SoylentNews

fliptop writes:

The growing reach of gesture-based user interfaces:

User interface (UI) design is currently experiencing a transition from traditional graphical user interfaces (GUIs) to systems designed to recognize a person's gestures and movements.

Hence, in this blog, we will discuss the possible implications of this groundbreaking transition in terms of user experience (UX) and the accessibility of modern interfaces. Likewise, we'll explore how developers adapt to the technological shift to deliver innovative solutions while outlining the challenges of adopting gesture-based interactions.

Gesture-based interactions are quickly becoming a standard and the technology is widely considered the future of UI. Therefore, modern devices and applications must adapt to meet the needs of their users. On top of that, recent data shows that 82% of users prefer apps with gesture-based controls.

The algorithms built into touch screen devices, such as smartphones recognize a range of touch types, from scrolling to swiping. Because of this technology, users are now able to navigate applications with simple gestures like pinches or taps. A classic example of this is the navigation controls of Google Maps which require the user to pinch the screen to zoom in or out, and swipe/drag to move to a different location.

[...] Enhancing user engagement is one of the key benefits of gesture-based interactions, allowing users to directly manipulate screen elements to quickly reach their goal. The direct nature of using gestures can create a better sense of connection when using an application, not only boosting user satisfaction but also increasing loyalty, ensuring the app has longevity.

Original Submission

Our Shy Submitter has provided the following story:

Scientific American is running an opinion piece that claims the origin of the t-test is a scientist working at the Guinness Brewery in the early 1900s, https://www.scientificamerican.com/article/how-the-guinness-brewery-invented-the-most-important-statistical-method-in/

Near the start of the 20th century, Guinness had been in operation for almost 150 years and towered over its competitors as the world's largest brewery. Until then, quality control on its products had consisted of rough eyeballing and smell tests. But the demands of global expansion motivated Guinness leaders to revamp their approach to target consistency and industrial-grade rigor. The company hired a team of brainiacs and gave them latitude to pursue research questions in service of the perfect brew. The brewery became a hub of experimentation to answer an array of questions: Where do the best barley varieties grow? What is the ideal saccharine level in malt extract? How much did the latest ad campaign increase sales?

Amid the flurry of scientific energy, the team faced a persistent problem: interpreting its data in the face of small sample sizes. One challenge the brewers confronted involves hop flowers, essential ingredients in Guinness that impart a bitter flavor and act as a natural preservative. To assess the quality of hops, brewers measured the plants' soft resin content. Let's say they deemed 8 percent a good and typical value. Testing every flower in the crop wasn't economically viable, however. So they did what any good scientist would do and tested random samples of flowers.

The fine article goes on to illustrate the difference between the t-test and normal distribution and also explains why it's often called the "Student" test.

I wonder if it rubs off--can you drink some Guinness Stout and then pass your stat class final exam?

Original Submission

Arthur T Knackerbracket has processed the following story:

The closure affects less than 50 U.S. employees, but the impact on cybersecurity could be far more significant.

Kaspersky Lab, a Russian cybersecurity and antivirus software company, announced it will start shutting down all of its operations in the U.S. on July 20. The departure was inevitable after 12 of the company’s executives were hit with sanctions, and the company’s products were banned from sale in the U.S.

Kaspersky Lab told BleepingComputer of the pending closure and confirmed it would lay off all of its U.S.-based employees. Reportedly, the shutdown affects less than 50 employees in the U.S. The impact on cybersecurity could be much greater since the company’s researchers have been responsible for stopping or slowing countless major security exploits.

The United States government has claimed that Kaspersky’s continued operations in the U.S. posed a significant privacy risk. Since Kaspersky is based in Russia, officials worry the Russian government could exploit the cybersecurity firm to collect and weaponize sensitive U.S. information.

In June, the Department of Commerce’s Bureau of Industry & Security (BIS) issued sanctions on Kaspersky. A Final Determination hearing resulted in Kaspersky being banned from providing any antivirus or cybersecurity solutions to anyone in the United States. Kaspersky’s customers in the U.S. have until September 29, 2024, to find alternative security and antivirus software.

