SoylentNews

owl writes:

https://pluralistic.net/2023/12/08/playstationed/#tyler-james-hill

20 years ago, I got in a (friendly) public spat with Chris Anderson, who was then the editor in chief of Wired. I'd publicly noted my disappointment with glowing Wired reviews of DRM-encumbered digital devices, prompting Anderson to call me unrealistic for expecting the magazine to condemn gadgets for their DRM:

I replied in public, telling him that he'd misunderstood. This wasn't an issue of ideological purity – it was about good reviewing practice. Wired was telling readers to buy a product because it had features x, y and z, but at any time in the future, without warning, without recourse, the vendor could switch off any of those features:

I proposed that all Wired endorsements for DRM-encumbered products should come with this disclaimer:

WARNING: THIS DEVICE'S FEATURES ARE SUBJECT TO REVOCATION WITHOUT NOTICE, ACCORDING TO TERMS SET OUT IN SECRET NEGOTIATIONS. YOUR INVESTMENT IS CONTINGENT ON THE GOODWILL OF THE WORLD'S MOST PARANOID, TECHNOPHOBIC ENTERTAINMENT EXECS. THIS DEVICE AND DEVICES LIKE IT ARE TYPICALLY USED TO CHARGE YOU FOR THINGS YOU USED TO GET FOR FREE — BE SURE TO FACTOR IN THE PRICE OF BUYING ALL YOUR MEDIA OVER AND OVER AGAIN. AT NO TIME IN HISTORY HAS ANY ENTERTAINMENT COMPANY GOTTEN A SWEET DEAL LIKE THIS FROM THE ELECTRONICS PEOPLE, BUT THIS TIME THEY'RE GETTING A TOTAL WALK. HERE, PUT THIS IN YOUR MOUTH, IT'LL MUFFLE YOUR WHIMPERS.

Wired didn't take me up on this suggestion.

Original Submission

Arthur T Knackerbracket has processed the following story:

Last year agricultural equipment giant John Deere found itself on the receiving end of an antitrust lawsuit for its efforts to monopolize tractor repair. The lawsuits noted that the company consistently purchased competing repair centers in order to consolidate the sector and force customers into using the company’s own repair facilities, driving up costs and logistical hurdles dramatically for farmers.

The lawsuits also noted how the company routinely makes repair difficult and costly through the act of software locks, obnoxious DRM, and “parts pairing” — which involves only allowing the installation of company-certified replacement parts — or mandatory collections of company-blessed components.

[...] John Deere has spent years promising farmers that they’d reverse course on their efforts to monopolize repair, only to ignore their own promises. The company has also been striking meaningless “memorandums of understanding” with key trade groups, pinky swearing to stop their bad behavior if the groups agree to not support state or federal right to repair legislation.

The market isn’t going to fix this problem by itself. It’s clearly going to require a combination of antitrust reform, regulatory action, new state/federal legislation, and meaningful class action penalties before John Deere executives finally get the message. And unfortunately for them, right to repair reform continues to see stunning levels of bipartisan public support.

Original Submission

Arthur T Knackerbracket has processed the following story:

Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.

Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a nocturnal spirit depicted in Southeast Asian folklore “floating in mid-air, with no torso, just her intestines hanging from below her chin.” The researchers chose the name because evidence to date shows it almost exclusively targets victims in Thailand and “poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network.

[...] During the initialization phase, the rootkit conceals its own presence. It then proceeds to hook the `kill()` syscall, network-related functions, and file listing operations, thereby obscuring its activities and evading detection.

The researchers have so far been unable to determine precisely how Krasue gets installed. Possible infection vectors include through vulnerability exploitation, credential-stealing or -guessing attacks, or by unwittingly being installed as trojan stashed in an installation file or update masquerading as legitimate software.

Besides the rootkit functions, Krasue features an installation file that's shielded inside a UPX, a so-called packer that provides a cryptographic wrapper around the main executable that can stymie detection by anti-virus software. The Group-IB post provides indicators of compromise and digital characteristics for detecting infected systems.

