SoylentNews

Arthur T Knackerbracket has processed the following story:

Back in April the Biden FCC finally got around to restoring both net neutrality rules, and the agency’s Title II authority over telecom providers. The modest rules, as we’ve covered extensively, prevent big telecom giants from abusing their monopoly and gatekeeper power to harm competitors or consumers. They also require that ISPs be transparent about what kind of network management they use.

Contrary to a lot of industry and right wing bullshit, the rules don’t hurt broadband investment and they’re not some “radical government overreach.” They’re some very basic guidelines proposed by an agency that under both parties is generally too feckless to stand up to industry.

But big telecom giants like AT&T and Comcast have unsurprisingly challenged the rules once again in the Fifth Circuit, the Sixth Circuit, Eleventh Circuit, and the D.C. Circuit as they seek a lucky lottery draw. At the same time, they’ve filed a petition asking the FCC to pause the rules (set to take effect July 22), claiming (falsely, as it turns out) that the agency’s decision was illegal (all consumer protection efforts are illegal if you’re ignorant enough to ask an AT&T or Comcast lawyer’s opinion about it).

Big ISPs, as usual, insist that if net neutrality is to be addressed, it should be done by Congress:

Telecom lobbyists, which spend an estimated $320,000 every day lobbying Congress, enjoy making this claim hoping you’re too daft to realize that Congress has long been too corrupted by corporate influence to do this (or much of anything else on consumer protection or consumer privacy). They know they have Congress in their pockets, and they’re obviously working hard on the courts.

Arthur T Knackerbracket has processed the following story:

After weeks of being excoriated by cybersecurity experts, Microsoft is making moves to address concerns over its new AI-powered computer history-saving feature: Copilot+ Recall.

Most notably, Microsoft is switching Recall from a default feature to one that requires a user to opt-in first. The company is making the change before Recall officially rolls out on June 18.

"We are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall," wrote Microsoft Windows VP Pavan Davuluri in an official company update on the feature. "If you don’t proactively choose to turn it on, it will be off by default."

Last month, Microsoft announced a series of new AI-powered features coming to Windows. One central feature that the company announced was Recall.

Recall takes constant screenshots in the background while a user uses a device. Microsoft's AI then scans the screenshots and makes a searchable archive of all the activity history that a user performed. Which websites were visited, what a user typed into forms – nearly everything is saved.

Cybersecurity experts were immediately concerned. A prominent former Microsoft threat analyst who had hands-on experience using Recall called the feature a "disaster." 

It turns out, Recall really does save pretty much everything including text passwords, sensitive financial information, private Google Chrome browser history, and more. And Recall saves it inside a database that can be easily accessed by a bad actor who gains remote control of a user's device.

Making things even worse, Recall was going to be a feature turned on by default, meaning users might not have even been aware of what was going on in the background of their device.

Thankfully, users will now have to opt-in to the feature, fully aware of what they are turning on and what Recall does.

owl writes:

http://www.os2museum.com/wp/learn-something-old-every-day-part-xii-strange-file-resizing-on-dos/

Someone recently asked an interesting question: Why do Microsoft C and compatible DOS compilers have no truncate() and/or ftruncate() library functions? And how does one resize files on DOS?

OK, that's actually two questions. The first one is easy enough to answer: Because XENIX had no truncate() or ftruncate() either. Instead, XENIX had a chsize() function which, sure enough, can be found in the Microsoft C libraries at least as far back as MS C 3.0 (early 1985).

The second question is rather more interesting. The way files are resized on DOS is moving the file pointer to the desired size by calling the LSEEK function (INT 21h/42h), and then calling the WRITE function (INT 21h/40h) with zero length (CX=0).

Now, this mechanism is rather curious, because the handle-based file API in DOS 2.0 was modeled on XENIX, yet on UNIX systems, the write() function asked to transfer zero bytes simply does nothing. If the mechanism didn't come from XENIX, where did it come from?....

