SoylentNews

Arthur T Knackerbracket has processed the following story:

Google will soon make its own contribution to the problem of link rot by shutting down the Google URL Shortener service in 2025.

The Google URL Shortener was launched in 2009 as an attempt to make lengthy links manageable by feeding them into Google's shortener, which spat out shorter ones in the form of https://goog.gl/*. Nine years later, Google decided to pull the service and direct users to Firebase Dynamic Links (FDL) instead.

At the time, Google said, "All existing links will continue to redirect to the intended destination."

However, as of August 25, 2025, any links built with the Google URL shortener in the form of https://goog.gl/* won't return a response.

It'll be a slow death for the service. From August 23, 2024, goo.gl links will show an interstitial page for a percentage of users warning that the link's days are numbered. As the shutdown date nears, that percentage will increase.

Once shutdown happens, the links will simply return a 404 response.

The interstitial links could be a headache in their own right since there is every chance they could interfere with a redirect flow. And this is why Google's advising engineers to transition those goog.gl links as quickly as possible.

But transition them to where? Google's earlier advice to move to FDL might have sounded good in 2018, but the company has since deprecated the functionality, and on August 25, 2025, the service will stop working, alongside the Google URL Shortener.

The challenge facing engineers is tracking down all the places where an affected link might be used; Link Rot – where links that might have once worked but now return a 404 – has become an increasing problem as the World Wide Web has matured. Decisions such as Google's will only serve to make the problem worse.

Original Submission

Freeman writes:

https://arstechnica.com/information-technology/2024/07/crowdstrike-fixes-start-at-reboot-up-to-15-times-and-get-more-complex-from-there/

We're updating our story about the outage with new details as we have them. Microsoft and CrowdStrike both say that "the affected update has been pulled,"
[...]
If rebooting multiple times isn't fixing your problem, Microsoft recommends restoring your systems using a backup from before 4:09 UTC on July 18 (just after midnight on Friday, Eastern time), when CrowdStrike began pushing out the buggy update. Crowdstrike says a reverted version of the file was deployed at 5:27 UTC.

If these simpler fixes don't work, you may need to boot your machines into Safe Mode so you can manually delete the file that's causing the BSOD errors. For virtual machines, Microsoft recommends attaching the virtual disk to a known-working repair VM so the file can be deleted, then reattaching the virtual disk to its original VM.
[...]
Before you can delete the file on those systems, you'll need the recovery key that unlocks those encrypted disks and makes them readable (normally, this process is invisible, because the system can just read the key stored in a physical or virtual TPM module).

This can cause problems for admins who aren't using key management to store their recovery keys, since (by design!) you can't access a drive without its recovery key. If you don't have that key, Cryptography and infrastructure engineer Tony Arcieri on Mastodon compared this to a "self-inflicted ransomware attack," where an attacker encrypts the disks on your systems and withholds the key until they get paid.

And even if you do have a recovery key, your key management server might also be affected by the CrowdStrike bug.

Original Submission

upstart writes:

106 rare crocodile eggs are found in Cambodia, the biggest such discovery in 20 years:

PNOMH PENH, Cambodia (AP) — Conservationists in Cambodia found 106 eggs of rare Siamese crocodile species in a western Cambodian wildlife sanctuary, officials said Thursday, calling it the biggest discovery in the last 20 years, giving new hope for the world's rarest crocodile species' survival in the wild.

The group discovered the species eggs in Cardamom National Park in May. Between June 27 and 30, a total of 60 eggs were successfully hatched, according to a joint statement issued by the ministries of agriculture and environment along with the conservation group Fauna & Flora.

"This discovery indicates that the area is a key habitat for wild crocodiles, providing hope for the species recovery," the statement said.

The area and the young reptiles have been under the protection of Cardamom National Park Wildlife Sanctuary rangers, it added.

The crocodile species was once widespread across Southeast Asia but is now listed as critically endangered by the International Union for the Conservation of Nature. It had all but disappeared by the 1990s due to a combination of poaching, habitat destruction and crossbreeding with other crocodile species.

