SoylentNews

upstart writes:

A new IRC client (but don't call it an IRC client) is being developed by Linux Mint:

The Ubuntu-based distro currently includes Hexchat in its default software set. IRC isn't as trendy as Discord or Telegram but it is a free, open standard that no single entity controls, is relatively low-bandwidth, interoperable, and efficient.

But as I reported in February: Hexchat is no more.

Hexchat quitting the chat leaves —I so badly want to type leafs there— Linux Mint with a dilemma and an opportunity.

The dilemma being: "should we continue shipping an IRC client, and what role does it serve?" and the opportunity being: "could we replace it with something better?".

[...] Ever wondered why Linux Mint comes with an IRC client preinstalled? It's mainly to offer a way for users of the distro to talk to, ask questions, and get support from other users of the distro in (relative) real time.

[...] Since its official IRC channels remain active, with users and developers using them daily to answer questions, offer support, and connect over a shared interest, should the demise of Hexchat have to mean moating of IRC entirely?

As is, IRC isn't user-friendly. It's a kind of an arcane magic involving strange commands. Its onboarding is obtuse. And the protocol doesn't natively support things like media sharing (screenshots are useful when troubleshooting), clickable links, or other modern "niceties".

And yet, IRC is a fast, established, open, and versatile protocol. It's not as flashy as Discord but it's not encumbered by superfluous social excesses or corporate caveats. It's free and immediate (no sign-up required to use it) which makes it ideal for 'when you need it' use.

So work has begun on a new dedicated "chat room" app to replace Hexchat, called Jargonaut.

Linux Mint's goal is not to build a fully-featured IRC client, or even an IRC client at all. Jargonaut is a chat app that just happens to use IRC as its underlying chat protocol.

Original Submission

taylorvich writes:

https://phys.org/news/2024-03-dont-materials-electricity.html

Is there a way to stick hard and soft materials together without any tape, glue or epoxy? A new study published in ACS Central Science shows that applying a small voltage to certain objects forms chemical bonds that securely link the objects together. Reversing the direction of electron flow easily separates the two materials. This electroadhesion effect could help create biohybrid robots, improve biomedical implants and enable new battery technologies.

When an adhesive is used to attach two things, it binds the surfaces either through mechanical or electrostatic forces. But sometimes those attractions or bonds are difficult, if not impossible, to undo. As an alternative, reversible adhesion methods are being explored, including electroadhesion (EA).

Though the term is used to describe a few different phenomena, one definition involves running an electric current through two materials causing them to stick together, thanks to attractions or chemical bonds. Previously, Srinivasa Raghavan and colleagues demonstrated that EA can hold soft, oppositely charged materials together, and even be used to build simple structures. This time, they wanted to see if EA could reversibly bind a hard material, such as graphite, to a soft material, such as animal tissue.

[...] For EA to occur, the authors found that the hard material needs to conduct electrons, and the soft material needs to contain salt ions They hypothesize that the adhesion arises from chemical bonds that form between the surfaces after an exchange of electrons. This may explain why some metals that hold onto their electrons strongly, including titanium, and some fruits that contain more sugar than salts, including grapes, failed to adhere in some situations.

A final experiment showed that EA can occur completely underwater, revealing an even wider range of possible applications. The team says that this work could help create new batteries, enable biohybrid robotics, enhance biomedical implants and much more.

Journal Reference:
Wenhao Xu, Faraz A. Burni, and Srinivasa R. Raghavan, Reversibly Sticking Metals and Graphite to Hydrogels and Tissues, ACS Central Science (2024). https://doi.org/10.1021/acscentsci.3c01593

Original Submission

upstart writes:

Spike in new versions of an old Trojan — which mimic legitimate VMware domains — alarms security researchers:

A 20-year-old Trojan resurfaced recently with new variants that target Linux and impersonate a trusted hosted domain to evade detection.

Researchers from Palo Alto Networks spotted a new Linux variant of the Bifrost (aka Bifrose) malware that uses a deceptive practice known as typosquatting to mimic a legitimate VMware domain, which allows the malware to fly under the radar. Bifrost is a remote access Trojan (RAT) that's been active since 2004 and gathers sensitive information, such as hostname and IP address, from a compromised system.

