SoylentNews

upstart writes:

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years:

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack.

The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.

"This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," Kaspersky researchers Georgy Kucherin and Leonid Bezvershenko said.

The website in question is freedownloadmanager[.]org, which, according to the Russian cybersecurity firm, offers a legitimate Linux software called "Free Download Manager," but starting in January 2020, began redirecting some users who attempted to download it to another domain deb.fdmpkg[.]org that served a booby-trapped Debian package.

It's suspected that the malware authors engineered the attack based on certain predefined filtering criteria (say, a digital fingerprint of the system) to selectively lead potential victims to the malicious version. The rogue redirects ended in 2022 for inexplicable reasons.

[...] It's not immediately clear how the compromise actually took place and what the end goals of the campaign were. What's evident is that not everyone who downloaded the software received the rogue package, enabling it to evade detection for years.

"While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye," the researchers said.

"Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions."

[EDITOR'S NOTE: We have been informed by the Free Download Manager Team that all their sites are now secure. This does not in any way affect the content of this story which covers a 3 year period beginning in 2020. JR, 18092023-06:32UTC]

Original Submission

Unity's new "per-install" pricing enrages the game development community

Freeman writes:

https://arstechnica.com/gaming/2023/09/game-developers-unite-against-unitys-new-per-install-pricing-structure/

For years, the Unity Engine has earned goodwill from developers large and small for its royalty-free licensing structure, which meant developers incurred no extra costs based on how well a game sold. That goodwill has now been largely thrown out the window due to Unity's Tuesday announcement of a new fee structure that will start charging developers on a "per-install" basis after certain minimum thresholds are met.
[...]
"There's no royalties, no fucking around," Unity CEO John Riccitiello memorably told GamesIndustry.biz when rolling out the free Personal tier in 2015. "We're not nickel-and-diming people, and we're not charging them a royalty. When we say it's free, it's free."

Now that Unity has announced plans to nickel-and-dime successful Unity developers (with a fee that is not technically a royalty), the reaction from those developers has been swift and universally angry, to put it mildly. "I can say, unequivocally, if you're starting a new game project, do not use Unity," Necrosoft Games' Brandon Sheffield—a longtime Unity Engine supporter—said in a post entitled "The Death of Unity." "Unity is quite simply not a company to be trusted."
[...]
Unity initially told Axios' Stephen Totilo that the "per-install" fee applies even if a single user deleted and re-installed a game or installed it on two devices. A few hours later, though, Totilo reported that Unity had "regrouped" and decided to only charge developers for a user's initial installation of a game on a single device (but an initial installation on a secondary device—such as a Steam Deck—would still count as a second install).

Meanwhile, in its FAQ, Unity made a vague promise to adapt "fraud detection practices in our Ads technology, which is solving a similar problem" to prevent developers from being charged for pirated copies.

Arthur T Knackerbracket has processed the following story:

The Biden administration is trying to take a paternalistic role in stewarding the development of AI for major tech firms. It’s not exactly leading from the front but is instead placing a gentle, reaffirming hand on the shoulders of big tech, telling them to be cautious and open about how they lay out the future of the transformative tech.

Some of the biggest tech firms have agreed to the White House’s voluntary commitment on ethical AI, including some companies that are already using AI to help militaries kill more effectively and to monitor citizens at home.

On Tuesday, the White House proclaimed that eight more big tech companies have accepted President Joe Biden’s guiding hand. These commitments include that companies will share safety and safeguarding information with other AI makers. They would have to share information with the public about their AI’s capability and limitations and use AI to “help address society’s greatest challenges.” Among the few tech companies to agree to the White House’s latest cooperative agreement is the defense contractor Palantir, a closed-door data analytics company known for its connections with spy agencies like the CIA and FBI as well as governments and militaries around the world.

The other seven companies to agree to the voluntary commitment include major product companies like Adobe, IBM, Nvidia, and Salesforce. In addition, several AI firms such as Cohere, Scale AI, and Stability have joined the likes of Microsoft, OpenAI, and Google in facilitating third-party testing and watermarking for their AI systems.

