SoylentNews

owl writes:

https://www.theregister.com/2024/06/20/systemd_2561_data_wipe_fix/

Following closely after the release of version 256, version 256.1 fixes a handful of bugs. One of these is emphatically not systemd-tmpfiles recursively deleting your entire home directory. That's a feature.

The 256.1 release is now out, containing some 38 minor changes and bugfixes. Among these are some changes to the help text around the systemd-tmpfiles command, which describes itself as a tool to "Create, delete, and clean up files and directories." Red Hat's RHEL documentation describes it as a tool for managing and cleaning up your temporary files.

That sounds innocuous enough, right?

It isn't, as Github user jedenastka discovered on Friday. He filed bug #33349 and the description makes for harrowing reading, not just because of the tool's entirely intended behavior, but also because of the systemd maintainers' response, which could be summarized as "you're doing it wrong".

Original Submission

Arthur T Knackerbracket has processed the following story:

According to a report by The Cyber Express, a cybercriminal group known as Intelbroker has claimed on the BreachForums site that it breached AMD's systems and is selling the data it stole.

In addition to details on unreleased AMD products, the group is offering to sell specification sheets, customer databases, property files, ROMs, source code, firmware, and financial records.

The trove also allegedly includes AMD employees' information, such as user IDs, full names, job functions, phone numbers, and email addresses. However, all the employee information shown has been recorded as "inactive," suggesting the people no longer work at the company and that the emails are out of use.

There have been previous cases of cybercriminal gangs making false claims about infiltrating big organizations and having stolen data to sell, but this instance appears genuine as Intelbroker posted screenshots from AMD's internal systems.

[...] Intelbroker is asking interested buyers to get in touch and make an offer for the stolen AMD data, to be paid in the cryptocurrency Monero.

Original Submission

An Anonymous Coward writes:

Biden to ban U.S. sales of Kaspersky software over ties to Russia, source says --

https://www.cnbc.com/2024/06/20/biden-to-ban-us-sales-of-kaspersky-software-over-ties-to-russia.html

The US administration on Thursday will announce plans to bar the sale of Kaspersky Lab's antivirus software in the United States, a person familiar with the matter said, citing the firm's large U.S. customers including critical infrastructure providers and state and local governments.

The company's close ties to the Russian government were found to pose a critical risk, the person said, adding that the software's privileged access to a computer's systems could allow it to steal sensitive information from American computers, install malware or withhold critical updates.

The sweeping new rule, using broad powers created by the Trump administration, will be coupled with another move to add the company to a trade restriction list, according to two other people familiar with the matter, dealing a blow to the firm's reputation that could hammer its overseas sales.

[...] A spokesperson for the Commerce Department declined to comment, while Kaspersky Lab and the Russian Embassy did not respond to requests for comment. Previously, Kaspersky has said that it is a privately managed company with no ties to the Russian government.

The moves show the administration is trying to stamp out any risks of Russian cyberattacks stemming from Kaspersky software and keep squeezing Moscow as its war effort in Ukraine has regained momentum and as the United States has run low on fresh sanctions it can impose on Russia.

It also shows the Biden administration harnessing a powerful new authority that allows it to ban or restrict transactions between U.S. firms and internet, telecom and tech companies from "foreign adversary" nations like Russia and China.

[...] Kaspersky, which has a U.K. holding company and operations in Massachusetts, said in a corporate profile that it generated revenue of $752 million in 2022 from more than 220,000 corporate clients in some 200 countries. Its website lists Italian vehicle maker Piaggio, Volkswagen's retail division in Spain and the Qatar Olympic Committee among its customers.

Original Submission

owl writes:

https://austinhenley.com/blog/bignum1.html

What happens when numbers get too big for a computer to work with?

For example, a 64-bit unsigned integer can be as large as 18,446,744,073,709,551,615. That is... huge. But what if it isn't enough?

Enter bignums, or arbitrary-precision numbers. These very, very large numbers allow you to go beyond CPU limitations for representing integers and performing arithmetic, limited only by the computer's memory.

If you open up Python and throw some really, really big numbers at it, you'll see that it works without any issue. Although C requires using a library for bignums, Python supports them right out of the box. In fact, you can use big numbers and small numbers interchangeably and it is completely abstracted away from the programmer.

