SoylentNews

owl writes:

http://www.righto.com/2024/06/montreal-mifare-ultralight-nfc.html

To use the Montreal subway (the Métro), you tap a paper ticket against the turnstile and it opens. The ticket works through a system called NFC, but what's happening internally? How does the ticket work without a battery? How does it communicate with the turnstile? And how can it be so cheap that you can throw the ticket away after one use? To answer these questions, I opened up a ticket and examined the tiny chip inside.

Original Submission

upstart writes:

Using stalkerware is creepy, unethical, potentially illegal, and puts your data and that of your loved ones in danger:

Last week, an unknown hacker broke into the servers of the U.S.-based stalkerware maker pcTattletale. The hacker then stole and leaked the company's internal data. They also defaced pcTattletale's official website with the goal of embarrassing the company.

"This took a total of 15 minutes from reading the techcrunch article," the hackers wrote in the defacement, referring to a recent TechCrunch article where we reported that pcTattletale was used to monitor several front desk check-in computers at Wyndham hotels across the United States.

As a result of this hack, leak and shame operation, pcTattletale founder Bryan Fleming said he was shutting down his company.

Consumer spyware apps like pcTattletale are commonly referred to as stalkerware because jealous spouses and partners use them to surreptitiously monitor and surveil their loved ones. These companies often explicitly market their products as solutions to catch cheating partners by encouraging illegal and unethical behavior. And there have been multiple court cases, journalistic investigations, and surveys of domestic abuse shelters that show that online stalking and monitoring can lead to cases of real-world harm and violence.

And that's why hackers have repeatedly targeted some of these companies.

According to TechCrunch's tally, with this latest hack, pcTattletale has become the 20th stalkerware company since 2017 that is known to have been hacked or leaked customer and victims' data online. That's not a typo: Twenty stalkerware companies have either been hacked or had a significant data exposure in recent years. And three stalkerware companies were hacked multiple times.

[...] But a company closing doesn't mean it's gone forever. As with Spyhide and SpyFone, some of the same owners and developers behind a shuttered stalkerware maker simply rebranded.

owl writes:

https://salvagedcircuitry.com/2000a-nand-recovery.html

I ran across an oscilloscope in need of love and attention on the Internet's favorite online auction site. After some back and forth from the seller, I found out that the scope didn't boot, one of the tell tale problems of the Agilent 2000a / 3000a / 4000a X-series oscilloscope series. The no boot condition can be caused by one of three things: a failed power supply, the mischievous NAND corruption error, or both. The seller took my lowball offer of $220 and just like that I had another project in my life.

On initial opening, the scope looked like it had road rash. Every single knob and edge of the plastic shell had distinct pavement scuff marks. There were some cracks in the front plastic bezel and rear molded fan grill, further confirming that this scope was dropped multiple times. The horizontal adjust encoder was also bent and two knobs were missing.

Not the end of the world, let's double check the description. I plugged it in and the scope powered up with 3 of the 4 indicator lights. Ref, Math, Digital and were illuminated, nothing on serial. The scope stays perpetually in this state with nothing displayed on the LCD. Button presses yield no response. The continuously-on fan and 3 indicator lights are the only source of life. Using a special sequence of power button + unlock cal switch displays no lights on the instrument. The seller clearly did not test the instrument.

Original Submission

canopic jug writes:

Dr Andy Farnell at The Cyber Show writes about the effects of the "splinternet" and division in standards in general on overall computing security. He sees the Internet, as it was less than ten years ago, as an ideal, but one which has been intentionally divided and made captive. While governments talk out of one side of their mouth about cybersecurity they are rushing breathlessly to actually make systems and services less secure or outright insecure.

What I fear we are now seeing is a fault line between informed, professional computer users with access to knowledge and secure computer software - a breed educated in the 1970s who are slowly dying out - and a separate low-grade "consumer" group for whom digital mastery, security, privacy and autonomy have been completely surrendered.

The latter have no expectation of security or correctness. They've grown up in a world where the high ideals of computing that my generation held, ideas that launched the Voyager probe to go into deep space using 1970's technology, are gone.

They will be used as farm animals, as products by companies like Apple, Google and Microsoft. For them, warm feelings, conformance and assurances of safety and correctness, albeit false but comforting, are the only real offering, and there will be apparently "no alternatives".