Kaspersky told BleepingComputer that it had “carefully examined and evaluated the impact of the U.S. legal requirements and made this sad and difficult decision as business opportunities in the country are no longer viable.” After all, it’s hard to run a business that provides cybersecurity and antivirus solutions when you’re banned from doing so.

The BIS placed Kaspersky Lab and its U.K. holding company on the U.S. government’s Entity List because of their ties to Russia. This prevented Kaspersky from conducting business in the U.S. At the same time, a dozen members of Kaspersky’s board of executives and leadership were individually sanctioned.

These sanctions froze the executives’ U.S. assets and prevented access to them until the sanctions were lifted. While Kaspersky insisted the ban was based on theoretical concerns rather than evidence of wrongdoing, sources close to the matter have said otherwise. Russian backdoors into Kaspersky’s software are an “open secret,” they said, and a Commerce Department official stated the department believes it is more than just a theoretical threat.

Original Submission

Freeman writes:

https://arstechnica.com/gadgets/2024/07/report-apple-approves-epic-games-store-on-ios-in-europe/

It's been a whirlwind journey of stops and starts, but AppleInsider reports the Epic Game Store for iOS in the European Union has passed Apple's notarization process.

This paves the way for Epic CEO Tim Sweeney to realize his long-stated goal of launching an alternative game store on Apple's closed platform—at least in Europe.

[...] Apple's new policies allow for alternative app marketplaces but with some big caveats regarding the deal that app developers agree to. We discussed it in some detail earlier this year.

[...] Even after the shift, Apple is said to have rejected the Epic Games Store app twice. The rejections were over specific rules about the copy and shape of buttons within the app, though not about its primary function.

[...] After those rejections, Epic took to X to accuse Apple of rejecting the app in a way that was "arbitrary, obstructive, and in violation of the DMA." Epic claimed it followed Apple's suggested design conventions for the buttons and noted that the copy matched language it has been using in its store on other platforms for a long time.

Not long after, Apple went ahead and approved the app despite the disagreement over the copy and button designs. However, AppleInsider reported that Apple will still require Epic to change the copy and buttons later. Epic disputed that on X, and Sweeney offered his own take:

Original Submission

fliptop writes:

Why Rust is becoming the programming language of choice for many high-level developers:

Rust is revolutionizing high-performance Web service development with its memory safety, resource management, and speed. Initially used in operating systems and gaming engines, Rust now excels in web development, offering low-level control and high-level concurrency. Its advanced ownership model and robust type system eliminate memory errors at compile time, enhancing performance and reliability.

[...] Rust's popularity in the software development community continues to rise, with even the likes of Linus Torvalds giving the language his blessing, and announcing driver integration for major subsystems sometime in 2024.

So, it's clear Rust is 'one of the big boys' by now, but why exactly is it one of the most popular programming languages? Well, it's down to:

• Memory safety without garbage collection
• [...] Thread safety
• [...] Performance
• [...] Syntax innovations
• [...] Tooling and ecosystem

These capabilities make Rust a popular option for enterprise-level applications, providing sufficient speeds to execute processes like Workday staff augmentation, customizing existing ERP software, and other demanding backend tasks.

The article goes on to describe specific features that make Rust popular and also discusses the key challenges to Rust adoption, namely learning curve and complexity.

Previously:

• Microsoft Adopts Rust to Boost Windows Security and Performance
• How Rust Went From a Side Project to Currently the World's Most Popular Language
• Linus Torvalds: Rust Will Go Into Linux 6.1
• Memory Safe Programming Languages are on the Rise

Original Submission

looorg writes:

https://www.bbc.com/news/articles/ce784r9njz0o

Scientists have for the first time discovered a cave on the Moon.

At least 100m deep, it could be an ideal place for humans to build a permanent base, they say.

