SoylentNews

mhajicek writes:

Potentially good news for old machinists and over-the-hill heavy metal fans:

"Five years ago, a team of researchers at the University of Rochester Medical Center (URMC) was able to regrow cochlear hair cells in mice for the first time. These hair cells are found in the cochlear region of ears in all mammals. They sense sound vibrations, convert those into brain signals, and eventually allow a person to hear and understand the different sounds around them. The new study from URMC researchers sheds light on the underlying mechanism that allowed the ear hairs to regrow in mice."

"We know from our previous work that expression of an active growth gene, called ERBB2, was able to activate the growth of new hair cells (in mammals), but we didn't fully understand why. This new study tells us how that activation is happening—a significant advance toward the ultimate goal of generating new cochlear hair cells in mammals," said Patricia White, one of the study authors and a neuroscience professor at URMC."

https://www.zmescience.com/science/news-science/can-we-reverse-hearing-loss-yes-we-can-here-is-how-it-works/

Original Submission

upstart writes:

Big tech companies were apparently hiring workers to keep them from joining rival firms:

Many former employees at big tech companies are admitting that they had very little to do at their jobs, despite earning high salaries. One such under-worked and overpaid former tech worker is 33-year-old Madelyn Machado, who left Microsoft to join Facebook's parent company Meta as a recruiter in the fall of 2021.

In a viral TikTok video, Machado claimed she was hired for a $190,000 yearly salary, but had basically nothing to do during her stint at the company. "I do think a lot of these companies wanted there to be work, but there wasn't enough," she said. Talking to The Wall Street Journal, Machado said that on most days, her work included attending virtual meetings from noon until 3:30 pm before logging off for the day.

Curiously, Machado says she was told by her recruiters at Meta that she wouldn't be hiring anybody during her first year at the company. She also claims that some of her colleagues told her that they had spent two years at the company without ever hiring anyone. Unfortunately for her, she only worked for six months at Meta before being fired last year for posting TikTok videos that the company said posed a conflict of interest.

upstart writes:

Inside the secret list of websites that make AI like ChatGPT sound smart:

AI chatbots have exploded in popularity over the past four months, stunning the public with their awesome abilities, from writing sophisticated term papers to holding unnervingly lucid conversations.

Chatbots cannot think like humans: They do not actually understand what they say. They can mimic human speech because the artificial intelligence that powers them has ingested a gargantuan amount of text, mostly scraped from the internet.

This text is the AI's mainsource of information about the world as it is being built, and it influences how it responds to users. If it aces the bar exam, for example, it's probably because its training data included thousands of LSAT practice sites.

Tech companies have grown secretive about what they feed the AI. So The Washington Post set out to analyze one of these data sets to fully reveal the types of proprietary, personal, and often offensive websites that go into an AI's training data.

To look inside this black box, we analyzed Google's C4 data set, a massive snapshot of the contents of 15 million websites that have been used to instruct some high-profile English-language AIs, called large language models, including Google's T5 and Facebook's LLaMA. (OpenAI does not disclose what datasets it uses to train the models backing its popular chatbot, ChatGPT)

The Post worked with researchers at the Allen Institute for AI on this investigation and categorized the websites using data from Similarweb, a web analytics company. About a third of the websites could not be categorized, mostly because they no longer appear on the internet. Those are not shown.

We then ranked the remaining 10 million websites based on how many "tokens" appeared from each in the data set. Tokens are small bits of text used to process disorganized information — typically a word or phrase.

upstart writes:

The Moon still has much to tell us about the early solar system:

The Moon still has much to tell us about the early solar system. Encouragingly, it also has scientific value as a platform for observational astronomy.

Lunar exploration is undergoing a renaissance. Dozens of missions, organised by multiple space agencies—and increasingly by commercial companies—are set to visit the Moon by the end of this decade. Most of these will involve small robotic spacecraft, but NASA's ambitious Artemis program, aims to return humans to the lunar surface by the middle of the decade.

[...] The potential role for astronomy of Earth's natural satellite was discussed at a Royal Society meeting earlier this year. The meeting itself had, in part, been sparked by the enhanced access to the lunar surface now in prospect. Several types of astronomy would benefit. The most obvious is radio astronomy, which can be conducted from the side of the Moon that always faces away from Earth—the far side.