There has been a worrying spike in Bifrost Linux variants during the past few months: Palo Alto Networks has detected more than 100 instances of Bifrost samples, which "raises concerns among security experts and organizations," researchers Anmol Murya and Siddharth Sharma wrote in the company's newly published findings.

Moreover, there is evidence that cyberattackers aim to expand Bifrost's attack surface even further, using a malicious IP address associated with a Linux variant hosting an ARM version of Bifrost as well, they said.

"By providing an ARM version of the malware, attackers can expand their grasp, compromising devices that may not be compatible with x86-based malware," the researchers explained. "As ARM-based devices become more common, cybercriminals will likely change their tactics to include ARM-based malware, making their attacks stronger and able to reach more targets."

[...] Though it may be an old-timer when it comes to malware, the Bifrost RAT remains a significant and evolving threat to individuals and organizations alike, particularly with new variants adopting typosquatting to evade detection, the researchers said.

[...] In their post, the researchers shared a list of indicators of compromise, including malware samples and domain and IP addresses associated with the latest Bifrost Linux variants. The researchers advise that enterprises use next-generation firewall products and cloud-specific security services — including URL filtering, malware-prevention applications, and visibility and analytics — to secure cloud environments.

Ultimately, the process of infection allows the malware to bypass security measures and evade detection, and ultimately compromise targeted systems, the researchers said.

Original Submission

Freeman writes:

https://arstechnica.com/gaming/2024/03/you-a-holes-court-docs-reveal-epic-ceos-anger-at-steams-30-fees/

Epic CEO Tim Sweeney has long been an outspoken opponent of what he sees as Valve's unreasonable platform fees for listing games on Steam, which start at 30 percent of the total sale price. Now, though, new emails from before the launch of the competing Epic Games Store in 2018 show just how angry Sweeney was with the "assholes" at companies like Valve and Apple for squeezing "the little guy" with what he saw as inflated fees.

The emails, which came out this week as part of Wolfire's price-fixing case against Valve (as noticed by the GameDiscoverCo newsletter), confront Valve managers directly for platform fees Sweeney says are "no longer justifiable."
[...]
The first mostly unredacted email chain from the court documents, from August 2017, starts with Valve co-founder Gabe Newell asking Sweeney if there is "anything we [are] doing to annoy you?" That query was likely prompted by Sweeney's public tweets at the time questioning "why Steam is still taking 30% of gross [when] MasterCard and Visa charge 2-5% per transaction, and CDN bandwidth is around $0.002/GB." Later in the same thread, he laments that "the internet was supposed to obsolete the rent-seeking software distribution middlemen, but here's Facebook, Google, Apple, Valve, etc."
[...]
The second email chain revealed in the lawsuit started in November 2018, with Sweeney offering Valve a heads-up on the impending launch of the Epic Games Store that would come just weeks later. While that move was focused on PC and Mac games, Sweeney quickly pivots to a discussion of Apple's total control over iOS, the subject at the time of a lawsuit whose technicalities were being considered by the Supreme Court.
[...]
In a follow-up email on December 3, just days before the Epic Games Store launch, Sweeney took Valve to task more directly for its policy of offering lower platform fees for the largest developers on Steam.
[...]
After being forwarded the message by Valve's Erik Johnson, Valve COO Scott Lynch simply offered up a sardonic "You mad bro?"

Freeman writes:

https://arstechnica.com/tech-policy/2024/03/charges-against-journalist-tim-burke-are-a-hack-job/

Caitlin Vogus is the deputy director of advocacy at Freedom of the Press Foundation and a First Amendment lawyer. Jennifer Stisa Granick is the surveillance and cybersecurity counsel with the ACLU's Speech, Privacy, and Technology Project. The opinions in this piece do not necessarily reflect the views of Ars Technica.

Imagine a journalist finds a folder on a park bench, opens it, and sees a telephone number inside. She dials the number. A famous rapper answers and spews a racist rant. If no one gave her permission to open the folder and the rapper's telephone number was unlisted, should the reporter go to jail for publishing what she heard?

If that sounds ridiculous, it's because it is. And yet, add in a computer and the Internet, and that's basically what a newly unsealed federal indictment accuses Florida journalist Tim Burke of doing when he found and disseminated outtakes of Tucker Carlson's Fox News interview with Ye, the artist formerly known as Kanye West, going on the first of many antisemitic diatribes.
[...]
According to Burke, the video of Carlson's interview with Ye was streamed via a publicly available, unencrypted URL that anyone could access by typing the address into your browser. Those URLs were not listed in any search engine, but Burke says that a source pointed him to a website on the Internet Archive where a radio station had posted "demo credentials" that gave access to a page where the URLs were listed.