I've always wanted to know how these bignum libraries work, so this is my adventure in learning about them.

The irony with this blog post, for any of us who did any assembly programming on the old 8-bit microprocessors (8080/Z80/6502/6800), is that doing "big-nums" was a required bit of knowledge to do any math larger than 8-bits wide (6502) or 16-bits wide (for a few instructions on the 8080/Z80/6800). The blog writer must be one of today's Ten Thousand.

Original Submission

mcgrew writes:

Of course, you can't delete their site without going to prison. This is about deleting an account.

        You probably saw the S/N article Adobe and Meta Drive the Visual Digital Arts in Deeper Enshit[ment] where it was shown that Meta is changing its policy next week, allowing itself to legally steal your copyrighted content to train its AI (for those under a rock, "Artificial Intelligence").

        You probably also know that I'm a writer since about 1997. I am also a former visual art and design student with dozens of images, if not hundreds. As I have posted stories here at S/N, and slashdot (years ago, I left when S/N was started), I also posted at Facebook for about five years or so; my daughter convinced me that I could popularize my books there.

        In my last book, Voyage to Madness about a trip to Proxima Centauri via Einstein's time warp (real science, no fantasy), there are no human visual artists, poets, or writers. It's all produced by computers. I do not want to be a contributor to that future! So when I first got word of this latest evil from Meta, I posted there that I was deleting my account and where to look for my writing. I set last night as the date, and then forgot until this morning after my coffee.

        Even sober and full of coffee, It was extremely difficult and frustrating. Meta made getting out of their data prison extremely difficult. Harder than Wolfenstein and unlike it, no fun at all.

        First, I suspect that there's a robots.txt file in the directory that holds the file that actually explains, very poorly, how to delete an account, because I of course googled to see how to do it. It was a facebook.com file, but very outdated. There is no possible way I found using it to actually delete.

        Even after logging into Farsebook and looking for a help file there, it was obvious that they don't want anyone to leave. I wish I would have written this as I was deleting the account, I could have given step by step instructions; even following their flawed program (i.e., list of steps, for you non-programmers) they leave out much needed information and force you to guess.

        It took over an hour. But I encourage all of you with Meta accounts to fight this evil. Maybe we CAN delete facebook! If you see me there with the same photo that was posted, please let me know so I can sue them. I don't need the money, I just want to destroy Meta. If it happens, unlikely as that is, I'll donate the winnings to S/N.

        I may open another account just to poison their stupid "intelligent" computer.

Original Submission

Arthur T Knackerbracket has processed the following story:

For roughly 80 years, the United States has managed the threat of nuclear terrorism through nonproliferation treaties, agency programs, intelligence activities, international monitoring support and more, withstanding the Cold War, the fall of the Soviet Union, and 9/11.

[...] "The issue of nuclear terrorism remains very much a real one, there are enormous stakes involved and the risks are high, but the issue has been falling off the radar screen of the American public over the last 15 years, and the skill set of people involved in managing it is aging out," says Flynn, professor of political science and founding director of the Global Resilience Institute at Northeastern.

"We really need to keep our eye on the ball. It was quite timely for Congress to call for an assessment of this risk and provide recommendations for staying on top of this issue."

In the 2021 National Defense Authorization Act, Congress mandated the U.S. Department of Defense and the U.S. Department of Energy's National Nuclear Security Agency to work with the National Academy of Sciences, Engineering and Medicine to assess the current state of nuclear terrorism and nuclear weapons and materials and advise the government on how to handle such issues.

Flynn, an expert on national and homeland security, was appointed chair of the committee in 2022. The committee released its final report on Tuesday.

The report finds that a lot has changed since the issue of nuclear terrorism was forefront in Americans' minds following 9/11 and the buildup to the Iraq War.

"We had a war on terror after 9/11, but that didn't succeed in eliminating the terrorism threat," Flynn says. "Terrorism continues to morph."

The outbreak of the Israel-Hamas War, which occurred as the committee finalized its report, demonstrates this morphing of terrorism.