Original Submission

Arthur T Knackerbracket has processed the following story:

The two small moons of Mars, Phobos (about 22km in diameter) and Deimos (about 13km in diameter), have been puzzling scientists for decades, with their origin remaining a matter of debate. Some have proposed that they may be made up of residual debris produced from a planet or large asteroid smashing into the surface of Mars (#TeamImpact).

An opposing hypothesis (#TeamCapture), however, suggests the moons are asteroids that were captured by Mars's gravitational pull and were trapped in orbit.

To solve the mystery, we'll need material from the moons' surfaces for analytical analyses on Earth. Luckily, the Japan Aerospace Exploration Agency (Jaxa) will launch a mission, named "Martian Moon eXploration" (MMX), to Phobos and Deimos in September 2024. The mission will be carried by a newly designed rocket, the H-3, which is still under development.

The spacecraft is expected to reach Martian orbit in 2025, after which it will orbit Phobos and finally collect material from its surface before returning to Earth by 2029.

[...] If an impact origin did indeed occur, we would expect to find similar material on Phobos to that which is found on Mars. While we do not have any material returned directly from Mars (yet), we are lucky enough to have rock that has been ejected off its surface which eventually found its way to Earth.

These meteorites may therefore be similar to the material returned from Phobos, providing a fantastic comparison.

upstart writes:

Carbon emissions that cause climate change are on track to hit a record high this year, while efforts to remove them from the atmosphere are still minuscule:

Carbon dioxide emissions from fossil fuels are on track to reach a record high by the end of 2023. And a new report shows just how insignificant technologies that pull greenhouse gases out of the atmosphere are by comparison.

[...] "There has been great progress in reducing emissions in some countries—however, it just isn't good enough. We're drastically off course," Mike O'Sullivan, a lecturer at the University of Exeter and one of the authors of the report, said via email.

Europe's emissions dropped around 7% from last year, while the US saw a 3% reduction. But overall, coal, oil, and natural-gas emissions are all still on the rise, and nations including India and China are still seeing emissions growth. Together, those two nations currently account for nearly 40% of global fossil-fuel emissions, though Western nations including the US are still the greatest historical emitters.

[...] However, one technology sometimes touted as a cure-all for the emissions problems has severe limitations, according to the new report: carbon dioxide removal. Carbon removal technologies suck greenhouse gases out of the atmosphere to prevent them from further warming the planet. The UN panel on climate change has called carbon removal an essential component of plans to reach international climate targets of keeping warming at less than 1.5 °C (2.7 °F) above preindustrial levels.

The problem is, there's very little carbon dioxide removal taking place today. Direct air capture and other technological approaches collected and stored only around 10,000 metric tons of carbon dioxide in 2023.

canopic jug writes:

Back in August the Tor Project and the EFF launched an advocacy campaign for getting more Tor relays running at universities. Now it is December and they have published an update on how the Tor University Challenge has gone so far.

In August of 2023 EFF announced the Tor University Challenge, a campaign to get more universities around the world to operate Tor relays. The primary goal of this campaign is to strengthen the Tor network by creating more high bandwidth and reliable Tor nodes. We hope this will also make the Tor network more resilient to censorship since any country or smaller network cutting off access to Tor means it would be also cutting itself off from a large swath of universities, academic knowledge, and collaborations.

So far they have established contact with more pre-existing relays at universities, increased the number of relays in general running at universities, and cultivated better contact with the national-level university Internet connectivity organizations (NRENs). Some of the institutions have established public relays, and others even added new exit relays.

Previously:
(2023) The Internet Enabled Mass Surveillance. A.I. Will Enable Mass Spying
(2023) Mullvad VPN And The Tor Project Collaborate On A Web Browser
(2022) Tor Project Releases Latest Version of its Eponymous Browser
(2022) Tor Project Upgrades Network Speed Performance with New System
(2022) Tor Project Battles Russian Censorship Through the Courts
... and more.