The lunar far side is permanently shielded from the radio signals generated by humans on Earth. During the lunar night, it is also protected from the Sun. These characteristics make it probably the most "radio-quiet" location in the whole solar system as no other planet or moon has a side that permanently faces away from the Earth. It is therefore ideally suited for radio astronomy.

[...] Radio waves with wavelengths longer than about 15m are blocked by Earth's ionoshere. But radio waves at these wavelengths reach the Moon's surface unimpeded. For astronomy, this is the last unexplored region of the electromagnetic spectrum, and it is best studied from the lunar far side. Observations of the cosmos at these wavelengths come under the umbrella of "low frequency radio astronomy." These wavelengths are uniquely able to probe the structure of the early universe, especially the cosmic "dark ages," an era before the first galaxies formed.

Netflix Will Block Password Sharing Before July 2023

upstart writes:

Netflix Will Block Password Sharing Before July 2023:

Netflix has been working on a way to block people from sharing their Netflix passwords. It was supposed to roll out in the United States already, but now it's coming to the US and other regions sometime soon.

Netflix confirmed in its recent earnings report that it will start rolling out the new account sharing limitations in the second quarter of 2023 — meaning sometime between now and June 30. The company said in the report, "In Q1, we launched paid sharing in four countries and are pleased with the results. We are planning on a broad rollout, including in the US, in Q2."

In other countries where Netflix has already rolled out the changes, Netflix accounts have a "primary location" that is determined using your account history, home Wi-Fi network, and other data. Devices that aren't connected to that network and watching Netflix are automatically blocked after 31 days. The only way around the block is to add a paid "extra member" to your account, which costs less than an individual subscription, but isn't available for all types of Netflix plans.

upstart writes:

A European Chips Act to play catch-up with the US and Asia:

The European Union finally agreed on a new plan to boost its microchip industry. The multi-billion investment is focused on strengthening Europe's technological leadership, the EU said, but it could very well be an attempt to put the Old Continent on par with what market leaders are already doing right now.

After spending some months negotiating between the European Council and the European Parliament, the European Union has now officially approved a plentiful subsidy plan for its semiconductor industry. The European Chips Act will put €43 billion (roughly $47 billion) to bolster Europe's "competitiveness and resilience" in the microchip business, promoting an effective digital and green transition powered by hi-tech technology.

Right now, Europe has a 10% market share of global chip manufacturing; with the EU Chips Act, Brussels plans to double the EU's production capacity to 20% of the global market by 2030. The plan is also focused on strengthening Europe's research and technology capabilities over chip advancements, building innovation capacity in design manufacturing and packaging, developing an in-depth understanding of the global semiconductor supply chain, and addressing the skills shortage by attracting new talents and growing its own skilled workforce.

Microchips already are "strategic assets for key industrial value chains," the EU said, while the digital transformation opened new markets for the chip industry such as highly automated cars, cloud, IOT, connectivity, space, defense and supercomputers. The recent global semiconductor shortages also showed how the global supply chain has an "extreme" dependency on very few actors in a complex geopolitical context.

[...] As a matter of fact, the final EU Chips Act contains some additional provisions which were not included in the initial draft. Besides funding the manufacturing of cutting-edge semiconductor technology, the plan will also cover the entire value chain with older chips and research & design facilities. The EU Chips Act is coming after the world's powerhouses in the chip industry (USA, Taiwan, South Korea, Japan) have already approved or are in the process of approving their own subsidy initiatives. Therefore, Brussels' money to boost EU semiconductor output won't guarantee success.

Original Submission

throckmorten writes:

GS1, the global standards organisation for barcodes, has started to advertise their Sunrise 2027 program for adding 2D barcodes to products.
https://www.gs1digital.link/sunrise-2027/
https://www.gs1us.org/industries-and-insights/by-topic/sunrise-2027

Long story short this adds an 2D barcode to product labels alongside the existing 1D barcode. The 2D barcode gives extra info to the retailer (assuming the manufacturer adds it to the barcode) like batch/lot #, expiry date etc and can also provide a URL for the product to the consumer where they can find out more info about the product. There's even a complete fake brand set up to show off the concept - https://dalgiardino.com/

Since most POS apps are likely going to be confused by 2 barcodes on 1 product and potentially double-charge you for your favourite box of cornflakes the scanner vendors are implementing a feature where they'll only send 1 barcode to the POS system; for legacy scanners that'll be the 1D barcode (like now), for new scanners that can read 2D barcodes it can either be specific GS1 tags or the entire barcode depending on what the POS application wants.