The involvement of Hezbollah as a proxy of Iran, and the involvement of Hamas—both groups are designated terrorist groups by the U.S. State Department—highlight a world where non-states and nuclear-seeking states collaborate in warfare, Flynn says.

"The designation between non-state vs. state actors is blurry," Flynn says. "The assessment reveals we have to be focused on where those two things may overlap."

Also "blurring" is the line between domestic terrorism and international terrorism, Flynn says.

"Particularly when you look on the far right, international terror groups are recruiting Americans into these organizations, and Americans are reaching out to extremist organizations that have terrorism elements," Flynn says.

The nuclear world continues to morph as well.

owl writes:

https://www.bbc.co.uk/news/articles/c722gne7qngo

Archive Link: https://archive.is/4eOAc

McDonald's is removing artificial intelligence (AI) powered ordering technology from its drive-through restaurants in the US, after customers shared its comical mishaps online.

A trial of the system, which was developed by IBM and uses voice recognition software to process orders, was announced in 2019.

It has not proved entirely reliable, however, resulting in viral videos of bizarre misinterpreted orders ranging from bacon-topped ice cream to hundreds of dollars worth of chicken nuggets.

McDonald's told franchisees it would remove the tech from the more than 100 restaurants it has been testing it in by the end of July, as first reported by trade publication Restaurant Business, external.

[...] "After thoughtful review, McDonald's has decided to end our current global partnership with IBM on AOT [Automated Order Taking] beyond this year," the restaurant chain said in a statement.

However, it added it remained confident the tech would still be "part of its restaurants' future."

"We will continue to evaluate long-term, scalable solutions that will help us make an informed decision on a future voice ordering solution by the end of the year," the statement said.

/me now has visions of interacting with just about any telephone voice recognition assistant ever....

Original Submission

Car dealers can't sell cars due to living in today's world

Snotnose writes:

Hope you didn't want to buy a car in the near future

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack causing the company to shut down its systems and leaving clients unable to operate their business normally.

CDK Global provides clients in the auto industry a SaaS platform that handles all aspects of a car dealership's operation, including CRM, financing, payroll, support and service, inventory, and back office operations.

Brad Holton, CEO of Proton Dealership IT, a cybersecurity and IT services firm for car dealerships, told BleepingComputer that the attack caused CDK to take its two data centers offline at approximately 2 AM last night.

Employees at multiple car dealerships have also told BleepingComputer that CDK has not shared much information other than to send an email warning that they suffered a cyber incident.

Anyone wanna take bets they're running Microsoft stuff?

Why Americans aren't buying more EVs

Arthur T Knackerbracket has processed the following story:

Clint and Rachel Wells had reasons to consider buying an electric vehicle when it came to replacing one of their cars. But they had even more reasons to stick with petrol.

The couple live in Normal, Illinois, which has enjoyed an economic boost from the electric vehicle assembly plant opened there by upstart electric-car maker Rivian. EVs are a step forward from “using dead dinosaurs” to power cars, Clint Wells says, and he wants to support that.

But the couple decided to “get what was affordable”—in their case, a petrol-engined Honda Accord costing $19,000 after trade-in.

An EV priced at $25,000 would have been tempting, but only five new electric models costing less than $40,000 have come on to the US market in 2024. The hometown champion’s focus on luxury vehicles—its cheapest model is currently the $69,000 R1T—made it a non-starter.

“It’s just not accessible to us at this point in our life,” Rachel Wells says.

The Wells are among the millions of Americans opting to continue buying combustion-engine cars over electric vehicles, despite [the] President's ambitious target of having EVs make up half of all new cars sold in the US by 2030. Last year, the proportion was 9.5 percent.

High sticker prices for cars on the forecourt, and high interest rates that are pushing up monthly lease payments, have combined with concerns over driving range and charging infrastructure to chill buyers’ enthusiasm—even among those who consider themselves green.

While EV technology is still improving and the popularity of electric cars is still increasing, sales growth has slowed. Many carmakers are rethinking manufacturing plans, cutting the numbers of EVs they had planned to produce for the US market in favor of combustion-engined and hybrid cars.