The credentials were for a webpage created by LiveU, a company that provides video streaming services to broadcasters. Using the demo username and password, Burke logged into the website, and, Burke's lawyer claims, the list of URLs for video streams automatically downloaded to his computer.

And that, the government says, is a crime. It charges Burke with violating the CFAA's prohibition on intentionally accessing a computer "without authorization" because he accessed the LiveU website and URLs without having been authorized by Fox or LiveU. In other words, because Burke didn't ask Fox or LiveU for permission to use the demo account or view the URLs, the indictment alleges, he acted without authorization.

canopic jug writes:

Multiple sites are covering H.R.7521 - Protecting Americans from Foreign Adversary Controlled Applications Act which aims to ban Bytedance's Tiktok, a platform for influence and surveillance, from the US.

– Tech giant: What is ByteDance, the TikTok parent in US crosshairs?

The app has been a diplomatic hot potato between the United States and China since the administration of former president Donald Trump, who once wanted to ban the app.

Now, a bill in Congress aims to force the company to cut ties with ByteDance or be barred from the United States.

The bill's supporters say ByteDance as a Chinese firm simply cannot go against the wishes of Beijing, and can provide access to the data on more than 170 million American users for everything from spying to election influence campaigns.

And

– TikTok's Security Threats Go Beyond the Scope of House Legislation

But that glosses over the deeper TikTok security problem, which the legislation does not fully address. In the four years this battle has gone on, it has become clear that the security threat posed by TikTok has far less to do with who owns it than it does with who writes the code and algorithms that make TikTok tick.

Those algorithms, which guide how TikTok watches its users and feeds them more of what they want, are the magic sauce of an app that 170 million Americans now have on their phones. That's half the country.

But TikTok doesn't own those algorithms; they are developed by engineers who work for its Chinese parent company, ByteDance, which assembles the code in great secrecy in its software labs, in Beijing, Singapore and Mountain View, Calif. But China has issued regulations that appear designed to require government review before any of ByteDance's algorithms could be licensed to outsiders. Few expect those licenses to be issued — meaning that selling TikTok to an American owner without the underlying code might be like selling a Ferrari without its famed engine.

taylorvich writes:

https://newatlas.com/science/cows-low-cost-insulin-production/

A genetically modified cow has produced milk containing human insulin, according to a new study. The proof-of-concept achievement could be scaled up to, eventually, produce enough insulin to ensure availability and reduced cost for all diabetics requiring the life-maintaining drug.

Unable to rely on their own supply due to damaged pancreatic cells, type 1 diabetics need injectable insulin to live. As do some type 2 diabetics. The World Health Organization estimates that of those who require insulin, between 150 and 200 million people worldwide, only about half are being treated with it. Access to insulin remains inadequate in many low- and middle-income countries – and some high-income countries – and its cost and unavailability have been well-documented.

In a newly published study led by the Department of Animal Sciences in the College of Agricultural, Consumer and Environmental Sciences at the University of Illinois Urbana-Champaign and the Universidade de São Paulo, researchers say they may have developed a way of eliminating insulin scarcity and reducing its cost using cows. Yep, cows.

"Mother Nature designed the mammary gland as a factory to make protein really, really efficiently," said Matt Wheeler, corresponding author of the study. "We can take advantage of that system to produce a protein that can help hundreds of millions of people worldwide."

[...] In the current study, the researchers inserted a segment of human DNA coding for proinsulin into the cells of ten cow embryos implanted into the uteruses of regular Brazilian cows. The implantation resulted in the birth of one transgenic calf. The term 'transgenic' describes an organism that contains artificially introduced DNA from an unrelated organism. Here, the human DNA used was targeted for expression in milk-producing, that is, mammary tissue only. Of course, a cow's mammary gland is more commonly called an udder.
...
When the calf matured, she was given hormones to stimulate her first lactation. While the volume of milk was less than would ordinarily be produced, the researchers found that it contained human proinsulin and – surprisingly – insulin.

