Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

What is the most overly over hyped tech trend

  • Generative AI
  • Quantum computing
  • Blockchain, NFT, Cryptocurrency
  • Edge computing
  • Internet of Things
  • 6G
  • I use the metaverse you insensitive clod
  • Other (please specify in comments)

[ Results | Polls ]
Comments:21 | Votes:73

posted by hubie on Monday June 10, @09:11PM   Printer-friendly

Historically, high-speed rail travel by Train a Grande Vitesse (TGV) in France was the monopoly of the French national rail service, SNCF.

Under EU rules, all national operators have to make their rail system available to other willing operators. So in 2021, Trentalia, a unit of Italy's state rail operator, decided to offer high-speed train rides in France too.

Now a third company has decided to enter the fray. The difference is that this is a private company named Proxima, backed by a (French) private equity firm (Antin Infrastructure Partners) to the initial tune of $1.1bn.

Proxima will offer high-speed rail trips between Paris and four cities in western France - Bordeaux, Nantes, Rennes, and Angers, using 12 Avelia Horizon Trains. This will add 10 million new passenger seats on these lines, per year. According to the company,

"Travel between key cities in France has increased over the last 10 years, reflecting new ways of living. High-speed rail is the answer favored by the French, and train occupancy levels are at all-time highs.

As France's first independent high speed train operator, Proxima aims to reinvent the experience for its different customers groups by listening to their needs, and reflecting the changes in consumer behaviour and changing ways of life. These include trends to teleworking and the erosion of the business/leisure boundary, as well as the demand for better on-board connectivity and relevant services on-board."

It might be noteworthy that earlier this year, the EU decided to speed-up the implementation of the TEN-T network. The TEN-T is an EU-wide network of rail, inland waterways, short-sea shipping routes, and roads. It connects 424 major cities with ports, airports and railway terminals. When the TEN-T is complete, it will cut travel times between these cities. For example, passengers will be able to travel between Copenhagen and Hamburg in 2.5 hours by train, instead of the 4.5 hours required today. You can find an interactive map detailing the project(s) here.

While in 2021, the deadline for completion of the network's core was set at 2040, a recent update stated that the core transport links must be finished by 2030. It is speculation, but it could be -- given that Proxima's service will start in 2027 -- that the current initiative is in anticipation of that completion.

Related: Highspeed to the Future


Original Submission

posted by hubie on Monday June 10, @04:23PM   Printer-friendly
from the new-years-resolution dept.

Thomas A. Limoncelli writes in Make Two Trips:

During an interview on The Late Show with Stephen Colbert, comedian Larry David explained that his New Year's Resolution was "make two trips" (episode 857, January 8, 2020).

For example, when carrying groceries into the house, it is tempting to carry everything at once, but then you drop the cantaloupe, and now you have to clean up that mess. While it seemed like one trip would have been faster, if you include the time it takes to clean up the mess, it would have been faster to simply make two trips.

[...] This "make two trips" strategy isn't an earth-shattering breakthrough. It won't cure cancer, end world hunger, or fix the climate crisis. However, I have adopted this philosophy, and it has had many benefits.

The immediate benefit is that I am now more likely to have a free hand to open my house door. Pulling keys out of my pocket no longer involves smashing a grocery bag between my chest and the house.

The larger benefit has come from adopting this philosophy in both coding and operations.

The other day, I was adding a feature to some old code. The code reported results of an earlier calculation with various formatting options that could be enabled or disabled.

The code was quite complex because certain options affected the format in ways that had downstream implications for other options. The code was able to satisfy all the various options and controls in one pass over the data, printing a report along the way.

[...] I struggled in earnest to add my new feature to this ever-growing complicated loop.

Then I remembered Larry's advice: Make two trips.

The code would be significantly simpler if it made two passes over the data. One pass would collect data, count things that needed to be counted, sum subtotals, and so on. The second pass would take all this information and output the report, and would be much easier because it had all the information it needed from the start. No Schrödinger's cat.

