SoylentNews

upstart writes:

Google announces new algorithm that makes FIDO encryption safe from quantum computers:

The FIDO2 industry standard adopted five years ago provides the most secure known way to log in to websites because it doesn't rely on passwords and has the most secure form of  built-in two-factor authentication. Like many existing security schemes today, though, FIDO faces an ominous if distant threat from quantum computing, which one day will cause the currently rock-solid cryptography the standard uses to completely crumble.

Over the past decade, mathematicians and engineers have scrambled to head off this cryptopocalypse with the advent of PQC—short for post-quantum cryptography—a class of encryption that uses algorithms resistant to quantum-computing attacks. This week, researchers from Google announced the release of the first implementation of quantum-resistant encryption for use in the type of security keys that are the basic building blocks of FIDO2.

The best known implementation of FIDO2 is the passwordless form of authentication: passkeys. So far, there are no known ways passkeys can be defeated in credential phishing attacks. Dozens of sites and services now allow users to log in using passkeys, which use cryptographic keys stored in security keys, smartphones, and other devices.

"While quantum attacks are still in the distant future, deploying cryptography at Internet scale is a massive undertaking which is why doing it as early as possible is vital," Elie Bursztein and Fabian Kaczmarczyck, cybersecurity and AI research director, and software engineer, respectively, at Google wrote. "In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized post-quantum cryptography resilient cryptography and this new standard is supported by major browser vendors."

More about security keys from Wikipedia.

Original Submission

owl writes:

https://www.righto.com/2023/08/datapoint-to-8086.html

The Intel 8086 processor started the x86 architecture that is still extensively used today. The 8086 has some quirky characteristics: it is little-endian, has a parity flag, and uses explicit I/O instructions instead of just memory-mapped I/O. It has four 16-bit registers that can be split into 8-bit registers, but only one that can be used for memory indexing. Surprisingly, the reason for these characteristics and more is compatibility with a computer dating back before the creation of the microprocessor: the Datapoint 2200, a minicomputer with a processor built out of TTL chips. In this blog post, I'll look in detail at how the Datapoint 2200 led to the architecture of Intel's modern processors, step by step through the 8008, 8080, and 8086 processors.

The Datapoint 2200

In the late 1960s, 80-column IBM punch cards were the primary way of entering data into computers, although CRT terminals were growing in popularity. The Datapoint 2200 was designed as a low-cost terminal that could replace a keypunch, with a squat CRT display the size of a punch card. By putting some processing power into the Datapoint 2200, it could perform data validation and other tasks, making data entry more efficient. Even though the Datapoint 2200 was typically used as an intelligent terminal, it was really a desktop minicomputer with a "unique combination of powerful computer, display, and dual cassette drives." Although now mostly forgotten, the Datapoint 2200 was the origin of the 8-bit microprocessor, as I'll explain below.

The memory storage of the Datapoint 2200 had a large impact on its architecture and thus the architecture of today's computers. In the 1960s and early 1970s, magnetic core memory was the dominant form of computer storage. It consisted of tiny ferrite rings, threaded into grids, with each ring storing one bit. Magnetic core storage was bulky and relatively expensive, though.

Original Submission

hubie writes:

Eventually everything will evaporate, not only black holes:

New theoretical research by Michael Wondrak, Walter van Suijlekom and Heino Falcke of Radboud University has shown that Stephen Hawking was right about black holes, although not completely. Due to Hawking radiation, black holes will eventually evaporate, but the event horizon is not as crucial as has been believed. Gravity and the curvature of spacetime cause this radiation too. This means that all large objects in the universe, like the remnants of stars, will eventually evaporate.

[...] Van Suijlekom: 'We show that far beyond a black hole the curvature of spacetime plays a big role in creating radiation. The particles are already separated there by the tidal forces of the gravitational field.' Whereas it was previously thought that no radiation was possible without the event horizon, this study shows that this horizon is not necessary.

Falcke: 'That means that objects without an event horizon, such as the remnants of dead stars and other large objects in the universe, also have this sort of radiation. And, after a very long period, that would lead to everything in the universe eventually evaporating, just like black holes. This changes not only our understanding of Hawking radiation but also our view of the universe and its future.'

Journal Reference:
Michael F. Wondrak, Walter D. van Suijlekom and Heino Falcke, Gravitational Pair Production and Black Hole Evaporation, Phys. Rev. Lett., 2 June 2023. DOI: 10.1103/PhysRevLett.130.221502

Original Submission

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

A non-profit called the Open Enterprise Linux Association (OpenELA) has been formed by Oracle, SUSE, CIQ, and other organizations that make Red Hat Enterprise Linux (RHEL) and CentOS rebuilds.