These victims are becoming ever-less aware of how their cybersecurity is being taken from them, as data theft, manipulation, lock-in, price fixing, lost opportunity and so on. If security were a currency, we're amidst the greatest invisible transfer of wealth to the powerful in human history.

In lieu of actual security, several whole industries have sprung up around ensuring and maintaining computer insecurity. On the technical side of things it's maybe time for more of us to (re-)read the late Ross Anderson's Security Engineering, third edition. However, as Dr Farnell reminds us, most of these problems have non-technical origins and thus non-technical solutions.

Previously:
(2024) Windows Co-Pilot "Recall" Feature Privacy Nightmare
(2024) Reasons for Manual Image Editing over Generative AI
(2019) Chapters of Security Engineering, Third Edition, Begin to Arrive Online for Review

Original Submission

Arthur T Knackerbracket has processed the following story:

A team led by Lawrence Berkeley National Laboratory (Berkeley Lab) has invented a technique to study electrochemical processes at the atomic level with unprecedented resolution and used it to gain new insights into a popular catalyst material.

Electrochemical reactions—chemical transformations that are caused by or accompanied by the flow of electric currents—are the basis of batteries, fuel cells, electrolysis, and solar-powered fuel generation, among other technologies. They also drive biological processes such as photosynthesis and occur under the Earth's surface in the formation and breakdown of metal ores.

The scientists have developed a cell—a small enclosed chamber that can hold all the components of an electrochemical reaction—that can be paired with transmission electron microscopy (TEM) to generate precise views of a reaction at an atomic scale. Better yet, their device, which they call a polymer liquid cell (PLC), can be frozen to stop the reaction at specific timepoints, so scientists can observe composition changes at each stage of a reaction with other characterization tools.

In a paper appearing in Nature, the team describes their cell and a proof of principle investigation using it to study a copper catalyst that reduces carbon dioxide to generate fuels.

"This is a very exciting technical breakthrough that shows something we could not do before is now possible. The liquid cell allows us to see what's going on at the solid-liquid interface during reactions in real time, which are very complex phenomena. We can see how the catalyst surface atoms move and transform into different transient structures when interacting with the liquid electrolyte during electrocatalytic reactions," said Haimei Zheng, lead author and senior scientist in Berkeley Lab's Materials Science Division.

"It's very important for catalyst design to see how a catalyst works and also how it degrades. If we don't know how it fails, we won't be able to improve the design. And we're very confident we're going to see that happen with this technology," said co-first author Qiubo Zhang, a postdoctoral research fellow in Zheng's lab.

Zheng and her colleagues are excited to use the PLC on a variety of other electrocatalytic materials, and have already begun investigations into problems in lithium and zinc batteries. The team is optimistic that details revealed by the PLC-enabled TEM could lead to improvements in all electrochemical-driven technologies.

Arthur T Knackerbracket has processed the following story:

In recent years, age-verification laws have been popping up across the U.S. They typically require visitors to websites with over one-third of adult content to show proof of age (such as ID) when attempting to view this content. As experts told Mashable last year, age-verification laws won't work — VPNs are an easy work-around, for one, and requiring users to upload their IDs leaves them vulnerable to identity theft.

Still, more and more states are enacting these laws. Pornhub and its parent company Aylo's (formerly MindGeek) response has been to block these states from accessing the website at all.

Now, Aylo will block Indiana and Kentucky in July, according to adult trade publication AVN. The laws that spurred these bans are Indiana's SB 17 and Kentucky's HB 278.

If you happen to be in one of these states, Mashable has instructions on how to unblock Pornhub using a VPN.

Original Submission

canopic jug writes:

Doug Muir, at his blog Crooked Timber, discusses a paper about symbiotic fungal networks loaning glucose to seedlings and saplings. Of note, fungi do not produce glucose themselves, so they are extracting and storing it. The fungi connect to new seedlings and help them get started by feeding the roots micronutrients, which for some of them compensates for sunlight which they can't yet reach. Then after some time, the network cuts off the supply. If the sapling dies, the network rots it. If the sapling survives, the network extracts and caches nutrients from it.

