SoylentNews

upstart writes:

Mysterious 'MMS Fingerprint' Hack Used by Spyware Firm NSO Group Revealed:

The existence of a previously unknown infection technique used by spyware firm NSO Group is suggested by a single line in a contract between NSO and the telecom regulator of Ghana.

The contract is within the documentation of the ongoing court case between WhatsApp and NSO. Labeled under 'Infection Assisting Tools' is a single entry titled 'MMS Fingerprint'. NSO claims it can reveal the target device and the OS of the target device, 'without user interaction, engagement or message opening', and can be used against Android, Blackberry, and iOS.

There is (or has been) no known MMS fingerprint infection route. Cathal McDaid, VP of technology at Swedish telecoms security firm Enea investigated to learn more.

Since multiple device manufactures can be targeted, McDaid decided to look at the MMS flow rather than the individual devices. The MMS flow, writes McDaid, is somewhat 'messy': "Confusingly, sometimes the MMS flow is not using MMS."

MMS was introduced when not all phones were MMS compatible. So, the developers introduced a fall-back to a type of SMS known as a binary SMS (WSP Push), used to notify the recipient MMS device's user agent that an MMS message is waiting for retrieval.

Similarly, retrieval of the message is also not specifically 'MMS' – it is an HTTP GET request to the URL address contained in the waiting message. "The interesting thing here," writes McDaid, "is that within this HTTP GET, user device information is included. It was suspected that this may be the point that targeted device information could be leaked, and the MMS Fingerprint could be 'lifted'."

upstart writes:

Scientists aghast at bizarre AI rat with huge genitals in peer-reviewed article:

Appall and scorn ripped through scientists' social media networks Thursday as several egregiously bad AI-generated figures circulated from a peer-reviewed article recently published in a reputable journal. Those figures—which the authors acknowledge in the article's text were made by Midjourney—are all uninterpretable. They contain gibberish text and, most strikingly, one includes an image of a rat with grotesquely large and bizarre genitals, as well as a text label of "dck."

On Thursday, the publisher of the review article, Frontiers, posted an "expression of concern," noting that it is aware of concerns regarding the published piece. "An investigation is currently being conducted and this notice will be updated accordingly after the investigation concludes," the publisher wrote.

[...] Some scientists online questioned whether the article's text was also AI-generated. One user noted that AI detection software determined that it was likely to be AI-generated; however, as Ars has reported previously, such software is unreliable.

The images, while egregious examples, highlight a growing problem in scientific publishing. A scientist's success relies heavily on their publication record, with a large volume of publications, frequent publishing, and articles appearing in top-tier journals, all of which earn scientists more prestige. The system incentivizes less-than-scrupulous researchers to push through low-quality articles, which, in the era of AI chatbots, could potentially be generated with the help of AI. Researchers worry that the growing use of AI will make published research less trustworthy. As such, research journals have recently set new authorship guidelines for AI-generated text to try to address the problem. But for now, as the Frontiers article shows, there are clearly some gaps.

It looks like "peer reviewed" is becoming meaningless nowadays. However, this attempt is so obviously fake that I cannot see how anyone could have put their name to having completed a review.

Original Submission

mendax writes:

Ars has a story that reveals some new information about the Indo-European proto-language:

Almost half of all people in the world today speak an Indo-European language, one whose origins go back thousands of years to a single mother tongue. Languages as different as English, Russian, Hindustani, Latin, and Sanskrit can all be traced back to this ancestral language.

Over the last couple of hundred years, linguists have figured out a lot about that first Indo-European language, including many of the words it used and some of the grammatical rules that governed it. Along the way, they've come up with theories about who its original speakers were, where and how they lived, and how their language spread so widely.

Most linguists think that those speakers were nomadic herders who lived on the steppes of Ukraine and western Russia about 6,000 years ago. Yet a minority put the origin 2,000 to 3,000 years before that, with a community of farmers in Anatolia, in the area of modern-day Turkey. Now a new analysis, using techniques borrowed from evolutionary biology, has come down in favor of the latter, albeit with an important later role for the steppes.