[...] It was a classic complexity vs. memory engineering decision: Suffer from complexity or suffer from potential memory exhaustion.

... continue reading the whole article at ACM Queue.


Original Submission

posted by hubie on Monday June 10, @11:38AM   Printer-friendly
from the very-cool-idea dept.

Arthur T Knackerbracket has processed the following story:

Astronauts driving a vehicle around the landscape of the moon must not only face dangers related to [low] gravity and falling into craters, but also the problem of extreme fluctuations in temperature. The lunar environment oscillates between blistering highs of 127°C (260°F) and frigid lows of -173°C (-280°F).

Future missions to explore the moon will need reliable machines that can function under these harsh conditions. This led a team from Nagoya University in Japan to invent a heat-switch device that promises to extend the operational lifespan of lunar-roving vehicles. Their study, conducted in collaboration with the Japan Aerospace Exploration Agency, was published in the journal Applied Thermal Engineering.

"Heat-switch technology that can switch between daytime heat dissipation and nighttime insulation is essential for long-term lunar exploration," said lead researcher Masahito Nishikawara. "During the day, the lunar rover is active, and the electronic equipment generates heat. Since there is no air in space, the heat generated by the electronics must be actively cooled and dissipated. On the other hand, during extremely cold nights, electronics must be insulated from the outside environment so that they don't get too cold."

[...] The thermal control device developed by the team combines a loop heat pipe (LHP) with an electrohydrodynamic (EHD) pump. During the day, the EHD pump is inactive, allowing the LHP to operate as usual. In lunar rovers, the LHP uses a refrigerant that cycles between vapor and liquid states.

When the device heats up, the liquid refrigerant in the evaporator vaporizes, releasing heat through the rover's radiator. The vapor then condenses back into liquid, which returns to the evaporator to absorb heat again. This cycle is driven by capillary forces in the evaporator, making it energy efficient.

At night, the EHD pump applies pressure opposite to the LHP flow, stopping the movement of the refrigerant. Electronics are completely insulated from the cold night environment with minimal electricity use.

[...] The implications of this technology extend beyond lunar rovers to broader applications in spacecraft thermal management. Integrating EHD technology into thermal fluid control systems could improve heat transfer efficiency and mitigate operational challenges. In the future, this could play an important role in space exploration.

The development of this heat-switch device marks an important milestone in developing technology for long-term lunar missions and other space exploration endeavors. All of which means that, in the future, lunar rovers and other spacecraft should be better equipped to operate in the extreme environments of space.

More information: Masahito Nishikawara et al, Demonstration of heat switch function of loop heat pipe controlled by electrohydrodynamic conduction pump, Applied Thermal Engineering (2024). DOI: 10.1016/j.applthermaleng.2024.123428

[Ed Note: Corrected first line to read 'low gravity' - not zero gravity: 20240610-13:29 JR]


Original Submission

posted by hubie on Monday June 10, @06:53AM   Printer-friendly

Are you looking for something more titillating to read than the usual low-brow stuff you find here at soylentnews?

You might just be in luck, as MIT Press has released an impact report about its Direct-To-Open (D2O) program, under which faculty members do not publish with pay-for-play journals and publishers anymore, but release [some of] their good stuff directly to the public.

Next to lots of happy geeks directly downloading juicy titles like Model Systems in Biology, Tor: From the Dark Web to the Future of Privacy and No Heavenly Bodies: A History of Satellite Communications Infrastructure, MIT claims that "D2O has exceeded expectations in its first three years, and we're thrilled to share the impact."

To date, D2O has funded 240 books: 159 in the humanities and social sciences (HSS) and 81 in science, technology, engineering, art/design, and mathematics (STEAM). The data show that, on average, open-access HSS books in the program are used 3.75 times more and receive 21 percent more citations than their paywalled counterparts. Open-access books in STEAM fields are used 2.67 times more and receive 15 percent more citations than their non-open counterparts, on average. Regardless of their field, D2O books are making meaningful contributions to debates both within and beyond the academy.