The problem was, succession leading to forest was a bunch of observations with a big theoretical hole in the center. Imagine a mid-succession field full of tall grass and bushes and mid-sized shrubs. Okay, so... how does the seedling of a slow-growing tree species break in? It should be overshadowed by the shrubs and bushes, and die before it ever has a chance to grow above them.

And the answer is, the fungus. The forest uses the fungus to pump sugar and nutrients into those seedlings, allowing them to grow until they are overshadowing the tall grasses and shrubs, not vice versa. The fungus is a tool the forest uses to expand. Or — looked at another way — the fungus is a venture capitalist, extending startup loans so that its client base can penetrate a new market.

This also answered a bunch of other questions that have puzzled observers for generations. Like, it's long been known that certain trees are "nurse trees", with unusual numbers of seedlings and saplings growing closely nearby. Turns out: it's the fungus. Why some trees do this and not others is unclear, but the ones that do, are using the fungus. Or: there's a species of lily that likes to grow near maple trees. Turns out they're getting some energy from the maple, through the fungus. Are the lilies symbiotes, providing some unknown benefit to the maple tree? Or are they parasites, who are somehow spoofing either the maple or the fungus? Research is ongoing.

Since the slow-growing trees spend years in the shade of other foliage, the nutrient boost lent by the fungi can make the difference between survival or death.

Previously:
(2022) Mushrooms May Communicate With Each Other Using Up To 50 "Words"
(2020) Radiation-Resistant Graphite-Eating Fungus
(2018) Soil Fungi May Help Determine The Resilience Of Forests To Environmental Change
(2015) Earth Has 3,000,000,000,000 Trees and Some Resist Wildfires

Original Submission

hubie writes:

A Fermat's Library featured paper of the week chosen a month or so ago was Richard Wexelblat's 1981 paper, The Consequences of One's First Programming Language. The abstract of which says:

After seeing many programs written in one language, but with the style and structure of another, I conducted an informal survey to determine whether this phenomenon was widespread and to determine how much a programmer's first programming language might be responsible.

Wexelblat's formal and informal findings suggested there was a lasting impression left by one's first programming language, suggesting that at least part of the reason for this is that one's problem solving approach could be unnecessarily constrained by their first language:

Programmers who think of code in concrete rather than abstract terms limit themselves to the style of data and control structures of their ingrained programming habits. A FORTRAN programmer who has successfully designed a payroll system may not see any value in the ability to combine numeric and alphabetic information into a single data structure. BASIC programmers often find no use at all for subroutine formal parameters and local variables.

The mind-set problem, works both ways: the PASCAL programmer who is forced to use FORTRAN or BASIC may end up writing awful programs because of the difficulty in switching from high-level to low-level constructs. APL converts seem to abhor all other languages.

In his concluding remarks he says:

Although everything presented here is anecdotal evidence from which it would be irresponsible to draw firm conclusions, I cannot help add that my concern about the future generation of programmers remains. Who knows? Perhaps the advent of automatic program generators and very high level specification languages will so change the way we talk to computers that all of this will become irrelevant.

This had me reflecting on my own experiences and wondering, with the benefit of hindsight, whether others agree with Wexelblat then, whether they would agree with him now, or now that we do have automatic program generators and very high level specification languages, has this all become irrelevant?

Original Submission

Arthur T Knackerbracket has processed the following story:

In an update released late Friday evening, NASA said it was "adjusting" the date of the Starliner spacecraft's return to Earth from June 26 to an unspecified time in July.

The announcement followed two days of long meetings to review the readiness of the spacecraft, developed by Boeing, to fly NASA astronauts Butch Wilmore and Suni Williams to Earth. According to sources these meetings included high-level participation from senior leaders at the agency, including associate administrator Jim Free.

This "Crew Flight Test," which launched on June 5th atop an Atlas V rocket, was originally due to undock and return to Earth on June 14. However, as engineers from NASA and Boeing studied data from the vehicle's problematic flight to the International Space Station, they have waived off several return opportunities.

On Friday night they did so again, citing the need to spend more time reviewing data.

[...] Just a few days ago, on Tuesday, officials from NASA and Boeing set a return date to Earth for June 26. But that was before a series of meetings on Thursday and Friday during which mission managers were to review findings about two significant issues with the Starliner spacecraft: five separate leaks in the helium system that pressurizes Starliner's propulsion system and the failure of five of the vehicle's 28 reaction-control system thrusters as Starliner approached the station.