The computational technique used in the new analysis is hotly disputed among linguists. But its proponents say it promises to bring more quantitative rigor to the field, and could possibly push key dates further into the past, much as radiocarbon dating did in the field of archaeology.

Such stories are fascinating for people such as myself who are amateur linguists.

Original Submission

looorg writes:

Japan to launch world's first wooden satellite to combat space pollution

[...] "All the satellites which re-enter the Earth's atmosphere burn and create tiny alumina particles, which will float in the upper atmosphere for many years," Takao Doi, a Japanese astronaut and aerospace engineer with Kyoto University, warned recently. "Eventually, it will affect the environment of the Earth."

To tackle the problem, Kyoto researchers set up a project to evaluate types of wood to determine how well they could withstand the rigours of space launch and lengthy flights in orbit round the Earth. The first tests were carried out in laboratories that recreated conditions in space, and wood samples were found to have suffered no measurable changes in mass or signs of decomposition or damage.

"Wood's ability to withstand these conditions astounded us," said Koji Murata, head of the project.

After these tests, samples were sent to the ISS, where they were subjected to exposure trials for almost a year before being brought back to Earth. Again they showed little signs of damage, a phenomenon that Murata attributed to the fact that there is no oxygen in space which could cause wood to burn, and no living creatures to cause it to rot.

Also:
https://www.sciencefocus.com/space/wooden-satellites-space-junk

Original Submission

taylorvich writes:

https://www.science.org/content/article/humans-survive-alone-1000-years-desert-islands-off-africa

The Canary Islands—More than 1000 years ago, a young man stood on the northern shore of the island now known as El Hierro. Across the wave-swept Atlantic Ocean, he could see the silhouettes of other islands, a volcanic peak on one soaring toward the clouds only 90 kilometers away. Yet, for him, those islands were as unreachable as the Moon.

His body betrayed the rigors of life on his arid volcanic outcrop. His molars were worn almost to the gums from grinding fibrous wild fern roots. His ancestors here had farmed wheat, but he and his contemporaries grew only barley and raised livestock such as goats. His genes held evidence that his parents were closely related, like many of the roughly 1000 people on the island, who had not mingled with outsiders for centuries. Also like many of his fellow islanders, he bore signs of an old head injury, likely sustained in a fight.

"This population faced a lot of challenges," says archaeologist Jonathan Santana of the University of Las Palmas de Gran Canaria (ULPGC). "Survival on this island was a challenge every day."

Yet the first Canarians, who arrived from North Africa roughly 1800 years ago, survived and even thrived on this arid, windswept archipelago for 1000 years. They numbered in the tens of thousands when Europeans arrived at the start of the 14th century. Not long after, conquest and genocide had largely erased them as a people. But their DNA lives on in many islanders today, and traces of their lives remain, in granaries, cliff dwellings, ceramic figurines, and hundreds of human remains like those of the man on El Hierro—all remarkably well preserved by the dry climate.

By applying the latest archaeological tools to this trove of material, Santana and other home-grown archaeologists are unearthing their stories, shedding light on puzzles that have mystified archaeologists since the 19th century. For instance, how did people with no apparent seafaring skills reach and survive on the archipelago? Why did their crops and cultures differ from island to island despite their common origin? The answers offer insights into how human societies cope with—and respond to—challenging environments, says Scott Fitzpatrick, a University of Oregon archaeologist who studies island cultures. "The Canaries have been sort of an enigma."

Original Submission

upstart writes:

AI presents distinct social and ethical challenges, but its sudden rise presents a singular opportunity for responsible adoption:

Technology use often goes wrong, Parsons notes, "because we're too focused on either our own ideas of what good looks like or on one particular audience as opposed to a broader audience." That may look like an app developer building only for an imagined customer who shares his geography, education, and affluence, or a product team that doesn't consider what damage a malicious actor could wreak in their ecosystem. "We think people are going to use my product the way I intend them to use my product, to solve the problem I intend for them to solve in the way I intend for them to solve it," says Parsons. "But that's not what happens when things get out in the real world."