Books in the program have on average a little over 3,000 downloads, compared to the few hundred they'd normally get if hidden behind a paywall.

The whole program isn't completely free though: it is funded by libraries which agree to pay recurring participation fees. In exchange, these libraries also get access to the previously published MIT Press products, which remain gated.


Original Submission

posted by hubie on Monday June 10, @02:11AM   Printer-friendly
from the be-descriptive-and-concise dept.

Programming style is not a matter of efficiency in a program. It is a matter of how easy it is to write or read a program, how easy it is to explain the program to someone else, how easy it is to figure out what the program does a year after you've written it; and above all, style is a matter of taste, of aesthetics, of what you think looks nice, of what you think is elegant.

Although style is mainly a matter of taste, a programmer with a "good" style will find his programs easy to write, easy to read, and easy to explain to others. ...

In particular, you may have acquired special programming tricks that you are very fond of, and that aren't used by other programmers, but that don't make your programs much more efficient. I urge you to stop using those tricks. As Samuel Johnson once said, "Read over your compositions, and when you meet with a passage which you think is particularly fine, strike it out."

In other words, make your style simple, not complicated, even though the complicated style may seem to have some abstract virtues. ...

(F. Black, "Styles of Programming in LISP," in The Programming Language LISP: Its Operations and Applications, ed. E. Berkeley and D. Bobrow (1964), p96 (p106 of the PDF))

When teaching an algorithms course, Craig Partridge, of Colorado State University, discovered that his students had little to no idea of how to divide their code into functions. So he wrote a short guidance paper (pdf).

What other advice, oh battle-hardened developer, would you give starting-out programmers/developers about how to approach a project/codebase?


Original Submission

posted by hubie on Sunday June 09, @09:26PM   Printer-friendly
from the Oh-What-a-Dream! dept.

I just found this while browsing Russian Television :

It has pictures. Much like art has been through the millennia, done with today's digital media.

https://www.rt.com/pop-culture/596257-ai-models-beauty-pageant/

So contestants from all over the world can gather and compete for the title of "Miss AI".

Excerpt from RT:
------------------
The event, called 'Miss AI', is being organized by the World AI Creator Awards (WAICA) in collaboration with Fanvue – an OnlyFans-like subscription-based platform that already hosts a number of virtual models, including those who offer adult content.

The digital contestants hoping to secure the Miss AI crown will be judged on their beauty, underlying tech, as well as their social media pull, according to WAICA's official website. The AI creator's "social media clout" will also be assessed based on their engagement numbers with fans, rate of audience growth, and ability to utilize social media platforms such as Instagram.
---------------------

I don't quite know what to make of this. There are so many viewpoints and I hope to see what others feel about it. One thing, it's an inevitable outcome of combining our technology and artistic expression, even done on ancient cave walls. Soon our digital presence can be tailored to anything we want it to be. Work from home. Zoom calls ( with your AI proxy, of course, which would handle as many simultaneous interactions as your server technology can handle ).


Original Submission

posted by hubie on Sunday June 09, @04:44PM   Printer-friendly
from the cancel-your-plans-and-get-patching dept.

With PoC code available and active Internet scans, speed is of the essence:

A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take action before the weekend starts.

Within 24 hours of the vulnerability and accompanying patch being published, researchers from the nonprofit security organization Shadowserver reported Internet scans designed to identify servers that are susceptible to attacks. That—combined with (1) the ease of exploitation, (2) the availability of proof-of-concept attack code, (3) the severity of remotely executing code on vulnerable machines, and (4) the widely used XAMPP platform being vulnerable by default—has prompted security practitioners to urge admins check to see if their PHP servers are affected before starting the weekend.

"A nasty bug with a very simple exploit—perfect for a Friday afternoon," researchers with security firm WatchTowr wrote.

