SoylentNews

upstart writes:

From package signing to SBOMs to new developer toolchains, the pieces for securing the software supply chain are starting to come together:

The Log4j vulnerability in December 2021 spotlighted the software supply chain as a massively neglected security surface area. It revealed just how interconnected our software artifacts are, and how our systems are only as secure as their weakest links. It also reinforced the idea that we may think security is something we can buy, but really it's about how we function as development teams.

Ever since, we've been sprinting to improve.

[...] What's starting to pull all of this together—and create more urgency to create a cohesive strategy around software signing, SBOMs, and developer workflow—is regulation, which would demand stricter ownership of the integrity of software security.

Back in April, the Cybersecurity and Infrastructure Agency (CISA) published a request for comment on a newly proposed Secure Software Development Attestation Form that will put the onus on the CEOs of software companies to attest that their software has been built in secure environments and that good-faith, reasonable efforts have been made to maintain trusted source code supply chains.

What counts as "reasonable?"

Thus far, "reasonable" efforts seem to be the guidelines set forth in FedRAMP's Vulnerability Scanning Requirements for Containers and the National Institute of Standards and Technology's Secure Software Development Framework. But the far more nuanced, read-between-the-lines interpretation of the new self-attestation requirements is in the clauses that cover third-party code incorporated into the software. In short, software providers will be held liable for the unfunded, unmaintained popular open source they use in their supply chains.

Wait, what? Responsible for some random project maintainer's code? Apparently, yes. Is that "reasonable"?

This is a somewhat shocking, if necessary, check on unfettered adoption of open source. I'm not suggesting that companies shouldn't be using open source, quite the contrary. I'm reminding you that there is no free lunch, including when it comes packaged as free (and open source) software. Someone needs to pay to keep the lights on for maintainers, and someone needs to help developers make sense of all this inbound, open source software.

I wanted to post a reminder to the community that the SoylentNews PBC has it’s upcoming meeting at the end of July on the 31st ( #meeting on irc.sylnt.us @ 1:30 PDT - web access via https://irc.staging.soylentnews.org/ ). I believe that this event is the continuation and result of a very hard push by myself and others to bring about necessary changes to the management and structure of SoylentNews.

The upcoming meeting will be to nominate one or more qualified candidates to serve on the Board. The PBC exists to define what and how SoylentNews will be and to enforce that vision. Ultimately the Board is responsible for the high-level oversight that ensures the bylaws are fulfilled. The purpose of the expansion is to include more voices from the community so they will be directly represented in the decision making effecting the community. The next meeting will be held over IRC and will be answering and addressing your questions and concerns from any of the comments posted in this article.

hubie writes:

Plants remove cancer causing toxins from air:

A ground-breaking study has revealed that plants can efficiently remove toxic petrol fumes, including cancer causing compounds such as benzene, from indoor air.

The study was led by University of Technology Sydney (UTS) bioremediation researcher Associate Professor Fraser Torpy, in partnership with leading plantscaping solutions company Ambius.

The researchers found that the Ambius small green wall, containing a mix of indoor plants, was highly effective at removing harmful, cancer-causing pollutants, with 97 per cent of the most toxic compounds removed from the surrounding air in just eight hours.

[...] Ambius General Manager Johan Hodgson said the research presented new evidence into the critical role played by indoor plants and green walls in cleaning the air we breathe quickly and sustainably.

"We know that indoor air quality is often significantly more polluted than outdoor air, which in turn impacts mental and physical health. But the great news is this study has shown that something as simple as having plants indoors can make a huge difference," Mr Hodgson said.

Previous studies on indoor plants have shown they can remove a broad range of indoor air contaminants, however this is the first study into the ability of plants to clean up petrol vapours, which are one of the largest sources of toxic compounds in buildings worldwide.

[...] "At Ambius, we see over and over again the effects plants have in improving health, wellbeing, productivity and office attendance for the thousands of businesses we work with. This new research proves that plants should not just be seen as 'nice to have', but rather a crucial part of every workplace wellness plan.

