SoylentNews

Arthur T Knackerbracket has processed the following story:

While hunting in West Texas, a deer hunter spotted a strange object in a creek bed. Suspecting it might be a fossil, he took a photo and showed it to a ranch manager.

“I was skeptical,” O2 Ranch manager Will Juett said in a Sul Ross State University statement. “I figured it was likely just an old stump, but imagined how great it would be if he was right.”

The deer hunter was right, and the discovery was more than great, because it wasn’t just any fossil. An interdisciplinary team of researchers identified it as a mammoth tusk, an incredibly rare find for West Texas.

[...] “A local who subsequently wrote his PhD dissertation on it found one [a mammoth tusk] in Fort Stockton in the 1960s,” Schroeder said, adding that the specimen is currently the only mammoth tusk in Texas’ Trans-Pecos region to have been carbon-dated. “There was a big range of error [in carbon dating] back then. Now we can get it down to a narrower range within 500 years.”

While the statement doesn’t name a specific mammoth species, the tusk might have belonged to a Columbian mammoth, a distant cousin of the more familiar woolly mammoth. The shaggy elephantine animal could reach up to 13 feet in height (almost 4 meters) and weigh around 10 tons.

Columbian mammoths inhabited regions of North America, including modern-day Texas, before going extinct around 11,700 years ago along with many other Ice Age mammals. Though the reason behind the disappearance of the Ice Age’s iconic megafauna remains a hotly debated topic, scientists frequently cite climate change, and human hunting may have also played a role.

“Seeing that mammoth tusk just brings the ancient world to life,” Juett said. “Now, I can’t help but imagine that huge animal wandering around the hills on the O2 Ranch. My next thought is always about the people that faced those huge tusks with only a stone tool in their hand!”

Original Submission

fliptop writes:

Gaia runs faster on Ryzen AI PCs, using the XDNA NPU and RDNA iGPU:

Running large language models (LLMs) on PCs locally is becoming increasingly popular worldwide. In response, AMD is introducing its own LLM application, Gaia, an open-source project for running local LLMs on any Windows machine.

Gaia is designed to run various LLM models on Windows PCs and features further performance optimizations for machines equipped with its Ryzen AI processors (including the Ryzen AI Max 395+). Gaia uses the open-source Lemonade SDK from ONNX TurnkeyML for LLM inference. Models can allegedly adapt for different purposes with Gaia, including summarization and complex reasoning tasks.

[...] MD's new open-source project works by providing LLM-specific tasks through the Lemonade SDK and serving them across multiple runtimes. Lemonade allegedly "exposes an LLM web service that communicates with the GAIA application...via an OpenAI compatible Rest API." Gaia itself acts as an AI-powered agent that retrieves and processes data. It also "vectorizes external content (e.g., GitHub, YouTube, text files) and stores it in a local vector index."

Also at Phoronix.

AMD Press Release and GitHub Repository.

Original Submission

owl writes:

https://arstechnica.com/gadgets/2025/03/italian-court-orders-google-to-block-iptv-pirate-sites-at-dns-level/

Italy is using its Piracy Shield law to go after Google, with a court ordering the Internet giant to immediately begin poisoning its public DNS servers. This is just the latest phase of a campaign that has also targeted Italian ISPs and other international firms like Cloudflare. The goal is aimed at preventing illegal football streams, but the effort has already caused collateral damage. Regardless, Italy's communication regulator praises the ruling and hopes to continue sticking it to international tech firms.

The Court of Milan issued this ruling in response to a complaint that Google failed to block pirate websites after they were identified by the national communication regulator, known as AGCOM. The court found that the sites in question were involved in the illegal streaming of Series A football matches, which has been a focus of anti-piracy crusaders in Italy for years. Since Google offers a public DNS service, it is subject to the site-blocking law.

Piracy Shield is often labeled as draconian by opponents because blocking content via DNS is messy. It blocks the entire domain, which has led to confusion when users rely on popular platforms to distribute pirated content. Just last year, Italian ISPs briefly blocked the entire Google Drive domain because someone, somewhere used it to share copyrighted material. This is often called DNS poisoning or spoofing in the context of online attacks, and the outcome is the same if it's being done under legal authority: a DNS record is altered to prevent someone typing a domain name from being routed to the correct IP address.

Original Submission

An Anonymous Coward writes:

https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates.

Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company.

Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned executables, or at least treat them with less suspicion.

The holy grail for threat actors is to obtain Extended Validation (EV) code-signing certificates, as they automatically gain increased trust from many cybersecurity programs due to the more rigorous verification process. Even more important, EV certificates are believed to gain a reputation boost in SmartScreen, helping to bypass alerts that would normally be displayed for unknown files.