Arthur T Knackerbracket has processed the following story:

Clogs in water recovery systems on the international space station have been so backed up that hoses have had to be sent back to Earth for cleaning and refurbishing. This is thanks to the build up of biofilms: a consortium of microorganisms that stick to each other, and often also to surfaces — the insides of water recover tubing, for instance. These microbial or fungal growths can clog filters in water processing systems and make astronauts sick.

[...] In a cross collaboration between researchers at the University of Colorado, MIT and the NASA Ames Research Center, researchers studied samples from the space station using a specific and well-understood gram-negative kind of bacteria. The scientists also joined forces with experts at LiquiGlide, a company run by MIT researcher Kripa Varanasi that specializes in “eliminating the friction between solids and liquids.” The multidisciplinary study found covering surfaces with a thin layer of nucleic acids prevented bacterial growth on the ISS-exposed samples.

The scientists concluded that these acids carried a slight negative electric charge that stopped microbes from sticking to surfaces. It's worth noting though, that the bacteria were up against a unique physical barrier as well as a chemical one: testing surfaces were etched into "nanograss." These silicon spikes, which resembled a tiny forest, were then slicked with a silicon oil, creating a slippery surface which biofilms struggled to adhere to.

Original Submission

hubie writes:

Researchers have built their own computer game to test the impact of meters which give players a morality score for the decisions they make while playing:

Two papers published by a multi-disciplinary research team reveal that most of us ignore the meter when a moral choice is clear, but we use it when the choice is more morally ambiguous. And some of us, about 10 per cent, will do anything to win.

[...] The game story centres on Frankie, an usher in a cinema in regional Australia in the 1940s, who is confronted by a murderous psychopath.

Along the way, players must make choices which affect the progress and outcome of the game. Some are simple black and white decisions, such as whether to take money or not, but others are what developers call 'trolley problems', where players must decide whether they will kill or harm someone if it saves others.

hubie writes:

People in power who are guilt-prone are less likely to be corrupt:

Guilt. It's a horrible feeling that causes us to question our worth as human beings. But while it's something that induces sleepless nights and stress-related physical symptoms in individuals, for society at large, the tendency toward guilt might have some benefits.

"People who are prone to feeling guilt in their everyday lives are less likely to take bribes," said UC Santa Barbara psychology professor Hongbo Yu, who specializes in how social emotions give rise to behaviors. He is a senior author of a paper that appears in the journal Social Psychological and Personality Science.

In a study he conducted in collaboration with partners at East China Normal University and Zhejiang Normal University, Yu looked at guilt not as an episodic state — such as how we feel after specific instances in which we hurt someone — but rather as a personality trait, in which people tend to worry about the potential harm their actions cause.

"So I could be a person for whom it is really easy to feel guilt in my everyday life," he explained, "while others might be less likely to feel guilt, or have a higher bar for feeling that emotion."

We all can probably intuit that anticipatory guilt might make us think twice before undertaking an action with potentially bad consequences for others. But what has been less clear is how this crucial morality-related personality trait affects decision makers in situations involving temptation and incentives, balanced against potential harm to others.

Arthur T Knackerbracket has processed the following story:

The water coming out of your faucet is safe to drink, but that doesn't mean it's completely clean. Chlorine has long been the standard for water treatment, but it often contains trace levels of disinfection byproducts and unknown contaminants. Georgia Institute of Technology researchers developed the minus approach to handle these harmful byproducts.

Instead of relying on traditional chemical addition (known as the plus approach), the minus approach avoids disinfectants, chemical coagulants, and advanced oxidation processes typical to water treatment processes. It uses a unique mix of filtration methods to remove byproducts and pathogens, enabling water treatment centers to use ultraviolet light and much smaller doses of chemical disinfectants to minimize future bacterial growth down the distribution system.

