SoylentNews

hubie writes:

Malware botnets exploit outdated D-Link routers in recent attacks:

Two botnets tracked as 'Ficora' and 'Capsaicin' have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions.

The list of targets includes popular D-Link devices used by individuals and organizations such as DIR-645, DIR-806, GO-RT-AC750, and DIR-845L.

For initial access, the two pieces of malware use known exploits for CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112.

Once a device is compromised, attackers leverage weaknesses in in D-Link's management interface (HNAP) and execute malicious commands through a GetDeviceSettings action.

The botnets can steal data and execute shell scripts. Attackers appear to compromise the devices for distributed denial-of-service (DDoS) purposes.

Ficora has a widespread geographic distribution with some focus on Japan and the United States. Capsaicin appears to be targeting mostly devices in East Asian countries and increased its activity for just two days, starting on October 21.

[...] One way to prevent botnet malware infections on routers and IoT devices is to ensure that they're running the latest firmware version, which should addresses known vulnerabilities.

If the device has reached end-of-life and no longer receives security updates, it should be replaced with a new model.

A a general advice, you should replace default admin credentials with unique and strong passwords and disable remote access interfaces if not needed.

Previously: D-Link Won't Fix Critical Flaw Affecting 60,000 Older NAS Devices

Original Submission

James Earl Carter Jr. (October 1, 1924 – December 29, 2024) was an American politician who served as the 39th president of the United States from 1977 to 1981. A member of the Democratic Party, Carter previously served from 1963 to 1967 in the Georgia State Senate and from 1971 to 1975 as the 76th governor of Georgia. He was the longest-lived president in U.S. history and the first to live to 100 years.

Please see drussell's journal for discussion.

Arthur T Knackerbracket has processed the following story:

Motorola is one of the most important companies in history. They are responsible for the mobile phone, among many other inventions, but their success didn’t last forever. They took hit after hit. They were left with no profits, bled dry from the inside out by Google and left with none of their technology. Yet, this wasn’t the end. Motorola was down, but not out. Somehow after all of this, they did they impossible. Motorola not only survived but began to thrive. This is how.

At their core, Motorola was a wireless communications company, but that’s massively underselling their long, prestigious, history. In the second World War, they made a breakthrough invention. The first portable, two-way radio: The SCR-300, which soon became known as the walkie-talkie. It was a pivotal tool for the US Army Corps, and had a range between 10 and 20 miles. But that’s just the beginning. Motorola also created, “Unified S-Band” radio, a crucial piece of equipment for the Apollo 11 moon landing mission. The radio was responsible for one of the most important video transmissions in human history. Motorola’s has a long history beyond these two examples. It’s actually unbelievable how big an impact this one company had on humanity. 

Yet shockingly, these pivotal examples aren’t even what they’re known for today. In 1973 Motorola engineer Martin Cooper had just finished his latest prototype. It allowed for remote calling, anywhere. But it was fully handheld, and didn’t have cables, and didn’t have to be attached to a vehicle, and it wasn’t a radio…! Motorola had just invented the mobile phone, but this was just the prototype. It would take Motorola another full decade to bring it to the masses, and over $100 million.

[...] In the early 2000s, they had a fierce rivalry with Nokia, and soon unveiled the Razr 3. A sleek, ultra-thin flip phone, and one of the most iconic and successful phones in history. The Razr 3 sold over 130 million units. Their invention altered the world of technology. Almost everyone living today is directly impacted by this monumental invention. Which is what makes what happened next, so surprising.

[...] Motorola phones had no flash interface like Apple, and very little third party apps. Plus, just by looking at the Motorola Q, you could see why it didn’t catch on. Worst of all, it was running Windows as its operating system. The traditional “dumb phone” had been most of Motorola’s business. But these were falling out of favor. Time was running out. They needed to adapt, and fast. 

looorg writes:

Volkswagen accidentally leaked, or left open to the public via the cloud, location data and personal information of the owner for more then 800,000 electric cars.

After setting up the app, her car apparently began collecting and transmitting data to the manufacturer, including the exact GPS location of where she parked it every time she turned off the engine.