AnonTechie writes:

[Source]: Popular Mechanics

Time has puzzled scientists for many decades. Does it meaningfully exist apart from our experience of it as everything moves toward the disintegration of entropy along its irrefutable arrow? You can't put the "spilled milk" of the weirdness of time back in the jug.

Could the observable universe be exclusively composed of layered, mutually entangled systems?

The passage of time puzzles quantum physicists, who seek to fit it into a cohesive model.

One wild theory posits that time visibly passes because we're entangled with ... well ... everything.

In new research published in the American Physical Society's peer-reviewed journal Physical Review A, scientists from Italy (led by Alessandro Coppo) try to translate one theory of time into real life—or, at least, closer to it. The theory is called Page and Wootters mechanism, and Coppo has studied it for years. It's a quantum mechanics idea that dates back to 1983.

Journal Reference:
Tiago Martinelli, Diogo O. Soares-Pinto. Quantifying quantum reference frames in composed systems: Local, global, and mutual asymmetries, Physical Review A (DOI: 10.1103/PhysRevA.99.042124)

Original Submission

Signal, MEPs Urge EU Council To Drop Encryption-Eroding Law

Arthur T Knackerbracket has processed the following story:

On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.

[...] Known to detractors as Chat Control, the proposal seeks to prevent the online dissemination of child sexual abuse material (CSAM) by requiring internet service providers to scan digital communication – private chats, emails, social media messages, and photos – for unlawful content.

The proposal [PDF], recognizing the difficulty of explicitly outlawing encryption, calls for "client-side scanning" or "upload moderation" – analyzing content on people's mobile devices and computers for certain wrongdoing before it gets encrypted and transmitted.

The idea is that algorithms running locally on people's devices will reliably recognize CSAM (and whatever else is deemed sufficiently awful), block it, and/or report it to authorities. This act of automatically policing and reporting people's stuff before it's even had a chance to be securely transferred rather undermines the point of encryption in the first place.

Europe's planned "regulation laying down rules to prevent and combat child sexual abuse" is not the only legislative proposal that contemplates client-side scanning as a way to front-run the application of encryption. The US Earn-It Act imagines something similar.

In the UK, the Online Safety Act of 2023 includes a content scanning requirement, though with the government's acknowledgement that enforcement isn't presently feasible. While it does allow telecoms regulator Ofcom to require online platforms to adopt an "accredited technology" to identify unlawful content, there is currently no such technology and it's unclear how accreditation would work.

With the EU proposal vote approaching, opponents of the plan have renewed their calls to shelve the pre-crime surveillance regime.

In an open letter [PDF] on Monday, Meredith Whittaker, CEO of Signal, which threatened to withdraw its app from the UK if the Online Safety Act disallowed encryption, reiterated why the EU client-side scanning plan is unworkable and dangerous.

"There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe," wrote Whittaker.

European countries continue to play rhetorical games. They’ve come back to the table with the same idea under a new label

"Instead of accepting this fundamental mathematical reality, some European countries continue to play rhetorical games.

[...] Threema said if it isn't allowed to offer encryption, it will leave the EU.

And on Tuesday, 37 Members of Parliament signed an open letter to the Council of Europe urging legislators to reject Chat Control.

"We explicitly warn that the obligation to systematically scan encrypted communication, whether called 'upload-moderation' or 'client-side scanning,' would not only break secure end-to-end encryption, but will to a high probability also not withstand the case law of the European Court of Justice," the MEPs said. "Rather, such an attack would be in complete contrast to the European commitment to secure communication and digital privacy, as well as human rights in the digital space." ®

Note: Comments are enabled for everyone including Anonymous Cowards and should be on-topic. However, if you abuse this privilege do not be surprised or complain if your comments are deleted.

This came to my attention on IRC; it was published yesterday. It should not surprise anyone, nor is it a unique occurrence. Most sites on the internet nowadays are suffering from the same problem. But I find it hard to understand how anyone can benefit from personal attacks, or by forcing sites to make unwanted decisions about how they operate.

https://www.schneier.com/blog/archives/2024/06/new-blog-moderation-policy.html

Schneier writes:

New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, we're having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It's gotten so bad that I need to do something.