"The minus approach is a groundbreaking philosophical concept in water treatment," said Yongsheng Chen, the Bonnie W. and Charles W. Moorman IV Professor in the School of Civil and Environmental Engineering. "Its primary objective is to achieve these outcomes while minimizing the reliance on chemical treatments, which can give rise to various issues in the main water treatment stream."

Chen and his student Elliot Reid, the primary author, presented the minus approach in the paper, "The Minus Approach Can Redefine the Standard of Practice of Drinking Water Treatment," in the Environmental Science & Technology journal.

The minus approach physically separates emerging contaminants and disinfection byproducts from the main water treatment process using these already proven processes:

The minus approach is intended to engage the water community in designing safer, more sustainable, and more intelligent systems. Because its technologies are already available and proven, the minus approach can be implemented immediately.

Journal information: Environmental Science & Technology

More information: Elliot Reid et al, The Minus Approach Can Redefine the Standard of Practice of Drinking Water Treatment, Environmental Science & Technology (2023). DOI: 10.1021/acs.est.2c09389

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2023/09/intel-confirms-thunderbolt-5-name-120gbps-tech-arrives-in-2024/

Intel today confirmed key details about the next generation of Thunderbolt cable, Thunderbolt 5. The company expects PCs and accessories with Thunderbolt 5 to release in 2024.

Intel will release Thunderbolt 5 technical collateral and development resources to developers in Q4 of 2024, Jason Ziller, general manager of the client connectivity division at Intel, told reporters ahead of the announcement.

The main feature of the new specification is its ability to transmit data at up to 120 gigabits per second (Gbps) while simultaneously receiving data at up to 40 Gbps. The mode, which Intel is dubbing Bandwidth Boost, only occurs when a high-bandwidth display is connected.

[...] Thunderbolt 5 will support previous versions of Thunderbolt and is based on the USB-IF USB4 Version 2.0, VESA DisplayPort 2.1, and PCI-SIG PCIe 4.0 (x4) specifications.

Original Submission

hubie writes:

A new study out of the Complexity Science Hub concludes that social disintegration and violent conflict played a crucial role in shaping the population dynamics of early farming societies in Neolithic Europe:

Complexity scientist Peter Turchin and his team at CSH, working as part of an international and interdisciplinary collaboration, may have added a meaningful piece to a long-standing puzzle in archeology. Scholars have long tried to understand why Neolithic farmer populations go through boom-bust cycles, including "collapses" when whole regions are abandoned. According to one common explanation, climate fluctuations are the main driver, but empirical tests do not fully support this claim. In a new paper, published in the latest issue of Nature Scientific Reports, Turchin and his team seem to have come up with a new piece of information.

"Our study shows that periodic outbreaks of warfare — and not climate fluctuations – can account for the observed boom-bust patterns in the data," argues Turchin, who's a project leader at the Complexity Science Hub (CSH).

[...] Turchin has been applying mathematical models of social integration and disintegration to analyze the rise and fall of complex societies, such as agrarian empires in history or modern nation-states. He admits he wasn't convinced that such ideas would also apply to prehistory, such as the European Neolithic, where most of the time people lived in small-scale farming communities with no deep social inequalities and limited political organization beyond local settlements.

"I confess that until recently I thought that such societies were quite resilient and not susceptible to social disintegration and collapse," says Turchin. "There is no state or nobles to rebel against and, in any case, what's there to 'collapse'?," adds the complexity scientist.

Arthur T Knackerbracket has processed the following story:

Apple chief Tim Cook previously announced that the tech giant will be purchasing chips for its iPhones, Macs and other key products made in Taiwan Semiconductor Manufacturing Company's (TSMC) new factory in Phoenix, Arizona. It seemed like a huge win for the Biden administration, which signs the CHIPS Act into law last year to boost manufacturing in the US and lessen its reliance on overseas suppliers. Now, The Information has reported that even though the components for Apple's chips will be manufactured in the US, they'll still have to be sent back to TSMC's home country for assembly.

