SoylentNews

janrinok writes:

Internet of Things security remains sketchy at best:

A new development now puts the spotlight squarely on networking device manufacturer Ubiquiti after the company admitted that a misconfiguration with its cloud infrastructure allowed some of its customers to watch footage from strangers' security cameras.

The admission came days after some Ubiquiti customers reported seeing images and videos from other people's cameras through the company's Unifi Protect cloud app. One of the first persons to report the bug was a Redditor claiming his wife received a notification, which included an image from a security camera that didn't belong to them.

[...] A Ubiquiti customer on the company's forum claimed to have accessed "88 consoles from another account" when logging into the Unifi portal. The user had full access to these devices until refreshing their browser. After that, the client returned to normal, with only owned devices showing.

[...] The company claims the problem happened due to an upgrade to Ubiquiti's UniFi Cloud infrastructure, which it has since resolved. So, customers should no longer worry about their other users accessing their cameras and UniFi accounts. While the company claimed the bungle affected 1,216 accounts in one group and 1,177 in another, supposedly fewer than a dozen instances of improper access occurred. It added that it would notify those customers about the breach.

Original Submission

canopic jug writes:

The region of the Reykjanes Peninsula north of the town Grindavík in Iceland remains closed due to a now active volcanic eruption. Below are two video links.

• The Exact Moment When Lava Reached Surface! Grindavik Volcano Eruption! Iceland Volcano, Dec18, 2023 (old)
• Live eruption from Iceland (live)

The town's evacuation is still ongoing.

Previously:

(2015) Watch a Volcano

Original Submission

mrpg writes:

https://www.theverge.com/2023/12/13/23999848/tesla-sweden-union-autoworkers-transport-trash-waste-pickup

Tesla will have to skip trash day in Sweden as the country's labor groups continue to protest the company's anti-union policies. Reuters reports the country's Transport Workers' Union will refuse to pick up waste at the automaker's workshops in solidarity with Tesla autoworkers who've been on strike since October 27th.

Tesla has resisted collective bargaining agreements worldwide, but Sweden's strong labor culture is continuing to test the automaker's policy.

After 130 workers at Tesla repair shops walked out, the first show of solidarity came from union dockworkers who refused to unload Tesla vehicles from cargo ships in early November. Then, on November 20th, postal workers joined the effort by refusing to deliver mail to Tesla, including license plates. On November 27th, the automaker then sued and initially won the right to pick up the license plates directly from Sweden's Transport Agency.

Original Submission

canopic jug writes:

Google is announcing the end of support for its Usenet client and servers in February 2024. This is a significant turning point because Usenet predates the Internet. Much of the Internet and, later, the WWW, was designed and built around Usenet discussions. That includes Linus Torvalds' now famous announcement about his then hobby, which he asserted at the time would not be big and professional like GNU:

What do I need to do?

If you don't actively engage with Usenet content, you don't need to do anything. Current Usenet users will need to do two things before February 22, 2024 if they want to continue engaging with Usenet content:

1. Find a new Usenet client. Several free and paid alternatives are available, both web-based and application-based. To find a client, do a web search for "how do I find a usenet text client"
2. Find a new public Usenet server. The new client you choose will likely have a default server or a set of curated options for you. If not, to find a server, do a web search for "public NNTP servers."

Because Usenet is a distributed system, you do not need to migrate data. All of the Usenet content you can access today on Google Groups should already be synced to the new server you choose. After you select a new client and server, you can reselect the groups you're interested in.

For the time being, you will be able to continue to view and search for the many decades of historical Usenet content posted before February 22, 2024 which Google acquired itself combined with the vast, historically important archives from Deja News.

Usenet remains a distributed, decentralized, peer-to-peer messaging network. The news readers contact an NNTP server in a client-server relation but the NNTP servers themselves communicated as peers. One thorn in the side for the powers which be is that it is essentially uncensorable. In the old days it was sufficient to get a floppy or two across the border to complete the circuit via sneakernet. One downside, sometimes humorous, was that propagation delays resulting from the distributed, decentralized nature of the peer-to-peer network meant that sometimes one saw a response hours or days before the original message showed up.