Original Submission

canopic jug writes:

Multiple sites are reporting on an article in Nature Ecology & Evolution about communication between African elephants (paywall). Using machine learning to analyze the low rumblings that elephants make, they researchs conclude that elephants have names for each other and use them.

Wild African elephants call each other by their names, according to a study published today in Nature Ecology & Evolution — making them the only nonhuman animals known to use language like this.

— Vox, Elephants have names — and they use them with each other

and

For the new study, a team of international researchers used an artificial intelligence algorithm to analyse the calls of two wild herds of African savannah elephants in Kenya.

The research "not only shows that elephants use specific vocalisations for each individual, but that they recognise and react to a call addressed to them while ignoring those addressed to others," lead study author Michael Pardo said.

— Science Alert, Wild Elephants Invent Names For One Another in Surprise Sign of Abstract Thinking

and

The researchers analyzed vocalizations - mostly rumbles generated by elephants using their vocal cords, similar to how people speak - made by more than 100 elephants in Amboseli National Park and Samburu National Reserve.

Using a machine-learning model, the researchers identified what appeared to be a name-like component in these calls identifying a specific elephant as the intended addressee. The researchers then played audio for 17 elephants to test how they would respond to a call apparently addressed to them as well as to a call apparently addressed to some other elephant.

— The Hindustan Times, Elephants use 'names' to communicate with each other: Study

and

So Pardo and some colleagues analyzed recordings of 469 rumbling calls that wild African elephants had made to each other in the Amboseli National Park and Samburu and Buffalo Springs National Reserves in Kenya between 1986 and 2022.

For every recorded call, the researchers knew the identity of the elephant making the rumble as well as, based on the context, the elephant that was being addressed.

— NPR, Wild elephants may have names that other elephants use to call them

Previously,
(2021) Wise Old Elephants Keep the Young Calm
(2014) Elephants: Best Sense of Smell by a Wide Margin
(2014) Elephants Can Tell Human Ethnicity by our Voices

Original Submission

janrinok writes:

https://www.bbc.com/news/articles/c2eeg9gygyno

An appeal has been launched for O blood-type donors to book appointments across the country following the ransomware attack affecting major London hospitals.

NHS Blood and Transplant is appealing for O blood-type donors to book appointments to donate as this is safe to use for all patients.

The IT attack means the affected hospitals cannot currently match patients' blood at the same frequency as usual.

Several London hospitals declared a critical incident, cancelled operations and tests, and were unable to carry out blood transfusions last week after the attack on the pathology firm Synnovis, which Qilin, a Russian group of cyber criminals, is understood to have been behind.

Memos to NHS staff at King's College Hospital, Guy's and St Thomas' (including the Royal Brompton and the Evelina London Children's Hospital) and primary care services in London said a critical incident had been declared.

Now NHS Blood and Transplant is calling for O positive and O negative blood donors to book appointments in one of the 25 NHS Blood Donor Centres in England to boost stocks.

For surgeries and procedures requiring blood to take place, hospitals need to use O- type blood as this is safe to use for all patients and blood has a shelf life of 35 days, so stocks need to be continually replenished, the NHS said.

That means more units of these types of blood than usual will be required over the coming weeks.

AnonTechie writes:

Source: General Robots

A very interesting article about programming Robots, written by BENJIE HOLSON:

I worked on this idea for months before I decided it was a mistake. The second time I heard someone mention it, I thought, "That's strange, these two groups had the same idea. Maybe I should tell them it didn't work for us." The third and fourth time I rolled my eyes and ignored it. The fifth time I heard about a group struggling with this mistake I decided it was worth a blog post all on its own. I call this idea "The Mythical Non-Roboticist".

The idea goes something like this: Programming robots is hard. And there are some people with really arcane skills and PhDs who are really expensive and seem to be required for some reason. Wouldn't it be nice if we could do robotics without them?1 What if everyone could do robotics? That would be great, right? We should make a software framework so that non-roboticists can program robots.