AI, of course, poses some distinct social and ethical challenges. Some of the technology's unique challenges are inherent in the way that AI works: its statistical rather than deterministic nature, its identification and perpetuation of patterns from past data (thus reinforcing existing biases), and its lack of awareness about what it doesn't know (resulting in hallucinations). And some of its challenges stem from what AI's creators and users themselves don't know: the unexamined bodies of data underlying AI models, the limited explainability of AI outputs, and the technology's ability to deceive users into treating it as a reasoning human intelligence.

Parsons believes, however, that AI has not changed responsible tech so much as it has brought some of its problems into a new focus. Concepts of intellectual property, for example, date back hundreds of years, but the rise of large language models (LLMs) has posed new questions about what constitutes fair use when a machine can be trained to emulate a writer's voice or an artist's style. "It's not responsible tech if you're violating somebody's intellectual property, but thinking about that was a whole lot more straightforward before we had LLMs," she says.

The principles developed over many decades of responsible technology work still remain relevant during this transition. Transparency, privacy and security, thoughtful regulation, attention to societal and environmental impacts, and enabling wider participation via diversity and accessibility initiatives remain the keys to making technology work toward human good.

Nginx Core Developer Quits Project in Security Dispute, Starts "Freenginx" Fork

upstart writes:

Disagreement over security disclosures and bug-fixing priorities led to split:

A core developer of Nginx, currently the world's most popular web server, has quit the project, stating that he no longer sees it as "a free and open source project... for the public good." His fork, freenginx, is "going to be run by developers, and not corporate entities," writes Maxim Dounin, and will be "free from arbitrary corporate actions."

Dounin is one of the earliest and still most active coders on the open source Nginx project and one of the first employees of Nginx, Inc., a company created in 2011 to commercially support the steadily growing web server. Nginx is now used on roughly one-third of the world's web servers, ahead of Apache.

Nginx Inc. was acquired by Seattle-based networking firm F5 in 2019. Later that year, two of Nginx's leaders, Maxim Konovalov and Igor Sysoev, were detained and interrogated in their homes by armed Russian state agents. Sysoev's former employer, Internet firm Rambler, claimed that it owned the rights to Nginx's source code, as it was developed during Sysoev's tenure at Rambler (where Dounin also worked). While the criminal charges and rights do not appear to have materialized, the implications of a Russian company's intrusion into a popular open source piece of the web's infrastructure caused some alarm.

Sysoev left F5 and the Nginx project in early 2022. Later that year, due to the Russian invasion of Ukraine, F5 discontinued all operations in Russia. Some Nginx developers still in Russia formed Angie, developed in large part to support Nginx users in Russia. Dounin technically stopped working for F5 at that point, too, but maintained his role in Nginx "as a volunteer," according to Dounin's mailing list post.

Dounin writes in his announcement that "new non-technical management" at F5 "recently decided that they know better how to run open source projects. In particular, they decided to interfere with security policy nginx uses for years, ignoring both the policy and developers' position." While it was "quite understandable," given their ownership, Dounin wrote that it means he was "no longer able to control which changes are made in nginx," hence his departure and fork.

A representative for F5 wrote to Ars that:

F5 is committed to delivering successful open source projects that require a large and diverse community of contributors, as well as applying rigorous industry standards for assigning and scoring identified vulnerabilities. We believe this is the right approach for developing highly secure software for our customers and community, and we encourage the open source community to join us in this effort.

Also at: Core NGINX Developer Forks Web Server Into Freenginx:

Original Submission #1  Original Submission #2 

taylorvich writes:

https://phys.org/news/2024-02-stone-age-hunter-baltic-sea.html

In autumn 2021, geologists discovered an unusual row of stones, almost 1 km long, at the bottom of Mecklenburg Bight. The site is located around 10 kilometers off Rerik at a 21-meter water depth. The approximately 1,500 stones are aligned so regularly that a natural origin seems unlikely.

A team of researchers from different disciplines has now concluded that Stone Age hunter-gatherers likely built this structure around 11,000 years ago to hunt reindeer. The finding represents the first discovery of a Stone Age hunting structure in the Baltic Sea region.

