SoylentNews

upstart writes:

Understanding the Implications of CentOS Stream 8 End-of-Life on Enterprise E...:

with the approaching end-of-life (EOL) of CentOS Stream 8, enterprises may face critical challenges in securing their Linux environment. This analysis provides insights into the potential consequences of CentOS Stream 8 EOL, discusses mitigation strategies, and examines the importance of maintaining security in enterprise environments.

CentOS Stream 8, released alongside CentOS 8, has become a stable and reliable platform for many enterprise users. However, with the end of support for CentOS 8, users have migrated to CentOS Stream as a viable alternative. Unfortunately, CentOS Stream 8 will also reach its EOL on May 31, 2024. This poses significant challenges in the areas of security, support, and compliance for enterprises.

Without official updates, users will face unpatched vulnerabilities, compatibility issues, and increased downtime. Compliance issues may arise for enterprises operating in regulated environments, as such industries often require the use of supported software to ensure data security.

The implications and long-term consequences of using CentOS Stream 8 beyond its EOL could be severe. One of the key implications is the lack of security updates, leaving enterprise systems vulnerable to potential threats. The absence of official support further intensifies the risk of compatibility issues and increased downtime. This raises important questions: How can enterprises protect their systems from cyber threats without security updates? How can they ensure compliance and data security without official support?

Luckily, mitigation strategies exist for CentOS Stream 8 EOL, including migration to other long-term supported operating systems such as CentOS Stream 9, AlmaLinux, Oracle Linux, RHEL, or Rocky Linux. However, a careful and strategic planning process is essential to minimize disruptions during the migration process.

[...] These challenges ultimately call for careful planning, strategic decision-making, and a proactive approach to maintaining security in enterprise environments. It is crucial for security practitioners to assess the specific needs of their organizations and determine the most suitable path forward to ensure ongoing data security and compliance.

CentOS Stream:

Check end-of-life, release policy and support schedule for CentOS Stream.

Original Submission

taylorvich writes:

https://phys.org/news/2024-01-wooly-mammoth-movements-earliest-alaska.html

Researchers have linked the travels of a 14,000-year-old wooly mammoth with the oldest known human settlements in Alaska, providing clues about the relationship between the iconic species and some of the earliest people to travel across the Bering Land Bridge.

Scientists made those connections by using isotope analysis to study the life of a female mammoth, named Élmayųujey'eh, by the Healy Lake Village Council. A tusk from Elma was discovered at the Swan Point archaeological site in Interior Alaska. Samples from the tusk revealed details about Elma and the roughly 1,000-kilometer journey she took through Alaska and northwestern Canada during her lifetime.

Isotopic data, along with DNA from other mammoths at the site and archaeological evidence, indicates that early Alaskans likely structured their settlements to overlap with areas where mammoths congregated. Those findings, highlighted in the journal Science Advances, provide evidence that mammoths and early hunter-gatherers shared habitat in the region. The long-term predictable presence of wooly mammoths would have attracted humans to the area.

"She wandered around the densest region of archaeological sites in Alaska," said Audrey Rowe, a University of Alaska Fairbanks Ph.D. student and lead author of the paper. "It looks like these early people were establishing hunting camps in areas that were frequented by mammoths."

The mammoth tusk was excavated and identified in 2009 by Charles Holmes, affiliate research professor of anthropology at UAF, and François Lanoë, research associate in archaeology at the University of Alaska Museum of the North.

They found Elma's tusk and the remains of two related juvenile mammoths, along with evidence of campfires, the use of stone tools, and butchered remains of other game. All of this "indicates a pattern consistent with human hunting of mammoths," said Ben Potter, an archaeologist and professor of anthropology at UAF.

More information: Audrey Rowe et al, A female woolly mammoth's lifetime movements end in an ancient Alaskan hunter-gatherer camp, Science Advances (2024). DOI: 10.1126/sciadv.adk0818. www.science.org/doi/10.1126/sciadv.adk0818

Journal information: Science Advances

Original Submission

JoeMerchant writes:

Paper mills are bribing editors at scholarly journals, Science investigation finds | Science | AAAS

One evening in June 2023, Nicholas Wise, a fluid dynamics researcher / scientific fraud buster, was digging around on shady Facebook groups where he found someone calling themselves Jack Ben, of a firm whose Chinese name translates to Olive Academic, offering journal editors large sums of cash in return for accepting papers for publication...