Apparently, the manufacturer's factory in Arizona doesn't have the facilities to package its customers' more advanced chips. "Packaging" is what you call the final stage of fabrication, wherein the chip's components are assembled inside a housing as close together as possible to enhance speed and power efficiency. The iPhone, in particular, has been using a packaging method developed by TSMC since 2016. Chips for iPads and Macs can be packaged outside of Taiwan, but the iPhone's will have to be assembled in the country.

[...] Seeing as the government recently established (PDF) a National Advanced Packaging Manufacturing program to boost chip packaging in the US, it's aware of the need to bring the process into the country, as well. Apple and all the aforementioned TSMC clients aren't the only companies whose chips have to be sent overseas for assembly, since manufacturers aren't making enough products in the US to justify building packaging facilities in the country. However, that program is only getting $2.5 billion in funding under the CHIPS Act, and the Institute of Printed Circuits told the publication that the amount shows packaging isn't being prioritized. As for TSMC, The Information's sources said it has no plans to build packaging facilities in the US due to the huge costs involved, and any future packaging method it develops will most likely be offered in Taiwan.

Original Submission

janrinok writes:

Brain injury from contact sports doesn't just affect professional athletes:

Evan Hansen was born to play football. A strong, rambunctious kid, he started playing sports year-round as early as he could. "He was very selfless, always willing to sacrifice himself for the betterment of the team," says his father, Chuck Hansen. As a fearless linebacker at Wabash College in Indiana, the young player made 209 tackles in his first three seasons, and was hit far more than that during games and practices. Two days after winning the second game of his senior year, Evan died by suicide.

Searching for an explanation, Chuck Hansen pored through his son's internet search history. One query popped out: "CTE."

CTE stands for chronic traumatic encephalopathy, a neurodegenerative brain disease that causes symptoms like memory loss, depression, and emotional dysregulation. Since 2005, it has been linked to head trauma and to contact sports like football, where brains can get knocked around during tackles and collisions. In 2016, the National Football League acknowledged that the sport was linked to CTE after many retired players were diagnosed posthumously by researchers at the Boston University CTE Center.

[...] This study reveals that young, amateur athletes aren't spared from the brain damage that comes with contact sports, even if they quit before going pro. And studying early-stage CTE in young, otherwise healthy brains, McKee says, "may give us clues as to how the disease is triggered." To her, the takeaway is clear: "We need to reduce the number and the strength of head impacts in contact sports. If we don't, we're going to face consequences like this."

[...] A common misconception is that a one-time impact can lead to neurodegeneration. The real problem is getting hit in the head over and over, for years and years. "A tennis player who had five concussions is not going to get CTE," says Nowinski. "There's something about getting hundreds or thousands of head impacts a year. That's what triggers it, whether you have concussion symptoms or not."

Arthur T Knackerbracket has processed the following story:

A team of planetary scientists at Arizona State University has found evidence that the multitude of bright flashes in Venus' atmosphere may be due to meteors passing through, not lightning strikes. In their paper published in Journal of Geophysical Research: Planets, the group describes their study of the flashes of light and what they learned about them.

Scientists studying Venus have noted periodic flashes of light in its atmosphere for many years. For most of that time the flashes have been attributed to lightning flashing through the planet's atmosphere. Probes sent to the planet have done little to confirm the origin of the flashes—bursts of electromagnetic static have been recorded, which have been likened to the type heard during thunderstorms on Earth, suggesting lightning as a likely source.

But there has also been a sticking point—recorded bursts of static and images of a light flashing through the atmosphere have never been observed happening at the same time. Also, there is little evidence showing that Venus' atmosphere is capable of producing lightning. Such issues led the researchers on this new effort to consider another source—meteors.

[...] In comparing the number of flashes recorded in Venus' atmosphere with the number of possible meteor strikes, the team found them to be close enough to suggest that they could be related. More research is required, but if the initial findings turn out to be correct, space agencies will breathe a sigh of relief—sending a probe through clouds laden with lightning strikes is far more difficult than one where the skies are occasionally lit up by meteors.