The OpenELA homepage opens with some strong, even confrontational words: "No subscriptions. No passwords. No barriers. Freeloaders welcome." That's a reference to the drama around RHEL and the recently erected paywall around its source code.

The non-profit's primary backers naturally all issued statements: Oracle, SUSE, and CIQ.

[...] . The Reg FOSS Desk is reminded strongly of UnitedLinux, an organization founded in 2002 to offer an enterprise Linux distro mainly distinguished by being, well, not Red Hat. A year later, it offered certification, but after emitting a SUSE-based version 1.0 product, it disappeared.

What is chiefly notable by its absence from the OpenELA membership list is the main other modern RHEL rebuild AlmaLinux, which is backed by CloudLinux – as well as AMD and some others. AlmaLinux is also notable because it's also endorsed by CERN and FermiLab, although the latter formerly had their own RHEL rebuild, the now-dormant Scientific Linux. Another AlmaLinux backer, Sine Nomina Associates, formerly offered the ClefOS rebuild of CentOS for IBM z.

The other academic-sponsored RHEL rebuild whose name is thus far missing from the list is Springdale Linux, formerly if less euphoniously known as PUIAS Linux, after its parent organizations, Princeton University and the Institute of Advanced Studies. After issuing a cautious comment about Red Hat's source code distribution changes, it has gone quiet.

[...] . We note with some amusement that Microsoft's Linux container distro CBL Mariner, version 2.0.2 of which appeared Thursday, is also RPM-based. Perhaps the Seattle giant might like to join the OpenELA, too.

Original Submission

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

A recently discovered security vulnerability impacting select Intel CPUs released between 2015 and 2019 has been patched thanks to a new software-level microcode update. Unfortunately, early testing has revealed some pretty significant performance penalties introduced by the mitigation effort.

Rob published a comprehensive report on Downfall yesterday. For the sake of brevity, I'll simply direct you to his article should you need to get up to speed on the vulnerability. Intel also has a list of affected processors.

Michael Larabel from Phoronix has put the microcode update to the test using a variety of processors including a pair of Xeon Platinum 8380 chips, a Xeon Gold 6226R, and a Core i7-1165G7 across multiple workloads in Linux.

[...] . It's worth noting that there is an opt-out mechanism in the microcode that allows users to disable the mitigation should they deem the performance hit too steep or don't believe they operate in an environment where they'd be susceptible to an attack. As Tom's Hardware notes, the complexity of the attack could also play into your decision on whether or not to bypass the mitigation.

Original Submission

taylorvich writes:

https://techxplore.com/news/2023-08-zinc-air-batteries-future-powering-electric.html

Zinc-air batteries have emerged as a better alternative to lithium in a recent Edith Cowan University (ECU) study into the advancement of sustainable battery systems.

ECU's Dr. Muhammad Rizwan Azhar led the project which discovered lithium-ion batteries, although a popular choice for electric vehicles around the world, face limitations related to cost, finite resources, and safety concerns. The work is published in the journal EcoMat.
...
A zinc–air battery consists of a zinc negative electrode and an air positive electrode.
...
ECU's breakthrough has enabled engineers to use a combination of new materials, such as carbon, cheaper iron and cobalt based minerals to redesign zinc-air batteries.
"The new design has been so efficient it suppressed the internal resistance of batteries, and their voltage was close to the theoretical voltage which resulted in a high peak power density and ultra-long stability," Dr. Azhar said.

Original Submission

upstart writes:

And this time nobody got sued:

In early August of 2008, almost exactly 15 years ago, the Defcon hacker conference in Las Vegas was hit with one of the worst scandals in its history. Just before a group of MIT students planned to give a talk at the conference about a method they'd found to get free rides on Boston's subway system—known as the Massachusetts Bay Transit Authority—the MBTA sued them and obtained a restraining order to prevent them from speaking. The talk was canceled, but not before the hackers' slides were widely distributed to conference attendees and published online.

In the summer of 2021, 15-year-olds Matty Harris and Zachary Bertocchi were riding the Boston subway when Harris told Bertocchi about a Wikipedia article he'd read that mentioned this moment in hacker history. The two teenagers, both students at Medford Vocational Technical High School in Boston, began musing about whether they could replicate the MIT hackers' work, and maybe even get free subway rides.

