SoylentNews

taylorvich writes:

https://phys.org/news/2023-08-oil-microbes-reshape-droplets-optimize.html

A team of French and Japanese environmental scientists has found that one kind of oil-eating microbe reshapes droplets to optimize biodegradation. In their study, reported in the journal Science, the group isolated Alcanivorax borkumensis bacteria specimens in a lab setting, fed them crude oil, and then watched how they worked together to eat the oil as quickly and efficiently as possible.
...
In one experiment, A. borkumensis samples that had not been exposed to crude oil before were introduced to simple crude oil droplets. Groups of the bacteria converged on a droplet, forming a sphere. The sphere shape persisted until the entire oil droplet had been consumed.

But when the team exposed samples with experience consuming crude oil, their behavior was much more advanced. Initially, upon converging on a droplet, a sphere formed—but then finger-like protrusions formed, radiating out from the sphere, each completely covered with bacteria. The result was much faster, more efficient consumption of the droplet.

Journal Reference:
M. Prasad et al, Alcanivorax borkumensis biofilms enhance oil degradation by interfacial tubulation, Science (2023). DOI: 10.1126/science.adf3345

Original Submission

upstart writes:

Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files:

A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.

The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families, including DarkMe, GuLoader, and Remcos RAT.

From there, the criminals withdraw money from broker accounts. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month.

[...] WinRAR has more than 500 million users who rely on the program to compress large files to make them more manageable and quicker to upload and download. It's not uncommon for people to immediately decompress the resulting ZIP files without inspecting them first. Even when people attempt to examine them for malice, antivirus software often has trouble peering into the compressed data to identify malicious code.

The malicious ZIP archives Group-IB found were posted on public forums used by traders to swap information and discuss topics related to cryptocurrencies and other securities. In most cases, the malicious ZIPs were attached to forum posts. In other cases, they were distributed on the file storage site catbox[.]moe. Group-IB identified eight popular trading forums used to spread the files.

Additional details can be found at: ZDI-23-1152

Original Submission

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

US government regulators reportedly tried to come to an agreement with TikTok to prevent banning the app that would have granted the federal government vast powers over the app. That’s according to a draft of a deal between TikTok and the Committee on Foreign Investment in the United States (CFIUS) obtained by Forbes, a contract that would have given multiple US agencies unprecedented access into the app’s records and operations. Many of the concessions the government asked of TikTok look eerily similar to the surveillance tactics critics have accused Chinese officials of abusing. To allay fears the short-form video app could be used as a Chinese surveillance tool, the federal government nearly transformed it into an American one instead.

Forbes reports that the draft agreement, dated Summer 2022, would have given the US government agencies like the Department of Justice and Department of Defense far more access to TikTok’s operations than that of any other social media company. The agreement would let agencies examine TikTok’s US facilities, records, and servers with minimal prior notice and veto the hiring of any executive involved with leading TikTok US data security organization. It would also let US agencies block changes to the app’s terms of service in the US and order the company to subject itself to various audits, all on TikTok’s dime, per Forbes. In extreme cases, the agreement would allow government organizations to demand TikTok temporarily shut off functioning in the US.

CFIUS did not immediately respond to Gizmodo’s request for comment. TikTok would not confirm or deny the draft agreement but instead sent us this statement.

“As has been widely reported, we’ve been working with CFIUS for well over a year to implement a national security agreement and have invested significant resources in implementing a firewall to isolate U.S. user data,” a TikTok spokesperson said. “Today, all new protected U.S. user data is stored in the Oracle Cloud Infrastructure in the U.S. with tightly controlled and monitored gateways. We are doing more than any peer company to safeguard U.S. national security interests.”

Original Submission

owl writes:

https://www.errno.fr/BypassingBitlocker.html

Have you ever been told that the company's data on laptops is protected thanks to BitLocker? Well it turns out that this depends on BitLocker's configuration...

The BitLocker partition is encrypted using the Full Volume Encryption Key (FVEK). The FVEK itself is encrypted using the Volume Master Key (VMK) and stored on the disk, next to the encrypted data. This permits key rotations without re-encrypting the whole disk.