The scientists present their findings in the Proceedings of the National Academy of Sciences.
...
Excluding natural processes and a modern origin, the stone wall could only have been formed after the end of the last ice age, when the landscape was not yet flooded by the Baltic Sea.

"At this time, the entire population across northern Europe was likely below 5,000 people. One of their main food sources were herds of reindeer, which migrated seasonally through the sparsely vegetated post-glacial landscape. The wall was probably used to guide the reindeer into a bottleneck between the adjacent lakeshore and the wall, or even into the lake, where the Stone Age hunters could kill them more easily with their weapons," explains Marcel Bradtmöller from the University of Rostock.

Comparable prehistoric hunting structures have already been found in other parts of the world, for example, at the bottom of Lake Huron (Michigan) at a depth of 30 meters. Here, US archaeologists documented stone walls as well as hunting blinds constructed for hunting caribou, the North American equivalent of reindeer. The stone walls in Lake Huron and in Mecklenburg Bight share many characteristics such as a location on the flank of a topographic ridge, as well as a subparallel trending lakeshore on one side.

DannyB writes:

Air Canada must honor refund policy invented by airline's chatbot

Air Canada appears to have quietly killed its costly chatbot support.

After months of resisting, Air Canada was forced to give a partial refund to a grieving passenger who was misled by an airline chatbot inaccurately explaining the airline's bereavement travel policy.

[....] Air Canada argued that because the chatbot response elsewhere linked to a page with the actual bereavement travel policy, Moffatt should have known bereavement rates could not be requested retroactively. Instead of a refund, the best Air Canada would do was to promise to update the chatbot and offer Moffatt a $200 coupon to use on a future flight.

[....] According to Air Canada, Moffatt never should have trusted the chatbot and the airline should not be liable for the chatbot's misleading information because Air Canada essentially argued that "the chatbot is a separate legal entity that is responsible for its own actions," a court order said.

Experts told the Vancouver Sun that Moffatt's case appeared to be the first time a Canadian company tried to argue that it wasn't liable for information provided by its chatbot.

From the linked court order.

Negligent Misrepresentation

24. While Mr. Moffatt does not use the words specifically, by saying they relied on Air Canada's chatbot, I find they are alleging negligent misrepresentation. Negligent misrepresentation can arise when a seller does not exercise reasonable care to ensure its representations are accurate and not misleading.

25. To prove the tort of negligent misrepresentation, Mr. Moffatt must show that Air Canada owed them a duty of care, its representation was untrue, inaccurate, or misleading, Air Canada made the representation negligently, Mr. Moffatt reasonably relied on it, and Mr. Moffatt's reliance resulted in damages.

Should a company be held to the hallucinations of their AI chatbot? This could slow the adoption of AI chatbots that are not ready for actual public interaction. It could delay executives the ability to save money in this quarter.

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2024/02/prime-video-cuts-dolby-vision-atmos-support-from-ad-tier-and-didnt-tell-subs/

On January 29, Amazon started showing ads to Prime Video subscribers in the US unless they pay an additional $2.99 per month. But this wasn't the only change to the service. Those who don't pay up also lose features; their accounts no longer support Dolby Vision or Dolby Atmos.

As noticed by German tech outlet 4K Filme on Sunday, Prime Video users who choose to sit through ads can no longer use Dolby Vision or Atmos while streaming. Ad-tier subscribers are limited to HDR10+ and Dolby Digital 5.1.

4K Filme confirmed that this was the case on TVs from both LG and Sony; Forbes also confirmed the news using a TCL TV.
[...]
Amazon announced in September 2023 that it would run ads on Prime Video accounts in 2024; in December, Amazon confirmed that the ads would start running on January 29 unless subscribers paid extra. In the interim, Amazon failed to mention that it was also removing support for Dolby Vision and Atmos from the ad-supported tier.
[...]
As Forbes' John Archer reported, "To add a bit of confusion to the mix, on the TCL TV I used, the Prime Video header information for the Jack Ryan show that appears on the with-ads basic account shows Dolby Vision and Dolby Atmos among the supported technical features—yet when you start to play the episode, neither feature is delivered to the TV."