CVE-2024-4577, as the vulnerability is tracked, stems from errors in the way PHP converts unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to pass user-supplied input into commands executed by an application, in this case, PHP. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012.

"While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system," researchers with Devcore, the security firm that discovered CVE-2024-4577, wrote. "This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack."

CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn't set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web server. This configuration is set by default in XAMPP for Windows, making the platform vulnerable unless it has been modified.

[...] The vulnerability was discovered by Devcore researcher Orange Tsai, who said: "The bug is incredibly simple, but that's also what makes it interesting."

The Devcore writeup said that the researchers have confirmed that XAMPP is vulnerable when Windows is configured to use the locales for Traditional Chinese, Simplified Chinese, or Japanese. In Windows, a locale is a set of user preference information related to the user's language, environment, and/or cultural conventions. The researchers haven't tested other locales and have urged people using them to perform a comprehensive asset assessment to test their usage scenarios.

[...] XAMPP for Windows had yet to release a fix at the time this post went live. For admins without the need for PHP CGI, they can turn it off using the following Apache HTTP Server configuration:

C:/xampp/apache/conf/extra/httpd-xampp.conf

Locating the corresponding lines:

ScriptAlias /php-cgi/ "C:/xampp/php/"

And comment it out:

# ScriptAlias /php-cgi/ "C:/xampp/php/"

Additional analysis of the vulnerability is available here.


Original Submission

posted by hubie on Sunday June 09, @11:58AM   Printer-friendly
from the easy-1-2-3-steps-assembling-virtual-reality dept.

Interested in a career selling virtual meatballs at IKEA? I guess it's some kind of gimmick between IKEA and Roblox but it seems somewhat weird, selling virtual products in a virtual world to people. Is this the future of employment?

https://thecoworker.co.uk/


Original Submission

posted by hubie on Sunday June 09, @07:16AM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

Also reported at: FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

These decryption keys were uncovered by the FBI after a massive joint operation disrupted LockBit earlier this year, though the gang appears to still be operational.

The US FBI has revealed that it has more than 7,000 decryption keys to help victims of the notorious LockBit ransomware gang.

These decryption keys were recovered by the FBI as a result of a disruptive operation international law enforcement conducted against LockBit earlier this year. This gang provides ransomware-as-a-service to a global network of ‘affiliates’, giving criminals tools to carry out their own cyberattacks.

In February, the joint operation managed to take down LockBit’s data leak website and managed to uncover a large amount of data about the gang and its activities. Authorities also seized the decryption keys that the FBI is now offering to victims.

In a recent statement, the FBI’s cyber assistant director Bryan Vorndran claimed LockBit was the most deployed ransomware variant in the world by 2022 and that the gang has caused “billions of dollars in damages to victims”.

“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center,” Vorndran said.

[...] Raj Samani, SVP and chief scientist at Rapid7, said the release of these decryption keys is “another kick in the teeth” for the LockBit gang and “a great win for law enforcement”.

“The likes of LockBit survive and thrive on victims paying ransom demands, therefore, it’s great to see the US government be proactive and prevent this by releasing the decryption keys for free,” Samani said.

“Ever since law enforcement took down LockBit’s infrastructure in February 2024, they’ve engaged in PR and damage control in order to show strength and maintain the confidence of affiliates. However, such announcements by the FBI damages this confidence, and hopefully we’ll soon see the end of the LockBit ransomware group.”

Not everyone is so optimistic however. Ricardo Villadiego, the founder and CEO of cybersecurity firm Lumu, told SiliconRepublic.com recently that gangs such as LockBit are prepared for these potential risks – evident by the fact that the gang was offering its services again in “less than four days”.