Cambodian environment minister, Eang Sophalleth, said his ministry is working on the conservation and habitat restoration of these critically endangered Siamese crocodiles.

"The Siamese crocodiles play an important role in the ecosystem and the discovery of the five nets successfully hatching 60 eggs reflects that the Cardamom National Park is a safe and suitable habitat for this species," Sophalleth said in Thursday's statement.

It's believed only about 1,000 Siamese crocodiles remain in the wild, with more than 300 of them in Cambodia.

In 2017, wildlife researchers found six eggs in Sre Ambel district in the southern province of Koh Kong as they were exploring for tracks and signs of the reptile. Later in September 2021, eight hatchlings were found by conservationists in a river in the Srepok wildlife sanctuary in eastern Cambodia which raised hopes for its survival in the wild.

Original Submission

Arthur T Knackerbracket has processed the following story:

Researchers at the University of Tokyo and RIKEN have discovered that ferromagnetism can be induced by increasing particle motility in quantum systems, where repulsive forces between atoms maintain the order.

Researchers Kazuaki Takasan and Kyogo Kawaguchi from the University of Tokyo, along with Kyosuke Adachi from RIKEN, Japan’s largest comprehensive research institution, have shown that ferromagnetism, an ordered state of atoms, can be induced by increasing particle motility and that repulsive forces between atoms are sufficient to maintain it.

The discovery not only extends the concept of active matter to quantum systems but also contributes to the development of novel technologies that rely on the magnetic properties of particles, such as magnetic memory and quantum computing. The findings were published in the journal Physical Review Research.

Flocking birds, swarming bacteria, cellular flows. These are all examples of active matter, a state in which individual agents, such as birds, bacteria, or cells, self-organize. The agents change from a disordered to an ordered state in what is called a “phase transition.” As a result, they move together in an organized fashion without an external controller.

“Previous studies have shown that the concept of active matter can apply to a wide range of scales, from nanometers (biomolecules) to meters (animals),” says Takasan, the first author. “However, it has not been known whether the physics of active matter can be applied usefully in the quantum regime. We wanted to fill in that gap.”

[...] “It was surprising at first to find that the ordering can appear without elaborate interactions between the agents in the quantum model,” Takasan reflects on the finding. “It was different from what was expected based on biophysical models.”

The researcher took a multi-faceted approach to ensure their finding was not a fluke. Thankfully, the results of computer simulations, mean-field theory, a statistical theory of particles, and mathematical proofs based on linear algebra were all consistent. This strengthened the reliability of their finding, the first step in a new line of research.

“The extension of active matter to the quantum world has only recently begun, and many aspects are still open,” says Takasan. “We would like to further develop the theory of quantum active matter and reveal its universal properties.”

Reference: “Activity-induced ferromagnetism in one-dimensional quantum many-body systems” by Kazuaki Takasan, Kyosuke Adachi and Kyogo Kawaguchi, 26 April 2024, Physical Review Research. DOI: 10.1103/PhysRevResearch.6.023096

Original Submission

Arthur T Knackerbracket has processed the following story:

The European Space Agency has begun work on a planetary defence mission that will intercept an asteroid predicted to come within 32,000km of Earth in 2029.

The Rapid Apophis Mission for Space Safety (RAMSES) mission targets asteroid 99942, aka Apophis, which is about 375 meters wide – the length of 30 giant squid – and expected to pass closer to Earth than some geosynchronous satellites.

"Astronomers have ruled out any chance that the asteroid will collide with our planet for at least the next 100 years," explained the ESA, which added that another rock of this size typically would not approach so closely for another 5,000 to 10,000 years.

This fly-by is therefore an opportunity to observe Apophis in the hope doing so helps humanity to learn how future visitors of this sort might be deflected.