Original Submission

Freeman writes:

https://arstechnica.com/space/2023/12/nasas-asteroid-mission-struck-its-target-but-then-dodged-a-bullet/

On September 24, the OSIRIS-REx spacecraft released the canister containing the asteroid samples to plunge into the Earth's atmosphere, while the mothership steered onto a course to take it safely back into deep space for a follow-up mission to explore a different asteroid at the end of the 2020s.

Lauretta, OSIRIS-REx's principal investigator from the University of Arizona, was a passenger in a US military helicopter circling the capsule's landing zone in the Utah desert.
[...]
For those watching NASA's live video coverage of the OSIRIS-REx mission's return to Earth, there were hints that something was amiss. Video imagery from a NASA tracking airplane showed the capsule tumbling toward the ground at high speed, well after the point when the drogue parachute should have been visible.
[...]
The last time NASA tried to bring extraterrestrial samples back to Earth, the parachute never opened.
[...]
"We're tumbling. We are in a subsonic regime, and we are not stabilized," Lauretta said. "There's no drogue chute deployed here. Problem! So I was like trying to mentally prepare myself, because we're on live TV, to get off this helicopter and deal with a crashed capsule in the desert."

Then, Lauretta heard confirmation from the Air Force that the OSIRIS-REx return capsule had unfurled its main parachute.

"I was like, 'What? How is that possible?'" he said.

canopic jug writes:

Low-tech Magazine has built a bicycle generator for a public exhibition on energy at the Pavillon d'Arsenal in Paris, France. Their two other bike generators can be seen and experimented with in Rotterdam, Netherlands and Barcelona, Spain.

In October, we built a third energy bicycle during a workshop at the House of the Future in Rotterdam. This bicycle generator is now used as an energy source in the community center. The House of the Future is open to the public, for details see their website and instagram.

In a future article, we will cover the construction process and technical details of these two new muscular power plants. These machines are based on spinning bikes and are more powerful than the first bike generator we built.

With electricity prices continually hitting new record highs, maybe the market is the EU?

[The Toaster Challenge can help put this energy-generation idea into perspective. --hubie]

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2023/12/intel-accuses-amd-of-selling-old-cpus-with-new-model-numbers-which-intel-also-does/

AMD changed the way it numbers its Ryzen laptop processors last year, switching to a new system that simultaneously provides more concrete information than the old one while also partially obfuscating the exact age of the various CPU and GPU architectures being mixed-and-matched.
[...]
Intel came out swinging against this naming scheme in a confrontational slide deck this week—now deleted, but preserved for posterity by VideoCardz—where it accuses AMD of selling "snake oil" by using older processor architectures in ostensibly "new" chips.

The "Core Truths" deck takes particular issue with the Ryzen 7020 series, released in late 2022 and into 2023 but using Zen 2-based CPU cores that date back to mid-2019. Intel argues, not inaccurately, that a 13th-generation Core i5-1335U chip can perform much better than a Ryzen 5 7520U, despite both being marketed as recent releases.

My first reaction was to basically agree with Intel's overall point; this was easy to do since the company used something I wrote to back up its argument.
[...]
My second reaction, arrived at almost simultaneously, was to wonder why Intel was taking so much issue with a practice that Intel itself regularly uses to "refresh" its processor lineups.
[...]
"Rebranding old technology to make it seem newer" is a trick that practically all big chipmakers have resorted to at one time, and Intel has a particularly rich history with it. The mid-to-late-2010s manufacturing problems that lost Intel its chipmaking technology lead also resulted in a whopping five generations of chips that all used some variation of the same Skylake-based CPU and GPU architecture.
[...]
To gripe about AMD's practices just weeks after releasing the barely updated 14th-generation Core desktop processors—maybe Intel should move out of its glass house before it starts throwing rocks.

Original Submission

An Anonymous Coward writes:

systemd's newest contribution to FOSS is the BSoD - but this time, new and improved, with QR codes!