Freeman writes:

https://arstechnica.com/security/2024/03/hackers-can-read-private-ai-assistant-chats-even-though-theyre-encrypted/

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people's interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini.

[...] By carefully monitoring these sources, attackers can assemble enough information to recover encrypted keystrokes or encryption keys from CPUs, browser cookies from HTTPS traffic, or secrets from smartcards, The side channel used in this latest attack resides in tokens that AI assistants use when responding to a user query.

Original Submission

owl writes:

https://www.theregister.com/2024/03/14/voyager_1_not_dead/

Engineers are hopeful that the veteran spacecraft Voyager 1 might have turned a corner after spending the last three months spouting gibberish at controllers.

On March 1, the Voyager team sent a command, dubbed a "poke," to get the probe's Flight Data System (FDS) to try some other sequences in its software in the hope of circumventing whatever had become corrupted.

Readers of a certain vintage will doubtless have memories of poke sheets for various 1980s games. Not that this hack ever used a poke to get infinite lives in Jet Set Willy, of course.

While Voyager 1's lifespan is not infinite, it has endured far longer than anticipated and might be about to dodge yet another bullet. On March 3, the mission team saw something different in the stream of data returned from the spacecraft, which had been unreadable since December.

An engineer with the Deep Space Network (DSN) was able to decode it, and by March 10, the team determined that it contained a complete memory dump from the FDS.

[...] The next step is to study the memory read-out and compare it to one transmitted before the problem arose. A solution to the issue could then be devised.

One of the original Voyager scientists, Garry Hunt, told The Register that engineers at JPL were determined to get communications with the stricken probe working again: "This requires both skills and patience with the long time between communication instructions and response."

Original Submission

Freeman writes:

https://arstechnica.com/science/2024/03/study-finds-that-we-could-lose-science-if-publishers-go-bankrupt/

Back when scientific publications came in paper form, libraries played a key role in ensuring that knowledge didn't disappear. Copies went out to so many libraries that any failure—a publisher going bankrupt, a library getting closed—wouldn't put us at risk of losing information. But, as with anything else, scientific content has gone digital, which has changed what's involved with preservation.

[...] The work was done by Martin Eve, a developer at Crossref. That's the organization that organizes the DOI system, which provides a permanent pointer toward digital documents, including almost every scientific publication. If updates are done properly, a DOI will always resolve to a document, even if that document gets shifted to a new URL.

But it also has a way of handling documents disappearing from their expected location, as might happen if a publisher went bankrupt. There is a set of what's called "dark archives" that the public doesn't have access to but should contain copies of anything that has had a DOI assigned. If anything goes wrong with a DOI, it should trigger the dark archives to open access and the DOI to update to point to the copy in the dark archive.

For that to work, however, copies of everything published must be in the archives. So Eve decided to check whether that's the case.

owl writes:

https://www.jmargolin.com/xy/xymon.htm

During my time at Atari/Atari Games I worked on several XY games. This article represents what I know about XY Monitors. XY was Atari's name for what the Computer Graphics industry calls '"Random Scan" and the Video Game Community calls "Vector Games." The major parts of the XY Monitor are the Cathode Ray Tube (CRT), the Deflection Amplifiers, and the High Voltage Supply.

Original Submission

Boeing Paper Trail Goes Cold Over Door Plug Blowout

Arthur T Knackerbracket has processed the following story:

Boeing has come in for criticism from the US National Transportation Safety Board (NTSB) over documentation detailing who was responsible for failures in the Alaska Airlines Flight 1282 door plug attachment.

NTSB chair Jennifer Homendy spoke before the Senate Commerce Committee on March 6. Responding to a question from ranking member Senator Ted Cruz regarding cooperation from the parties involved in the incident, Homendy said: "Boeing has not provided us with the documents and information that we have requested numerous times over the past few months. Specifically with respect to opening, closing, and removal of the door and the team that does that work at the Renton facility."

[...] Investigations have since focused on the door plug and how it was fitted. A preliminary investigation found that the door plug had not been properly bolted into place following work to deal with damaged rivets at the edge of the door frame.

"Wow," said Cruz. "Are you telling us that even two months later, you still do not know who actually opened the door plug?"

"That's correct, Senator," replied Homendy. "We don't know, and it's not for lack of trying." Homendy acknowledged that it can take a while for all the paperwork to be forthcoming. "But for this one, it's two months later."