"The bottom line is that the best, most cost effective and most sustainable way to combat harmful indoor air contaminants in your workplace and home is to introduce plants," Mr Hodgson said.

Original Submission

upstart writes:

Amazon is asking some employees to move closer to its Seattle headquarters and other hubs around the country, as part of its requirement for corporate and tech workers to be in the office three days a week:

Doubling down on its efforts to bring corporate and tech employees back to the office, Amazon is asking some workers to relocate to ensure they're close enough to work in person with others on their teams.

Decisions about who will need to relocate are being made at a department level, and the number of employees impacted isn't yet known, Bloomberg News reported. Unless they can get an exception, the choice facing some employees is to relocate or resign, the Seattle Times reported, citing internal Slack messages.

Amazon says it has a process in place for requesting exceptions, and those requests will be considered on a case-by-case basis. The company says employees who are asked to move will be given relocation benefits.

"There's more energy, collaboration, and connections happening since we've been working together at least three days per week, and we've heard this from lots of employees and the businesses that surround our offices," Amazon spokesperson Brad Glasser said. "We continue to look at the best ways to bring more teams together in the same locations, and we'll communicate directly with employees as we make decisions that affect them."

[...] Community leaders in Seattle have lauded Amazon's policy as a boost for the city's struggling downtown. Amazon this week released new numbers that it said showed the economic benefits in the area around its Seattle headquarters.

Original Submission

upstart writes:

Greenland has greener history than previously thought:

New analysis of samples collected from underneath Greenland's ice sheet reveal the Arctic island was much greener as recently as 416,000 years ago. The findings overturn previous views that Greenland's continental glacier, which covers about 80 percent of the 836,3000-square-mile land mass, has persisted for the last two and a half million years.

"We're discovering the ice sheet is much more sensitive to climate change than we previously thought," says Utah State University geoscientist Tammy Rittenour. "This is a foreboding wake-up call."

[...] "We had always assumed the ice sheet has remained about the same for nearly 2.5 million years," says Rittenour, professor in USU's Department of Geosciences. "But our investigation indicates it melted enough to allow the growth of moss, shrubs and buzzing insects during an interglacial period called Marine Isotope Stage 11, between 424,000 to 374,000 years ago."

The melting caused at least five feet of sea-level rise around the globe, she says. "Some of our model scenarios suggest sea levels up to 20 feet higher than today."

"It was an unusually long period of warming with moderately elevated levels of carbon dioxide—CO2—in the atmosphere," Rittenour says. "What's alarming about this finding is today's CO2 levels are 1.5 times higher."

Even if humans abruptly stopped activities that contribute to greenhouse gas emissions, she says, "we'd still have inflated CO2 levels for hundreds, maybe even thousands, of years to come."

That's an uneasy realization, she says, with current rates at which Greenland's ice sheet is thawing.

upstart writes:

Nations aim to ink deep sea mining rules by 2025:

The International Seabed Authority's member nations on Friday agreed on a two-year roadmap for the adoption of deep sea mining regulations, despite conservationists' calls for a moratorium on mineral extraction they say would avert marine threats.

The ISA, an intergovernmental body tasked with protecting the seabed, and its member states have spent the last decade trying to hash out a mining code for the possible exploitation of nickel, cobalt and copper in deep seabed areas that fall outside of national jurisdictions.

But an agreement has so far been elusive.

[...] Since July 9, after the expiration of a deadline triggered by the small Pacific state of Nauru in 2021, the ISA is obligated to consider—though not necessarily grant—licenses for potentially environmentally devastating mining operations if governments request them.

That would go beyond the status quo, which has so far only seen the body grant exploration permits, as the deep sea mining sector itches to take off in earnest.

"We are no longer in a 'what if' scenario, but rather 'what now'," Nauru's ambassador to the ISA Margo Deiye said during the session, adding that her government planned to soon apply for a mining contract

[...] Next week, the ISA Assembly and its 167 member states will discuss for the first time a "precautionary pause" in mining, supported by about 20 countries, including France, Chile and Brazil.