The VMK is stored in the TPM. Thus the disk can only be decrypted when booted from this computer (there is a recovery mechanism in Active Directory though).

In order to decrypt the disk, the CPU will ask that the TPM sends the VMK over the SPI bus.

The vulnerability should be obvious: at some point in the boot process, the VMK transits unencrypted between the TPM and the CPU. This means that it can be captured and used to decrypt the disk.

Original Submission

acid andy writes:

Arthur T Knackerbracket has processed the following story:

Since the 17th century, when Isaac Newton and Christiaan Huygens first debated the nature of light, scientists have been puzzling over whether light is best viewed as a wave or a particle—or perhaps, at the quantum level, even both at once. Now, researchers at Stevens Institute of Technology have revealed a new connection between the two perspectives, using a 350-year-old mechanical theorem—ordinarily used to describe the movement of large, physical objects like pendulums and planets—to explain some of the most complex behaviors of light waves.

The work, led by Xiaofeng Qian, assistant professor of physics at Stevens and reported in the August 17 online issue of Physical Review Research, also proves for the first time that a light wave's degree of non-quantum entanglement exists in a direct and complementary relationship with its degree of polarization. As one rises, the other falls, enabling the level of entanglement to be inferred directly from the level of polarization, and vice versa. This means that hard-to-measure optical properties such as amplitudes, phases and correlations—perhaps even these of quantum wave systems—can be deduced from something a lot easier to measure: light intensity.

"We've known for over a century that light sometimes behaves like a wave, and sometimes like a particle, but reconciling those two frameworks has proven extremely difficult," said Qian "Our work doesn't solve that problem—but it does show that there are profound connections between wave and particle concepts not just at the quantum level, but at the level of classical light-waves and point-mass systems."

Qian's team used a mechanical theorem, originally developed by Huygens in a 1673 book on pendulums, that explains how the energy required to rotate an object varies depending on the object's mass and the axis around which it turns. "This is a well-established mechanical theorem that explains the workings of physical systems like clocks or prosthetic limbs," Qian explained. "But we were able to show that it can offer new insights into how light works, too."

[...] "Essentially, we found a way to translate an optical system so we could visualize it as a mechanical system, then describe it using well-established physical equations," explained Qian.

Journal information:
More information: Xiao-Feng Qian et al, Bridging coherence optics and classical mechanics: A generic light polarization-entanglement complementary relation, Physical Review Research (2023). DOI: 10.1103/PhysRevResearch.5.033110

Journal information: Physical Review Research

PDF available at https://journals.aps.org/prresearch/pdf/10.1103/PhysRevResearch.5.033110. [Added by JR 29/08/23 at 08:39 UTC]

Original Submission

canopic jug writes:

The ScheerPost has published a sermon which Chris Hedges gave on Sunday Aug. 20 in Oslo, Norway at Kulturkirken Jakob (St. James Church of Culture) where the actor and film director Liv Ullmann read the scripture passages. Chris Hedges is a Pulitzer Prize–winning journalist who has worked for many years at the New York Times, NPR, and several other publications. In his sermon he expounds on the long-standing problem of speaking truth to power.

Julian exposed the truth. He exposed it over and over and over until there was no question of the endemic illegality, corruption and mendacity that defines the global ruling class And for these truths they came after Julian, as they have come after all who dared rip back the veil on power. "Red Rosa now has vanished too," Bertolt Brecht wrote after the German socialist Rosa Luxemburg was murdered. "She told the poor what life is about, And so the rich have rubbed her out."

We have undergone a corporate coup, where poor and working men and women are reduced to joblessness and hunger, where war, financial speculation and internal surveillance are the only real business of the state, where even habeas corpus no longer exists, where we, as citizens, are nothing more than commodities to corporate systems of power, ones to be used, fleeced and discarded.

