancing, voice overs, or other acts of entertainment in which the primary purpose is not educational or informative" are exempt. That would also seem to cover Facebook, Instagram, Snapchat, as well as TikTok - but apparently not.

[...] Other exemptions include social media companies that "exclusively" offer subscription content, and those focused on "professional networking" and "career development" (i.e., LinkedIn). Companies that "exclusively offer" video gaming-focused social networking features aren't covered, either, which could include Twitch despite it not really being a social media platform.

At least it will protect the kids from all the remaining $100M/yr companies that weren't covered by the exemptions.

Original Submission

upstart writes:

The "pancosmorio theory" says that for humans to survive in space, missions must duplicate ecological conditions found back home, including Earth's gravity:

One of the main questions surrounding humanity's next giant leap into deep space is whether humans can thrive on missions far from Earth. A new theory says yes, but only in environments modeled deeply after our own planet.

Father-daughter research duo Morgan Irons of Cornell University and Lee G. Irons from the Norfolk Institute dub the idea "pancosmorio," a word that means "all word limit," in a paper published in Frontiers in Astronomy and Space Sciences last month. Irons and Irons argue that, to allow humans to survive on lengthy treks into deep space, these missions must recreate Earth-like ecosystems, including Earth-like gravity and oxygen, reliable sources of water, as well as societal systems like steady agricultural output and the recycling of waste.

"For humans to sustain themselves and all of their technology, infrastructure and society in space, they need a self-restoring, Earth-like, natural ecosystem to back them up," said Morgan Irons in a press release from the institution. "Without these kinds of systems, the mission fails."

[...] "There are conditions from which human life has evolved. Such conditions are required to sustain human life at its current level of growth," the scientists write in their study. "The availability of such conditions to humans defines the limit of their world."

upstart writes:

Employers participating in the proposed two-year pilot program would transition some or all of their workers to a shortened workweek without any loss of pay or benefits:

Following a similar program in Europe, two Massachusetts lawmakers have filed a bill this week to create a two-year pilot program for a four-day workweek.

[...] The pilot program would run for two years and would be overseen by the Executive Office of Labor and Workforce Development. To participate, employers must agree to transition at least 15 workers to a shortened workweek.

While the bill was just filed this week, a number of businesses have already reached out to ask how they can participate, according to Cutler.

"I think this is really the perfect time for this kind of pilot program, given the changes we've seen in hybrid work as a result of the pandemic and the need to look for creative solutions to our current labor market challenges," Cutler said in an email response to Computerworld.

If the legislation passes, employers who participate in the pilot would agree to reduce the hours of all or some of their employees without reducing overall pay, status, or benefits. Businesses will also be eligible for a tax credit for their participation in the study and necessary data collection, Cutler said.

While the pilot program is designed to run for two years, individual businesses are not required to participate the entire time. The proposal is aimed at discovering the feasibility and benefits of a four-day work week.

"We chose this amount of time because we wanted to ensure a robust response and data availability. I have seen a variety of different lengths. In Maryland, there is a bill proposing a five-year pilot, for example. In this case, we felt two years struck a good balance," Cutler said. (The Maryland proposal was withdrawn earlier this year.)

The Massachusetts legislation doesn't call for participating organizations to adopt a strict 32-hour work week; instead, it states employees must receive "a meaningful reduction in actual work hours."

hubie writes:

Researchers compare multiple categories of shoppers and find the linchpin:

It's commonly assumed that the supply-and-demand economics of the consumer marketplace dictates price. If you are one of few retailers that sells a product consumers want, you can charge more. Or, if supplies of that product are more scarce, again, prices will likely be higher. On the flip side, if supplies are plentiful for a product that is in less demand, prices for that product are likely to be lower.

But researchers have found it's not always that simple. Thanks to the internet and e-commerce, more consumers have taken advantage of going to a physical store to inspect items before purchase, leaving that store, and then purchasing the product at a lower price elsewhere. This is called "showrooming."