It is just one in probably hundreds of caves hidden in an "underground, undiscovered world", according to the researchers.

https://cosmosmagazine.com/space/exploration/moon-caves-entrance/

Astronomers say they've found a possible way to get into caves under the Moon's surface on the Sea of Tranquillity.

[...] "These caves have been theorized for over 50 years, but it is the first time ever that we have demonstrated their existence

The Moon's surface is dotted with pits, sometimes called skylights, which have been formed by lava tubes caving in.

"Although more than 200 pits have now been detected in various lunar geological settings and latitudes, it remains uncertain whether any of these openings could lead to extended cave conduits underground," write the researchers in their paper.

https://www.nature.com/articles/s41550-024-02302-y

Time to regress to become cave dwellers again, just on another celestial body.

Original Submission

Freeman writes:

https://arstechnica.com/information-technology/2024/07/openai-board-shakeup-microsoft-out-apple-backs-away-amid-ai-partnership-scrutiny/

Microsoft has withdrawn from its non-voting observer role on OpenAI's board, while Apple has opted not to take a similar position, reports Axios and Financial Times. The ChatGPT maker plans to update its business partners and investors through regular meetings instead of board representation. The development comes as regulators in the EU and US increase their scrutiny of Big Tech's investments in AI startups due to concerns about stifling competition.
[...]
Microsoft accepted a non-voting position on OpenAI's board in November following the ouster and reinstatement of OpenAI CEO Sam Altman.

Last week, Bloomberg reported that Apple's Phil Schiller, who leads the App Store and Apple Events, might join OpenAI's board in an observer role as part of an AI deal. However, the Financial Times now reports that Apple will not take up such a position, citing a person with direct knowledge of the matter. Apple did not immediately respond to our request for comment.
[...]
Microsoft remains a critical financial and technology resource for OpenAI, having invested over $10 billion in the company since early 2023.
[...]
While no official source has yet officially linked Microsoft's board withdrawal (and Apple's change of direction on a potential OpenAI board position) to regulatory scrutiny, it's unlikely to be a coincidence. Regulators in both the US and Europe are worried that Big Tech's heavy influence in fast-growing AI startups may unreasonably edge out competition and establish de facto monopolies over key technologies that would stifle smaller competitors.
[...]
Even though Microsoft's financial ties run deep into OpenAI, as Financial Times notes, the ChatGPT maker states: "While our partnership with Microsoft includes a multibillion dollar investment, OpenAI remains an entirely independent company governed by the OpenAI Nonprofit."

Original Submission

VLM writes:

MBed OS and platform are shutting down in 2026, although rumor has it almost all of the devs have already been downsized.

https://os.mbed.com/blog/entry/Important-Update-on-Mbed/

A couple of possible discussion points from the perspective of someone who used it for STM32:

It was one of those FOSS-but-not-really products that was completely corporate controlled and funded and written, but under a FOSS license. It never really gained any traction outside corporate. There is a winner-take-all mentality in microcontroller RTOS... why use Mbed if Zephyr supports 10x as much "stuff" out of the box? Also, given the primary source of funding, it really only practically functioned on ARM processors. Pragmatically it seems multiplatform RTOS are the only ones that survive long-term, single platform seems always doomed, a bit different than the desktop/laptop/phone market.

There was something of a product-tying thing going on with Pelion IoT cloud platform, which used to be free, but the free tier disappeared. It was pretty awesome for hobbyist use until they intentionally got rid of the hobbyists, presumably to "save money". However this seems to be a common pattern for decades, the devs who influence million dollar contracts during the day want to play with pirated/free versions at home at night, so arguably Pelion and thus Mbed shot themselves in their own foot.

I wonder how much C19 killed Mbed a couple years later. After STM32 procs and ARM microcontrollers were unobtainable for couple of years, there was no way to get hardware to run Mbed.

It was a bit memory-hungry; IIRC by the time you got a full IoT platform with auto-updates and telemetry over WiFi working on commodity dev board hardware, you were out of either flash, ram, or both so you couldn't run your app.