The ESA's Space Safety program – its team dedicated to gathering and publishing info about threats from space – green-lit initial work on the mission on Tuesday, meaning the agency can "kickstart mission prep using current resources," according to ESA director general Josef Aschbacher.

[...] Should the mission receive full support, Ramses will launch in April 2028, rendezvous with Apophis beginning in February 2029, and accompany it through its flyby set to occur two months later. Researchers will use the opportunity to study the effect of Earth's gravity on the asteroid.

"All we need to do is watch as Apophis is stretched and squeezed by strong tidal forces that may trigger landslides and other disturbances and reveal new material from beneath the surface," explained France's National Center for Scientific Research (CNRS) director Patrick Michel.

A suite of scientific instruments will do the "watching" by measuring asteroid shape, surface, orbit, rotation and orientation before and after the flyby, as well as asteroid composition, interior structure, cohesion, mass, density, and porosity.

ESA expects measuring those properties will reveal some secrets on how best to knock a future object off course, and perhaps also offer insights into the formation of the Solar System.

Original Submission

Arthur T Knackerbracket has processed the following story:

Memory, or the ability to store information in a readily accessible way, is an essential operation in both computers and human brains. However, there are key differences in how they process information. While the human brain performs computations directly on stored data, computers must transfer data between a memory unit and a central processing unit (CPU). This inefficient separation, known as the von Neumann bottleneck, contributes to the rising energy costs of computers.

The von Neumann bottleneck is a fundamental limitation in computer architecture, named after the mathematician and physicist John von Neumann. It arises from the design of the von Neumann architecture, which uses a single bus for both data and instructions to be fetched from memory. This creates a communication bottleneck because the CPU can either retrieve data or instructions at any given time, but not both simultaneously. Consequently, the speed of data processing is constrained by the memory bandwidth, leading to inefficiencies and slower overall system performance. This bottleneck has driven the development of alternative architectures and optimization techniques to improve data throughput and computational speed.

For over 50 years, researchers have been working on the concept of a memristor (memory resistor), an electronic component that can both compute and store data, much like a synapse. Aleksandra Radenovic of the Laboratory of Nanoscale Biology (LBEN) at EPFL’s School of Engineering set her sight on something even more ambitious: a functional nanofluidic memristive device that relies on ions, rather than electrons and their oppositely charged counterparts (holes). This approach would mimic the human brain’s way of processing information more closely and is therefore more energy-efficient.

Radenovic says, “Memristors have already been used to build electronic neural networks, but our goal is to build a nanofluidic neural network that takes advantage of changes in ion concentrations, similar to living organisms.”

“We have fabricated a new nanofluidic device for memory applications that is significantly more scalable and much more performant than previous attempts,” says LBEN postdoctoral researcher Théo Emmerich. “This has enabled us, for the very first time, to connect two such ‘artificial synapses’, paving the way for the design of brain-inspired liquid hardware.” The research has recently been published in Nature Electronics.

[Ed. comment: This story has been updated with a recent decision from MLB]

"dalek" writes:

What do Don Denkinger and Jim Joyce have in common? If you're a baseball fan, you might recognize them as umpires who are known for famously missing a critical call late in a game on national TV. Before Major League Baseball (MLB) embraced video-assisted replay (VAR), which it resisted long after other sports like football had demonstrated that replaces could be used successfully, there was no way to reverse the missed calls. Even after MLB finally allowed VAR to be used, by far the most frequent call in a game still cannot be reviewed: whether a pitch is a ball or strike.

The technology to track the fight of a baseball and reliably determine balls and strikes has been in use for a couple of decades. Systems like QuesTec, PITCHf/x, and Statcast can accurately track the flight of a baseball and determine whether its trajectory crossed the strike zone when it reached home plate. Statcast not only determines each pitch's horizontal and vertical location when it crossed the plate, but a plethora of other data like the pitcher's release point in three dimensions, the velocity when the pitch left the pitcher's hand, it's spin axis and rate, the pitch's acceleration in three dimensions, and a classification of the pitch type. Despite the capability to accurately call balls and strikes automatically, MLB still relies solely on human umpires this call.