[...] A data volume of several terabytes on around 800,000 electric cars was largely unprotected and accessible for months in an Amazon cloud storage system .

[...] Much of the vehicle data could be linked to the names and contact details of the drivers, owners or fleet managers. Precise location data was available for 460,000 vehicles, allowing conclusions to be drawn about the lives of the people behind the wheel

[...] The cloud storage itself contained the data of the individual vehicles, immediately recognizable by the names for the battery charge level, the inspection status and the categories "engine on" and "engine off". The latter contained not only the time but also the longitude and latitude lines and thus the position of the car when the electric motor was switched off. In the case of VW models and Seats, this geodata was accurate to within ten centimeters,

[...] Cariad responded within a few hours and did not even try to downplay the matter. The team responsible for security incidents thanked them and asked for further details. The gap has now been closed.

The case goes far beyond Cariad and the VW Group. Many modern cars have a three-digit number of sensors and collect masses of data. Exactly which ones and to what extent are likely to be known only to the manufacturers.

[...] But who actually owns the car data? The manufacturers? The owners? An important question, especially as more and more players are expressing their desire for it. Car insurers, for example, want access so that they can offer rates that reward careful driving.

https://www-spiegel-de.translate.goog/netzwelt/web/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Original Submission

upstart writes:

As machine learning and generative AI reshape the world, MIT's Schwarzman College of Computing is integrating these and other advanced computing technologies into classrooms and labs across campus:

Launched in 2019–'20, Schwarzman is MIT's only college, so called because it cuts across the Institute's five schools in a new effort to integrate advanced computing and artificial intelligence into all areas of study. "We want to do two things: ensure that MIT stays at the forefront of computer science, AI research, and education," Huttenlocher says, "and infuse the forefront of computing into disciplines across MIT." He adds that safety and ethical considerations are also critical.

To that end, the college now encompasses multiple existing labs and centers, including the Computer Science and Artificial Intelligence Laboratory (CSAIL), and multiple academic units, including the Department of Electrical Engineering and Computer Science. (EECS—which was reorganized into the overlapping subunits of electrical engineering, computer science, and artificial intelligence and decision-making—is now part of both the college and the School of Engineering.) At the same time, the college has embarked on a plan to hire 50 new faculty members, half of whom will have shared appointments in other departments across all five schools to create a true Institute-wide entity. Those faculty members—two-thirds of whom have already been hired—will conduct research at the boundaries of advanced computing and AI.

The new faculty members have already begun helping the college respond to an undeniable reality facing many students: They've been overwhelmingly drawn to advanced computing tools, yet computer science classes are often too technical for nonmajors who want to apply those tools in other disciplines. And for students in other majors, it can be tricky to fit computer science classes into their schedules.

Meanwhile, the appetite for computer science education is so great that nearly half of MIT's undergraduates major in EECS, voting with their feet about the importance of computing. Graduate-level classes on deep learning and machine vision are among the largest on campus, with over 500 students each. And a blended major in cognition and computing has almost four times as many enrollees as brain and cognitive sciences.

"We've been calling these students 'computing bilinguals,'" Huttenlocher says, and the college aims to make sure that MIT students, whatever their field, are fluent in the language of computing. "As we change the landscape," he says, "it's not about seeing computing as a tool in service of a particular discipline, or a discipline in the service of computing, but asking: How can we bring these things together to forge something new?"

Original Submission

owl writes:

https://www.righto.com/2024/12/this-die-photo-of-pentium-shows.html

In 1993, Intel released the high-performance Pentium processor, the start of the long-running Pentium line. The Pentium had many improvements over the previous processor, the Intel 486, including a faster floating-point division algorithm. A year later, Professor Nicely, a number theory professor, was researching reciprocals of twin prime numbers when he noticed a problem: his Pentium sometimes generated the wrong result when performing floating-point division. Intel considered this "an extremely minor technical problem", but much to Intel's surprise, the bug became a large media story. After weeks of criticism, mockery, and bad publicity, Intel agreed to replace everyone's faulty Pentium chips, costing the company $475 million.