Original Submission

upstart writes:

After a 10-year hiatus, the 31st century comedy arrives July 24th with 10 new episodes:

After debuting in 1999, multiple Emmy winner Futurama had an on-and-off existence across Fox, the direct-to-DVD realm, and Comedy Central, with its apparent finale in 2013—until news came last year that Hulu had ordered 20 new episodes. The first 10 arrive July 24, and fans will be glad to know they were worth the 10-year wait.

That said, you need not be an existing fan of Futurama (or be on a quote-along basis with the more than 120 episodes that came before) to appreciate the new season. Sure, there are Easter eggs for long-time devotees, and it's a more rewarding viewing experience if you are at least somewhat familiar with the show—but the plot callbacks are explained enough so that new viewers should be able to follow along.

[...] Though it can sometimes feel like the show is racing along trying to cram in fan-favorite characters (Robot Devil! Calculon! Robot Santa Claus! The Hypnotoad!), and that first episode leans awfully hard into the self-referential stuff, it all feels very rooted in the show Futurama has always been—with weird asides, clever gags, and characters you can't help but love, even though they tend to always do the wrong thing. The leap to 2023 feels as seamless as it could possibly feel, which is truly the greatest way to please old-school fans and, hopefully, the legions of new ones this revival will bring into the fold.

See also:
    Futurama Returns With New Episodes After a 10-Year Layoff
    "Futurama" Revival Ordered at Hulu with Multiple Original Cast Members Returning

Original Submission

upstart writes:

Sick of hearing about record heat? Scientists say those numbers paint the story of a warming world:

The summer of 2023 is behaving like a broken record about broken records.

Nearly every major climate-tracking organization proclaimed June the hottest June ever. Then July 4 became the globe's hottest day, albeit unofficially, according to the University of Maine's Climate Reanalyzer. It was quickly overtaken by July 5 and July 6. Next came the hottest week, a tad more official, stamped into the books by the World Meteorological Organization and the Japanese Meteorological Agency.

With a summer of extreme weather records dominating the news, meteorologists and scientists say records like these give a glimpse of the big picture: a warming planet caused by climate change. It's a picture that comes in the vibrant reds and purples representing heat on daily weather maps online, in newspapers and on television.

Beyond the maps and the numbers are real harms that kill. More than 100 people have died in heat waves in the United States and India so far this summer.

[...] In the past 30 days, nearly 5,000 heat and rainfall records have been broken or tied in the U.S. and more than 10,000 records set globally, according to NOAA [the National Oceanic and Atmospheric Administration]. Texas cities and towns alone have set 369 daily high temperature records since June 1.

Since 2000, the U.S. has set about twice as many records for heat as those for cold.

"Records go back to the late 19th century and we can see that there has been a decade-on-decade increase in temperatures," said Gavin Schmidt, director of NASA's Goddard Institute for Space Studies, keeper of the agency's climate records. "What's happening now is certainly increasing the chances that 2023 will be the warmest year on record. My calculations suggest that there's, right now, a 50-50 chance."

Original Submission

upstart writes:

Apple Tries to Explain to U.K. Legislators That You Can't Add Back Doors to Secure Protocols:

Zoe Kleinman, reporting for BBC News:

Apple says it will remove services such as FaceTime and iMessage from the UK rather than weaken security if new proposals are made law and acted upon. The government is seeking to update the Investigatory Powers Act (IPA) 2016. It wants messaging services to clear security features with the Home Office before releasing them to customers. The act lets the Home Office demand security features are disabled, without telling the public. Under the update, this would have to be immediate. [...]

The U.K. legislators pushing this believe, wrongly, that it must be possible for these messaging platforms to add "good guys only" back doors. That if they pass this law, the result will be that the nerds who work at these companies will be forced to figure out a way to comply. What will actually happen is that these companies will be forced to pull the services from U.K., because they can't comply, unless they scrap their current end-to-end encryption and replace it — worldwide — with something insecure, which they aren't going to do.