Original Submission

posted by martyb on Sunday June 09, @02:30AM   Printer-friendly

Editors note: This article has been been *greatly* shortened; it is well worth reading the whole article. --Bytram

----------

This AI-powered "black box" could make surgery safer:

While most algorithms operate near perfectly on their own, Peter Grantcharov explains that the OR black box is still not fully autonomous. For example, it's difficult to capture audio through ceiling mikes and thus get a reliable transcript to document whether every element of the surgical safety checklist was completed; he estimates that this algorithm has a 15% error rate. So before the output from each procedure is finalized, one of the Toronto analysts manually verifies adherence to the questionnaire. "It will require a human in the loop," Peter Grantcharov says, but he gauges that the AI model has made the process of confirming checklist compliance 80% to 90% more efficient. He also emphasizes that the models are constantly being improved.

In all, the OR black box can cost about $100,000 to install, and analytics expenses run $25,000 annually, according to Janet Donovan, an OR nurse who shared with MIT Technology Review an estimate given to staff at Brigham and Women's Faulkner Hospital in Massachusetts. (Peter Grantcharov declined to comment on these numbers, writing in an email: "We don't share specific pricing; however, we can say that it's based on the product mix and the total number of rooms, with inherent volume-based discounting built into our pricing models.")

[...] At some level, the identity protections are only half measures. Before 30-day-old recordings are automatically deleted, Grantcharov acknowledges, hospital administrators can still see the OR number, the time of operation, and the patient's medical record number, so even if OR personnel are technically de-identified, they aren't truly anonymous. The result is a sense that "Big Brother is watching," says Christopher Mantyh, vice chair of clinical operations at Duke University Hospital, which has black boxes in seven ORs. He will draw on aggregate data to talk generally about quality improvement at departmental meetings, but when specific issues arise, like breaks in sterility or a cluster of infections, he will look to the recordings and "go to the surgeons directly."

In many ways, that's what worries Donovan, the Faulkner Hospital nurse. She's not convinced the hospital will protect staff members' identities and is worried that these recordings will be used against them—whether through internal disciplinary actions or in a patient's malpractice suit. In February 2023, she and almost 60 others sent a letter to the hospital's chief of surgery objecting to the black box. She's since filed a grievance with the state, with arbitration proceedings scheduled for October.

If you were having an operation, how much of the operation would you want an AI to do?


Original Submission

posted by janrinok on Saturday June 08, @09:55PM   Printer-friendly
from the I-wonder-what-Betteridge-would-say dept.

Arthur T Knackerbracket has processed the following story:

[Editor's Note: RAG: retrieval-augmented generation]

We’ve been living through the generative AI boom for nearly a year and a half now, following the late 2022 release of OpenAI’s ChatGPT. But despite transformative effects on companies’ share prices, generative AI tools powered by large language models (LLMs) still have major drawbacks that have kept them from being as useful as many would like them to be. Retrieval augmented generation, or RAG, aims to fix some of those drawbacks.

Perhaps the most prominent drawback of LLMs is their tendency toward confabulation (also called “hallucination”), which is a statistical gap-filling phenomenon AI language models produce when they are tasked with reproducing knowledge that wasn’t present in the training data. They generate plausible-sounding text that can veer toward accuracy when the training data is solid but otherwise may just be completely made up.

Relying on confabulating AI models gets people and companies in trouble, as we’ve covered in the past. In 2023, we saw two instances of lawyers citing legal cases, confabulated by AI, that didn’t exist. We’ve covered claims against OpenAI in which ChatGPT confabulated and accused innocent people of doing terrible things. In February, we wrote about Air Canada’s customer service chatbot inventing a refund policy, and in March, a New York City chatbot was caught confabulating city regulations.

[...] “RAG is a way of improving LLM performance, in essence by blending the LLM process with a web search or other document look-up process” to help LLMs stick to the facts, according to Noah Giansiracusa, associate professor of mathematics at Bentley University.

[...] Although RAG is now seen as a technique to help fix issues with generative AI, it actually predates ChatGPT. Researchers coined the term in a 2020 academic paper by researchers at Facebook AI Research (FAIR, now Meta AI Research), University College London, and New York University.