My options are limited because I'm just one person, and this website is free, ad-free, and anonymous. I pay for a part-time moderator out of pocket; he isn't able to constantly monitor comments. And I'm unwilling to require verified accounts.

So starting now, we will be pre-screening comments and letting through only those that 1) are on topic, 2) contribute to the discussion, and 3) don't attack or insult anyone. The standard is not going to be "well, I guess this doesn't technically quite break a rule," but "is this actually contributing."

Obviously, this is a subjective standard; sometimes good comments will accidentally get thrown out. And the delayed nature of the screening will result in less conversation and more disjointed comments. Those are costs, and they're significant ones. But something has to be done, and I would like to try this before turning off all comments.

In our own case it is rarely someone posting under his/her username that does similar things or at least not anyone who is logged in and posting anonymously. There are a few who push the boundaries from time to time but they usually do it without resorting to anonymity. It is almost without exception those who wish to remain Anonymous Cowards. Surely they realise that the eventual outcome will be to force sites to ban AC posting. How does that benefit any site or those ACs in particular? The end result will be that there will be fewer places where they are allowed to express themselves.

janrinok

DannyB writes:

Human missions to Mars in serious doubt after discovery made on effects to astronaut's bodies

Scientists have admitted they do not know why it is happening

Even though Elon Musk claimed that humans could be flying to Mars within 10-20 years, it seems as though that plan could be at risk after studies have found some major issues.

Samples from more than 40 space missions, involving both humans and mice, have revealed that the conditions in space have adverse reactions on the body.

[....] Scientists at University College London (UCL), who carried out the study, have found that microgravity and galactic radiation from space caused serious health risks that emerge the longer a person is exposed to it.

The main part of the body that is at risk is the kidneys, with the research showing that parts of the kidneys showed signs of shrinkage after less than a month in space.

[....] Talking to The Independent, Dr. Keith Siew, first author of the study, said: "We know what has happened to astronauts on the relatively short space missions conducted so far, in terms of an increase in health issues such as kidney stones.

[....] "If we don't develop new ways to protect the kidneys, I'd say that while an astronaut could make it to Mars they might need dialysis on the way back."

The scientist added: "We know that the kidneys are late to show signs of radiation damage.

"By the time this becomes apparent it's probably too late to prevent failure, which would be catastrophic for the mission's chances of success."

Despite likely health problems and much shorter life, there would no doubt be a long list of volunteers willing to make the first trip.

Original Submission

An Anonymous Coward writes:

Tech Review is running a story about comedians who were asked to use "AI" to write jokes. https://www.technologyreview.com/2024/06/17/1093740/what-happened-when-20-comedians-got-ai-to-write-their-routines/ The results were mixed at best:

Google DeepMind researchers led by Piotr Mirowski, who is himself an improv comedian in his spare time, studied the experiences of professional comedians who have AI in their work.
[...]
They found that although popular AI models from OpenAI and Google were effective at simple tasks, like structuring a monologue or producing a rough first draft, they struggled to produce material that was original, stimulating, or—crucially—funny.
[...]
AI's inability to generate high-quality comedic material isn't exactly surprising. The same safety filters that OpenAI and Google use to prevent models from generating violent or racist responses also hinder them from producing the kind of material that's common in comedy writing, such as offensive or sexually uggestive jokes and dark humor.
[...]
The experiment also exposed the LLMs' bias. Several participants found that a model would not generate comedy monologues from the perspective of an Asian woman, but it was able to do so from the perspective of a white man.

Tech Review ends with a couple of the lame AI generated jokes, it seems fair to say that comedians don't have to worry about competition from AI anytime soon:

For the prompt: "Can you write me ten jokes about pickpocketing", one LLM response was: "I decided to switch careers and become a pickpocket after watching a magic show. Little did I know, the only thing disappearing would be my reputation!"

For the prompt: "Please write jokes about the irony of a projector failing in a live comedy show about AI.", one of the better LLM responses was: "Our projector must've misunderstood the concept of 'AI.' It thought it meant 'Absolutely Invisible' because, well, it's doing a fantastic job of disappearing tonight!"