Previously:
(2016) Gmane is Under Threat

Original Submission

canopic jug writes:

The US Department of Defense has published a report entitled, Securing the Software Supply Chain: Recommended Practices for Managing Open Source Software and Software Bill of Materials (warning for PDF) about aligning government activities with industry best practices. It covers principles that software developers and software suppliers can reference, including managing open source software and software bills of materials to maintain and provide awareness about software security. The reports a follow up to the much hyped 2021 executive order on cybersecurity. Much focus is given to making and using Software Bill of Materials (SBOM) and incorporating them into the work flow:

The SBOM and its contents must be validated and verified. Validation assures that the SBOM data is appropriately formatted and can be integrated into various tools and automation. Verification ensures the content within the SBOM is accurately described and all components and related information on a product for licensing and exporting are represented.

Many organizations are increasingly incorporating tools into the build and source repository facility to automate this process and provide artifacts which can attest to the verification of the SBOM being delivered. Both the content of the package, the executables, libraries and configuration files, and the actual format of the SBOM, should be validated. Any open-source software components should be verified for license or export restrictions. In some organizations, validation is performed first by the developer during build/packing of the product and then by the developer/supplier before customer delivery to verify the integrity of the SBOM being delivered. For more information on the formats and tools available for validation, refer to section 5.1.5 of this document "SBOM Validation."

A good reference on guidance for the SBOM process can be found in NTIA's publication "Software Suppliers Playbook: SBOM Production and Provision" guidance. It is important that developers understand the end-user requirements for SBOM generation and how this information might be used by both suppliers and customers. Additional process information relating to SBOMs and acquisitions can be found in the "Software Consumers Playbook: SBOM Acquisition, Management, and Use".

Don't say that acronym at the airport while working with your team over the phone...

Previously:
(2022) Open Source Community Sets Out Path to Secure Software

Original Submission

Freeman writes:

Elon Musk's X ad revenue reportedly fell $1.5B this year amid boycotts

It's hard to know exactly how dire the financial situation is at Elon Musk's X (formerly Twitter). However, insider sources recently revealed to Bloomberg that the social media platform expects to end 2023 with "roughly" $2.5 billion in advertising revenue.

That's "a significant slump from prior years," sources said. It's also about half a billion short of the $3 billion that X executives expected to make in ad sales in 2023, one source said.

Last year, Twitter raked in more than $1 billion in ad revenue per quarter, sources said. But in each of the first three quarters of 2023, X only managed to generate "a little more than $600 million" in ad revenue.

[...] After Musk boosted an antisemitic post on X, he apologized, but he never removed his controversial post and continued antagonizing advertisers that he claimed were "going to kill the company."

Among the major brands pausing advertising on X is Disney, which seems to have particularly offended Musk. He's spent the past week targeting Disney CEO Bob Iger in a series of X posts, calling out Disney for boycotting X. Musk appears particularly frustrated that Disney is advertising on Meta platforms after New Mexico Attorney General Raúl Torrez filed a lawsuit alleging that Facebook and Instagram are "prime locations for predators to trade child pornography and solicit minors for sex."

Original Submission

Meeting Announcement: The next meeting of the SoylentNews governance committee is scheduled for Wednesday, December 20th, 2023 at 21:00 UTC (4pm Eastern) in #governance on SoylentNews IRC. Logs of the meeting will be available afterwards for review, and minutes will be published when complete.

Minutes and agenda, and other governance committee information are to be found on the SoylentNews Wiki at: https://wiki.staging.soylentnews.org/wiki/Governance

The community, welcome to observe and participate, is encouraged to attend the meeting.

owl writes:

https://www.righto.com/2023/12/386-xor-circuits.html

Intel's 386 processor (1985) was an important advance in the x86 architecture, not only moving to a 32-bit processor but also switching to a CMOS implementation. I've been reverse-engineering parts of the 386 chip and came across two interesting and completely different circuits that the 386 uses to implement an XOR gate: one uses standard-cell logic while the other uses pass-transistor logic. In this article, I take a look at those circuits.