The horizontal location of the strike zone is identical for every pitch, requiring that some portion of the baseball pass above home plate. However, the vertical location is defined as being from the bottom of the hitter's kneecap to the midpoint between the top of the hitter's pants and the hitter's shoulders. This is affected by the hitter's height, body shape, and their batting stance. A hitter won't have exactly the same batting stance on any two pitches, so the actual strike zone varies slightly from pitch to pitch, even for the same hitter. This data is determined by Statcast while the pitch is in flight, and is recorded in the sz_bot (bottom of the strike zone in feet above ground) and sz_top (the top, with the same units) fields in Statcast data. The flight of the baseball is currently tracked by 12 Hawk-Eye cameras stationed throughout each stadium, five of which operate at 300 frames per second. The images from the different cameras can be used to pinpoint the location of the baseball within a few millimeters. The same type of camera is used for VAR in tennis matches to determine if a ball was out of bounds.

Breaking: CrowdStrike code update bricking Windows machines around the world

c0lo writes:

Announcement

UPDATED An update to a product from infosec vendor CrowdStrike is bricking computers running Windows.

The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.

"We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal," wrote one user.

Forums report that Crowdstrike has issued an advisory with a URL that includes the text "Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but it's behind a regwall that only customers can access.

An apparent screenshot of that article reads "CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor."

CrowdStrike's engineers are working on the issue.

Falcon Sensor is an agent that CrowdStrike claims "blocks attacks on your systems while capturing and recording activity as it happens to detect threats fast."

Right now, however, the sensor appears to be the threat.

This is a developing story and The Register will update it as new info comes to hand. ®

Updated at 0730 UTC to add Brody Nisbet, CrowdStrike's chief threat hunter, has confirmed the issue and on X posted the following:

There is a faulty channel file, so not quite an update. There is a workaround... 1. Boot Windows into Safe Mode or WRE. 2. Go to C:\Windows\System32\drivers\CrowdStrike 3. Locate and delete file matching "C-00000291*.sys" 4. Boot normally.

In a later post he wrote "That workaround won't help everyone though and I've no further actionable help to provide at the minute".
More to come as the situation evolves ...

In Australia, CrowdStrike IT outage hits airports, banks, supermarkets as emergency committee meets

A major network outage has affected several Australian institutions and businesses, including multiple airports, the Commonwealth Bank, Optus, Australia Post and Woolworths.

Original Submission #1  Original Submission #2 

Major Global IT Outage Grounds Planes and Blocks Media Worldwide

upstart writes:

Airports and other key infrastructure sites around the world have reported disruptions amid problems with communications:

Disruption to air traffic control systems is being reported around the world. Preliminary reports say a computer glitch may be causing the problem. Issues have arisen in the US, Spain, Germany, Australia, and elsewhere, with authorities forced to cancel takeoffs and landings due to safety concerns.

The outage was first reported about midnight CET on Thursday night/Friday.

The failure may have been caused by a software update that locks Microsoft operating systems and is reportedly not restricted to airlines. Some banks, emergency services, broadcasters, and financial institutions are also said to have been affected.

Computers using Windows 10 OS are reportedly crashing and showing "the blue screen of death" (BSOD) after an update for a security product provided by the firm CrowdStrike. The company is reportedly working on resolving the issue.

Brody Nisbet, CrowdStrike's chief threat hunter, has offered a workaround to deal with what he called a "faulty channel file" related to the Falcon Sensor cybersecurity app.

See also:

• Crowdstrike and Microsoft: What we know about global IT outage
• RT

Arthur T Knackerbracket has processed the following story:

Entri, which offers a tool for automatically connecting SaaS applications to custom domains via DNS configurations, said [PDF] in a lawsuit, filed in federal court in Virginia, USA, that GoDaddy initially embraced the success of Entri Connect before abruptly reversing course in favor of forcing folks to use GoDaddy's own DNS record update tool Domain Connect.