Not a joke, truth. QR codes!

https://arstechnica.com/gadgets/2023/12/linux-distros-are-about-to-get-a-killer-windows-feature-the-blue-screen-of-death/

The systemd-bsod component is currently listed as "experimental" and "subject to change." But the functionality is simple: any logged error message that reaches the LOG_EMERG level will be displayed full-screen to allow people to take a photo or write it down. Phoronix reports that, as with BSODs in modern Windows, the Linux version will also generate a QR code to make it easier to look up information on your phone.

New FOSS chant? "Stay free, use BSD, never see B-S-o-D!"

Original Submission

upstart writes:

I received the new gene-editing drug for sickle cell disease. It changed my life.:

I'd lived with sickle cell my whole life—experiencing chronic pain, organ damage, and hopelessness. To me, this opportunity meant finally taking control of my life and having the opportunity to be a present father.

The drug I received, called exa-cel, could soon become the first CRISPR-based treatment to win approval from the US Food and Drug Administration, following the UK's approval in mid-November. I'm one of only a few dozen patients who have ever taken it. In late October, I testified in favor of approval to the FDA's advisory group as it met to evaluate the evidence. The agency will make its decision about exa-cel no later than December 8.

[...] I feel very fortunate to have received exa-cel, but undergoing the treatment itself was an intense, monthslong journey. Doctors extracted stem cells from my own bone marrow and used CRISPR to edit them so that they would produce healthy hemoglobin. Then they injected those edited stem cells back into me.

It was an arduous process, from collecting the stem cells, to conditioning my body to receive the edited cells, to the eventual transplant. The collection process alone can take up to eight hours. For each collection, I sat next to an apheresis machine that vigorously separated my red blood cells from my stem cells, leaving me weakened. In my case, I needed blood transfusions after every collection—and I needed four collections to finally amass enough stem cells for the medical team to edit.

KritonK writes:

As reported on the Vivaldi browser blog:

Just when you thought the Do-Not-Track (DNT) privacy setting was gathering dust, a court in Berlin, Germany decided to exhume it. The Berlin Regional court ruled in favor of the Federation of German Consumer Organization (Verbraucherzentrale Bundesverband, vzbv), in their lawsuit against LinkedIn for ignoring users who had enabled 'Do-Not-Track' in their browsers. According to the German judge, companies must respect DNT settings under the General Data Protection Regulation or GDPR.

Different from the highly intrusive, often full-screen, GDPR consent pop-ups that need to be addressed on each website you visit, DNT is a single setting in your web browser that works across all websites.

In a time where your every click is often scrutinized for data collection or targeted ads, DNT puts the power of privacy back in your hands. With this privacy flag, you're able to browse the web on your terms while not having to worry about who gets access to your personal information in the process.

Ideally, websites should only prompt for permissions contextually. For instance, it makes sense to ask for permissions to share data with YouTube when you click play on an embedded YouTube video. Also, well-designed websites would ideally host videos themselves or use embedding services that offer more control over privacy and data collection than Google and its services.

Also, DNT does have its limitations because of its voluntary nature because at the end of the day, websites can choose whether or not to respect your request. It creates a scenario similar to having a 'Keep Out' sign – some will respect the warning and others will ignore it.

However, in light of the recent ruling in the Berlin Regional Court against LinkedIn, this is a huge turning point in the DNT initiative. This means LinkedIn can no longer ignore its users' tracking preferences.

This ruling potentially creates a legal implication that a DNT signal is legally binding and must be respected by websites.

Original Submission

Freeman writes:

https://arstechnica.com/tech-policy/2023/12/us-regulators-will-now-have-access-to-years-of-binance-transaction-data/

One attraction of Binance, as the company grew from its 2017 founding into the biggest cryptocurrency exchange in the world, was the firm's freewheeling flouting of rules. As it amassed well over 100 million crypto-trading users globally, it openly told the United States government that, as an offshore operation, it didn't have to comply with the country's financial regulations and money-laundering laws.