[...] At least tens of millions of dollars flow to the paper mill industry each year, estimates Matt Hodgkinson of the independent charity UK Research Integrity Office, which offers support to further good research practices, who is also a council member at the nonprofit Committee on Publication Ethics. Publishers and journals, recognizing the threat, have beefed up their research integrity teams and retracted papers, sometimes by the hundreds. They are investing in ways to better spot third-party involvement, such as screening tools meant to flag bogus papers.

So cash-rich paper mills have evidently adopted a new tactic: bribing editors and planting their own agents on editorial boards to ensure publication of their manuscripts. An investigation by Science and Retraction Watch, in partnership with Wise and other industry experts, identified several paper mills and more than 30 editors of reputable journals who appear to be involved in this type of activity. Many were guest editors of special issues, which have been flagged in the past as particularly vulnerable to abuse because they are edited separately from the regular journal. But several were regular editors or members of journal editorial boards. And this is likely just the tip of the iceberg.

Hodgkinson recalls hearing one publisher say it "had to sack 300 editors for manipulative behavior." He adds, "These are organized crime rings that are committing large-scale fraud."

Being from pulpwood country, the title led me to believe I would be reading a story about how "Big Cardboard" was bribing academia to publish research beneficial to their industry - as "Big Oil" is so famous for... Nope, this is a different twist, broader and even more troubling.

Original Submission

Freeman writes:

https://arstechnica.com/gaming/2024/01/game-developer-survey-50-work-at-a-studio-already-using-generative-ai-tools/

A new survey of thousands of game development professionals finds a near-majority saying generative AI tools are already in use at their workplace. But a significant minority of developers say their company has no interest in generative AI tools or has outright banned their use.

The Game Developers Conference's 2024 State of the Industry report, released Thursday, aggregates the thoughts of over 3,000 industry professionals as of last October. While the annual survey (conducted in conjunction with research partner Omdia) has been running for 12 years, this is the first time respondents were asked directly about their use of generative AI tools such as ChatGPT, DALL-E, GitHub Copilot, and Adobe Generative Fill.

Forty-nine percent of the survey's developer respondents said that generative AI tools are currently being used in their workplace.
[...]
The wide embrace of AI tools hasn't seemed to lessen worries about their use among developers, though. A full 42 percent of respondents said they were "very concerned" about the ethics of using generative AI in game development, with an additional 42 percent being "somewhat concerned." Only 12 percent said they were "not concerned at all" about those usage ethics.

Original Submission

Arthur T Knackerbracket has processed the following story:

Apple's iPhone processor manufacturer TSMC has announced that it expects its second Arizona plant will be delayed by up to two years — and may no longer produced the promised 3-nanometer chips.

TSMC's second plant in the state was announced in 2022 with the company increasing its investment from $12 billion $40 billion for the new factory's development. This plant was specifically said to be for making 3nm processors, though it was later revealed that the all Arizona-made chips would still go to Taiwan for final assembly.

According to the Wall Street Journal, TSMC chair Mark Liu has announced that construction continues, but it will not be mass producing processors by 2026 as planned. At present, TSMC expects it to be fully operational by 2027 or 2028, though it gave no specific reasons for the delay.

While TSMC produces processors for many companies, it has a long-term relationship with Apple. Tim Cook has confirmed that Apple will use TSMC chips made in Arizona.

Liu also said that the new factory may not be dedicated to 3nm production. He said that the specific chip type had yet to be determined, and that the choice would be affected both by customer demand and government incentives.

The reference to initiatives is not the only factor in TSMC's relationship with the US government. As TSMC is a Taiwanese company and the US does not have an income tax agreement with that country, the chip manufacturer faces double taxation.

Unless this changes, it's been reported that TSMC would therefore be paying out over half of its US profits in tax.