"Shortly after Entri Connect's launch, GoDaddy saw the value of Entri Connect and the two companies entered a partnership together," Entri's lawyers said in the complaint, submitted this month. "But as Entri grew in popularity, GoDaddy saw an opportunity to use its tremendous size to its advantage."

Entri alleges that GoDaddy changed its stance on the partnership late last year, first telling customers that Entri Connect could no longer be used to update GoDaddy-registered domains, and then updating its terms of use to block Entri from updating DNS settings. 

GoDaddy also "implemented a series of technological measures designed to cause Entri Connect to malfunction when used by GoDaddy customers," the suit alleges. 

In place of Entri Connect, GoDaddy pushed its own Domain Connect, which Entri alleges is far less sophisticated and easy to use than its own tool. 

"While the Domain Connect protocol may currently be used to update DNS records with only four DNS providers actively using the protocol, Entri Connect may be used with more than forty," Entri said in the suit. The company also alleged that a GoDaddy representative admitted that "third-party software applications preferred to offer their end users Entri Connect over Domain Connect 80 percent of the time." 

Entri began life in 2021 - well after Domain Connect was initiated by GoDaddy. 

All of those allegations, says Entri, add up to GoDaddy abusing its market power to disadvantage a competitor, which it says is a violation of America's Sherman Antitrust Act. 

"Customers of GoDaddy's domain registration services are being improperly denied access to the full suite of choices when it comes to automated domain configuration," Entri argued, adding that it has lost sales, configuration volume, and revenue as a result of GoDaddy's move. 

Entri further alleges that GoDaddy has accused it of breaking the Computer Fraud and Abuse Act by accessing the registrar's systems, violated GoDaddy's API terms of use, and committed a violation of US trademark law. Along with standard requests for injunctive and monetary relief, Entri is asking a jury to declare it hasn't committed any of that wrongdoing. 

GoDaddy told us it doesn't comment on pending litigation, [...] .

Original Submission

upstart writes:

FTC Warns Gaming Companies Over Warranty Stickers:

The Federal Trade Commission has sent letters to eight companies, including leading makers of PC gaming rigs, warning them that their warranty language is a violation of the federal Magnuson-Moss Warranty Act (MMWA).

In a statement July 3rd, the Federal Trade Commission staff said statements that customers were required use authorized service providers or manufacturer supplied parts or risk voiding their warranty "may be standing in the way of consumers' right to repair products they have purchased." These "warning letters put companies on notice that restricting consumers' right to repair violates the law," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection in a published statement on the FTC website. "The Commission will continue our efforts to protect consumers' right to repair and independent dealers' right to compete."

Requiring consumers to use specified parts or service providers to keep their warranties intact is prohibited under the MMWA, unless warrantors provide the parts or services for free or receive a waiver from the FTC. The agency also warned that such statements may be considered deceptive business practices under the FTC Act. Letters issued to gaming hardware makers ASRock, Zotac, and Gigabyte,which market and sell gaming PCs, graphics chips, motherboards, and other accessories, specifically warned about the use of stickers stating that warranties are "void if removed."

In recent years the FTC has increased its scrutiny of companies warranty-related practices and re-exerted its authority to enforce laws like MMWA and other federal laws. It issued similar warnings to six companies in 2018 regarding MMWA violations. A study by PIRG of 50 home appliance makers that same year found that "the overwhelming majority (45) would void warranties due to independent or self-repair." Then, in 2022, the Commission issued orders requiring motorcycle maker Harley Davidson and grill maker Weber to take multiple steps to correct violations of the MMWA including to cease telling consumers that their warranties will be void if they use third-party services or parts, or that they should only use branded parts or authorized service providers. The FTC said it would seek civil penalties of up to $46,517 per violation in federal court.