Then, late last month, those years of brushing off US regulators caught up with the company in the form of one the most punitive money-laundering criminal settlements in the history of the US Justice Department.
[...]
When the Department of Justice announced on November 21 that Binance's executives had agreed to plead guilty to criminal money-laundering charges, much of the attention on that settlement focused on founder Changpeng Zhao giving up his CEO role and on the company's record-breaking $4.3 billion fine. But Binance's settlement agreements with the DOJ and the US Treasury Department also stipulate a strict new regime of data-sharing with law enforcement and regulators.
[...]
Digital civil liberties nonprofit the Electronic Frontier Foundation, too, has historically called on cryptocurrency exchanges to stop giving up users' transaction data to law enforcement and regulators without notifying those users. Now, the Binance settlement would create perhaps the most extreme case yet of that crypto exchange data-sharing, giving the US government wholesale access to the records of a crypto hub that at some points processed billions of transactions a day.
[...]
US law enforcement has proven that even troves of exchange data that lack users' names can nonetheless be highly revealing of their financial history—especially in combination with blockchain data and information from other exchanges that usually do comply with know-your-customer laws. In the case of the Welcome to Video child sexual abuse materials dark-web site in 2017, for instance, one alleged abuser was identified and arrested after his email address was tied to an account on the cryptocurrency exchange BTC-e, which authorities had seized months earlier.

In another case, BTC-e's data allowed IRS criminal investigators to identify a hacker who had taken nearly 70,000 bitcoins from the Silk Road dark-web drug market—worth more than $3 billion today—and then track them down and seize the funds.

Original Submission

Arthur T Knackerbracket has processed the following story:

The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products – from baby monitors to routers, as the EU Commission put it.

Once in force, which will happen 20 days after its adoption by Parliament and the Council, the CRA will require hardware and software makers to meet some intimidating targets. Included in the rule is a 24-hour disclosure period for any newly-discovered security flaw under active exploitation, five years of security patch support, thorough documentation of all security features, and more.

Manufacturers, importers and distributors will have 36 months to adopt the requirements or face fines up to €15 million or 2.5 percent of total worldwide annual turnover.

While better security is all well and good, concerns have been raised over the potential effect the CRA could have on open source software, which is often maintained by few people despite the importance it can often have to larger products. Open source maintainers may find it hard to meet short deadlines for patches, documentation and disclosure.

Fears over the CRA were voiced as recently as October, when it was apparent that the Commission had largely ignored the open source community as it finalized the Act.

Luckily, the latest version of the CRA appears to address those concerns.

"In order not to hamper innovation or research, free and open source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation," the proposed version of the CRA reads.

"We have ensured support for micro and small enterprises and better involvement of stakeholders, and addressed the concerns of the open source community," lead member of the European parliament (MEP) Nicola Danti explained regarding the CRA agreement. "Only together will we be able to tackle successfully the cyber security emergency that awaits us in the coming years."

Original Submission

DannyB writes:

SpaceX acquires parachute supplier

A federal bankruptcy court in Florida approved an agreement Nov. 22 whereby SpaceX would acquire Pioneer Aerospace for $2.2 million. The deal was first reported by The Information.

[....] Connecticut-based Pioneer has developed parachutes for space and other applications for decades. That work ranged from parafoils developed in the 1960s for potential use on Gemini spacecraft to parachutes flown on Mars lander missions and the OSIRIS-REx sample return capsule. It also supplied drogue chutes for SpaceX's Crew Dragon and its cargo variant.

[....] One industry source, speaking on background, said the deal was likely an effort to preserve SpaceX's supply chain, speculating that the cost to acquire Pioneer out of bankruptcy may have been less than what SpaceX would have spent on finding a new drogue chute supplier and requalifying that component for use on crewed missions.

Both SpaceX and Boeing, the other company with a NASA commercial crew contract, struggled to develop parachutes for their spacecraft, suffering test setbacks at times. Even after entering service, there were incidents such as "lagging" parachutes that opened later than expected but did not jeopardize safety.

"Parachutes turned out to be way harder than we thought," said Phil McAlister, director of the commercial spaceflight division at NASA Headquarters [....]

Will Boeing have to pull strings to get parachutes from Pioneer Aerospace, or will their efforts fall flat?

Original Submission