In this article, I discuss the Pentium's division algorithm, show exactly where the bug is on the Pentium chip, take a close look at the circuitry, and explain what went wrong. In brief, the division algorithm uses a lookup table. In 1994, Intel stated that the cause of the bug was that five entries were omitted from the table due to an error in a script. However, my analysis shows that 16 entries were omitted due to a mathematical mistake in the definition of the lookup table. Five of the missing entries trigger the bug— also called the FDIV bug after the floating-point division instruction "FDIV"—while 11 of the missing entries have no effect.

Original Submission

Arthur T Knackerbracket has processed the following story:

Two 48-core CPUs are used.

Graviton, a Russia-based server supplier, has announced its first AI and HPC server powered by Russia's own homegrown processors. This device can support up to eight compute GPUs to process artificial intelligence and supercomputer workloads. The vendor doesn't recommend any particular GPUs (though they can be easily guessed), probably because getting them amid sanctions is illegal. Furthermore, whether or not the machine can achieve competitive performance numbers is unclear.

The Graviton S2124B server is based on two undisclosed 48-core CPUs running at 2 GHz and featuring DDR4-3200 memory, according to ServerNews. The basic specification of the processor likely suggests the Baikal Electronics BE-S1000 server-grade chip that packs 48 Arm Cortex-A75 cores and supports 2-way and 4-way symmetric multiprocessor (SMP) configurations. 

This particular version of the BE-S1000 seems to clock the CPU at 500 MHz below its original frequency, which is likely a result of porting its design from TSMC's 16FFC to a different production node at a different foundry. It is also possible that Baikal reduced the operating clocks to increase yields or reduce power consumption.

Dividing the claimed performance numbers by eight, we can determine the GPUs Graviton intends to install in its S2124B machine (in all cases, we'll refer to tensor core performance). Per-accelerator performance numbers — 60 FP64 TFLOPS of compute power for supercomputing and 3340 FP8/INT8 TFLOPS/TOPS performance for AI — point to Nvidia's H100 PCIe GPU. Those who use the S2124B will have to rely on Nvidia's CUDA ecosystem. However, without support from Nvidia, it is unlikely that peak performance will be achieved. Furthermore, considering the CPU is Arm-based and relatively unknown, it remains to be seen how much performance can actually be extracted from these Hopper accelerators.

In addition to two CPUs and eight GPU accelerators, Graviton's S2124B can integrate 12 SATA drives or 12 NVMe U.3 SSDs.

The Graviton S2124B server is currently available for order, with customers also invited to apply for testing opportunities, but its pricing is unknown. Additionally, it is unclear whether Graviton can supply Nvidia H100 GPUs.

"We take pride in consistently offering IT solutions that meet market demands in a timely manner," said Alexander Filchenkov, head of server and network systems at Graviton. "This time, we successfully developed and manufactured servers critical for complex computations using domestic processors. This product represents a significant step in advancing domestic computing technologies and will enable our clients to efficiently address data processing challenges."

Original Submission

Arthur T Knackerbracket has processed the following story:

Residents of five states will be ringing in the new year with the best gift of all: new privacy rights.

This upcoming January will see consumer data privacy laws that were enacted by state lawmakers in 2023 and 2024 go into effect in Delaware, Iowa, Nebraska, New Hampshire, and New Jersey. It will bring the number of states with active privacy laws up to 13.

The new laws govern how businesses of certain sizes—the size varies by state—handle sensitive consumer information and grant residents of those states various rights to know, correct, and delete the data that businesses hold about them. Here are some of the key provisions in the new suite of laws:

Delaware: Originally passed in 2023, the law applies to people and organizations who, during the preceding calendar year, processed the personal information of 35,000 Delaware residents or processed the personal information of 10,000 Delaware residents and made more than 20 percent of their gross revenue from the sale of personal information.

Unlike many other state privacy laws, it applies to nonprofits and for-profit businesses.

It grants residents the right to know what personal information an organization holds about them, obtain a copy of that information, correct it, and opt out of having that information used for targeted advertising, sold to a third party, or used to make automated decisions with significant legal ramifications.

The law goes into effect January 1.

Iowa: Also passed in 2023, Iowa's law applies to businesses that processed personal information for at least 100,000 residents or that processed information for 25,000 residents and made more than half of their gross revenue from the sale of such data.