Note that this is already live for some manufacturers and geographies, 2027 is just when it's intended to be deployed globally.

Original Submission

upstart writes:

Whisper Aero wants to make aviation, and the rest of the world, quieter:

The world is loud. If delivery drones and air taxis – also known as electric vertical take-off and landing (eVTOL) aircraft – gain the level of market saturation investors are hoping for, cities and neighborhoods are only going to get noisier.

That's the assumption, anyway. But Whisper Aero does not seem to care much for assumptions.

The premise of the two-year-old startup is that there should not be a trade-off between technological progress and noise: You should be able to quietly rid your lawn of leaves, heat and cool buildings, and even take an air taxi ride. To get to that future, Whisper says it has developed a never-been-done-before electric propulsion device (to get really specific, an electric ducted fan) that's both quieter and more efficient than ones already on the market.

[...] Whisper has designed an electric-ducted fan that can be scaled up or down for different applications. Over the past two years, the company has designed, built and flown nine generations of this propulsor. They've settled on a product that both reduces the amplitude – how loud something is – and that shifts the tonal profile of the noise to something more pleasant. The company says they've even been able to move some of the tones into the ultrasonic, beyond what the human ear can detect.

[...] Following a well-trod path in aerospace, Whisper will focus its initial commercialization efforts with the U.S. Department of Defense, an agency that they've already been working with for testing. Whisper has scored a handful of small government contracts from the DOD, including the Air Force Research Lab, to validate their propulsor.

upstart writes:

Researchers are warning about a dangerous wave of unwiped, secondhand core-routers:

Cameron Camp had purchased a Juniper SRX240H router last year on eBay to use in a honeypot network he was building to study remote desktop protocol (RDP) exploits and attacks on Microsoft Exchange and industrial control systems devices. When the longtime security researcher at Eset booted up the secondhand Juniper router, to his surprise it displayed a hostname.

After taking a closer look at the device, Camp contacted Tony Anscombe, Eset's chief security evangelist, to alert him what he found on the router. "This thing has a whole treasure trove of Silicon Valley A-list software company information on it," Camp recalls telling Anscombe.

"We got very, very concerned," Camp says.

Camp and Anscombe decided to test their theory that this could be the tip of the iceberg for other decommissioned routers still harboring information from their previous owners' networks. They purchased several more decommissioned core routers -- four Cisco Systems ASA 5500, three Fortinet FortiGate, and 11 Juniper Networks SRX Series Services Gateway routers.

After dropping a few from the mix after one failed to power up and another two were actually mirrored routers from a former cluster, they found that nine of the remaining 16 held sensitive core networking configuration information, corporate credentials, and data on corporate applications, customers, vendors, and partners. The applications exposed on the routers were big-name software used in many enterprises: Microsoft Exchange, Lync/Skype, PeopleSoft, Salesforce, Microsoft SharePoint, Spiceworks, SQL, VMWare Horizon View, voice over IP, File Transfer Protocol (FTP), and Lightweight Directory Access Protocol (LDAP) applications.

[...] The routers contained one or more IPSec or VPN credentials, or hashed root passwords, and each had sufficient data for the researchers to identify the actual previous owner/operator of the device. Nearly 90% included router-to-router authentication keys and details on applications connected to the networks; some 44% had network credentials to other networks (such as a supplier or partner); 33% included third-party connections to the network; and 22% harbored customer information.

upstart writes:

An old NASA spacecraft will crash to Earth on Wednesday:

A retired NASA spacecraft will reenter Earth's atmosphere on Wednesday, with some parts of the vehicle expected to crash to the planet's surface.

While most of the Reuven Ramaty High Energy Solar Spectroscopic Imager (RHESSI) spacecraft is expected to burn up as it enters the atmosphere at high speed, some parts of the 660-pound (300-kilogram) machine are likely to survive the descent.