This has led to several assumptions in the retail industry, from the thought that showrooming will put brick-and-mortar retailers out of business, to the notion that the showrooming trend has driven prices down across the board. A new study has found these may both be false.

[...] "Showroomers do their research in advance," says Bar-Isaac. "They know what they want, they already know what that retailer may charge, and they go to stores with more limited or shallow selections in search of a better price."

upstart writes:

Elon Musk admits he only bought Twitter because he thought he'd be forced to:

Elon Musk gave a rare interview to an actual reporter late on Tuesday, speaking to BBC reporter James Clayton on Twitter Spaces. During the interview, Clayton pressed Musk on whether his purchase of Twitter was, in the end, something he went through with willingly, or whether it was something he did because the active court case at the time in which Twitter was trying to force him to go through with the sale was going badly.

The answer (which we all suspected anyway) was that Musk did indeed only do the deal because he believed legally, he was going to be forced to do so anyway. Here's the relevant transcript from the Twitter Spaces audio:

Clayton: So then you change your mind again, and decided to buy it – did you do that? Did you do that?

Musk: Well, I kind of had to.

Clayton: Right. Did you do that, because you thought that a court would make you do that?

Musk: Yes.

Clayton: Right.

Musk: Yes, that is the reason.

Clayton: So you were still trying to get out of it. And then you just were advised by lawyers, "Look, you're going to buy this?"

Musk: Yes.

In case you don't recall (it was all the way back in September/October last year which is basically an eternity ago in current Twitter time), Twitter took Musk to trial to force him to honor his signed obligation to acquire the company for the agreed-upon price of $44 billion, or $54.20 per share. Musk was contending that his obligation was void because Twitter had, he claimed, inflated its real user numbers and understated the number of bots on the platform.

Musk then notified the SEC that he intended to buy the company after all at the price he originally set with the company, a move most agreed at the time was made because his legal case was weak and the trial was clearly not going his way.

Original Submission

upstart writes:

French Court Smacks Remote Learning Software Company For Pervasive Surveillance Of Students In Their Own Homes:

A worldwide pandemic trapped students in their own homes to stop the spread of the coronavirus. They didn't ask for this. Neither did educators. But educators made the worst of it in far too many cases.

Aptitude tests and other essentials for continued funding (and bragging rights) were now out of their control. Any student sitting at home had access to a wealth of knowledge to buttress what they may have actually retained from remote instruction.

Leveling the playing field was the goal. In practice, that meant turning the most sacrosanct of private places — students' homes and bedrooms — into heavily surveilled spaces... all in the interest of preventing cheating.

Laptop cameras monitored rooms and students' movements during testing. Internet connections often contributed more to passing grades than students' knowledge as educators (and their preferred tech partners) viewed inconsistent or dropped connections as indicators of attempted cheating. Malware deliberately installed by schools monitored internet usage before, during, and after tests.

A bedroom is not a classroom, even if that's where the educating is taking place temporarily due to pandemic restrictions. But that's how it was perceived and a bunch of opportunistic spyware purveyors rushed to fill the perceived "fairness" void with surveillance software that even the most inveterate stalker might consider too invasive.

Proctorio was on the forefront of this education-adjacent bedroom surveillance. It was particularly enthusiastic about stripping students of their privacy. When it was criticized for going too far, it went further, issuing legal threats and bogus DMCA takedown notices to its detractors.

NotSanguine writes:

As the title suggests, they weren't all that impressed.

From the article:

As with so many things involving AI, the claims are served with a generous portion of smoke and mirrors. PassGAN, as the tool is dubbed, performs no better than more conventional cracking methods. In short, anything PassGAN can do, these more tried and true tools do as well or better. And like so many of the non-AI password checkers Ars has criticized in the past—e.g., here, here, and here—the researchers behind PassGAN draw password advice from their experiment that undermines real security.