Homendy told the committee that despite inquiries, the NTSB had not received the names of the 25-member team handling the door plugs. It had also not received all the records regarding the work to deal with the door plug and was having to use email dates and photographs to work out the timeline.

"It's absurd that we don't have that," said Homendy.

owl writes:

https://hellgatenyc.com/nypd-warrantless-subpoena-copwatcher-social-media

The NYPD sent a sweeping subpoena seeking information from the social media account of the president of a New York City police accountability organization in February, records reviewed by Hell Gate show, only to withdraw its subpoena when told they would need to justify the subpoena in court.

Michael Clancy, better known to friends on and off social media as Rabbi, received a notice last month from X, formerly known as Twitter, alerting him to the fact that the NYPD had sent X a subpoena requesting "all records consisting but not limited to all subscriber name(s), Email address(s), Phone number(s), account creation date, IP logs with timestamps (IP address of account logins and logouts), all logs of previous messages sent and received." The subpoena also requested "all videos sent and received, including but not limited to meta-data. exit data about the messages and videos" for the account.

The notification included a copy of the subpoena, which warned X not to tell Clancy of its existence. "You are not to disclose or notify any customer or third party of the existence of this subpoena or that records were provided pursuant to this subpoena," the document read.

But X, following its own corporate policy, told Clancy anyway, and suggested he might want to get some legal representation to fight the subpoena, recommending the American Civil Liberties Union.

Original Submission

fliptop writes:

Banana Pi's low-cost router supports 2.5G+5G WiFi with LAN ports:

Banana Pi is now selling a fully built Wi-Fi 6 router with some solid features for just $30 excluding shipping via Ali Express. This router uses OpenWRT firmware and dual-core Arm A9 Processor-based Triductor TR6560 SoC with Triductor's TR5220 WiFi 6 chipset.

The company has been selling this WiFi 6 router board on its own, but now you can buy an out-of-box unit that contains an enclosure for the board with six external antennas, Ethernet cables, and a power adapter with either EU or US plugs. The only difference here is that one of the LAN ports is removed.

[...] The router supports the 802.11ax bandwidth protocol and provides WPA3 password protection. Power over Ethernet is optional and can be added via a module, but it needs to be soldered. Banana Pi's wiki page specifies that its 2.4G signal works up to 40 meters to provide 573.5 Mbps bandwidth and 5G works up to 160 meters up to 2,401.9 Mbps.

Read the specs here.

Related:

• Celebrating 20 years of OpenWrt with Hardware Design
• OpenWRT Package Manager Vulnerability Allows Remote Code Execution
• Reunited with LEDE, OpenWrt Releases Stable 18.06 Version

Original Submission

taylorvich writes:

https://newatlas.com/energy/sand-battery-finland/

A new industrial-scale 'sand battery' has been announced for Finland, which packs 1 MW of power and a capacity of up to 100 MWh of thermal energy for use during those cold polar winters. The new battery will be about 10 times bigger than a pilot plant that's been running since 2022.

The sand battery, developed by Polar Night Energy, is a clever concept. Basically, it's a big steel silo of sand (or a similar solid material) that's warmed up through a heat exchanger buried in the center, using excess electricity from the grid – say, that generated during a spike from renewable sources, when it's cheap.

That energy can then be stored for months at a time, with reportedly very little loss, before being extracted as heat on demand. This could theoretically be converted back into electricity, although with some energy loss. But Polar Night says that the most efficient method is to just use the heat itself.

In a chilly place like Finland, that means feeding it into the local district heating system, which shares heat produced from industry or energy production through the community. Networks of pipes carry this heat as hot water or steam to warm up houses, buildings, even swimming pools. In this case, the new sand battery would be trialed in the district heating system of the Finnish municipality of Pornainen, run by a company called Loviisan Lämpö.

This new sand battery is expected to stand 13 m (42.7 ft) tall and 15 m (49.2 ft) wide, providing an output power of 1 MW and a capacity of 100 MWh. That, the companies claim, equates to a week's worth of Pornainen's heat demands in winter, or a month's worth in summer. By comparison, Polar Night's previous sand battery stands 4 x 7 m (13 x 23 ft), for a nominal power rating of 100 kW and a capacity of 8 MWh.

Original Submission