It is a narrower, more business-friendly law than many of the other state laws that have taken effect.

While consumers are granted the right to access and delete information a business holds about them and opt out of it being sold to a third party, they are not allowed to correct that information, opt out of its use for targeted advertising, or opt out of it being used to make automated decisions about them.

The law goes into effect January 1.

upstart writes:

US obesity rates drop for 1st time in a decade, with possible help from weight loss medications:

For the first time in over a decade, obesity rates in the United States may finally be heading in the right direction and new weight loss drugs like semaglutide could be part of the reason why.

A new study published Friday in the journal, JAMA Health Forum, found that obesity numbers ticked down slightly from 46% in 2022 to 45.6% in 2023. While only a slight decline, this is the first drop recorded in at least a decade.

"What we're seeing for the first time is that curve is bending and shows a sign of hope for something that was really a threat to American public health for so many years," said study co-author and ABC News contributor John Brownstein, who is also the chief innovation officer at Boston Children's Hospital and a professor at Harvard Medical School.

The study reviewed the body mass index (BMIs), a measure of obesity, of 16.7 million U.S. adults over a 10-year period. The average BMI rose annually to 30.24 -- which is considered obese -- until it plateaued in 2022, then dropped marginally to 30.21 in 2023.

Brownstein and his team noted that women and adults aged 66 to 75 saw the largest decreases in obesity. People living in the South, where they had the highest dispensing rate of weight loss drugs known as GLP-1 receptor agonists, also saw a meaningful decline in obesity.

Semaglutide, which belong to a class of drugs known as GLP-1 agonists, is the active ingredient found in the popular weight loss drugs Ozempic and Wegovy. The U.S. saw a 700% increase in the use of these drugs specifically for weight loss, from 2019 to 2023, according to one Annals of Internal Medicine study. They are also used to treat type 2 diabetes or a combination of diabetes and obesity.

[...] Brownstein said that the growing use of these medications may be helping to reverse obesity trends.

canopic jug writes:

EcoWatch has an article about a new species of pitcher plant discovered in mountains of Borneo. The rims are quite dark red. Nepenthes are a tropical vine which generally grow in very acidic soil and have pitchers dangling from the end of their leaves to capture rainfall and insects. [nitrogen]. The pitchers can occur up in the air, rest on the ground, or even be found slightly underground in various species.

The team noted that the leaves of the plant were unique and that there was long red hair covering the pitcher that was almost the same color as that of the orangutans who live in the area, leading them to name the novel species Nepenthes pongoides, or "resembling orangutan."

After subsequent research, the team discovered that the plant was the largest pitcher that had ever been identified.

See also the full-text, open access article, Sabah's hidden giant: Nepenthes pongoides (Nepenthaceae), a micro-endemic tropical pitcher plant from northern Borneo, in the Australian Journal of Botany.

Apparently the orangutans are quite red there.

Previously:
(2023) Some Carnivorous Plants Evolved Into Toilets And Are Now Winning at Life

[Editor's Comment: Minor correction to content--JR]

Original Submission

Arthur T Knackerbracket has processed the following story:

This flavor of Scorched Earth has been dubbed the Broken Nest.

Elbridge Colby, the nominee for U.S. Undersecretary of Defense for Policy, is known to favor the destruction of Taiwan’s chip fabs in the event of a Chinese invasion. As recently as last year, Colby publicly asserted that “destroying TSMC” was imperative if an aggressive PRC attempted to capture these facilities, reports Datacenter Dynamics. Furthermore, the security policy professional asserts that TSMC’s destruction shouldn’t be left to Taiwan’s government or military.

Colby’s particular take on the Scorched Earth strategy has become known as the ‘Broken Nest’ deterrent, a term coined by a U.S. Army College paper in 2021. The full title of the paper is Broken Nest: Deterring China from Invading Taiwan, and though it is 15 pages long, you can understand the deterrent immediately from the title. A key thread throughout the paper is that China has started to find Taiwan more and more attractive as the island’s semiconductor prowess has grown, largely through TSMC's chipmaking abilities.