As we've mentioned, LLMs struggle with facts. Google’s entry into the generative AI race, Bard, made an embarrassing error on its first public demonstration back in February 2023 about the James Webb Space Telescope. The error wiped around $100 billion off the value of parent company Alphabet. LLMs produce the most statistically likely response based on their training data and don’t understand anything they output, meaning they can present false information that seems accurate if you don't have expert knowledge on a subject.

LLMs also lack up-to-date knowledge and the ability to identify gaps in their knowledge. “When a human tries to answer a question, they can rely on their memory and come up with a response on the fly, or they could do something like Google it or peruse Wikipedia and then try to piece an answer together from what they find there—still filtering that info through their internal knowledge of the matter,” said Giansiracusa.

But LLMs aren’t humans, of course. Their training data can age quickly, particularly in more time-sensitive queries. In addition, the LLM often can’t distinguish specific sources of its knowledge, as all its training data is blended together into a kind of soup.

In theory, RAG should make keeping AI models up to date far cheaper and easier. “The beauty of RAG is that when new information becomes available, rather than having to retrain the model, all that’s needed is to augment the model’s external knowledge base with the updated information,” said Peterson. “This reduces LLM development time and cost while enhancing the model’s scalability.”


Original Submission

posted by janrinok on Saturday June 08, @05:08PM   Printer-friendly
from the party-time dept.

What's next for MDMA:

MDMA, sometimes called Molly or ecstasy, has been banned in the United States for more than three decades. Now this potent mind-altering drug is poised to become a badly needed therapy for PTSD.

On June 4, the Food and Drug Administration's advisory committee will meet to discuss the risks and benefits of MDMA therapy. If the committee votes in favor of the drug, it could be approved to treat PTSD this summer. The approval would represent a momentous achievement for proponents of mind-altering drugs, who have been working toward this goal for decades. And it could help pave the way for FDA approval of other illicit drugs like psilocybin. But the details surrounding how these compounds will make the transition from illicit substances to legitimate therapies are still foggy.

[...] However, for drugs that carry a risk of serious side effects, the FDA can add a risk evaluation and mitigation strategy to its approval. For MDMA that might include mandating that the health-care professionals who administer the medication have certain certifications or specialized training, or requiring that the drug be dispensed only in licensed facilities.

For example, Spravato, a nasal spray approved in 2019 for depression that works much like ketamine, is available only at a limited number of health-care facilities and must be taken under the observation of a health-care provider. Having safeguards in place for MDMA makes sense, at least at the outset, says Matt Lamkin, an associate professor at the University of Tulsa College of Law who has been following the field closely.: "Given the history, I think it would only take a couple of high-profile bad incidents to potentially set things back."

What mind-altering drug is next in line for FDA approval?

Psilocybin, a.k.a. the active ingredient in magic mushrooms. This summer Compass Pathways will release the first results from one of its phase 3 trials of psilocybin to treat depression. Results from the other trial will come in the middle of 2025, which—if all goes well—puts the company on track to file for approval in the fall or winter of next year. With the FDA review and the DEA rescheduling, "it's still kind of two to three years out," Nath says.

Some states are moving ahead without formal approval. Oregon voters made psilocybin legal in 2020, and the drug is now accessible there at about 20 licensed centers for supervised use. "It's an adult use program that has a therapeutic element," says Ismail Ali, director of policy and advocacy at the Multidisciplinary Association for Psychedelic Studies (MAPS).


Original Submission

posted by janrinok on Saturday June 08, @12:24PM   Printer-friendly

Risky Biz News: The Linux CNA mess you didn't know about:

The Linux Kernel project was made an official CVE Numbering Authority (CNA) with exclusive rights to issue CVE identifiers for the Linux kernal in February this year.

While initially this looked like good news, almost three months later, this has turned into a complete and utter disaster.

Over the past months, the Linux Kernel team has issued thousands of CVE identifiers, with the vast majority being for trivial bug fixes and not just security flaws.