[...] And while it's Apple and iMessage/FaceTime that are getting the headlines today, it's WhatsApp that's the big player in the UK, with 75 percent of adult Britons using it monthly. It's hard to overstate how much outrage these legislators are poised to bring upon themselves if they effectively ban WhatsApp. (The legislators themselves surely all depend upon it.)

Original Submission

upstart writes:

NASA's unprecedented asteroid experiment is still churning out results:

Last year in a mission called DART, the space agency intentionally slammed a sacrificial spacecraft into an asteroid called Dimorphos, which was 7 million miles from Earth. Scientists hoped to prove civilization could alter the path of a menacing asteroid — should one be on a collision course with our planet — and they successfully nudged the (non-threatening) 525-foot-wide space rock.

Now, planetary researchers are watching the aftermath of the event to gather all the information possible about how to best change the trajectory of, or deflect, a future incoming asteroid. NASA released an image captured by the legendary Hubble Space Telescope — orbiting some 332 miles above Earth — showing a "swarm of boulders" from the experimental impact, which you can see below.

"This is a spectacular observation – much better than I expected," David Jewitt, a planetary scientist at The University of California, Los Angeles, said in a statement. "We see a cloud of boulders carrying mass and energy away from the impact target. The numbers, sizes, and shapes of the boulders are consistent with them having been knocked off the surface of Dimorphos by the impact."

"The boulders are some of the faintest things ever imaged inside our solar system," Jewitt added.

Original Submission

upstart writes:

It's still early days for AI in health care, but already racial bias has been found in some of the tools:

Doctors, data scientists and hospital executives believe artificial intelligence may help solve what until now have been intractable problems. AI is already showing promise to help clinicians diagnose breast cancer, read X-rays and predict which patients need more care. But as excitement grows, there's also a risk: These powerful new tools can perpetuate long-standing racial inequities in how care is delivered.

"If you mess this up, you can really, really harm people by entrenching systemic racism further into the health system," said Dr. Mark Sendak, a lead data scientist at the Duke Institute for Health Innovation.

These new health care tools are often built using machine learning, a subset of AI where algorithms are trained to find patterns in large data sets like billing information and test results. Those patterns can predict future outcomes, like the chance a patient develops sepsis. These algorithms can constantly monitor every patient in a hospital at once, alerting clinicians to potential risks that overworked staff might otherwise miss.

The data these algorithms are built on, however, often reflect inequities and bias that have long plagued U.S. health care. Research shows clinicians often provide different care to white patients and patients of color. Those differences in how patients are treated get immortalized in data, which are then used to train algorithms. People of color are also often underrepresented in those training data sets.

"When you learn from the past, you replicate the past. You further entrench the past," Sendak said. "Because you take existing inequities and you treat them as the aspiration for how health care should be delivered."

owl writes:

https://arcadeblogger.com/2023/07/22/environmental-discs-of-tron-roadside-pickup/

Environmental Discs of Tron (or EDOT for short) is arguably the most complex arcade cabinet of the Golden Age of videogaming. Working examples are hard to come by, and when they do, you can expect to pay handsomely for one!

What sets this game apart, is the thought that went into the cabinet design. Brian Colin (who we interviewed on the podcast a while back here), worked extensively on the game. Have a listen to his recollections of what made the game and cabinet so special.

So, finding one of these glorious pieces is a challenge these days. But can you imagine stumbling across one dumped in the street? Well, that's exactly what happened to my friend Tim Lapetino recently.

I was visiting my family in the Chicago suburbs recently, when my niece mentioned she saw "some TRON thing" sitting on a curb while she was riding her bike through the neighbourhood.