They figured it had to be impossible. "We assumed that because that was more than a decade earlier, and it had got heavy publicity, that they would have fixed it," Harris says.

Bertocchi skips to the end of the story: "They didn't."

Now, after two years of work, that pair of teens and two fellow hacker friends, Noah Gibson and Scott Campbell, have presented the results of their research at the Defcon hacker conference in Las Vegas. In fact, they not only replicated the MIT hackers' 2008 tricks, but took them a step further. [...]

dw861 writes:

As reported by The Verge
https://www.theverge.com/2023/8/17/23836287/microsoft-ai-recommends-ottawa-food-bank-tourist-destination

and

the Canadian Broadcasting Corporation
https://www.cbc.ca/news/canada/ottawa/artificial-intelligence-microsoft-travel-ottawa-food-bank-1.6940356

In 2020 Microsoft laid off dozens of journalists, in a move to rely on artificial intelligence. Those journalists were responsible for selecting content for Microsoft platforms, including MSN and the Edge browser. A recent tourism article now reminds us of that earlier business decision.

Published last week and titled "Headed to Ottawa? Here's what you shouldn't miss!" the article listed 15 must-see attractions for visitors to the Canadian capital. Microsoft has since removed the article that advised tourists to visit the "beautiful" Ottawa Food Bank on an empty stomach. That appears to be an out-of-context rewrite of a paragraph on the food bank's website. "Life is challenging enough," it says. "Imagine facing it on an empty stomach."

The remainder of the must-see list was rife with errors. It featured a photo of the Rideau River in an entry about the Rideau Canal, and a photo of the Rideau Canal in an entry about Parc Omega near Montebello, Quebec. It advised tourists to enjoy the pristine grass of "Parliament Hills."

The article carried the byline "Microsoft Travel." There is nothing on the page that identifies it as the product of AI. Microsoft did not immediately respond to a request for comment on how the article was generated. While now removed, it is still available via the Internet Archive.
https://web.archive.org/web/20230814223742/https://www.msn.com/en-gb/lifestyle/travel/headed-to-ottawa-here-s-what-you-shouldn-t-miss/ar-AA1faajY

Original Submission

upstart writes:

To Battle New Threats, Spy Agencies to Share More Intelligence With Private Sector:

U.S. spy agencies will share more intelligence with U.S. companies, nongovernmental organizations and academia under a new strategy released this week that acknowledges concerns over new threats, such as another pandemic and increasing cyberattacks.

The National Intelligence Strategy, which sets broad goals for the sprawling U.S. intelligence community, says that spy agencies must reach beyond the traditional walls of secrecy and partner with outside groups to detect and deter supply-chain disruptions, infectious diseases and other growing transnational threats.

The intelligence community "must rethink its approach to exchanging information and insights," the strategy says.

The U.S. government in recent years has begun sharing vast amounts of cyber-threat intelligence with U.S. companies, utilities and others who are often the main targets of foreign hackers, as well as information on foreign-influence operations with social-media companies.

[...] Illustrating the changing threats, a senior U.S. official said that the daily intelligence briefing prepared for President Biden and his top advisers—once dominated by terrorism and the Middle East—now regularly covers topics as varied as China's artificial-intelligence work, the geopolitical impacts of climate change, and semiconductor chips.

[...] The 16-page document, which contains no budget or program details, also says spy agencies must support the U.S. in its competition with authoritarian governments such as China and Russia, particularly in technological arenas.

On transnational threats such as financial crises, narcotics trafficking, supply-chain disruption and infectious diseases, the document calls on intelligence agencies to strengthen their internal capabilities to warn U.S. policymakers of looming threats.

[...] The emphasis on greater intelligence sharing is part of a broader trend toward declassification that the Biden administration has pursued. The United States has released unprecedented levels of formerly secret intelligence to warn of Russia's plans in Ukraine and its quest for weapons from China, Iran and North Korea.

Original Submission

upstart writes:

Study of traditional society in Amazon suggests why evolution hasn't purged harmful variant:

Roughly one in five people are born with at least one copy of a gene variant called APOE4 that makes them more prone to heart disease and Alzheimer's disease in old age. That the variant is so common poses an evolutionary mystery: If it decreases our fitness, why hasn't APOE4 been purged from the human population over time?

Now, a study of nearly 800 women in a traditional society in the Amazon finds that those with the disease-promoting variant had slightly more children. Such a fertility benefit may have allowed the gene to persist during human evolution despite its harmful effects for older people today.