The agency has also appealed to the public and businesses for stories of manufacturers forcing consumers to use authorized repair providers and threatening to void warranties for those that don't. The Commission has set up a special link for warranty or repair stories and said it wants to hear about consumer experiences across a wide range of products  – from cars, kitchen appliances, and cell phones to grills and generators.

Original Submission

Arthur T Knackerbracket has processed the following story:

Law enforcement agencies from eight nations, led by Australia, have issued an advisory that details the tradecraft used by China-aligned threat actor APT40 – aka Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk – and found it prioritizes developing exploits for newly found vulnerabilities and can target them within hours.

The advisory describes APT40 as a "state-sponsored cyber group" and the People's Republic of China (PRC) as that sponsor. The agencies that authored the advisory – which come from Australia, the US, Canada, New Zealand, Japan, South Korea, the UK, and Germany – believe APT40 "conducts malicious cyber operations for the PRC Ministry of State Security (MSS)."

[...] The advisory is the result, and suggests that APT40 "possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilize them against target networks possessing the infrastructure of the associated vulnerability." The gang also watches networks of interest to look for unpatched targets.

"This regular reconnaissance postures the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits," the advisory warns.

Those efforts yield results, because some systems have not been patched for problems identified as long ago as 2017. Some of the vulns APT40 targets are old news – Log4J (CVE 2021 44228), Atlassian Confluence (CVE-2021-31207, CVE-2021- 26084). and Microsoft Exchange (CVE-2021-31207, CVE 2021-34523, CVE-2021-34473) are high on the hit list.

[...] "APT40 has embraced the global trend of using compromised devices, including small-office/home-office (SOHO) devices, as operational infrastructure and last-hop redirectors for its operations in Australia," the advisory observes. "Many of these SOHO devices are end-of-life or unpatched and offer a soft target for N-day exploitation."

[...] The advisory outlines mitigation tactics that are said to offer decent defences against APT40. They're not rocket science: logging, patch management, and network segmentation are all listed.

So are multifactor authentication, disabling unused network services, use of web application firewalls, least privilege access, and replacement of end-of-life equipment.

Original Submission

Freeman writes:

https://arstechnica.com/science/2024/07/will-space-based-solar-power-ever-make-sense/

Is space-based solar power a costly, risky pipe dream? Or is it a viable way to combat climate change? Although beaming solar power from space to Earth could ultimately involve transmitting gigawatts, the process could be made surprisingly safe and cost-effective, according to experts from Space Solar, the European Space Agency, and the University of Glasgow.

But we're going to need to move well beyond demonstration hardware and solve a number of engineering challenges if we want to develop that potential.
[...]
"The idea [has] been around for just over a century," said Nicol Caplin, deep space exploration scientist at the ESA, on a Physics World podcast. "The original concepts were indeed sci-fi. It's sort of rooted in science fiction, but then, since then, there's been a trend of interest coming and going."

Researchers are scoping out multiple designs for space-based solar power. Matteo Ceriotti, senior lecturer in space systems engineering at the University of Glasgow, wrote in The Conversation that many designs have been proposed.
[...]
Using microwave technology, the solar array for an orbiting power station that generates a gigawatt of power would have to be over 1 square kilometer in size, according to a Nature article by senior reporter Elizabeth Gibney. "That's more than 100 times the size of the International Space Station, which took a decade to build." It would also need to be assembled robotically, since the orbiting facility would be uncrewed.
[...]
Space Solar is working on a satellite design called CASSIOPeiA, which Physics World describes as looking "like a spiral staircase, with the photovoltaic panels being the 'treads' and the microwave transmitters—rod-shaped dipoles—being the 'risers.'" It has a helical shape with no moving parts.
[...]
Ceriotti wrote that SPS-ALPHA, another design, has a large solar-collector structure that includes many heliostats, which are modular small reflectors that can be moved individually. These concentrate sunlight onto separate power-generating modules, after which it's transmitted back to Earth by yet another module.

Arthur T Knackerbracket has processed the following story:

The latest Linux kernel is here, with relatively few new features but better support for several hardware platforms, including non-Intel kit.