Of course we jumped in the car to go take a look, as it was just blocks away from where my parents and other family live. As we drove up to the spot, I uttered "What the &*@$?!" forgetting that my niece was in the car with us. And would you believe it – there it was. An EDOT was sitting by the curb

Tim Lapetino

Original Submission

Freeman writes:

https://arstechnica.com/tech-policy/2023/07/tsmc-delays-us-chip-fab-opening-says-us-talent-is-insufficient/

The Taiwan Semiconductor Manufacturing Company (TSMC) was supposed to have its first Arizona chip factory operational by late 2024 but now has confirmed significant delays. Primarily due to a shortage of technical workers with critical expertise in the US, TSMC projects to finish construction instead by 2025.

This is an "ominous delay," Bloomberg reported, and it comes right when investment in AI is booming.

[...] At the end of last month, TSMC confirmed it would be sending more Taiwanese workers to the US to ensure a "fast ramp up" of its $40 billion fab in Arizona, Reuters reported. A second Arizona fab is planned to be operational by 2026— the most advanced chip factory currently in production, Reuters reported—and, at least so far, it has not been confirmed whether the first fab's delay will result in any further delays on completing the second fab.

[...] Both officials and workers wonder how TSMC will spend US funding to finish its fabs. TSMC seeks up to $15 billion in funding from the CHIPS and Science Act, The Wall Street Journal reported, but has objected to some of the US conditions requiring that TSMC share profits and provide detailed information about its operations. The Biden administration has said that these conditions are only intended to ensure that TSMC makes appropriate use of taxpayer money.

It's clear, though, that TSMC is expected to hire and fairly pay US workers. Last year, President Joe Biden announced that building the first Arizona fab would employ "more than 3,000 union workers," and he previously promised that the CHIPS and Science Act was designed to "create good-paying American jobs."

Original Submission

hubie writes:

If you aren't familiar with the experiment where you try to count the number of times a basketball is passed between people, you should watch the video and try the experiment first before reading on.

Research Reveals We Can Spot the Unexpected Better than Commonly Believed:

We are quite good at spotting unexpected objects while focused on another activity if they are moving fast, reveals a new study by a team of New York University researchers. Their findings cast doubt on a long-standing view that our ability to see the unexpected is necessarily impaired when our attention is already directed elsewhere.

"For decades, it's been thought that when we're intently focused on something relevant, like driving or playing a game, we fail to spot something that unexpectedly enters our field of vision, even if it is clearly visible and moving," says Pascal Wallisch, a clinical associate professor at New York University's Center for Data Science and Department of Psychology and lead author of the paper, which appears in the Proceedings of the National Academy of Sciences. "Our study questions the generality of this view because it shows that people, while focusing on a task, are quite capable of noticing unexpected objects that are moving quickly. However, our research confirms that we are indeed less adept at noticing these same objects when they are moving slowly."

The research team, who also included Wayne Mackey, Michael Karlovich, and David Heeger, centered its study on "inattentional blindness"—the inability to notice unexpected objects if attention is focused on a task. [...]

This and similar studies characterized one of the most striking phenomena in cognitive psychology—inattentional blindness—as an inevitable flip side of task focusing, and essentially a deficit.

upstart writes:

Seven AI companies agree to safeguards in the US:

Seven leading companies in artificial intelligence have committed to managing risks posed by the tech, the White House has said.

This will include testing the security of AI, and making the results of those tests public.

Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI joined US President Joe Biden to make the announcement.

It follows a number of warnings about the capabilities of the technology.

The pace at which the companies have been developing their tools have prompted fears over the spread of disinformation, especially in the run up to the 2024 US presidential election.

"We must be clear-eyed and vigilant about the threats emerging from emerging technologies that can pose - don't have to but can pose - to our democracy and our values," President Joe Biden said during remarks on Friday.

[...] As part of the agreement signed on Friday, the companies agreed to:

• Security testing of their AI systems by internal and external experts before their release.
• Ensuring that people are able to spot AI by implementing watermarks.
• Publicly reporting AI capabilities and limitations on a regular basis.
• Researching the risks such as bias, discrimination and the invasion of privacy.

The goal is for it to be easy for people to tell when online content is created by AI, the White House added.