[...] Parts of the 386 were implemented with standard-cell logic. The idea of standard-cell logic is to build circuitry out of standardized building blocks that can be wired by a computer program. In earlier processors such as the 8086, each transistor was carefully positioned by hand to create a chip layout that was as dense as possible. This was a tedious, error-prone process since the transistors were fit together like puzzle pieces. Standard-cell logic is more like building with LEGO. Each gate is implemented as a standardized block and the blocks are arranged in rows, as shown below. The space between the rows holds the wiring that connects the blocks.

[...] Some parts of the 386 implement XOR gates completely differently, using pass transistor logic. The idea of pass transistor logic is to use transistors as switches that pass inputs through to the output, rather than using transistors as switches to pull the output high or low. The pass transistor XOR circuit uses 8 transistors, compared with 10 for the previous circuit.

Original Submission

hubie writes:

BC psychologists probe the roots of truth judgments in the 'post-truth' era:

Putting truth to the test in the "post-truth" era, Boston College psychologists conducted experiments that show when Americans decide whether a claim of fact should qualify as true or false, they consider the intentions of the information source, the team reported recently in Nature's Scientific Reports.

That confidence is based on what individuals think the source is trying to do – in this case either informing or deceiving their audience.

"Even when people know precisely how accurate or inaccurate a claim of fact is, whether they consider that claim to be true or false hinges on the intentions they attribute to the claim's information source," said Professor of Psychology and Neuroscience Liane Young, an author of the report. "In other words, the intentions of information sources sway people's judgments about what information should qualify as true."

Lead author Isaac Handley-Miner, a PhD student and researcher in Young's Morality Lab, said the so-called post-truth era has revealed vigorous disagreement over the truth of claims of fact — even for claims that are easy to verify.

"That disagreement has alarmed our society," said Handley-Miner. "After all, it's often assumed that the labels 'true' and 'false' should correspond to the objective accuracy of a claim. But is objective accuracy actually the only criterion people consider when deciding what should qualify as true or false? Or, even when people know how objectively accurate a given claim of fact is, might they be sensitive to features of the social context—such as the intentions of the information source? We set out to test whether the intentions of information sources affect whether people consider a claim of fact to be true or false even when they have access to the ground truth."

[...] The findings suggest that, even if people have access to the same set of facts, they might disagree about the truth of claims if they attribute discrepant intentions to information sources.

The results demonstrated that people are not merely sensitive to the objective accuracy of claims of fact when classifying them as true or false. While this study focused on the intent of the information source, Young and Handley-Miner say intent is probably not the only other feature people use to evaluate truth.

Journal Reference:
Handley-Miner, I.J., Pope, M., Atkins, R.K. et al. The intentions of information sources can affect what information people think qualifies as true. Sci Rep 13, 7718 (2023). https://doi.org/10.1038/s41598-023-34806-4

Original Submission

upstart writes:

NASA donates Ingenuity Mars Helicopter prototype to Smithsonian:

The Smithsonian would love to display the first vehicle to achieve powered flight on another world, but with NASA's Ingenuity helicopter still busy setting records on Mars, the Washington, D.C. institution has accepted the next best thing.

Officials from NASA and the Smithsonian's National Air and Space Museum marked the agency's donation of the aerial prototype for Ingenuity into the museum's collection at the Steven F. Udvar-Hazy Center in Chantilly, Virginia on Friday (Dec. 15). The full-scale prototype was the first to demonstrate that an aircraft could fly in the atmosphere of another planet during tests performed at NASA's Jet Propulsion Laboratory (JPL) in Pasadena, California.

The prototype's first free flight in a simulated Mars environment gave NASA the confidence to commit to sending Ingenuity to Mars. The helicopter and its companion Perseverance rover landed in Jezero Crater on Feb. 18, 2021.