Previously on SoylentNews:
Amazon Adding Ads to Prime Video in 2024 Unless You Pay $2.99 Extra

[I chose to pay the $2.99 extra, because why else am I using a streaming service? In the event I feel like it's not worth it, I'll just dump them.]

Original Submission

upstart writes:

Private US Moon lander successfully launches 24 hours after flight was delayed:

A US PRIVATE Moon lander has successfully launched 24 hours after its flight was delayed due to fuel issues. The Nova-C Odysseus lander, built by Texas-based space flight company Intuitive Machines (IM), could become the first private mission – called IM-1 – to land intact on the lunar surface.

The Moon lander had lift-off at 6.05am Irish time this morning atop SpaceX's Falcon 9 rocket from Cape Canaveral in Florida, SpaceX posted on X (formerly Twitter).

It comes a month after another US spacecraft, Peregrine, failed to touch down following a fuel leak. The failure of Peregrine, operated by US company Astrobotic, marked the third time a private company had been unable to achieve a soft landing on the lunar surface.

The Beresheet lander, built by Israel's SpaceIL, crashed during descent in 2019, while the Hakuto-R M1 lander, from Japanese company ispace, was destroyed while attempting to land in April last year.

Odysseus would be the first US Moon landing since the final mission of the Apollo programme – Apollo 17 – more than 50 years ago. Odysseus is a hexagonal cylinder about 13ft (4m) tall and 5ft (1.57m) wide and weighs 1,488lb (675kg).

It is part of Nasa's Commercial Lunar Payload Services initiative, which aims to involve commercial companies in the exploration of the Moon as the space agency focuses on getting astronauts back there through its Artemis programme.

If all goes to plan, Odysseus could attempt a lunar landing on February 22. The landing site will be at Malapert A, a crater near the Moon's south pole. Once it is on the surface, Odysseus will operate for roughly two weeks, or one lunar day.

---

Original Submission

cereal_burpist writes:

[Submitter's note] The 'lite' version of CNN is text-only.

https://edition.cnn.com/2024/02/15/cars/headlights-tech-adaptable-high-beams-cars/index.html

Imagine if you could drive at night with your high beams on all the time, bathing the road ahead in bright light but without ever blinding other drivers. In Europe and Asia, many cars offer adaptive driving beam [ADB] headlights that can do this.

It can actually shape the light coming from headlights rather than scattering it all over the road. If there's a car coming in the other direction, or one driving ahead in the same lane, the light stays precisely away from that vehicle. The rest of the road is still covered in bright light with just a pocket of dimmer light around the other vehicles. This way a deer, pedestrian or bicyclist by the side of the road can still be seen clearly while other drivers sharing the road can see, too.

In America, the closest we can get to that today are automatic high beams, a feature available on many new cars that automatically flicks off the high beams if another vehicle is detected ahead. But that still means driving much – or most – of the time using only low beam headlights that don't reach very far.

ADB-enabled headlights already are sold on some luxury cars in America. They just lack the software to perform the way they were designed to.

Some automakers and safety groups, including Ford, Volkswagen and the Insurance Institute for Highway Safety, are asking NHTSA [National Highway Traffic Safety Administration] to reconsider the regulations to make it easier and less costly to offer these headlights in the US.

AnonTechie writes:

They collect massive amounts of data with little disclosure about its use.

You shouldn't trust any answers a chatbot sends you. And you probably shouldn't trust it with your personal information either. That's especially true for "AI girlfriends" or "AI boyfriends," according to new research.

An analysis of 11 so-called romance and companion chatbots, published on Wednesday by the Mozilla Foundation, has found a litany of security and privacy concerns with the bots. Collectively, the apps, which have been downloaded more than 100 million times on Android devices, gather huge amounts of people's data; use trackers that send information to Google, Facebook, and companies in Russia and China; allow users to use weak passwords; and lack transparency about their ownership and the AI models that power them.