The good news is that NASA says that the risk of harm coming to folks on terra firma is low at "approximately 1 in 2,467." Still, for anyone wishing to don a hard hat just in case, RHESSI is expected to reenter the atmosphere at about 9:30 p.m. ET on Wednesday, April 19, though the forecast comes with an uncertainty of plus/minus 16 hours.

[...] RHESSI entered service in 2002 and, until its retirement in 2018, it observed solar flares and coronal mass ejections from its low-Earth orbit. Its work enabled scientists to learn more about the underlying physics of how these powerful bursts of energy occur.

The spacecraft's activities included imaging the high-energy electrons that carry a large part of the energy released in solar flares. Using its imaging spectrometer, RHESSI became the first-ever mission to record gamma-ray images and high-energy X-ray images of solar flares.

[...] The mission also helped to improve measurements of the sun's shape, and demonstrated that terrestrial gamma ray flashes — described by NASA as "bursts of gamma rays emitted from high in Earth's atmosphere" and which occur above some thunderstorms — happen more frequently than first thought.

NASA said it retired RHESSI in 2018 after maintaining communications with it became difficult. After retaining its low-Earth orbit for the last five years, the spacecraft is about to meet a fiery end.

Original Submission

Woodherd writes:

So it says at The Register.

NASA's Ingenuity Mars Helicopter was designed to fly just five times, but last week the little rotorcraft that could clocked up its 50th flight in the red planet's thin atmosphere.

Flight 50 departed Airfield Lambda on April 13th and required 145.7 seconds to reach Airfield Mu, a 322-meter flight at a brisk 4.6 meters per second, cruising at a new height record of 18 meters above Martian soil.

On The Register's analysis of NASA's flight log Ingenuity's records are:

        Longest duration flight – 169.5 seconds on August 16th, 2021, during flight 12
        Longest distance – 704 meters on April 8th, 2022, during flight 25
        Fastest flight – 6.5 meters per second on April 2nd, 2023, during flight 49
        Total flight time – 5,349.9 seconds, or just over 89 minutes
        Total horizontal flight distance – 11,546 meters

"When we first flew, we thought we would be incredibly lucky to eke out five flights," said Teddy Tzanetos, Ingenuity team lead at JPL, in a blog post celebrating the 50th flight . "We have exceeded our expected cumulative flight time since our technology demonstration wrapped by 1,250 percent and expected distance flown by 2,214 percent."

The Ingenuity team is now planning a 51st flight to bring the 'copter close to the "Fall River Pass" region of Jezero Crater. Future flights will head towards "Mount Julian," from where the craft will enjoy panoramic views of the nearby Belva Crater, an 800-metre dent in Mars' surface.

Original Submission

upstart writes:

A new report sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials:

A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials.

Threat actors are consolidating their use of encrypted messaging platforms, initial access brokers and generative AI models, according to security firm Cybersixgill's new report, The State of the Cybercrime Underground 2023. This report notes this is lowering the barriers to entry into cybercrime and "streamlining the weaponization and execution of ransomware attacks."

The study is built upon 10 million posts on encrypted platforms and other kinds of data dredged up from the deep, dark and clear web. Brad Liggett, director of threat intel, North America, at Cybersixgill, defined those terms:

• Clear web: Any site that is accessible via a regular browser and not needing special encryption to access (e.g., CNN.com, ESPN.com, WhiteHouse.gov).
• Deep web: Sites that are unindexed by search engines, or sites that are gated and have restricted access.
• Dark web: Sites that are only accessible using encrypted tunneling protocols such as Tor (the onion router browser), ZeroNet and I2P.

"What we're collecting in the channels across these platforms are messages," he said. "Much like if you are in a group text with friends/family, these channels are live chat groups."

Tor is popular among malefactors for the same reason: It gives people trapped in repressive regimes a way to get information to the outside world, said Daniel Thanos, vice president and head of Arctic Wolf Labs.

"Because it's a federated, peer-to-peer routing system, fully encrypted, you can have hidden websites, and unless you know the address, you're not going to get access," he said. "And the way it's routed, it's virtually impossible to track someone."