Linus Torvalds announced kernel 6.10 this weekend and as usual it contains so many hundreds of changes that we can't summarize them all – for instance, the Kernel Newbies summary for this release has 636 bullet points.

The release means that the merge window is now open for proposed changes to go into kernel 6.11, which will probably appear around September. That means it is likely to be too late for both Ubuntu and Fedora's second releases of the year, so kernel 6.10 may be what you get around that time.

There are, as always, some fresh software features in the new release, of which maybe the most interesting is a new memory-management API call called mseal(). Modern CPUs allow blocks of memory to be marked as special in various ways – for example, as non-executable. AMD introduced the NX bit over 20 years ago as part of its x86-64 specification, and a couple of years later Intel added it to its implementation. The mseal() call protects these mappings: it makes them immutable for the life of that process. The patch was submitted by Google last year, and it's likely it will first be used by Chrome and Chromium-based browsers – but probably by other things later. The call reproduces settings which already exist in OpenBSD, as well as the XNU kernel used in multiple Apple OSes.

Additionally, there are small improvements to various filesystems, including bcachefs, Btrfs, ext4, XFS, F2FS, EROFS, and OCFS2. There's support for a much wider range of compression algorithms for the kernel boot image.

However, for this release, more changes overall seem to be in the direction of improved hardware support, over a wide range of devices. On Linux's native x86 (increasingly, x86-64) architecture, this includes better support for hardware encryption, which among other things should deliver faster disk encryption. There's also better TPM2 chip support, improved power management and handling of dynamic CPU speeds. Multiple wired and wireless network drivers have been tuned, and there's support for various new models of CPU and GPU.

Arm support has been improved in multiple areas, both for server processors and CPUs and SOCs used in laptops, including for the Arm's Mali family of GPUs. If the Qualcomm Snapdragon-based Lenovo Thinkpad X13s appealed, notably as a Linux machine, then you might be interested in its inexpensive indirect ancestor too, Acer's Acer Aspire 1 A114-61. This machine's hardware is now more or less fully supported. Although it was a 2021 model, you may be able to find a second-hand unit for $NOT_A_LOT if you fancy an Arm64 Linux laptop. The MIPI webcam sensor used in the X13S, as well as several Intel Thinkpad models, is now supported, too.

Other Arm-powered kit with new support includes several gaming handhelds, such as as the Gameforce Chi, and several Anbernic devices. As we have noted previously looking at SteamOS, gaming support is now a factor visibly driving improvements in Linux.

It's not just Arm: there's also improved support for RISC-V hardware, for instance the budget Milk-V Mars SBC. This extends to the still quite new support for Rust in the kernel. The revision of Rust supported in the kernel has been bumped to version 1.78.0. As we noted when Rust support was first added, whereas the kernel is usually built with GCC, Rust is usually compiled with LLVM and that mainly targets x86-64 and Arm. Now, kernel Rust can be used in RISC-V as well.

Original Submission

upstart writes:

Fats from thin air: Startup makes butter using CO2 and water:

Bill Gates has thrown his weight – and his money – behind a Californian startup that believes it can make a rich, fatty spread akin to butter, using just carbon dioxide and hydrogen. And 'butter' is just the start, with milk, ice-cream, cheese, meat and tropical oils also in development.

The San Jose company, Savor, uses a thermochemical process to create its animal-like fat, which is free of the environmental footprint of both the dairy industry and plant-based alternatives.

"They started with the fact that all fats are made of varying chains of carbon and hydrogen atoms," Gates wrote in a blog post. "Then they set out to make those same carbon and hydrogen chains – without involving animals or plants. They ultimately developed a process that involves taking carbon dioxide from the air and hydrogen from water, heating them up, and oxidizing them to trigger the separation of fatty acids and then the formulation of fat."