Since OpenAI unleashed ChatGPT on the world in November 2022, developers have raced to deploy large language models and create chatbots that people can interact with and pay to subscribe to. The Mozilla research provides a glimpse into how this gold rush may have neglected people's privacy, and into tensions between emerging technologies and how they gather and use data. It also indicates how people's chat messages could be abused by hackers.

[...] For AI girlfriends and their ilk, Caltrider says people should be cautious about using romantic chatbots and adopt best security practices. This includes using strong passwords, not signing in to the apps using Facebook or Google, deleting data, and opting out of data collection where it's offered. "Limit the personal information you share as much as possible—not giving up names, locations, ages," Caltrider says, adding that with some of these services, it may not be enough. "Even doing those things might not keep you as safe as you would like to be."

Ars Technica

This story originally appeared on wired.com

Original Submission

Arthur T Knackerbracket has processed the following story:

The US government today confirmed China's Volt Typhoon crew comprised "multiple" critical infrastructure orgs' IT networks in America – and Uncle Sam warned that the Beijing-backed spies are readying "disruptive or destructive cyberattacks" against those targets.

The Chinese team remotely broke into IT environments — primarily across communications, energy, transportation systems, and water and wastewater system sectors — in the continental and non-continental United States and its territories, including Guam.

"Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," a dozen Five Eyes government agencies warned on Wednesday. 

[...] According to the US agencies, Volt Typhoon will likely use any network access it can get to pull off disruptive attacks against American systems and equipment in the event of geopolitical tensions or military conflicts.

[...] While the threat to American critical infrastructure appears to be the highest, should US facilities be disrupted, "Canada would likely be affected as well, due to cross-border integration," according to CCCS. 

Australian and New Zealand critical infrastructure could be vulnerable as well.

In addition to sounding the alarm, the government bodies issued a long list of technical details, TTPs observed in the digital break-ins, and detection recommendations and best practices. 

Plus, there's three actions that owners and operators should take "today" to mitigate the threat.

These include: Apply patches for internet-facing systems with priority given to appliances that Volt Typhoon likes to exploit. 

Second: Turn on phishing-resistant multi-factor authentication (MFA).

And finally, ensure that logging is turned on for applications, access and security logs, and store these logs in a centralized system.

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2024/02/microsoft-starts-testing-windows-11-24h2-as-this-years-big-update-takes-shape/

The next major release of Windows isn't due until the end of the year, but it looks like Microsoft is getting an early start. New Windows Insider builds released to the Canary and Dev channels both roll their version numbers to "24H2," indicating that they're the earliest builds of what Microsoft will eventually release to all Windows users sometime this fall.

[...] The early change to the 24H2 numbering is a departure from last year, where Windows 11 23H2 didn't appear publicly until the end of October. And even then, it was mostly just an update that rolled over the version number and Microsoft's support clock for software updates—most of its "new" features had actually rolled out to PCs running Windows 11 22H2 the month before.

There are some signs that this update will be fairly significant in scope. In addition to all the features Microsoft listed, there are signs that the company is revising things like the Windows setup process that you go through when installing the OS from scratch.

[...] A 24H2 update does suggest that Windows 11 will continue on for at least another year, but it doesn't necessarily preclude a Windows 12 launch this year. Windows 10 received a 21H2 update the year Windows 11 came out and a 22H2 update the year after that (not that either came with significant new features). Microsoft could decide to rename the upcoming feature update on relatively short notice—like it originally did with Windows 11, which began as a design overhaul for Windows 10. Windows 12 might happen, or it might not, but I wouldn't take this Windows 11 24H2 update as decisive evidence one way or the other.

[...] To date, Microsoft hasn't imposed any specific system requirements for Copilot or Windows' other generative AI features, aside from 4GB RAM and 720p screen requirements for the Windows 10 version of Copilot, but this could change if more of Windows' AI features begin relying on local processing rather than cloud processing.

[With my latest build, I skipped the OS tax, and used MXLinux instead. Installation was a little more complicated than a fresh windows install. I've also had a few hiccups with game compatibility, but overall Steam's Proton compatibility layer is doing an even better job than when I last tried it out. For example Space Engineers, just worked. Whereas before there were audio and graphical issues.]

Original Submission