This idea is so close to a correct idea that it's hard to tell why it doesn't work out. On the surface, it's not wrong: all else being equal, it would be good if programming robots was more accessible. The problem is that we don't have a good recipe for making working robots. So we don't know how to make that recipe easier to follow. In order to make things simple, people end up removing things that folks might need, because no one knows for sure what's absolutely required. It's like saying you want to invent an invisibility cloak and want to be able to make it from materials you can buy from Home Depot. Sure, that would be nice, but if you invented an invisibility cloak that required some mercury and neodymium to manufacture would you toss the recipe?

In robotics, this mistake is based on a very true and very real observation: programming robots is super hard. Famously hard. It would be super-great if programming robots was easier. The issue is this: programming robots has two different kinds of hard parts.

Original Submission

Arthur T Knackerbracket has processed the following story:

Roughly a year ago, astronomers announced that they had observed an object that shouldn't exist. Like a pulsar, it emitted regularly timed bursts of radio emissions. But unlike a pulsar, those bursts were separated by over 20 minutes. If the 22-minute gap between bursts represents the rotation period of the object, then it is rotating too slowly to produce radio emissions by any known mechanism.

Now, some of the same team (along with new collaborators) are back with the discovery of something that, if anything, is acting even more oddly. The new source of radio bursts, ASKAP J193505.1+214841.0, takes nearly an hour between bursts. And it appears to have three different settings, sometimes producing weaker bursts and sometimes skipping them entirely. While the researchers suspect that, like pulsars, this is also powered by a neutron star, it's not even clear that it's the same class of object as their earlier discovery.

[...] We don't have a clear idea of how long the time between pulses can get before a pulsar will shut down. But we do know that it's going to be far less than 22 minutes.

Which is why the 2023 discovery was so strange. The object, GPM J1839–10, not only took a long time between pulses, but archival images showed that it had been pulsing on and off since at least 35 years ago.

To figure out what is going on, we really have two options. One is more and better observations of the source we know about. The second is to find other examples of similar behavior. There's a chance we now have a second object like this, although there are enough differences that it's not entirely clear.

The object, ASKAPJ193505.1+214841.0, was discovered by accident when the Australian Square Kilometre Array Pathfinder telescope was used to observe the area due to detections of a gamma-ray burst. It picked up a bright radio burst in the same field of view, but it was unrelated to the gamma-ray burst. Further radio bursts showed up in later observations, as did a few far weaker bursts. A search of the telescope's archives also spotted a weaker burst from the same location.

Checking the timing of the radio bursts, the team found that they could be explained by an object that emitted bursts every 54 minutes, with bursts lasting from 10 seconds to just under a minute. Checking additional observations, however, showed that there were often instances where a 54-minute period would not end with a radio burst, suggesting the source sometimes skipped radio emissions entirely.

upstart writes:

OpenSSH introduces options to penalize undesirable behavior:

In a recent commit, Damien Miller (djm@) introduced the new sshd(8) configurations options, PerSourcePenalties and PerSourcePenaltyExemptList, to provide a built in facility in sshd(8) itself to penalize undesirable behavior, and to shield specific clients from penalty, respectively.

The commit message reads,

List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Damien Miller <djm () cvs ! openbsd ! org Date: 2024-06-06 17:15:26 CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2024/06/06 11:15:26 Modified files: usr.bin/ssh : misc.c misc.h monitor.c monitor_wrap.c servconf.c servconf.h srclimit.c srclimit.h sshd-session.c sshd.c sshd_config.5 Log message: Add a facility to sshd(8) to penalise particular problematic client behaviours, controlled by two new sshd_config(5) options: PerSourcePenalties and PerSourcePenaltyExemptList.