Original Submission

taylorvich writes:

https://phys.org/news/2023-12-reveals-secret-sites-america-migrating.html

Every year, billions of birds migrate thousands of miles from their summer breeding ranges to their warmer wintering ranges and back. However, the question of where these birds stop to rest and refuel along the way has long stumped ornithologists.

Princeton Ph.D. student Fengyi Guo and her colleagues from Princeton and the University of Delaware address this question in a newly published paper by using weather radar imagery to map the birds' migratory stopover sites in North America.

Using weather surveillance radar to compute and compare bird movement patterns across five years of spring and fall migrations, Guo and her team pinpointed over 2.4 million hectares of land as key stopover hotspots for land birds across the eastern United States.

[...] The radar imagery showed that stopover hotspots along the eastern U.S. consist primarily of deciduous forests, including forest fragments in broadly deforested regions. These hotspots serve as crucial pitstops for large numbers of land birds each year. Protecting these sites helps to ensure the long-term viability of all the bird species that sojourn at these sites.

However, only half of the currently protected hotspots are free from any form of extractive resource use, and two-thirds of all identified hotspots lack any formal protection at all. Guo also found substantial seasonal differences in where hotspots were located.

upstart writes:

How Police Have Undermined the Promise of Body Cameras:

RepublishCo-published with The New York Times Magazine

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they're published.

When Barbara and Belvett Richards learned that the police had killed their son, they couldn't understand it. How, on that September day in 2017, did their youngest child come to be shot in his own apartment by officers from the New York Police Department?

ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they're published.

When Barbara and Belvett Richards learned that the police had killed their son, they couldn't understand it. How, on that September day in 2017, did their youngest child come to be shot in his own apartment by officers from the New York Police Department?

Original Submission

upstart writes:

Vaccines delivered through the nose or mouth should help stop infection where it begins:

The federal government is working to speed things along with an injection of cash through Project NextGen, a $5 billion effort to usher new and improved covid vaccines to market. In October, the Department of Health and Human Services announced that nearly $20 million would go to two companies developing mucosal vaccines—Codagenix and CastleVax. That money will help the companies gear up for studies to test how well their vaccines work to prevent symptomatic infections.

Codagenix's candidate, a nasal vaccine called CoviLiv, is already part of a phase 3 global efficacy trial coordinated by the World Health Organization. And in October, the company reported results from a safety study in adults in the UK who had never been vaccinated for covid before. The nasal mist prompted robust immunity, at least as measured by markers in the blood. But evidence of an immune response in the blood doesn't necessarily indicate an immune response in the mucosal lining of the airways. Or, as one physician puts it, "just like the 'far, dark side of the Moon', which is invisible from the earth, the mucosal response to pathogens is a far, dark side of immunity that is poorly or not visible from the peripheral blood and more complicated to probe than systemic immunity."

What's the best way to elicit mucosal immunity?

TBD. Different groups are trying a variety of strategies. The goal is to induce immunity in the airways that is robust, broad, and durable. But which strategy will succeed is a bit of a question mark at the moment. Mucosal vaccines fall into a few categories depending on how they're administered and the platform they use. Some are sprays that are squirted into the nose (CovLiv, for example). Others are meant to be inhaled into the lungs (such as one developed by CanSinBIO in China).

Sometimes these two routes of administration get lumped together, but they actually are very different, says Mangalakumari Jeyanathan, a researcher at McMaster University and coauthor of an editorial that accompanies the new inhalable-vaccine paper. With a nasal vaccine, the contents go into the nasal cavity. But Jeyanathan thinks inhaled vaccines, which go deep into the lungs, are likely to work better. Her team's research suggests that nasal vaccines induce immune responses only in the upper respiratory tract, not in the lower respiratory tract. That means, she says, that if the vaccine doesn't prevent infection, the lungs are still vulnerable, and "we really need the immune responses to prevent any sort of serious damage to the lung."