PassGAN is a shortened combination of the words "Password" and "generative adversarial networks." PassGAN is an approach that debuted in 2017. It uses machine learning algorithms running on a neural network in place of conventional methods devised by humans. These GANs generate password guesses after autonomously learning the distribution of passwords by processing the spoils of previous real-world breaches. These guesses are used in offline attacks made possible when a database of password hashes leaks as a result of a security breach.

Conventional password guessing uses lists of words numbering in the billions taken from previous breaches. Popular password-cracking applications like Hashcat and John the Ripper then apply "mangling rules" to these lists to enable variations on the fly.

[...] PassGAN uses none of these methods. Instead, it creates a neural network, a type of data structure loosely inspired by networks of biological neurons. This neural network attempts to train machines to interpret and analyze data in a way that's similar to how a human mind would. These networks are organized in layers, with inputs from one layer connected to outputs from the next layer.

PassGAN was an exciting experiment that helped usher in the use of AI-based password candidate generators, but its time in the sun has come and gone, password-cracking expert and Senior Principal Engineer at Yahoo Jeremi Gosney said. Gosney added that a different neural networking method for guessing passwords, introduced in 2016, performs slightly better than PassGAN.

Original Submission

upstart writes:

The historians of tomorrow are using computer science to analyze how people lived centuries ago:

It's an evening in 1531, in the city of Venice. In a printer's workshop, an apprentice labors over the layout of a page that's destined for an astronomy textbook—a dense line of type and a woodblock illustration of a cherubic head observing shapes moving through the cosmos, representing a lunar eclipse.

[...] Five hundred years later, the production of information is a different beast entirely: terabytes of images, video, and text in torrents of digital data that circulate almost instantly and have to be analyzed nearly as quickly, allowing—and requiring—the training of machine-learning models to sort through the flow. This shift in the production of information has implications for the future of everything from art creation to drug development.

But those advances are also making it possible to look differently at data from the past. Historians have started using machine learning—deep neural networks in particular—to examine historical documents, including astronomical tables like those produced in Venice and other early modern cities, smudged by centuries spent in mildewed archives or distorted by the slip of a printer's hand.

Historians say the application of modern computer science to the distant past helps draw connections across a broader swath of the historical record than would otherwise be possible, correcting distortions that come from analyzing history one document at a time. But it introduces distortions of its own, including the risk that machine learning will slip bias or outright falsifications into the historical record. All this adds up to a question for historians and others who, it's often argued, understand the present by examining history: With machines set to play a greater role in the future, how much should we cede to them of the past?

upstart writes:

In California, the bodies of four furry swimmers tested positive for a strain of toxoplasmosis first seen in mountain lions:

Scientist Melissa Miller was seeing something in California sea otters that she had not seen before: an unusually severe form of toxoplasmosis, which officials have confirmed has killed at least four of the animals.

"We wanted to get the word out. We're seeing something we haven't seen before, we want people to know about it and we want people working on marine mammals to be aware of these weird findings," said Miller, a wildlife veterinarian specialist with the California Department of Fish and Wildlife (DFW). "Take extra precautions."

In March, a study from the DFW and the University of California, Davis, revealed that a rare strain of the parasite, never before reported in aquatic animals, was tied to the deaths of four sea otters. The strain, first seen in Canadian mountain lions in 1995, had not been previously detected on the California coast."This was a complete surprise," Karen Shapiro, with the UC Davis School of Veterinary Medicine, said in a statement. "The COUG [toxoplasma strain] genotype has never before been described in sea otters, nor anywhere in the California coastal environment or in any other aquatic mammal or bird."

[...] Toxoplasma is often found in cat feces. Otters, which live along the shoreline, can be exposed to the parasite in rainwater runoff—all four cases scientists studied came in during the heavy rainfall season.

Toxoplasmosis infection is common in sea otters—which have a roughly 60 percent chance of being infected in their lifetimes, Miller said—and can be fatal, but this strain is of particular concern.

However, Miller warned against unfairly demonizing cats.

"I don't want this to be a war on cats," she said. "I have two cats. What I try to do is practice what I preach and what I know as a scientist: I keep my cats indoors all the time and I make sure to dispose of their litter into something that will not leak into the environment."