Original Submission

Arthur T Knackerbracket has processed the following story:

With its new unskippable ad feature, YouTube might end up killing ad blockers once and for all. Currently, the video platform is experimenting with server-side ad injection, which means the ads would appear directly in a video’s stream, bypassing ad blockers.

A Google spokesperson explained the test to Gizmodo: “YouTube is improving its performance and reliability in serving both organic and ad video content. This update may result in suboptimal viewing experiences for viewers with ad blockers installed. Ad blockers violate YouTube’s Terms of Service, and we’ve been urging viewers for some time to support their favorite creators and allow ads on YouTube or try YouTube Premium for an ad-free experience.”

[...] As a matter of fact, YouTube has been adding as many ads as it can to videos on the platform, as users occasionally have to sit through three ads before a video starts, a few more while watching the content, and a final ad after the video ends.

This is why, instead of using an ad blocker, I decided to pay for YouTube Premium. Not only did I leave the platform’s miserable ad-based experience behind, but I also learned to enjoy other perks, such as listening to a video in the background and downloading as many videos as I want when I’m on a trip with no cellular connection.

YouTube isn’t the only platform focusing on unskippable ads, as even Instagram has started testing some new forms of ad revenue that might see the light of day soon. While YouTube at least offers you a plan to get rid of ads, Meta doesn’t offer the same option yet.

Original Submission

Geoff Clare writes:

On 14 June 2024 IEEE and The Open Group published the first major revision of POSIX.1 since 2008^*. It is simultaneously IEEE 1003.1-2024 and The Open Group Base Specifications, Issue 8. The latter will form, together with a soon to be published update to XCurses, The Single UNIX Specification, Version 5. The new standard will also be published by ISO as a revision to 9945:2009 in the not too distant future.

The revision adds the following 102 new functions (mostly from C17):

*SPOILER* (click to show) *SPOILER* (click to hide)

_Fork	aligned_alloc
at_quick_exit	atomic_compare_exchange_strong
atomic_compare_exchange_strong_explicit	atomic_compare_exchange_weak
atomic_compare_exchange_weak_explicit	atomic_exchange
atomic_exchange_explicit	atomic_fetch_add
atomic_fetch_add_explicit	atomic_fetch_and
atomic_fetch_and_explicit	atomic_fetch_or
atomic_fetch_or_explicit	atomic_fetch_sub
atomic_fetch_sub_explicit	atomic_fetch_xor
atomic_fetch_xor_explicit	atomic_flag_clear
atomic_flag_clear_explicit	atomic_flag_test_and_set
atomic_flag_test_and_set_explicit	atomic_init
atomic_is_lock_free	atomic_load
atomic_load_explicit	atomic_signal_fence
atomic_store	atomic_store_explicit
atomic_thread_fence	bind_textdomain_codeset
bindtextdomain	c16rtomb
c32rtomb	call_once
cnd_broadcast	cnd_destroy
cnd_init	cnd_signal
cnd_timedwait	cnd_wait
dcgettext	dcgettext_l
dcngettext	dcngettext_l
dgettext	dgettext_l
dladdr	dngettext
dngettext_l	getentropy
getlocalename_l	getresgid
getresuid	gettext
gettext_l	mbrtoc16
mbrtoc32	memmem
mtx_destroy	mtx_init
mtx_lock	mtx_timedlock
mtx_trylock	mtx_unlock
ngettext	ngettext_l
posix_close	posix_devctl
posix_getdents	ppoll
pthread_cond_clockwait	pthread_mutex_clocklock
pthread_rwlock_clockrdlock	pthread_rwlock_clockwrlock
qsort_r	quick_exit
reallocarray	sem_clockwait
setresgid	setresuid
sig2str	str2sig
strlcat	strlcpy
textdomain	thrd_create
thrd_current	thrd_detach
thrd_equal	thrd_exit
thrd_join	thrd_sleep
thrd_yield	timespec_get
tss_create	tss_delete
tss_get	tss_set
wcslcat	wcslcpy

and the following new utilities:

gettext
msgfmt
ngettext
readlink
realpath
timeout
xgettext

[*] There was a revision in 2017, but it was just POSIX.1-2008 with two technical corrigenda rolled in; it did not contain any new interfaces.

Original Submission