Just in May alone, the Linux team issued over 1,100 CVEs, according to Cisco's Jerry Gamblin—a number that easily beat out professional bug bounty programs/platforms run by the likes of Trend Micro ZDI, Wordfence, and Patchstack.

Ironically, this was a disaster waiting to happen, with the Linux Kernel team laying out some weird rules for issuing CVEs right after the moment it received its CNA status.

We say weird because they are quite unique among all CNAs. The Linux kernel team argues that because of the deep layer where the kernel runs, bugs are hard to understand, and there is always a possibility of them becoming a security issue later down the line. Direct quote below:

"Note, due to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team is overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team."

[...] Instead, the Linux Kernel team appears to have adopted a simpler approach where it puts a CVE on everything and lets the software and infosec community at large confirm that an issue is an authentic security flaw. If it's not, it's on the security and vulnerability management firms to file CVE revocation requests with the precise Linux Kernel team that runs the affected component.

The new Linux CNA rules also prohibit the issuance of CVEs for bugs in EOL Linux kernels, which is also another weird take on security. Just because you don't maintain the code anymore, that doesn't mean attackers won't exploit it and that people wouldn't want to track it.

The Linux team will also refuse to assign CVEs until a patch has been deployed, meaning there will be no CVEs for zero-days or vulnerabilities that may require a longer reporting and patching timeline.

[...] And if this isn't bad enough, the Linux kernel team appears to be backfiling CVEs for fixes to last year's code, generating even more noise for people who use CVEs for legitimate purposes.

[...] Unfortunately, all of this CVE spam also could have not happened at a worse time. Just as the Linux Kernel team was getting its CNA status, NIST was slowing down its management of the NVD database—where all CVEs are compiled and enriched.

NIST cited a staff shortage and a sudden rise in the number of reported vulnerabilities—mainly from the IoT space. Having one of every fifth CVE being a Linux non-security bug isn't helping NIST at all right now.


Original Submission

posted by janrinok on Saturday June 08, @10:00AM   Printer-friendly

William Anders, the former Apollo 8 astronaut who took the iconic "Earthrise" photo showing the planet as a shadowed blue marble from space in 1968, was killed Friday when the plane he was piloting alone plummeted into the waters off the San Juan Islands in Washington state. He was 90.

It has been reported from multiple sources.

posted by janrinok on Saturday June 08, @07:41AM   Printer-friendly

https://every.to/the-crazy-ones/the-misfit-who-built-the-ibm-pc

In a burnished-oak corridor outside the committee room at IBM's headquarters in August 1980, two engineers pace nervously. Eventually, a door opens. Their boss, Bill Lowe, emerges from the board room next door. Before they can say anything, he smiles and nods. They laugh. They can't quite believe it. It's official. IBM is going to try and build a home computer.

Bill Lowe kicked off this ambitious project, but he wouldn't be the person who would finish it. That role would fall to his successor, a humble, cowboy boot-wearing mid-level executive, out of favor and kicking his heels in the IBM corporate backwater of Boca Raton, Florida. He would take Lowe's project forward, one nobody else in the company wanted. Just 12 months later, on August 15, 1981, a computer would launch that would change the world: the IBM PC.

This is the story of Don Estridge, the man who brought the IBM PC to market and changed business and home computing forever. In just five years he created an IBM division that almost nobody else in the company wanted to exist. By 1983, it had seized 70 percent of the microcomputer market and was valued at over $4 billion ($12 billion today). Under Estridge, IBM's PC division sold over 1 million machines a year, making it the third largest computer manufacturer in the world on its own. This story is based on contemporary accounts in publications such as InfoWorld, PC magazine, Time, and the New York Times, as well as books such as Blue Magic by James Chposky and Ted Leonsis; Big Blues by Paul Carroll; and Fire in the Valley by Michael Swaine and Paul Frieberger.


Original Submission