When PerSourcePenalties are enabled, sshd(8) will monitor the exit status of its child pre-auth session processes. Through the exit status, it can observe situations where the session did not authenticate as expected. These conditions include when the client repeatedly attempted authentication unsucessfully (possibly indicating an attack against one or more accounts, e.g. password guessing), or when client behaviour caused sshd to crash (possibly indicating attempts to exploit sshd). When such a condition is observed, sshd will record a penalty of some duration (e.g. 30 seconds) against the client's address. If this time is above a minimum threshold specified by the PerSourcePenalties, then connections from the client address will be refused (along with any others in the same PerSourceNetBlockSizeCIDR range). Repeated offenses by the same client address will accrue greater penalties, up to a configurable maximum. A PerSourcePenaltyExemptList option allows certain address ranges to be exempt from all penalties. We hope these options will make it significantly more difficult for attackers to find accounts with weak/guessable passwords or exploit bugs in sshd(8) itself. PerSourcePenalties is off by default, but we expect to enable it automatically in the near future.

This new facility comes in addition to the already well known and loved pf.confstate tracking options, and is for now available only in OpenBSD-current, but is almost certainly to be available in the upcoming OpenBSD 7.6 release.

Windows Recall Demands an Extraordinary Level of Trust That Microsoft Hasn't Earned

upstart writes:

Op-ed: The risks to Recall are way too high for security to be secondary:

Microsoft's Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they've been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare. That's doubly true because Microsoft says that by default, Recall's screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

The line between "potential security nightmare" and "actual security nightmare" is at least partly about the implementation, and Microsoft has been saying things that are at least superficially reassuring. Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows' disk encryption technologies, which are generally on by default if you've signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user's Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall's snapshots.

This all sounds good in theory, but some users are beginning to use Recall now that the Windows 11 24H2 update is available in preview form, and the actual implementation has serious problems.

[...] The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft's app-exclusion feature to work. Beaumont says "several days" of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC's native resolution, minus the taskbar area).

See also:

• A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back

Motor Trend is running a story that summarizes a number of different sources that look at vehicle privacy, https://www.motortrend.com/news/connected-cars-data-privacy-issues-sex-speeding/ It isn't favorable to the car companies, which (historically) is a change of direction for Motor Trend--long ago accused of making back room deals over their long-running "Car of the Year" award and other industry-favorable coverage.

As well as stories covered here earlier from Mozilla and NY Times, they also link to this possibly interesting page,

Amico created Privacy4cars.com as a potential solution. "We built a tool called the Vehicle Privacy Report," https://vehicleprivacyreport.com/ he said. "It's free for consumers. You can punch in a VIN, and we'll tell you what data your car collects and where it's going." Privacy4Cars also created a smartphone app that allows consumers to delete data in a car, and its Assert Your Data Rights services allows Privacy4Cars to act as authorized agent to submit requests for access to personal information collected by a car, to delete the information, and request that personal information not be sold as defined by respective state laws.

I tried it on a 10 year old car and it pretty much matched what I expected -- no Wi-Fi, no linking to phones, but possible data collected if satellite radio was used (it's not).

Then there is this, provided for curiosity only, since sex and SN users are not typically intersecting sets (grin):

Of all the data that car companies can potentially capture, one of the most eye-opening from the Mozilla report was people having sex in vehicles. "One of the things that everybody latched onto was Nissan and Kia saying they could collect information on your sex life or your sexual activity," Caltrider said. "That really freaked people out." While the researchers couldn't determine exactly how the automakers would gather data on sexual activity in cars, the educated guess is it wouldn't be that hard for cameras and sensors to gather the information necessary.

After the Mozilla Foundation report was released, Kia Connect Services (a suite of services Kia extends to its vehicle owners) and Nissan USA removed wording about collecting information on sexual activity from their online privacy policies, Caltrider said. She sent us a PDF of the original wording on the Nissan site, and under Types of Personal Data collected, it read: "Sensitive personal information, including ... sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information." On Kia's broader corporate privacy page under Sensitive Personal Information as of press time, it still read, "This category may include ... sex life or sexual orientation information."

Original Submission

quietus writes:

Historically, high-speed rail travel by Train a Grande Vitesse (TGV) in France was the monopoly of the French national rail service, SNCF.