Original Submission

canopic jug writes:

Public Domain Day 2024 is coming up in a few weeks. The Duke University's Center for the Study of the Public Domain has a briefing document, Mickey, Disney, and the Public Domain: a 95-year Love Triangle, about what happens when the earlier versions of Mickey Mouse finally elevate to the public domain at the start of 2024. Included is a Venn diagram of what you can and can't work with.

Steamboat Willie and the characters it depicts – which include both Mickey and Minnie Mouse – will be in the public domain. As indicated in the green circle, this means that anyone can share, adapt, or remix that material. You can start your creative engines too—full steam ahead! You could take a page out of the Winnie-the-Pooh: the Deforested Edition playbook and create “Steamboat Willie: the Climate Change Edition,” in which Mickey’s boat is grounded in a dry riverbed. You could create a feminist remake with Minnie Mouse as the central figure. You could reimagine Mickey and Minnie dedicating themselves to animal welfare. (The animals in Steamboat Willie are contorted rather uncomfortably into musical instruments. PETA would not approve.)

You can do all of this and more, so long as you steer clear of the subsisting rights indicated by the orange circles, namely:

• Use the original versions of Mickey and Minnie Mouse from 1928, without copyrightable elements of later iterations (though not every later iteration will be copyrightable, as I explain below) and

• Do not confuse consumers into thinking that your creation is produced or sponsored by Disney as a matter of trademark law. One way to help ensure that your audience is not confused is to make the actual source of the work – you or your company – clear on the title screen or cover, along with a prominent disclaimer indicating that your work was not produced, endorsed, licensed, or approved by Disney.

So, is January 1, 2024 doomsday for Disney? No. Disney still retains copyright over newer iterations of Mickey such as the “Sorcerer’s Apprentice” Mickey from Fantasia (1940) as well as trademarks over Mickey as a brand identifier. People will still go to its theme parks, pay to see its movies, buy its merchandise. Its brand identity will remain intact.

In sum, yes, you can use Mickey in new creative works. There are some more complex peripheral legal issues, but here is your guide through them.

Cory Doctorow has an analysis of this upcoming milestone event in a recent post on his blog.

Previously:
(2023) What Happens When 'Steamboat Willie' Hits The Public Domain In 2024?

Original Submission

Freeman writes:

https://arstechnica.com/ai/2023/12/turing-test-on-steroids-chatbot-arena-crowdsources-ratings-for-45-ai-models/

As the AI landscape has expanded to include dozens of distinct large language models (LLMs), debates over which model provides the "best" answers for any given prompt have also proliferated (Ars has even delved into these kinds of debates a few times in recent months). For those looking for a more rigorous way of comparing various models, the folks over at the Large Model Systems Organization (LMSys) have set up Chatbot Arena, a platform for generating Elo-style rankings for LLMs based on a crowdsourced blind-testing website.

[...] Since its public launch back in May, LMSys says it has gathered over 130,000 blind pairwise ratings across 45 different models (as of early December). Those numbers seem poised to increase quickly after a recent positive review from OpenAI's Andrej Karpathy that has already led to what LMSys describes as "a super stress test" for its servers.

[...] Chatbot Arena's latest public leaderboard update shows a few proprietary models easily beating out a wide range of open-source alternatives. OpenAI's ChatGPT-4 Turbo leads the pack by a wide margin, with only an older GPT-4 model ("0314," which was discontinued in June) coming anywhere close on the ratings scale. But even months-old, defunct versions of GPT-3.5 Turbo outrank the highest-rated open-source models available in Chatbot Arena's testbed.

[...] Chatbot Arena users may also naturally gravitate towards certain types of prompts that favor certain types of models.

[...] To balance out these potential human biases, LMSys has also developed a completely automated ranking system called LLM Judge

[...] LMSys's academic paper on the subject finds that "strong LLM judges like GPT-4 can match both controlled and crowdsourced human preferences well, achieving over 80% agreement, the same level of agreement between humans." From those results, the organization suggests that having LLMs rank other LLMs provides "a scalable and explainable way to approximate human preferences, which are otherwise very expensive to obtain."

Original Submission