[...] The APOE gene encodes apolipoprotein E, a molecule that helps the body transport cholesterol in the blood. There are three main variants and people can inherit a mix from their parents, with the one called APOE3 being much more common than APOE4. In populations of European ancestry, having one copy of APOE4 raises a person's risk of cardiovascular disease and triples their odds of developing Alzheimer's disease; those with two copies face a 12-fold or higher risk of the brain condition.

[...] University of Copenhagen epidemiologist Rudolf Westendorp notes that his team, which saw a similar result in a Ghanaian population, has also observed such a trade-off in families with another cholesterol-related gene variant that raises heart disease risks: In the 19th century when many people died from infections, carriers actually lived longer. "In the past, carriers of that gene had a survival benefit, which explains why the variants are present nowadays," he says.

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

The Moon is so hot right now, metaphorically speaking. Several US government agencies, private space ventures, and foreign governments like China are plotting for mankind’s return to the lunar surface over the next decade. Unlike the days of Apollo, the modern-day race to the Moon involves establishing a sustainable presence and a thriving economy on and around Earth’s natural satellite.

In an attempt to guide ongoing efforts in establishing a lunar infrastructure, the Defense Advanced Research Projects Agency (DARPA) kicked off a seven-month study dedicated to developing an analytical framework for scientific and commercial activity on the Moon. Through the 10-Year Lunar Architecture, or LunA-10, study, DARPA is seeking ideas for technology and infrastructure concepts that could help build a Moon-based economy within the next decade.

“A large paradigm shift is coming in the next 10 years for the lunar economy,” Michael Nayak, program manager at DARPA’s Strategic Technology Office, said in a statement. “To get to a turning point faster, LunA-10 uniquely aims to identify solutions that can enable multi-mission lunar systems – imagine a wireless power station that can also provide comms and navigation in its beam.”

[...] Luna-10 will select a group of companies that have an idea for lunar services, allowing them to work together to develop an integrated system for lunar communication, energy, transmission or other building blocks necessary to create a future economy on the Moon. The participating companies will be announced in October 2023, with the final report due by June 2024.

DARPA, however, will not fund the construction or transportation of any of the concepts developed as part of the study. Instead, the agency will provide its “economic expertise to all LunA-10 teams to help analyze and validate definitions of a critical mass to create a thriving, survivable lunar economy,” DARPA wrote in its statement.

Original Submission

takyon writes:

Russia's Luna-25 spacecraft crashes into Moon

Russia's unmanned Luna-25 spacecraft has crashed into the Moon after spinning out of control, officials say.

It was Russia's first Moon mission in almost 50 years.

The craft was due to be the first ever to land on the Moon's south pole, but failed after encountering problems as it moved into its pre-landing orbit.

[...] Roscosmos, Russia's state space corporation, said on Sunday morning that it had lost contact with the Luna-25 shortly after 14:57pm (11:57 GMT) on Saturday.

Preliminary findings showed that the 800kg lander had "ceased to exist as a result of a collision with the surface of the Moon", it said in a statement.

Previously: Russia Heads Back to the Moon With Luna 25

Original Submission

upstart writes:

But its suggestions are so annoyingly plausible:

ChatGPT, OpenAI's fabulating chatbot, produces wrong answers to software programming questions more than half the time, according to a study from Purdue University. That said, the bot was convincing enough to fool a third of participants.

The Purdue team analyzed ChatGPT's answers to 517 Stack Overflow questions to assess the correctness, consistency, comprehensiveness, and conciseness of ChatGPT's answers. The US academics also conducted linguistic and sentiment analysis of the answers, and questioned a dozen volunteer participants on the results generated by the model.

"Our analysis shows that 52 percent of ChatGPT answers are incorrect and 77 percent are verbose," the team's paper concluded. "Nonetheless, ChatGPT answers are still preferred 39.34 percent of the time due to their comprehensiveness and well-articulated language style." Among the set of preferred ChatGPT answers, 77 percent were wrong.

OpenAI on the ChatGPT website acknowledges its software "may produce inaccurate information about people, places, or facts." We've asked the lab if it has any comment about the Purdue study.

The pre-print paper is titled, "Who Answers It Better? An In-Depth Analysis of ChatGPT and Stack Overflow Answers to Software Engineering Questions." It was written by researchers Samia Kabir, David Udo-Imeh, Bonan Kou, and assistant professor Tianyi Zhang.