Arthur T Knackerbracket has processed the following story:

Researchers have created a new class of materials called "glassy gels" that are very hard and difficult to break despite containing more than 50% liquid. Coupled with the fact that glassy gels are simple to produce, the material holds promise for a variety of applications.

A paper describing this work, titled "Glassy Gels Toughened by Solvent," appears in the journal Nature.

Gels and glassy polymers are classes of materials that have historically been viewed as distinct from one another. Glassy polymers are hard, stiff and often brittle. They're used to make things like water bottles or airplane windows. Gels—such as contact lenses—contain liquid and are soft and stretchy.

"We've created a class of materials that we've termed glassy gels, which are as hard as glassy polymers, but—if you apply enough force—can stretch up to five times their original length, rather than breaking," says Michael Dickey, corresponding author of a paper on the work and the Camille and Henry Dreyfus Professor of Chemical and Biomolecular Engineering at North Carolina State University. "What's more, once the material has been stretched, you can get it to return to its original shape by applying heat. In addition, the surface of the glassy gels is highly adhesive, which is unusual for hard materials."

"A key thing that distinguishes glassy gels is that they are more than 50% liquid, which makes them more efficient conductors of electricity than common plastics that have comparable physical characteristics," says Meixiang Wang, co-lead author of the paper and a postdoctoral researcher at NC State. "Considering the number of unique properties they possess, we're optimistic that these materials will be useful."

[...] "Maybe the most intriguing characteristic of the glassy gels is how adhesive they are," says Dickey. "Because while we understand what makes them hard and stretchable, we can only speculate about what makes them so sticky."

The researchers also think glassy gels hold promise for practical applications because they're easy to make.

More information: Michael Dickey, Glassy gels toughened by solvent, Nature (2024). DOI: 10.1038/s41586-024-07564-0.

Original Submission

owl writes:

https://www.theregister.com/2024/06/20/systemd_2561_data_wipe_fix/

Following closely after the release of version 256, version 256.1 fixes a handful of bugs. One of these is emphatically not systemd-tmpfiles recursively deleting your entire home directory. That's a feature.

The 256.1 release is now out, containing some 38 minor changes and bugfixes. Among these are some changes to the help text around the systemd-tmpfiles command, which describes itself as a tool to "Create, delete, and clean up files and directories." Red Hat's RHEL documentation describes it as a tool for managing and cleaning up your temporary files.

That sounds innocuous enough, right?

It isn't, as Github user jedenastka discovered on Friday. He filed bug #33349 and the description makes for harrowing reading, not just because of the tool's entirely intended behavior, but also because of the systemd maintainers' response, which could be summarized as "you're doing it wrong".

Original Submission

Arthur T Knackerbracket has processed the following story:

According to a report by The Cyber Express, a cybercriminal group known as Intelbroker has claimed on the BreachForums site that it breached AMD's systems and is selling the data it stole.

In addition to details on unreleased AMD products, the group is offering to sell specification sheets, customer databases, property files, ROMs, source code, firmware, and financial records.

The trove also allegedly includes AMD employees' information, such as user IDs, full names, job functions, phone numbers, and email addresses. However, all the employee information shown has been recorded as "inactive," suggesting the people no longer work at the company and that the emails are out of use.

There have been previous cases of cybercriminal gangs making false claims about infiltrating big organizations and having stolen data to sell, but this instance appears genuine as Intelbroker posted screenshots from AMD's internal systems.

[...] Intelbroker is asking interested buyers to get in touch and make an offer for the stolen AMD data, to be paid in the cryptocurrency Monero.

Original Submission

An Anonymous Coward writes:

Biden to ban U.S. sales of Kaspersky software over ties to Russia, source says --

https://www.cnbc.com/2024/06/20/biden-to-ban-us-sales-of-kaspersky-software-over-ties-to-russia.html

The US administration on Thursday will announce plans to bar the sale of Kaspersky Lab's antivirus software in the United States, a person familiar with the matter said, citing the firm's large U.S. customers including critical infrastructure providers and state and local governments.

The company's close ties to the Russian government were found to pose a critical risk, the person said, adding that the software's privileged access to a computer's systems could allow it to steal sensitive information from American computers, install malware or withhold critical updates.