I have happy memories of being introduced to LwM2M protocol; it was an interesting innovation on MQTT but a little too "organized" for widespread use. Take MQTT and "compress" by turning all common (and uncommon) nouns and verbs into integers; kind of like the old Apollo spacecraft computer, kind of like a fixed compression standard.

A final interesting discussion point is tool manufacturers going out of business is a pretty strong signal the bubble is over. The permanent solution to "The S in IoT stands for security" may very well be the IoT industry drying up and blowing away, and this shutdown is a sign of the start of the end.

Anyone else have fond memories of MbedOS? I thought it was pretty awesome back in the day, although I switched to Zephyr years ago. Other contemporary microcontroller or IoT comments?

Original Submission

upstart writes:

Out-of-control heat is making Earth more "weird":

For the 13th consecutive month, Earth's average monthly temperature has broken all previous records, continuing a streak that began in June 2023. Significantly, the European climate service Copernicus added that that the world has been 1.5 degrees Celsius (2.7 degrees Fahrenheit) higher than pre-industrial levels for more than a year, pushing the planet up against the threshold established by the 2015 Paris climate agreement.

"We see increases in deadly heat waves and droughts, but also an increased experience of 'global weirding' — more extreme weather events producing conditions that are entirely new for communities."

"It's a stark warning that we are getting closer to this very important limit set by the Paris Agreement," Copernicus senior climate scientist Nicolas Julien told NPR. "The global temperature continues to increase. It has at a rapid pace."

[...] "Along with this warming, we see increases in deadly heat waves and droughts, but also an increased experience of 'global weirding,'" Dr. Twila Moon, a climatologist and deputy lead scientist at NASA's National Snow and Ice Data Center, told Salon. Such weirding, she explained, encompasses "more extreme weather events producing conditions that are entirely new for communities, weather whiplash as folks may experience quick swings between hot and cold or drought and flood, and many challenges for crops, wildlife, recreation, and being able to plan for what we previously considered normal weather conditions."

[...] "In addition," Trenberth added, "increasing conflicts around the world (Sudan, Russia-Ukraine, Gaza-Israel, etc.) and increasing wildfires have meant that many emissions are not adequately counted but they nonetheless contribute substantially to well measured atmospheric concentrations. These all counter the considerable progress made in cutting emissions elsewhere."

Original Submission

upstart writes:

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks:

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets.

The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It was publicly disclosed in early June 2024.

"CVE-2024-4577 is a flaw that allows an attacker to escape the command line and pass arguments to be interpreted directly by PHP," Akamai researchers Kyle Lefton, Allen West, and Sam Tinklenberg said in a Wednesday analysis. "The vulnerability itself lies in how Unicode characters are converted into ASCII."

The web infrastructure company said it began observing exploit attempts against its honeypot servers targeting the PHP flaw within 24 hours of it being public knowledge.

This included exploits designed to deliver a remote access trojan called Gh0st RAT, cryptocurrency miners like RedTail and XMRig, and a DDoS botnet named Muhstik.

"The attacker sent a request similar to the others seen previous RedTail operations, abusing the soft hyphen flaw with '%ADd,' to execute a wget request for a shell script," the researchers explained. "This script makes an additional network request to the same Russia-based IP address to retrieve an x86 version of the RedTail crypto-mining malware."

Last month, Imperva also revealed that CVE-2024-4577 is being exploited by TellYouThePass ransomware actors to distribute a .NET variant of the file-encrypting malware.

Users and organizations relying on PHP are recommended to update their installations to the latest version to safeguard against active threats.

"The continuously shrinking time that defenders have to protect themselves after a new vulnerability disclosure is yet another critical security risk," the researchers said. "This is especially true for this PHP vulnerability because of its high exploitability and quick adoption by threat actors."

See also:

• Versions of PHP PHP : Versions and number of related security vulnerabilities

Original Submission

Freeman writes:

https://arstechnica.com/security/2024/07/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it/

Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday.