Would the Chinese Communist Party (mainland China, PRC) care so much about the relatively small earthquake and typhoon-prone island of Taiwan (ROC) if the semicon business were out of the equation? The linked paper thinks not, and Colby has echoed the paper’s central thrusts, repeatedly. Being unequivocal about TSMC’s destruction in the event of a Chinese invasion is thus extremely important in the minds of some policymakers.

“Disabling or destroying TSMC is table stakes if China is taking over Taiwan,” wrote Colby on Twitter/X earlier this year. “Would we be so insane as to allow the world's key semiconductor company fall untouched into the hands of an aggressive PRC?”

Disabling or destroying TSMC is table stakes if China is taking over Taiwan. Would we be so insane as to allow the world's key semiconductor company fall untouched into the hands of an aggressive PRC? Taiwanese should realize that would be *the least* of their problems. https://t.co/Z8qmKxjWe9 href="https://twitter.com/cantworkitout/status/1761514916224139737" data-url="https://twitter.com/cantworkitout/status/1761514916224139737" target="_blank" referrerpolicy="no-referrer-when-downgrade" data-hl-processed="none">February 24, 2024

However, destroying TSMC and other advanced semiconductor facilities might not be easy. China would likely make great efforts to shield these locations from any wider aggression. Moreover, in 2023, we learned that Taiwan’s Minister for National Defense, Chiu Kuo-cheng (邱國正), would not tolerate any U.S. attempts to destroy TSMC in the event of a war with China. If the US and China are in a high-stakes game of chicken, Taiwan isn't (or wasn't) playing.

Colby, who was picked by Trump as Undersecretary of Defense for Policy over the weekend, has some other views that could cause a stir across the Taiwan Strait. A report published by the Taiwan News this week says he would be in favor of pushing Taiwan to increase its defense spending from 2.5 to 5% of GDP. Interestingly, he also recently suggested that the U.S. should prioritize arming Taiwan rather than Ukraine. Europe should do more for its neighbor, he argued.

Original Submission

Undersea Power Cable Connecting Finland And Estonia Experiences Outage Capacity Reduced To 35%

Arthur T Knackerbracket has processed the following story:

Sabotage isn’t ruled out yet.

Estlink 2, an undersea power cable connecting Finland and Estonia, has unexpectedly been disrupted at around 12:26 pm local time (10:26 am GMT) on Christmas Day. While Finland Prime Minister Petteri Orpo said that the outage hasn’t affected the country’s power supply, Reuters said that it did reduce the availability capacity between the two countries to 358 megawatts from its designed 1,106-megawatt installed capacity. The incident comes after the suspected sabotage of two undersea internet cables that connect Finland and Sweden to the rest Europe.

At the time of the incident, some 658 megawatts of power have been flowing from Finland to Estonia, says Finnish national electricity transmission operator Fingrid. Estonia’s electricity transmission operator Elering has also acknowledged the incident but is yet to report any disruption in its electrical supply.

There are two undersea power cables between Finland and Estonia—Estlink 1, which is west of Helsinki and Tallinna and has a capacity of 350 megawatts, and Estlink 2, which lies east of both cities and has a larger capacity of 650 megawatts. Finnish public broadcaster Yle says that Estlink 2 was unserviceable for several months earlier this year as it was undergoing maintenance, but the connection has since been restored in September. Because of this, Fingrid Operations Manager Arto Pahkin said that action by external forces could not be discounted.

“The possibility of sabotage cannot be ruled out. However, we are examining the situation as a whole and will provide information once the cause is identified,” says Pahkin. He also said, “An investigation into the incident has been initiated.” Finnish Prime Minister Petteri Orpo also weighed in on the matter, saying on X (formerly Twitter) (machine translated), “Authorities are still on standby over Christmas and are investigating the matter.”

Arthur T Knackerbracket has processed the following story:

Few things seem to push government officials to become officious faster than the mild irritation of people making a slight mockery of government machinery. In the grand scheme of things, the scofflawishness is almost imperceptible. But it’s the scoffing part that bothers these officious entities the most. And that is almost always greeted with a pettiness inversely proportionate to the original acts that put these particularly irritating burrs under the government’s saddle.