Cybercriminals use encrypted messaging platforms to collaborate, communicate and trade tools, stolen data and services partly because they offer automated functionalities that make them an ideal launchpad for cyberattacks. However, the Cybersixgill study suggests the number of threat actors is decreasing and concentrating on a handful of platforms.

upstart writes:

New CFO sees interesting in-tray at 20 percent year-on-year growth database company:

Database vendor MariaDB has cut a number of jobs and reiterated a "going concern" warning over its medium-term financial viability.

In a statement to the stock market [PDF] late last month, the company, which floated on the New York Stock Exchange at the end of 2022, said it was reducing its headcount by 26 "to achieve cost reduction goals and to focus the Company on key initiatives and priorities."

In December, CEO Michael Howard told The Register the company was looking to hire more people following $104 million in funding and $18 million through private investment in public equity through the special purpose acquisition company that enabled the flotation.

Although the job losses may be a fraction of the reported 340 people the company employs, other details in the filing may highlight further cause for concern over its financial viability.

It includes a mention of MariaDB's February 10Q warning that the company's current cash and cash equivalents "would not be sufficient to fund our operations, including capital expenditure requirements for at least 12 months from... February 13, 2023, raising substantial doubt about our ability to continue as a going concern."

The March 24 statement said it anticipated that the money raised by database subscriptions and services would not be enough to meet its projected working capital and operating needs. "We are currently seeking additional capital to meet our projected working capital, operating, and debt repayment needs for periods after September 30, 2023 ... Going forward, we cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business," it says.

upstart writes:

SpaceX Starship launch countdown: all of the news on its first test flight:

Elon Musk's stated goal of putting humans on Mars relies heavily on the development of a next-generation reusable spacecraft, and Starship (formerly known as Big Falcon Rocket or BFR) is ready for its first orbital test flight. It's not the "six months" goal Musk projected in 2019, but after a number of suborbital tests that included some terrific successes and fantastic, fiery failures, the big day is finally almost here.

With just over five minutes to go before its first scheduled launch attempt Monday morning, SpaceX announced that due to a pressurization issue with the first stage, the attempt became a "wet dress rehearsal," and the countdown ended with 10 seconds to go. SpaceX now says it's targeting April 20th for another attempt, with a launch window between  8:28AM CT (9:28AM ET) and 9:30 AM CT (10:30AM ET).

If all goes according to plan, the Starship will fly to orbital velocity after separating from its Super Heavy booster rocket about three minutes into the trip, then splashdown in the Pacific Ocean near Hawaii.

The entire trip should take about 90 minutes to complete, and SpaceX is livestreaming the events on its YouTube channel.

Previously: SpaceX's First Orbital Test Flight of Starship Imminent [Scrubbed]

Original Submission

upstart writes:

mjg59 | PSA: upgrade your LUKS key derivation function:

Many Linux users rely on LUKS for their disk encryption but perhaps they need to pay a bit more attention to it. If the disk was encrypted more than a few years ago (LUKS Version 1) it appears that it might not be secure enough to withstand a concerted attack. It is time to check whether you are using Version 2, and if not the fix takes a few minutes. [JR]

Here's an article from a French anarchist describing how his (encrypted) laptop was seized after he was arrested, and material from the encrypted partition has since been entered as evidence against him. His encryption password was supposedly greater than 20 characters and included a mixture of cases, numbers, and punctuation, so in the absence of any sort of opsec failures this implies that even relatively complex passwords can now be brute forced, and we should be transitioning to even more secure passphrases.

Or does it? Let's go into what LUKS is doing in the first place. The actual data is typically encrypted with AES, an extremely popular and well-tested encryption algorithm. AES has no known major weaknesses and is not considered to be practically brute-forceable - at least, assuming you have a random key. Unfortunately it's not really practical to ask a user to type in 128 bits of binary every time they want to unlock their drive, so another approach has to be taken.

This is handled using something called a "key derivation function", or KDF. A KDF is a function that takes some input (in this case the user's password) and generates a key. As an extremely simple example, think of MD5 - it takes an input and generates a 128-bit output, so we could simply MD5 the user's password and use the output as an AES key. While this could technically be considered a KDF, it would be an extremely bad one! MD5s can be calculated extremely quickly, so someone attempting to brute-force a disk encryption key could simply generate the MD5 of every plausible password (probably on a lot of machines in parallel, likely using GPUs) and test each of them to see whether it decrypts the drive.