The vulnerability, present in both Windows 10 and 11, causes devices to open Internet Explorer, a legacy browser that Microsoft decommissioned in 2022 after its aging code base made it increasingly susceptible to exploits. Following the move, Windows made it difficult, if not impossible, for normal actions to open the browser, which was first introduced in the mid-1990s.

[...] The company fixed the vulnerability, tracked as CVE-2024-CVE-38112, on Tuesday as part of its monthly patch release program. The vulnerability, which resided in the MSHTML engine of Windows, carried a severity rating of 7.0 out of 10.

The researchers from security firm Check Point said the attack code executed "novel (or previously unknown) tricks to lure Windows users for remote code execution." A link that appeared to open a PDF file appended a .url extension to the end of the file, for instance, Books_A0UJKO.pdf.url, found in one of the malicious code samples.

[...] "From there (the website being opened with IE), the attacker could do many bad things because IE is insecure and outdated," Haifei Li, the Check Point researcher who discovered the vulnerability, wrote. "For example, if the attacker has an IE zero-day exploit—which is much easier to find compared to Chrome/Edge—the attacker could attack the victim to gain remote code execution immediately. However, in the samples we analyzed, the threat actors didn't use any IE remote code execution exploit. Instead, they used another trick in IE—which is probably not publicly known previously—to the best of our knowledge—to trick the victim into gaining remote code execution."

[...] The Check Point post includes cryptographic hashes for six malicious .url files used in the campaign. Windows users can use the hashes to check if they have been targeted. [Article seemed to be missing this link to the Check Point article]

Original Submission

upstart writes:

Starlink satellites lost on Falcon 9 upper stage failure:

SpaceX says it will not be able to recover the 20 Starlink satellites left in a very low orbit after a malfunction of a Falcon 9 upper stage on a July 11 launch.

In a statement July 12, the company said that the 20 satellites on the Group 9-3 launch have been unable to raise the orbit because the electric propulsion systems on the spacecraft cannot counteract the high atmospheric drag the satellites encounter in their very low orbits.

The rocket's upper stage engine "experienced an anomaly and was unable to complete its second burn," the company stated, which would have circularized the orbit of the stage before satellite deployment. While the stage was able to deploy the satellites, they were left in an orbit with a perigee, or low point, of just 135 kilometers.

That kept them in what SpaceX called an "enormously high-drag environment" that reduced the perigee by at least five kilometers per orbit. "At this level of drag, our maximum available thrust is unlikely to be enough to successfully raise the satellites. As such, the satellites will re-enter Earth's atmosphere and fully demise."

SpaceX Chief Executive Elon Musk posted a few hours after the anomaly that satellite controllers were trying to fire the spacecraft's electric thrusters at maximum levels to overcome atmospheric drag. "We're updating satellite software to run the ion thrusters at their equivalent of warp 9," he stated. "Unlike a Star Trek episode, this will probably not work, but it's worth a shot."

The company added that the satellites "do not pose a threat to other satellites in orbit or to public safety" given their very low orbits and a design that is intended to break up completely on reentry.

The SpaceX statement provided few additional details about the problem with the upper stage. It noted that there was a liquid oxygen leak on the second stage noticed during the first burn of the single Merlin engine. That would explain the unusual ice buildup seen on parts of the engine.

Freeman writes:

https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/

One of the most widely used network protocols is vulnerable to a newly discovered attack that can allow adversaries to gain control over a range of environments, including industrial controllers, telecommunications services, ISPs, and all manner of enterprise networks.