And so it is here, in the case of artist Morry Kolman, which has the possibility of turning into The State vs. Morry Kolman. As Samantha Cole explains for 404 Media, Kolman took publicly available information and added even more publicly available information to turn New York City’s traffic cameras into ad hoc selfie stations.

The locations of the cameras are already known and people can access the feeds through the NYC Dept. of Transportation site. The only thing Kolman added was instructions on how to use the cameras to capture photos on demand of anyone within range of the camera.

This apparently bothered the NYC DOT so much it decided to send Kolman a half-assed cease-and-desist letter[.]

[...] Kolman has responded appropriately. He acquired a 25-foot window washing pole, which he used to take a photo of the C&D letter sent by the city, as well as to hoist a mirror to camera-level to obtain a traffic cam “selfie” — both of which were featured in a recent Miami art exhibition.

[...] But it’s no longer just a New York City problem. Kolman has provided code that enables other users to upload/link to traffic cam location data, which means this is starting to spread across the nation.

Minneapolis, Minnesota has entered the chat. So have sizable portions of the upper east coast and the state of Georgia

The NYC government is still free to criminally charge selfie-takers for, I don’t know… aggravated jaywalking? But it doesn’t have a legal leg to stand on when it comes to threatening people for providing the public with access to data the city and its DOT already have made publicly accessible. That this particular use of that data may be ill-advised doesn’t make it a violation of the DOT site’s terms of use. The only thing the city has done here is provide national advertising for a site that had flown well under the radar right up until the NYC government decided to make an issue of it.

Original Submission

canopic jug writes:

Developer Niels Provos has a short guide on building your own generative AI search engine using Python and PlanAI:

PlanAI is an open-source Python framework that simplifies building complex AI workflows. In this tutorial, we’ll implement a generative AI search engine similar to Perplexity using PlanAI’s task-based architecture and integrations.

This tutorial is aimed at developers with a basic understanding of Python and general familiarity with AI concepts. We’ll be building a search engine that can answer complex questions by synthesizing information from multiple web sources. It’s “Perplexity-style” in that it provides a concise, AI-generated answer along with cited sources, much like the search engine Perplexity.ai. PlanAI makes building this type of application much easier by handling the complexities of task dependencies, data flow, caching, and integrating with various Large Language Models (LLMs). It even allows for human-in-the-loop input when automated methods fail, making it robust for real-world scenarios.

He goes over the prerequisite skills and tools, gives an overview of the architecture, and then walks through the steps with code examples.

The result is a search engine build from a Large Language Model (LLM)

Original Submission

Arthur T Knackerbracket has processed the following story:

This week's hero we'll Regomize as "Trey" because back in the first decade of this millennium he was working for one of the many startup telcos trying to cash in on 3G. (Sadly, he tells Who, Me? it was not one of the ones that succeeded.)

Trey worked on the platforms and services team, which created and maintained apps for internal users and customers. Among his responsibilities was working with external service providers, such as a payment provider, an identity services outfit, and bulk SMS handler.

One day, Trey noticed the payments gateway misbehaving, so he wrote a piece of software that sent it a test transaction, checked it had worked, then repeated the process five minutes later.

Another experiment saw him write a demo app that automated payments, using SMS as prompts.

The app had its own syntax for commands. In theory, the message “Credit 5” would send that sum to an account, and so on.

Trey showed the automated payments applications to the head of his department, who was well pleased – so pleased he asked for it to be deployed immediately.

Oh yeah, immediate deployment. That never goes wrong, right?

Wrong. It turns out Trey's little demo had exactly three bugs in it that had not been spotted in his limited testing.

[...] When he arrived at work the next morning, there were some very serious faces – including a security team – waiting to greet him and find out what sort of fraud he thought he was trying to pull. The account had amassed a considerable fortune by that stage.

Thankfully the head of department, who had authorized the deployment, came to Trey's rescue and explained the situation. Tragically, though, the balance of the test account was reset to zero.

Ever had a programming error make a fortune appear – or disappear – like magic? Tell us all about it in an email to Who, Me? and we may share your adventure on some future Monday morning.

Before you submit it to them, do any of you Soylentils have stories to share of pushing buggy code to production that failed so quickly?

Original Submission