Given the massive quantities of disinformation spread over a longer period of time against Julian Assange, and the media blackout on coverage of his case and how it effects journalism as a whole, this is a difficult case to find a concise and accurate summary to link to. The bottom line is that, regardless of what one thinks (or has been told to think) about Julian Assange, the case hinges on factors which will determine whether or not there is a future for investigative reporting.

Previously:
(2023) Australian Lawmakers Press US Envoy for Julian Assange Release
(2023) No NGO Has Been Allowed to See Julian Assange Since Four Years Ago
(2022) Biden Faces Growing Pressure to Drop Charges Against Julian Assange
(2022) Assange Lawyers Sue CIA for Spying on Them
(2021) Key Witness in Assange Case Jailed in Iceland After Admitting to Lies and Ongoing Crime Spree
...
(2015) French Justice Minister Says Snowden and Assange Could Be Offered Asylum

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2023/08/hell-freezes-over-as-apple-supports-right-to-repair-bill/

Somewhere, ol' Beelzebub is putting on his thickest coat because Apple has endorsed a right-to-repair bill, suggesting hell has frozen over. In a letter dated August 22, Apple showed its support for California's right-to-repair bill, SB 244, after spending years combatting DIY repair efforts.

As reported by TechCrunch, the letter, written to California state Senator Susan Eggman, declared that Apple supports SB 244 and urged the legislature to pass it.

[...] The bill has been praised by right-to-repair activists like iFixit, who says the bill goes further than right-to-repair laws passed in Minnesota and New York. Minnesota's law was considered the most all-encompassing right-to-repair legislation yet. Some activists, though, lamented that companies aren't required to sell parts and tools for devices not actively sold. California's bill, however, keeps vendors on the hook for three years after the last date of manufacture if the product is $50 to $99.99 and seven years if it's over $99.99.

The bill also allows a city, county, or state to bring a related case to superior court rather than only a state attorney general, as noted by iFixit's blog post Wednesday.

Original Submission

upstart writes:

Crypto botnet on X is powered by ChatGPT:

ChatGPT may well revolutionize web search, streamline office chores, and remake education, but the smooth-talking chatbot has also found work as a social media crypto huckster.

Researchers at Indiana University Bloomington discovered a botnet powered by ChatGPT operating on X—the social network formerly known as Twitter—in May of this year.

The botnet, which the researchers dub Fox8 because of its connection to cryptocurrency websites bearing some variation of the same name, consisted of 1,140 accounts. Many of them seemed to use ChatGPT to craft social media posts and to reply to each other's posts. The auto-generated content was apparently designed to lure unsuspecting humans into clicking links through to the crypto-hyping sites.

[...] The Fox8 botnet might have been sprawling, but its use of ChatGPT certainly wasn't sophisticated. The researchers discovered the botnet by searching the platform for the tell-tale phrase "As an AI language model ...", a response that ChatGPT sometimes uses for prompts on sensitive subjects. They then manually analyzed accounts to identify ones that appeared to be operated by bots.

[...] Despite the tic, the botnet posted many convincing messages promoting cryptocurrency sites. The apparent ease with which OpenAI's artificial intelligence was apparently harnessed for the scam means advanced chatbots may be running other botnets that have yet to be detected. "Any pretty-good bad guys would not make that mistake," Menczer says.

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

The United Nations' proposed Global Digital Compact will exclude technical experts as a distinct voice in internet governance, ignoring their enormous contributions to growing and sustaining the internet, according to ICANN and two of the world's regional internet registries.

The Global Digital Compact is an effort to "outline shared principles for an open, free and secure digital future for all." The UN hopes the compact will address issues such as digital inclusion, internet fragmentation, giving individuals control over how their data is used, and making the internet trustworthy "by introducing accountability criteria for discrimination and misleading content."

But ICANN, the Asia Pacific Network Information Centre (APNIC), and the American Registry for Internet Numbers (ARIN) worry that recent articulations of the Compact suggest it should use a tripartite model for digital cooperation with three stakeholder groups: the private sector, governments, and civil society.

That's dangerous, ICANN and co argue, because technical stakeholders would lose their distinct voice.