Original Submission

taylorvich writes:

https://www.construction-physics.com/p/what-happened-to-the-us-machine-tool

Machine tools – machines that cut or form metal – are the heart of industrial civilization. Sometimes called "mother machines" (because they're machines that make other machines), machine tools are required to make almost everything. Nearly every manufactured good is made using machine tools, or by machines which were made using machine tools:

"Thus an automobile is an assembly of metal parts made by machine tools, plastic parts produced by machines made by machine tools, fabric processed on textile machines made by machine tools, rubber processed and molded by equipment made on machine tools, and glass processed by equipment produced by machine tools." – Anderson Ashburn, Is New Technology Enough?

Being able to manufacture machine tools is often considered an important capability for an industrialized country. Not only does this provide ready access to the latest manufacturing technology, but it ensures production of munitions and other military equipment won't be bottlenecked by a lack of machine tools. This isn't a hypothetical concern: American production of artillery shells for Ukraine has been held back by a lack of machine tools. The military has thus historically paid close attention to the machine tool industry and the availability of machinists.

For most of the 20th century, the US was unrivaled in its machine tool technology, and as late as the early 1980s it was the largest machine tool producer in the world.. But almost overnight, the industry collapsed: annual machine tool shipments declined by more than 50% in 2 years, hundreds of machine tool companies went out of business, and the US slipped from the largest producer in the world to the 4th or 5th (depending on the year), roughly where it remains today.

Original Submission

upstart writes:

Japan makes history with tense, successful moon landing:

Japan's SLIM "Moon Sniper" spacecraft made a successful lunar landing Friday, making the country just the fifth to robotically land on the moon.

The Smart Lander for Investigating Moon (SLIM) spacecraft began its descent from a 15-kilometer perilune shortly after 10:00 a.m. Eastern, Jan. 19 (1500 UTC), decelerating from a speed of around 1,700 meters per second.

SLIM appeared to have successfully touched down at 10:20 a.m. (1520 UTC), during a Japan Aerospace Exploration Agency (JAXA) livestream of the event. It was not however immediately clear if the landing was successful, with the livestream ending inconclusively. A wait of more than an hour followed for clarification and confirmation.

During the silence from JAXA, NASA's Deep Space Network appeared to show signals from both SLIM and the Lunar Excursion Vehicle 1 (LEV-1)—a small rover accompanying SLIM and ejected onto the surface at an altitude of two meters—being received in Madrid. Amateur tracking stations meanwhile reported signals from both SLIM and LEV-1.

JAXA confirmed landing success during a press conference just under two hours after the landing occurred. However the spacecraft's solar cells were not generating electricity. The reason for the solar cell issue was not immediately known, but spacecraft orientation—suggesting the lander may have rolled—is consider a possibility. SLIM is currently working on battery power.

"We believe that the soft landing itself was successful," a JAXA official said, stating that the spacecraft had survived the landing and was sending data.

Teams are working to maximize data gathering and science output. LEV-1 and another rover, LEV-2, were also confirmed to have separated successfully and operating. JAXA will said it will hold another press conference in the following week.

Five crushable, 3D-printed aluminum lattice landing legs helped the lander absorb the impact of touchdown on the lunar surface.

The mission was primarily aiming to demonstrate precise landing technology, allowing the spacecraft to set down within 100 meters of a target point. SLIM was targeting a landing on the sloped rim inside the 300-meters-wide Shioli crater.

While the landing was confirmed successful, it will take up to a month to confirm the success or failure of the "pinpoint" landing. The accuracy will be assessed with observations from lunar orbit.

An accurate landing is not just an engineering feat, but one that could enable greater science returns.

"The SLIM mission, with its precision landing system, hopefully marks a more successful year of lunar landings by robotic explorers," Katherine Joy, a Reader in Earth Sciences at the University of Manchester, told SpaceNews.

"Touching down in just the right spot is key to targeting really interesting lunar locations that can help us test key science questions about the evolution of the Moon and where we want to explore to assess possible lunar resources."

[...] SLIM also carried a pair of small, innovative rovers with it to the moon. Lunar Excursion Vehicle 1 (LEV-1) uses a hopping mechanism, while LEV-2 is a baseball-sized, spherical rover. Both carry cameras and science payloads.