Journal Reference:
C. H. Blaske et al, Meteors May Masquerade as Lightning in the Atmosphere of Venus, JGR Planets (2023). DOI: 10.1029/2023JE007914

Original Submission

Freeman writes:

https://arstechnica.com/cars/2023/09/this-autonomous-cargo-train-wants-to-fix-the-problem-of-underused-rails/

Platoons of driverless cargo trucks cruising across highways is one of those tempting technocrat ideas that doesn't look like it will pan out. As autonomous driving technology matured in the middle of the last decade, we saw trials of the concept, but human truck drivers do more than just throttle, steer, and brake, and they aren't likely to be replaced soon.

A better idea would be to shift some of that cargo to our underutilized railways—here, the idea of platooning is an old one, better known as a "train." Parallel Systems hopes to do just that with its second-generation autonomous battery-electric freight railcar.

Original Submission

Freeman writes:

https://arstechnica.com/security/2023/09/how-china-gets-free-intel-on-tech-companies-vulnerabilities/

For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they're revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray market.

But for the past two years, China has added another approach to obtaining information about those vulnerabilities: a law that simply demands that any network technology business operating in the country hand it over. When tech companies learn of a hackable flaw in their products, they're now required to tell a Chinese government agency—which, in some cases, then shares that information with China's state-sponsored hackers, according to a new investigation. And some evidence suggests foreign firms with China-based operations are complying with the law, indirectly giving Chinese authorities hints about potential new ways to hack their own customers.

Today, the Atlantic Council released a report—whose findings the authors shared in advance with WIRED—that investigates the fallout of a Chinese law passed in 2021, designed to reform how companies and security researchers operating in China handle the discovery of security vulnerabilities in tech products.
[...]
The report's authors combed through the Chinese government's own descriptions of that program to chart the complex path the vulnerability information then takes: The data is shared with several other government bodies, including China's National Computer Network Emergency Response Technical Teams/Coordination Center, or CNCERT/CC, an agency devoted to defending Chinese networks. But the researchers found that CNCERT/CC makes its reports available to technology "partners" that include exactly the sort of Chinese organizations devoted not to fixing security vulnerabilities but to exploiting them. One such partner is the Beijing bureau of China's Ministry of State Security, the agency responsible for many of the country's most aggressive state-sponsored hacking operations in recent years, from spy campaigns to disruptive cyberattacks. And the vulnerability reports are also shared with Shanghai Jiaotong University and the security firm Beijing Topsec, both of which have a history of lending their cooperation to hacking campaigns carried out by China's People Liberation Army.

Original Submission

Arthur T Knackerbracket has processed the following story:

Located in the 28-mile-long and 22-mile-wide McDermitt Caldera, the discovery of the deposit will be a massive boost to the United States' lithium reserves, which have been estimated at just one million metric tons. Most of the world's major deposits are in countries outside of North America, such as Chile, Bolivia, Argentina, China and Australia. It could also encourage more US investment in electric cars and will alleviate fears over lithium shortages – it's thought that a million metric tons of lithium will be needed by 2024.

"It could change the dynamics of lithium globally, in terms of price, security of supply and geopolitics," Belgian geologist Anouk Borst told Chemistry World. "The US would have its own supply of lithium and industries would be less scared about supply shortages."

The size of the deposit still has to be confirmed, but Lithium Americas Corporation says it expects to start mining the supply in 2026.

[...] Not everyone is celebrating the discovery, especially the Native American tribes who say the land is sacred. There are also potential dangers to native wildlife, and researchers are worried that the project will cause groundwater levels to drop to dangerous levels. Even NASA has spoken out against mining in the area. The space agency has been using Nevada's Railroad Valley lakebed since 1993 to accurately gauge the time it takes for satellite signals to travel to Earth and back, allowing it to calibrate the satellites.

Original Submission