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

A prototype satellite built to test a deployable drag sail to de-orbit satellites appears to have fulfilled its purpose, burning up on re-entry earlier this month after spending just 445 days in orbit.

SBUDNIC, an acronym chosen to be a play on "Sputnik," was put together by students at Brown University, Rhode Island, using low-cost off-the-shelf commercial components. The CubeSat design featured a drag sail made from Kapton polyimide film, and with structural supports of thin aluminum tubing, which deployed once the satellite was in orbit.

[...] The project appears to have been successful in this respect, according to tracking data the team obtained from US Space Command. It indicated that SBUDNIC was about 470 kilometers (292 miles) above the Earth in early March, while other comparably sized satellites deployed to a similar orbit as part of the same mission were still at altitudes of 500 kilometers (310 miles) or more.

[...] Previous predictions had suggested that the drag device would reduce the orbital lifetime of SBUDNIC from over 20 years to as few as 6.5 years, but in reality it was brought down in about a year and a quarter.

[...] "Rather than taking junk out of space after it becomes a problem, we have this $30 drag device you can just throw onto satellites and radically reduce how long they're in space," Ganjikunta said.

Of course, this requires future satellites to be designed to have a similar mechanism built in, and so does not help to address existing space junk, but every little presumably helps.

SBUDNIC was a 3U CubeSat, meaning it was effectively the size of three 10cm cubes joined together. It was based around a $10 Arduino system plus 65 AA lithium batteries and included a variety of 3D-printed parts produced with consumer-grade printers.

Previously: Student Satellite Demos Drag Sail to De-orbit Old Hardware

Original Submission

Freeman writes:

https://arstechnica.com/tech-policy/2023/08/youtube-may-face-billions-in-fines-if-ftc-confirms-child-privacy-violations/

Four nonprofit groups seeking to protect kids' privacy online asked the Federal Trade Commission (FTC) to investigate YouTube today, after back-to-back reports allegedly showed that YouTube is still targeting personalized ads on videos "made for kids."

Now it has become urgent that the FTC probe YouTube's data and advertising practices, the groups' letter said, and potentially intervene. Otherwise, it's possible that YouTube could continue to allegedly harvest data on millions of kids, seemingly in violation of the Children's Online Privacy Protection Act (COPPA) and the FTC Act.

The first report alleging YouTube's noncompliance with federal laws came last week from Adalytics and was quickly corroborated by research from Fairplay, one of the groups behind the FTC letter, The New York Times reported. Both groups ran ad campaigns to test if YouTube was really blocking all personalized ads from appearing in children's channels, as YouTube said it was. Both found that "Google and YouTube permit and report on behavioral ad targeting on 'made-for-kids' videos, even though neither should be possible under COPPA."

Google spokesperson Michael Aciman told The New York Times that these reports "point to a fundamental misunderstanding of how advertising works on made-for-kids content."

[...] But in their letter, child advocates told FTC Chair Lina Khan that they have "serious questions" about whether Google is being honest about ad targeting. After running targeted ad campaigns, Fairplay reported that YouTube placed its behavioral ads on children's channels 1,446 times. If YouTube was operating in compliance with COPPA as it claimed, Fairplay said that these campaigns would have resulted in zero ad placements.

Original Submission

Arthur T Knackerbracket writes:

Arthur T Knackerbracket has processed the following story:

Roughly a century before the Inca empire came to power in A.D. 1400, blasts of human-produced thunder may have rumbled off a ridge high in the Andes Mountains.

New evidence indicates that people who lived there around 700 years ago stomped rhythmically on a special dance floor that amplified their pounding into a thunderous boom as they worshipped a thunder god.

Excavations at a high-altitude site in Peru called Viejo Sangayaico have revealed how members of a regional farming and herding group, the Chocorvos, constructed this reverberating platform, says archaeologist Kevin Lane of the University of Buenos Aires. Different layers of soil, ash and guano created a floor that absorbed shocks while emitting resonant sounds when people stomped on it. This ceremonial surface worked like a large drum that groups of 20 to 25 people could have played with their feet, Lane reports in the September Journal of Anthropological Archaeology.