SLIM launched Sept. 6, 2023, and completed a looping, 110-day voyage to the moon Dec. 25, when the spacecraft entered lunar orbit. The flight profile saved the spacecraft propellant and allowed for a higher science payload mass.

The spacecraft trimmed its orbit to a circular, 600-kilometer polar orbit Jan. 14 in preparation for the landing attempt.

Original Submission

taylorvich writes:

https://newatlas.com/medical/isolder-tissue-soldering-wounds/

While sutures and staples suffice for closing most wounds, they can damage delicate tissue, plus they may allow fluids to leak out when applied to internal organs. Scientists have thus set about improving an alternative wound-closure method known as tissue soldering.

Putting it simply, tissue soldering is an experimental technique in which a gelatinous paste is applied to the pressed-together edges of a wound, then heated with a laser.

The heat causes the paste to polymerize and bond with the collagen in the underlying tissue, forming a flexible watertight seal which holds the wound closed until it heals. Not only is the process typically faster yet gentler than applying sutures or staples, it also produces less inflammation, less scarring, and provides better protection against infections.

That said, complications may occur if the paste isn't heated to just the right temperature. If it's too cold, it won't bond with the tissue properly, whereas if it's too hot, it will burn the tissue.

In an effort to address that problem, scientists from Switzerland's Empa and ETH Zurich research institutes have developed an albumin-based paste called iSolder (intelligent solder). It contains titanium nitride and bismuth vanadate nanoparticles – the former convert laser light into heat, whereas the latter fluoresce when heated to a precise temperature.

So, when a gelatinous sheet of the iSolder is applied to a wound and then exposed to laser light, it will visibly glow upon reaching the just-right temperature at which it bonds with the underlying tissue. This takes the guesswork out of tissue welding – surgeons just keep applying the laser light until the paste glows, then stop when it does.

Original Submission

upstart writes:

Microsoft network breached through password-spraying by Russian-state hackers:

Russia-state hackers exploited a weak password to compromise Microsoft's corporate network and accessed emails and documents that belonged to senior executives and employees working in security and legal teams, Microsoft said late Friday.

The attack, which Microsoft attributed to a Kremlin-backed hacking group it tracks as Midnight Blizzard, is at least the second time in as many years that failures to follow basic security hygiene has resulted in a breach that has the potential to harm customers. One paragraph in Friday's disclosure, filed with the Securities and Exchange Commission, was gobsmacking:

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.

Microsoft didn't detect the breach until January 12, exactly a week before Friday's disclosure. Microsoft's account raises the prospect that the Russian hackers had uninterrupted access to the accounts for as long as two months.

A translation of the 93 words quoted above: A device inside Microsoft's network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one. The threat actor then accessed the account, indicating that either 2FA wasn't employed or the protection was somehow bypassed.

Furthermore, this "legacy non-production test tenant account" was somehow configured so that Midnight Blizzard could pivot and gain access to some of the company's most senior and sensitive employee accounts.

As Steve Bellovin, a computer science professor and affiliate law prof at Columbia University with decades of experience in cybersecurity, wrote on Mastodon:

A lot of fascinating implications here. A successful password spray attack suggests no 2FA and either reused or weak passwords. Access to email accounts belonging to "senior leadership... cybersecurity, and legal" teams using just the permissions of a "test tenant account" suggests that someone gave that test account amazing privileges. Why? Why wasn't it removed when the test was over? I also note that it took Microsoft about seven weeks to detect the attack.

Original Submission

fliptop writes:

The future of Sports Illustrated looked dire Friday after the publisher of the diminished outlet announced mass layoffs because its license to use the iconic brand's name in print and digital was revoked:

The Arena Group — which had been roiled by reports that the fabled magazine published AI-generated content — admitted to failing to make a $3.75 million quarterly licensing payment to Authentic Brands Group due this week.

As a result, the publicly-traded Arena announced Thursday it would make a "significant reduction" in its workforce of more than 100 journalists.

SI's unionized workers received a memo Friday telling them "some employees will be terminated immediately, and paid in lieu of the 60-day applicable notice period under the [union contract]."