Short for Remote Authentication Dial-In User Service, RADIUS harkens back to the days of dial-in Internet and network access through public switched telephone networks. It has remained the de facto standard for lightweight authentication ever since and is supported in virtually all switches, routers, access points, and VPN concentrators shipped in the past two decades.
[...]
The protocol was developed in 1991 by a company known as Livingston Enterprises. In 1997 the Internet Engineering Task Force made it an official standard, which was updated three years later. Although there is a draft proposal for sending RADIUS traffic inside of a TLS-encrypted session that's supported by some vendors, many devices using the protocol only send packets in clear text through UDP (User Datagram Protocol).
[...]
Since 1994, RADIUS has relied on an improvised, home-grown use of the MD5 hash function. First created in 1991 and adopted by the IETF in 1992
[...]
For a cryptographic hash function, it should be computationally impossible for an attacker to find two inputs that map to the same output. Unfortunately, MD5 proved to be based on a weak design: Within a few years, there were signs that the function might be more susceptible than originally thought to attacker-induced collisions, a fatal flaw that allows the attacker to generate two distinct inputs that produce identical outputs. These suspicions were formally verified in a paper published in 2004 by researchers Xiaoyun Wang and Hongbo Yu and further refined in a research paper published three years later.

The latter paper—published in 2007 by researchers Marc Stevens, Arjen Lenstra, and Benne de Weger—described what's known as a chosen-prefix collision
[...]
This type of collision attack is much more powerful because it allows the attacker the freedom to create highly customized forgeries.

Arthur T Knackerbracket has processed the following story:

Scientists in California tested a way to coax certain fat cells to burn calories, rather than simply store energy. In new research involving mice, the team found it was possible to convert existing white fat cells into calorie-burning beige fat cells. The findings could pave the way to a new class of obesity treatments, the study authors say.

Scientists at the University of California San Francisco were trying to get to the root of a problem that has long stymied others in the field. Our fat cells come into three basic flavors: white, brown, and beige. White fat cells are primarily designed to store energy, while brown fat cells play a key role in keeping our body temperature stable. When we’re cold, these cells will burn sugar and fat to heat the body up. The more recently discovered beige fat cells, meanwhile, can carry out the functions of either type, storing or burning energy as needed. These cells are nestled within deposits of white fat cells.

[...] For a long time, scientists have theorized that finding a way to reliably switch white fat cells into either brown or beige fat cells could help prevent or treat these related issues (our bodies can naturally convert white into brown/beige fat cells, though typically only in small amounts from exercise or cold exposure). But so far, these efforts haven’t yet yielded safe and successful treatments. In this latest study, published in the Journal of Clinical Investigation, the UCSF team say they have landed on a new promising approach.

Working with mice, the group had earlier found evidence that a protein called KLF-15 was important to the distinction between white and beige/brown fat cells. In their mice, KLF-15 was much more present in brown and beige fat cells compared to white fat cells. So they decided to breed mice whose white fat cells lacked KLF-15 entirely. Once they did, the mice’s white fat cells suddenly became much more efficient at converting into beige fat cells.

upstart writes:

Expletives fly as admins deal with recommendation to move to Power Automate workflows:

Microsoft has thrown some enterprises into a spin after confirming that, with only a few months' notice, Office 365 connectors within Teams will be cut.

The connectors and webhooks are used to plumb workflows into a Teams channel. For example, users might use them to post an update into a chat stream. This means you can read content and service updates directly in a Teams channel that originated from something like a ticketing platform or a notification from a CI/CD system.

This is the sort of glue that enterprises depend on to make different systems communicate. Or at least it was. From August 15, 2024, Microsoft will block all Connector creation within all clouds. From October 1, 2024, all connectors within all clouds will stop working.

Microsoft has been a little vague on exactly why it is doing this. Its recommendation is for users to switch to Power Automate workflows to "ensure that your integrations are built on an architecture that can grow with your business needs and provide maximum security of your information."

[...] Users have been less than impressed by the news. Comments to the company's post have passed the 100 mark and are generally negative, with some describing the plans as "a greedy cash grab" and others reacting with bewilderment at Microsoft's decision:

[...] Register readers have also been in touch to share the impact the change is having on them. One, who uses RSS feeds and webhooks to send CI/CD notifications to channels, agreed with comments that the change was a "PITA with no benefit to the customer" and noted that the precious few months of notice given wasn't very long.

Original Submission