Original Submission

upstart writes:

"Wolverine" experiment can fix Python bugs at runtime and re-run the code:

Debugging a faulty program can be frustrating, so why not let AI do it for you? That's what a developer that goes by "BioBootloader" did by creating Wolverine, a program that can give Python programs "regenerative healing abilities," reports Hackaday. (Yep, just like the Marvel superhero.)

"Run your scripts with it and when they crash, GPT-4 edits them and explains what went wrong," wrote BioBootloader in a tweet that accompanied a demonstration video. "Even if you have many bugs it'll repeatedly rerun until everything is fixed."

[...] In the demo video for Wolverine, BioBootloader shows a side-by-side window display, with Python code on the left and Wolverine results on the right in a terminal. He loads a custom calculator script in which he adds a few bugs on purpose, then executes it.

"It runs it, it sees the crash, but then it goes and talks to GPT-4 to try to figure out how to fix it," he says. GPT-4 returns an explanation for the program's errors, shows the changes that it tries to make, then re-runs the program. Upon seeing new errors, GPT-4 fixes the code again, and then it runs correctly. In the end, the original Python file contains the changes added by GPT-4.

upstart writes:

An unprecedented space event, and it's happening soon:

Elon Musk lost his claim as having the most powerful space-worthy rocket when NASA blasted its own mega rocket to the moon in November.

But the SpaceX founder could win back the title with his company's next big project. Starship, SpaceX's skyscraping rocket and spacecraft, will launch on its first mission soon. During the test flight, the colossal booster will separate about three minutes after liftoff and land in the Gulf of Mexico, according to federal filings. The ship will fly in space around Earth at an altitude of over 150 miles, then splash down off the Hawaiian coast.

This will be a crucial demonstration of hardware that NASA is depending on to get humans back on the moon in the next few years. And, if successful, it'll mean Musk is one small step closer to realizing his personal dream of building a city on Mars.

UPDATE: Apr. 9, 2023, 12:54 p.m. EDT SpaceX stacked Starship at the launch pad and plans to have a rehearsal this week, "followed by Starship's first integrated flight test." Musk tweeted April 9 that the company is ready to launch the rocket, pending approval of its Federal Aviation Administration license. A launch attempt this month is looking more and more plausible, with an FAA operational advisory plan indicating SpaceX is targeting Monday, April 17.

[...] Perhaps surprisingly, Starship won't lift off from Kennedy Space Center in Cape Canaveral, Florida, where most space fans are accustomed to watching historically significant launches.

Instead, it will take off from Boca Chica, Texas, at SpaceX's own spaceport. Eventually, the company will launch the rocket from a site under construction in the outer perimeter of the famous Florida pad that shot Apollo 11 to the moon.

"Their plan is that they're going to do a few test flights there," in South Texas, Nelson said. "Once they have the confidence, they will bring the missions to the Cape."

Original Submission

DadaDoofy writes:

Many people believe that any and all opposition to the Covid vaccine comes from "far-right" Republican conspiracy theorists in the flyover states. I guess the Swiss government will now be branded with those labels as their Federal Office of Public Health is now recommending that a Covid vaccination is not needed, even for people at especially high risk. They list pregnant women and people with compromised immune systems as an exception. They further state that those who wish to receive a Covid vaccine must pay for it out of their own pockets.

https://www.bag.admin.ch/bag/en/home/krankheiten/ausbrueche-epidemien-pandemien/aktuelle-ausbrueche-epidemien/novel-cov/impfen.html

In principle, no COVID-19 vaccination is recommended for spring/summer 2023. Nearly everyone in Switzerland has been vaccinated and/or contracted and recovered from COVID-19. Their immune system has therefore been exposed to the coronavirus. In spring/summer 2023, the virus will likely circulate less. The current virus variants also cause rather mild illness. For autumn 2023, the vaccination recommendation will be evaluated again and adjusted accordingly.

Original Submission