The sweeping new rule, using broad powers created by the Trump administration, will be coupled with another move to add the company to a trade restriction list, according to two other people familiar with the matter, dealing a blow to the firm's reputation that could hammer its overseas sales.

[...] A spokesperson for the Commerce Department declined to comment, while Kaspersky Lab and the Russian Embassy did not respond to requests for comment. Previously, Kaspersky has said that it is a privately managed company with no ties to the Russian government.

The moves show the administration is trying to stamp out any risks of Russian cyberattacks stemming from Kaspersky software and keep squeezing Moscow as its war effort in Ukraine has regained momentum and as the United States has run low on fresh sanctions it can impose on Russia.

It also shows the Biden administration harnessing a powerful new authority that allows it to ban or restrict transactions between U.S. firms and internet, telecom and tech companies from "foreign adversary" nations like Russia and China.

[...] Kaspersky, which has a U.K. holding company and operations in Massachusetts, said in a corporate profile that it generated revenue of $752 million in 2022 from more than 220,000 corporate clients in some 200 countries. Its website lists Italian vehicle maker Piaggio, Volkswagen's retail division in Spain and the Qatar Olympic Committee among its customers.

Original Submission

owl writes:

https://austinhenley.com/blog/bignum1.html

What happens when numbers get too big for a computer to work with?

For example, a 64-bit unsigned integer can be as large as 18,446,744,073,709,551,615. That is... huge. But what if it isn't enough?

Enter bignums, or arbitrary-precision numbers. These very, very large numbers allow you to go beyond CPU limitations for representing integers and performing arithmetic, limited only by the computer's memory.

If you open up Python and throw some really, really big numbers at it, you'll see that it works without any issue. Although C requires using a library for bignums, Python supports them right out of the box. In fact, you can use big numbers and small numbers interchangeably and it is completely abstracted away from the programmer.

I've always wanted to know how these bignum libraries work, so this is my adventure in learning about them.

The irony with this blog post, for any of us who did any assembly programming on the old 8-bit microprocessors (8080/Z80/6502/6800), is that doing "big-nums" was a required bit of knowledge to do any math larger than 8-bits wide (6502) or 16-bits wide (for a few instructions on the 8080/Z80/6800). The blog writer must be one of today's Ten Thousand.

Original Submission

mcgrew writes:

Of course, you can't delete their site without going to prison. This is about deleting an account.

        You probably saw the S/N article Adobe and Meta Drive the Visual Digital Arts in Deeper Enshit[ment] where it was shown that Meta is changing its policy next week, allowing itself to legally steal your copyrighted content to train its AI (for those under a rock, "Artificial Intelligence").

        You probably also know that I'm a writer since about 1997. I am also a former visual art and design student with dozens of images, if not hundreds. As I have posted stories here at S/N, and slashdot (years ago, I left when S/N was started), I also posted at Facebook for about five years or so; my daughter convinced me that I could popularize my books there.

        In my last book, Voyage to Madness about a trip to Proxima Centauri via Einstein's time warp (real science, no fantasy), there are no human visual artists, poets, or writers. It's all produced by computers. I do not want to be a contributor to that future! So when I first got word of this latest evil from Meta, I posted there that I was deleting my account and where to look for my writing. I set last night as the date, and then forgot until this morning after my coffee.

        Even sober and full of coffee, It was extremely difficult and frustrating. Meta made getting out of their data prison extremely difficult. Harder than Wolfenstein and unlike it, no fun at all.

        First, I suspect that there's a robots.txt file in the directory that holds the file that actually explains, very poorly, how to delete an account, because I of course googled to see how to do it. It was a facebook.com file, but very outdated. There is no possible way I found using it to actually delete.

        Even after logging into Farsebook and looking for a help file there, it was obvious that they don't want anyone to leave. I wish I would have written this as I was deleting the account, I could have given step by step instructions; even following their flawed program (i.e., list of steps, for you non-programmers) they leave out much needed information and force you to guess.

        It took over an hour. But I encourage all of you with Meta accounts to fight this evil. Maybe we CAN delete facebook! If you see me there with the same photo that was posted, please let me know so I can sue them. I don't need the money, I just want to destroy Meta. If it happens, unlikely as that is, I'll donate the winnings to S/N.

        I may open another account just to poison their stupid "intelligent" computer.

Original Submission