Under EU rules, all national operators have to make their rail system available to other willing operators. So in 2021, Trentalia, a unit of Italy's state rail operator, decided to offer high-speed train rides in France too.

Now a third company has decided to enter the fray. The difference is that this is a private company named Proxima, backed by a (French) private equity firm (Antin Infrastructure Partners) to the initial tune of $1.1bn.

Proxima will offer high-speed rail trips between Paris and four cities in western France - Bordeaux, Nantes, Rennes, and Angers, using 12 Avelia Horizon Trains. This will add 10 million new passenger seats on these lines, per year. According to the company,

"Travel between key cities in France has increased over the last 10 years, reflecting new ways of living. High-speed rail is the answer favored by the French, and train occupancy levels are at all-time highs.

As France's first independent high speed train operator, Proxima aims to reinvent the experience for its different customers groups by listening to their needs, and reflecting the changes in consumer behaviour and changing ways of life. These include trends to teleworking and the erosion of the business/leisure boundary, as well as the demand for better on-board connectivity and relevant services on-board."

It might be noteworthy that earlier this year, the EU decided to speed-up the implementation of the TEN-T network. The TEN-T is an EU-wide network of rail, inland waterways, short-sea shipping routes, and roads. It connects 424 major cities with ports, airports and railway terminals. When the TEN-T is complete, it will cut travel times between these cities. For example, passengers will be able to travel between Copenhagen and Hamburg in 2.5 hours by train, instead of the 4.5 hours required today. You can find an interactive map detailing the project(s) here.

While in 2021, the deadline for completion of the network's core was set at 2040, a recent update stated that the core transport links must be finished by 2030. It is speculation, but it could be -- given that Proxima's service will start in 2027 -- that the current initiative is in anticipation of that completion.

Related: Highspeed to the Future

Original Submission

fab23 writes:

Thomas A. Limoncelli writes in Make Two Trips:

During an interview on The Late Show with Stephen Colbert, comedian Larry David explained that his New Year's Resolution was "make two trips" (episode 857, January 8, 2020).

For example, when carrying groceries into the house, it is tempting to carry everything at once, but then you drop the cantaloupe, and now you have to clean up that mess. While it seemed like one trip would have been faster, if you include the time it takes to clean up the mess, it would have been faster to simply make two trips.

[...] This "make two trips" strategy isn't an earth-shattering breakthrough. It won't cure cancer, end world hunger, or fix the climate crisis. However, I have adopted this philosophy, and it has had many benefits.

The immediate benefit is that I am now more likely to have a free hand to open my house door. Pulling keys out of my pocket no longer involves smashing a grocery bag between my chest and the house.

The larger benefit has come from adopting this philosophy in both coding and operations.

The other day, I was adding a feature to some old code. The code reported results of an earlier calculation with various formatting options that could be enabled or disabled.

The code was quite complex because certain options affected the format in ways that had downstream implications for other options. The code was able to satisfy all the various options and controls in one pass over the data, printing a report along the way.

[...] I struggled in earnest to add my new feature to this ever-growing complicated loop.

Then I remembered Larry's advice: Make two trips.

The code would be significantly simpler if it made two passes over the data. One pass would collect data, count things that needed to be counted, sum subtotals, and so on. The second pass would take all this information and output the report, and would be much easier because it had all the information it needed from the start. No Schrödinger's cat.

[...] It was a classic complexity vs. memory engineering decision: Suffer from complexity or suffer from potential memory exhaustion.

... continue reading the whole article at ACM Queue.

Original Submission

Arthur T Knackerbracket has processed the following story:

Astronauts driving a vehicle around the landscape of the moon must not only face dangers related to [low] gravity and falling into craters, but also the problem of extreme fluctuations in temperature. The lunar environment oscillates between blistering highs of 127°C (260°F) and frigid lows of -173°C (-280°F).