[...] The outlet's website had a smattering of fresh stories Friday, suggesting a skeleton crew was still employed.

Meanwhile, SI's annual Swimsuit edition – which launched the careers of supermodels from Cheryl Tiegs to Tyra Banks – has been completed and will be released in the spring, a source close to the situation told The Post.

Also at NBC News, CNN and HuffPost.

Related: Sports Illustrated Published Articles by Fake, AI-Generated Writers

Original Submission

canopic jug writes:

Software engineer and security researcher, Adnan Khan, has found and published a supply chain attack carried out via Microsoft GitHub's runner images. The project used in the proof of concept is PyTorch.

From a period of time between February 2023 and July 25th, 2023, one such repository was GitHub's own actions/runner-images repository. You might be able to guess where this story this is going. This is the story of how I discovered and exploited a Critical misconfiguration vulnerability and reported it to GitHub. The vulnerability provided access to internal GitHub infrastructure as well as secrets. There was also a very high likelihood that this access could be used to insert malicious code into all of GitHub's runner base images – allowing an attacker to conduct a supply chain attack against every GitHub customer that used hosted runners.

More than a few sites are wrongly spinning this as a weakness with Python, PyTorch, or even with FOSS in general. However, the problem is not with FOSS, Python, or PyTorch but instead with a reliance on Microsoft's infrastructure for development. Fortunately there are mitigations. GitHub is software as a service, and not related to FOSS or Git itself though it does exploit both. It currently serves as a showcase for Microsoft Copilot.

Original Submission

Arthur T Knackerbracket has processed the following story:

Produced by a National Academy of Sciences, Engineering, and Medicine (NASEM) committee after spending two years studying the capabilities and implications of the technology at the behest of the FBI and Homeland Security, the report concluded that facial recognition needs to be formally reined in.

According to the panel's write-up, concerns over technical limitations and/or misuse of face recognition systems are well founded and require action from the government to address. As part of its conclusions, the committee recommended a presidential executive order to develop guidelines for appropriate use and fresh legislation "to address equity, privacy and civil liberties concerns" regarding the technology.

"It is crucial that governments make tackling these issues a priority," said Jennifer Mnookin, co-chair of the committee behind the report. "Failing or choosing not to adopt policies and regulations … would effectively cede decision-making and rulemaking on these important questions of great public concern entirely to the private sector and the marketplace." 

The report backs up a lot of what's been previously established about facial recognition technology, namely that it has issues with bias across racial and gender demographics – such as wrongly identifying women or people of color – and this has led to some bans on its use. 

False negative rates, the report found, were higher by a factor of three for women and non-whites, with the authors citing "algorithms designed in Western countries and trained mostly on White faces" as the culprit. 

"Much progress has been made in recent years to characterize, understand, and mitigate phenotypical disparities in the accuracy of FRT [facial-recognition technology] results," the report found, while also noting that "these performance differentials have not been entirely eliminated." 

While those facts aren't anything new, it's nice to know Homeland Security and the FBI are finally being told this by a report they had a hand in (it was made independently of the agencies, but they did provide guidance on some of the issues investigated) - but will the findings stick?

There's an increasing number of federal agencies using face recognition systems, and American states are adopting the technology at increasing rates as well, with few legal limits stopping them from implementing it any way they see fit. 

taylorvich writes:

https://www.sciencedaily.com/releases/2024/01/240116131836.htm

The unique underwater kelp forests that line the Pacific Coast support a varied ecosystem that was thought to have evolved along with the kelp over the past 14 million years.

But a new study shows that kelp flourished off the Northwest Coast more than 32 million years ago, long before the appearance of modern groups of marine mammals, sea urchins, birds and bivalves that today call the forests home.

The much greater age of these coastal kelp forests, which today are a rich ecosystem supporting otters, sea lions, seals, and many birds, fish and crustaceans, means that they likely were a main source of food for an ancient, now-extinct mammal called a desmostylian. The hippopotamus-sized grazer is thought to be related to today's sea cows, manatees and their terrestrial relatives, the elephants.