These findings, from a ridgetop ritual area that faces a nearby mountain peak, provide a rare glimpse of the role played by sound and dance in ancient societies (SN: 11/18/10).

[...] His team acoustically tested the platform by stomping on it one at a time and in groups of two to four while measuring the noise produced. The same was done while a circle of four people stomp-danced across the platform.

The resulting sounds ranged in intensity from 60 to 80 decibels, roughly equivalent to between a loud conversation and a noisy restaurant, Lane says. Larger groups of Chocorvos dancers, possibly accompanied by singing and musical instruments, would have raised a much bigger racket.

K. Lane. Pounding the ground for the thunder god: Sounding platforms in the Prehispanic Andes (CE 1000 1532). Journal of Anthropological Archaeology. Vol. 71, September 2023, 101515. doi: 10.1016/j.jaa.2023.101515.

Original Submission

upstart writes:

Microchips in the Parmigiano and Other Ways Europeans Are Fighting Fake Food:

Parmigiano-Reggiano producers are seeking new ways to protect the market for the world-famous pasta topping. Their latest trick to beat counterfeiters is edible microchips.

Italian producers of parmesan cheese have been fighting against imitations for years. Now, makers of Parmigiano-Reggiano, as the original parmesan cheese is officially called, are slapping the microchips on their 90-pound cheese wheels as part of an endless cat-and-mouse game between makers of authentic and fake products.

"We keep fighting with new methods," said Alberto Pecorari, who is in charge of protecting Parmigiano's authenticity for the consortium representing producers. "We won't give up."

Other European food producers are also going to ever greater lengths to protect their hallowed brand names against knockoffs. Guaranteeing food authenticity is big business in the European Union and more than 3,500 EU products have received protected status in addition to Italy's Parmigiano, including Greek feta cheese, French Champagne and Italian Parma raw ham.

[...] New methods to guarantee the origin of products are being used across the EU. Some wineries are putting serial numbers, invisible ink and holograms on their bottles. So-called DNA fingerprinting of milk bacteria pioneered in Switzerland, which isn't in the EU, is now being tested inside the bloc as a method for identifying cheese.

taylorvich writes:

https://newatlas.com/science/otzi-iceman-genome-appearance-genetics/

Ötzi the Iceman is one of the most well-studied individuals in human history, but there always seems to be more to learn about him. A new genomic study has now found that he didn't look the way previous studies had imagined him – instead he was bald, his skin was darker, and he had an ancestry that was far more exotic and isolated than previously thought.

In September 1991, two hikers discovered a human body in the Alps near the Austria and Italy border. At first they assumed they'd stumbled on an unlucky modern mountaineer, but on closer, scientific investigation, it was determined that the chap had died about 5,300 years ago. In the three decades since his discovery, Ötzi has been studied extensively, with scientists able to figure out what he ate, how he dressed, how he lived and how he died.

His full genome was published in 2012, allowing scientists to reconstruct an image of what he might have looked like. From that data, Ötzi was imagined as a fairly light-skinned man with a bushy beard, a thick head of unkempt hair, deep-set eyes and wrinkled skin beyond his 45 years of life. But a new study, using more comprehensive genomic analysis techniques, upends much of that picture.

Previously:
    Ötzi the Iceman's Last Meal
    Study: Ötzi the Iceman Probably Thawed and Refroze Several Times
    Ötzi the Iceman May Have Scaled Ice-Free Alps

Original Submission

Snotnose writes:

Sometimes you just can't beat the original summary:

Some aspects of our Universe, like the strength of gravity's pull, the speed of light, and the mass of an electron, don't have any underlying explanation for why they have the values they do. For each aspect like this, a fundamental constant is required to "lock in" the specific value that we observe these properties take on in our Universe. All told, we need 26 fundamental constants to explain the known Universe: the Standard Model plus gravity. But even with that, some mysteries still remain unsolved.

Ask Ethan explains what these constants are, and 4 puzzles that might mandate more.

Original Submission