Many of us know the stats – according to the United Nations Food and Agriculture Organization (FAO), livestock are responsible for 14.5% of all global greenhouse gas emissions, and animal-fat alternatives that use palm oil contribute to widespread deforestation and biodiversity loss – but also know how delicious dairy products are. So will Gates' enthusiastic support be enough to get people excited about butter made from CO2?

"The idea of switching to lab-made fats and oils may seem strange at first," Gates wrote. "But their potential to significantly reduce our carbon footprint is immense. By harnessing proven technologies and processes, we get one step closer to achieving our climate goals."

Savor's 'butter' is easily produced and scalable, but convincing people to swap out butter and other dairy products for 'experimental' foods will remain a challenge for the foreseeable future. Gates is hoping, however, that his support will do more than start a conversation.

"The big challenge is to drive down the price so that products like Savor's become affordable to the masses – either the same cost as animal fats or less," Gates wrote. "Savor has a good chance of success here, because the key steps of their fat-production process already work in other industries.

"The process doesn't release any greenhouse gases, and it uses no farmland and less than a thousandth of the water that traditional agriculture does," he added. "And most important, it tastes really good – like the real thing, because chemically it is."

Savor's research was published in the journal Nature Sustainability.

Source: Savor

See also:

• Food without agriculture
• Why do different brands of butter taste different?
• This Guy Figured Out How to Make Butter Taste More Buttery

Original Submission

Freeman writes:

https://arstechnica.com/security/2024/07/code-sneaked-into-fake-aws-downloaded-hundreds-of-times-backdoored-dev-devices/

Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers' computers when executed.

The packages—img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy—were attempts to appear as aws-s3-object-multipart-copy, a legitimate JavaScript library for copying files using Amazon's S3 cloud service. The fake files included all the code found in the legitimate library but added an additional JavaScript file named loadformat.js.

[...] "We have reported these packages for removal, however the malicious packages remained available on npm for nearly two days," researchers from Phylum, the security firm that spotted the packages, wrote. "This is worrying as it implies that most systems are unable to detect and promptly report on these packages, leaving developers vulnerable to attack for longer periods of time."

[...] In the past 17 months, threat actors backed by the North Korean government have targeted developers twice, one of those using a zero-day vulnerability.

Phylum researchers provided a deep-dive analysis of how the concealment worked
[...]
One of the most innovative methods in recent memory for concealing an open source backdoor was discovered in March, just weeks before it was to be included in a production release of the XZ Utils

[...] The person or group responsible spent years working on the backdoor. Besides the sophistication of the concealment method, the entity devoted large amounts of time to producing high-quality code for open source projects in a successful effort to build trust with other developers.

In May, Phylum disrupted a separate campaign that backdoored a package available in PyPI that also used steganography, a technique that embeds secret code into images.

"In the last few years, we've seen a dramatic rise in the sophistication and volume of malicious packages published to open source ecosystems," Phylum researchers wrote. "Make no mistake, these attacks are successful. It is absolutely imperative that developers and security organizations alike are keenly aware of this fact and are deeply vigilant with regard to open source libraries they consume."

Related stories on SoylentNews:
Trojanized jQuery Packages Found on Npm, GitHub, and jsDelivr Code Repositories - 20240713
48 Malicious Npm Packages Found Deploying Reverse Shells on Developer Systems - 20231104
Open-Source Security: It's Too Easy to Upload 'Devastating' Malicious Packages, Warns Google - 20220504
Dev Corrupts NPM Libs 'Colors' and 'Faker' Breaking Thousands of Apps - 20220111
Malicious NPM Packages are Part of a Malware "Barrage" Hitting Repositories - 20211213
Heavily Used Node.js Package Has a Code Injection Vulnerability - 20210227
Discord-Stealing Malware Invades NPM Packages - 20210124
Here's how NPM Plans to Improve Security and Reliability in 2019 - 20181217
NPM Fails Worldwide With "ERR! 418 I'm a Teapot" Error - 20180530
Backdoored Python Library Caught Stealing SSH Credentials - 20180511

Original Submission