"People initially said, "We don't think the kelps were there before 14 million years ago because the organisms associated with the modern kelp forest were not there yet,'" said paleobotanist Cindy Looy, professor of integrative biology at the University of California, Berkeley. "Now, we show the kelps were there, it's just that all the organisms that you expect to be associated with them were not. Which is not that strange, because you first need the foundation for the whole system before everything else can show up."

Evidence for the greater antiquity of kelp forests, reported this week in the journal Proceedings of the National Academy of Sciences, comes from newly discovered fossils of the kelp's holdfast -- the root-like part of the kelp that anchors it to rocks or rock-bound organisms on the seafloor. The stipe, or stem, attaches to the holdfast and supports the blades, which typically float in the water, thanks to air bladders.

Looy's colleague, Steffen Kiel, dated these fossilized holdfasts, which still grasp clams and envelop barnacles and snails, to 32.1 million years ago, in the middle of the Cenozoic Era, which stretches from 66 million years ago to the present. The oldest previously known kelp fossil, consisting of one air bladder and a blade similar to that of today's bull kelp, dates from 14 million years ago and is in the collection of the University of California Museum of Paleontology (UCMP).

Journal Reference:

Steffen Kiel, James L. Goedert, Tony L. Huynh, Michael Krings, Dula Parkinson, Rosemary Romero, Cindy V. Looy. Early Oligocene kelp holdfasts and stepwise evolution of the kelp ecosystem in the North Pacific. Proceedings of the National Academy of Sciences, 2024; 121 (4) DOI: 10.1073/pnas.2317054121

Original Submission

Arthur T Knackerbracket has processed the following story:

HZO specializes in thin film coatings for electronic devices. At CES 2024, the North Carolina-based company demonstrated the effectiveness of its coating process by submerging a Raspberry Pi board. Remarkably, the board continued working just fine and no one got electrocuted.

HZO offers innovative coating services using parylene, applied as a film at the "molecular level" through a vacuum deposition process. Parylene, thinner than other coating materials, is capable of uniformly and reliably covering electronic devices, including bare circuit boards. The company showed the parylene coating protection at work during CES 2024, suggesting that hardware companies could turn Raspberry Pi 4 boards into proper waterproof computer projects.

[...] The CVD process has diverse applications, including automotive electronics and sensors, smart home devices, consumer electronics, biosensors, and more. The parylene-coated Raspberry Pi 4, displayed at CES 2024, functioned in a water tank, connected safely to a USB-C power cable and a microHDMI cable for video output, both also coated with parylene.

Waterproof Raspberry Pi systems have been demonstrated before, using a widely available lubricant (CorrosionX) as a slimy bathing solution. This coating method isn't permanent, in contrast, HZO's CVD solution offers a more durable alternative. An company rep mentioned that electronic devices like the Raspberry Pi would need approximately 15 hours in the deposition chamber.

Original Submission

owl writes:

https://blog.tidelift.com/will-the-new-judicial-ruling-in-the-vizio-lawsuit-strengthen-the-gpl

Last week an important judicial ruling came down on a very intriguing case about open source license compliance. In this post, I'll talk about what makes it so interesting and potentially impactful across our industry.

Legal background

Traditionally, open source licenses have been enforced through the law of copyright. In other words, the key question has been did copying occur, and if so, were the rights of the author violated? This has a subtle, but very important effect: only the author can initiate the lawsuit. In addition in the United States, such lawsuits must be filed in federal court, rather than in state courts, and the remedies available are primarily financial.

However, arguably, open source licenses could also be enforced through the law of contracts. Contracts can be about copyright, but in general they are a different beast. In the United States, remedies for contracts can include what is called "specific performance"—in other words, a judge can order someone who has broken a contract to do a specific act. Contracts also are typically enforced through state courts, not federal courts.

Finally, and most importantly for our discussion today, contracts can—under certain conditions—be enforced by third parties. These parties are known as third-party beneficiaries. Because they benefit from the contract, they can sometimes enforce the contract. For example, if I signed a contract with a baker to deliver a cake to my mother, my mother would be able to sue the baker if the cake did not arrive.

Original Submission