"During our study, we observed that only when the error in the ChatGPT answer is obvious, users can identify the error," their paper stated. "However, when the error is not readily verifiable or requires external IDE or documentation, users often fail to identify the incorrectness or underestimate the degree of error in the answer."

Even when the answer has a glaring error, the paper stated, two out of the 12 participants still marked the response preferred. The paper attributes this to ChatGPT's pleasant, authoritative style.

"From semi-structured interviews, it is apparent that polite language, articulated and text-book style answers, comprehensiveness, and affiliation in answers make completely wrong answers seem correct," the paper explained.

Journal Reference:
Kabir, Samia, Udo-Imeh, David N., Kou, Bonan, et al. Who Answers It Better? An In-Depth Analysis of ChatGPT and Stack Overflow Answers to Software Engineering Questions, arXiv (DOI: 10.48550/arXiv.2308.02312)

Original Submission

hubie writes:

Chemical Found in Common Sweetener Damages DNA:

A new study finds a chemical formed when we digest a widely used sweetener is "genotoxic," meaning it breaks up DNA. The chemical is also found in trace amounts in the sweetener itself, and the finding raises questions about how the sweetener may contribute to health problems.

At issue is sucralose, a widely used artificial sweetener. Previous work by the same research team established that several fat-soluble compounds are produced in the gut after sucralose ingestion. One of these compounds is sucralose-6-acetate.

"Our new work establishes that sucralose-6-acetate is genotoxic," says Susan Schiffman, corresponding author of the study and an adjunct professor in the joint department of biomedical engineering at North Carolina State University and the University of North Carolina at Chapel Hill. "We also found that trace amounts of sucralose-6-acetate can be found in off-the-shelf sucralose, even before it is consumed and metabolized.

"To put this in context, the European Food Safety Authority has a threshold of toxicological concern for all genotoxic substances of 0.15 micrograms per person per day," Schiffman says. "Our work suggests that the trace amounts of sucralose-6-acetate in a single, daily sucralose-sweetened drink exceed that threshold. And that's not even accounting for the amount of sucralose-6-acetate produced as metabolites after people consume sucralose."

[...] "In short, we found that sucralose-6-acetate is genotoxic, and that it effectively broke up DNA in cells that were exposed to the chemical," Schiffman says.

[...] "This work raises a host of concerns about the potential health effects associated with sucralose and its metabolites. It's time to revisit the safety and regulatory status of sucralose, because the evidence is mounting that it carries significant risks. If nothing else, I encourage people to avoid products containing sucralose. It's something you should not be eating."

Journal Reference:
Susan S. Schiffman et al., "Toxicological and pharmacokinetic properties of sucralose-6-acetate and its parent sucralose: in vitro screening assays" [open], Journal of Toxicology and Environmental Health, Part B, 2023. DOI: 10.1080/10937404.2023.2213903

Original Submission

Arthur T Knackerbracket has processed the following story:

On August 16, the Debian blog announced that the project is now officially 30 years old. The Linux distro was established by Ian A. Murdock in 1993, with a message sent to the comp.os.linux.development newsgroup.

[...] Murdock sparked a movement within the Free Open Source Software (FOSS) community, the Debian blog remarks, and he continued to work on the OS before the Debian Project organization took over. The free operating system is now aided by volunteers all around the world, with support from users, contributors, developers, and of course sponsors.

Debian calls itself the "Universal Operating System," and the system can indeed be found almost everywhere. The OS powers cluster systems, data centers, desktop PCs, embedded systems, IoT devices, laptops, and servers. It can even be found on the computers aboard the International Space Station, with specific, embedded projects conceived to support educational institutions (Debian Edu), scientific research (Debian Science), accessibility (Debian Accessibility), and more.

The best testament to Debian's ongoing success is, however, the fact that it gave birth to more derivative projects than any other Linux distro. Debian is the beating "heart" of gLinux Rodete, the Linux OS internally run by Google, it provided a very convenient way (free as "free in beer") to build some of the most massive cloud infrastructures available today (AWS), and of course it was used as the foundation of Ubuntu.

Nowadays, Ubuntu Linux formally is the most popular free OS with a 33.9% market share, while Debian gets the second place with a 16% share. And then there's the ginormous Chinese market, where Beijing authorities promoted a program to replace Windows with Linux. Chinese users adopted Kylin, which is an Ubuntu remix, and Uniontech's UOS systems with the end-user Linux Deepin system, which is also based on Debian.

Original Submission