Future missions to explore the moon will need reliable machines that can function under these harsh conditions. This led a team from Nagoya University in Japan to invent a heat-switch device that promises to extend the operational lifespan of lunar-roving vehicles. Their study, conducted in collaboration with the Japan Aerospace Exploration Agency, was published in the journal Applied Thermal Engineering.

"Heat-switch technology that can switch between daytime heat dissipation and nighttime insulation is essential for long-term lunar exploration," said lead researcher Masahito Nishikawara. "During the day, the lunar rover is active, and the electronic equipment generates heat. Since there is no air in space, the heat generated by the electronics must be actively cooled and dissipated. On the other hand, during extremely cold nights, electronics must be insulated from the outside environment so that they don't get too cold."

[...] The thermal control device developed by the team combines a loop heat pipe (LHP) with an electrohydrodynamic (EHD) pump. During the day, the EHD pump is inactive, allowing the LHP to operate as usual. In lunar rovers, the LHP uses a refrigerant that cycles between vapor and liquid states.

When the device heats up, the liquid refrigerant in the evaporator vaporizes, releasing heat through the rover's radiator. The vapor then condenses back into liquid, which returns to the evaporator to absorb heat again. This cycle is driven by capillary forces in the evaporator, making it energy efficient.

At night, the EHD pump applies pressure opposite to the LHP flow, stopping the movement of the refrigerant. Electronics are completely insulated from the cold night environment with minimal electricity use.

quietus writes:

Are you looking for something more titillating to read than the usual low-brow stuff you find here at soylentnews?

You might just be in luck, as MIT Press has released an impact report about its Direct-To-Open (D2O) program, under which faculty members do not publish with pay-for-play journals and publishers anymore, but release [some of] their good stuff directly to the public.

Next to lots of happy geeks directly downloading juicy titles like Model Systems in Biology, Tor: From the Dark Web to the Future of Privacy and No Heavenly Bodies: A History of Satellite Communications Infrastructure, MIT claims that "D2O has exceeded expectations in its first three years, and we're thrilled to share the impact."

To date, D2O has funded 240 books: 159 in the humanities and social sciences (HSS) and 81 in science, technology, engineering, art/design, and mathematics (STEAM). The data show that, on average, open-access HSS books in the program are used 3.75 times more and receive 21 percent more citations than their paywalled counterparts. Open-access books in STEAM fields are used 2.67 times more and receive 15 percent more citations than their non-open counterparts, on average. Regardless of their field, D2O books are making meaningful contributions to debates both within and beyond the academy.

Books in the program have on average a little over 3,000 downloads, compared to the few hundred they'd normally get if hidden behind a paywall.

The whole program isn't completely free though: it is funded by libraries which agree to pay recurring participation fees. In exchange, these libraries also get access to the previously published MIT Press products, which remain gated.

Original Submission

quietus writes:

Programming style is not a matter of efficiency in a program. It is a matter of how easy it is to write or read a program, how easy it is to explain the program to someone else, how easy it is to figure out what the program does a year after you've written it; and above all, style is a matter of taste, of aesthetics, of what you think looks nice, of what you think is elegant.

Although style is mainly a matter of taste, a programmer with a "good" style will find his programs easy to write, easy to read, and easy to explain to others. ...

In particular, you may have acquired special programming tricks that you are very fond of, and that aren't used by other programmers, but that don't make your programs much more efficient. I urge you to stop using those tricks. As Samuel Johnson once said, "Read over your compositions, and when you meet with a passage which you think is particularly fine, strike it out."

In other words, make your style simple, not complicated, even though the complicated style may seem to have some abstract virtues. ...

(F. Black, "Styles of Programming in LISP," in The Programming Language LISP: Its Operations and Applications, ed. E. Berkeley and D. Bobrow (1964), p96 (p106 of the PDF))

When teaching an algorithms course, Craig Partridge, of Colorado State University, discovered that his students had little to no idea of how to divide their code into functions. So he wrote a short guidance paper (pdf).

What other advice, oh battle-hardened developer, would you give starting-out programmers/developers about how to approach a project/codebase?

Original Submission