However, EV code-singing certificates can be difficult to obtain, requiring them to be stolen from other companies or for threat actors to set up fake businesses and spend thousands of dollars to purchase one. Furthermore, once the certificate is used in a malware campaign, it is usually revoked, making it unusable for future attacks.

Recently, cybersecurity researchers have seen threat actors utilizing the Microsoft Trusted Signing service to sign their malware with short-lived, three-day code-signing certificates.

[...] The Microsoft Trusted Signing service launched in 2024 and is a cloud-based service that allows developers to easily have their programs signed by Microsoft.

[...] "The service supports both public and private trust signing scenarios and includes a timestamping service."

[...] This increased security is accomplished by using short-lived certificates that can easily be revoked in the event of abuse and by never issuing the certificates directly to the developers, preventing them from being stolen in the event of a breach.

Arthur T Knackerbracket has processed the following story:

Over the past couple of weeks, I’ve been following news of the deaths of actor Gene Hackman and his wife, pianist Betsy Arakawa. It was heartbreaking to hear how Arakawa appeared to have died from a rare infection days before her husband, who had advanced Alzheimer’s disease and may have struggled to understand what had happened.

But as I watched the medical examiner reveal details of the couple's health, I couldn't help feeling a little uncomfortable. Media reports claim that the couple liked their privacy and had been out of the spotlight for decades. But here I was, on the other side of the Atlantic Ocean, being told what pills Arakawa had in her medicine cabinet, and that Hackman had undergone multiple surgeries.

It made me wonder: Should autopsy reports be kept private? A person’s cause of death is public information. But what about other intimate health details that might be revealed in a postmortem examination?

[...] The goal of an autopsy is to discover the cause of a person's death. Autopsy reports, especially those resulting from detailed investigations, often reveal health conditions—conditions that might have been kept private while the person was alive. There are multiple federal and state laws designed to protect individuals' health information. For example, the Health Insurance Portability and Accountability Act (HIPAA) protects "individually identifiable health information" up to 50 years after a person's death. But some things change when a person dies.

For a start, the cause of death will end up on the death certificate. That is public information. The public nature of causes of death is taken for granted these days, says Lauren Solberg, a bioethicist at the University of Florida College of Medicine. It has become a public health statistic. She and her student Brooke Ortiz, who have been researching this topic, are more concerned about other aspects of autopsy results.

The thing is, autopsies can sometimes reveal more than what a person died from. They can also pick up what are known as incidental findings. An examiner might find that a person who died following a covid-19 infection also had another condition. Perhaps that condition was undiagnosed. Maybe it was asymptomatic. That finding wouldn't appear on a death certificate. So who should have access to it?

taylorvich writes:

https://medicalxpress.com/news/2025-03-drug-reestablishes-brain-mouse.html

A new study by UCLA Health has discovered what researchers say is the first drug to fully reproduce the effects of physical stroke rehabilitation in model mice.

The findings, published in Nature Communications, tested two candidate drugs derived from their studies on the mechanism of the brain effects of rehabilitation, one of which resulted in significant recovery in movement control after stroke in mice.

Stroke is the leading cause of adult disability because most patients do not fully recover from the effects of stroke. There are no drugs in the field of stroke recovery, requiring stroke patients to undergo physical rehabilitation, which has shown to be only modestly effective.

"The goal is to have a medicine that stroke patients can take that produces the effects of rehabilitation," said Dr. S. Thomas Carmichael, the study's lead author and professor and chair of UCLA Neurology.

"Rehabilitation after stroke is limited in its actual effects because most patients cannot sustain the rehab intensity needed for stroke recovery.

"Further, stroke recovery is not like most other fields of medicine, where drugs are available that treat the disease—such as cardiology, infectious disease or cancer," Carmichael said.

"Rehabilitation is a physical medicine approach that has been around for decades; we need to move rehabilitation into an era of molecular medicine."

In the study, Carmichael and his team sought to determine how physical rehabilitation improved brain function after a stroke and whether they could generate a drug that could produce these same effects.

Working in laboratory mouse models of stroke and with stroke patients, the UCLA researchers identified a loss of brain connections that stroke produces that are remote from the site of the stroke damage. Brain cells located at a distance from the stroke site get disconnected from other neurons. As a result, brain networks do not fire together for things like movement and gait.

Arthur T Knackerbracket has processed the following story:

[Ed's Comment: Originally this story was viewable on FireFox and it downloaded fine using "Arthur". It is now giving a cookie warning that it cannot ever complete redirections and no longer displays. If anyone finds a solution to the problem please leave it in the comments. TY --JR]

There are a lot of things in life that we keep safely tucked away that we hope we'll never need to use. Our smoke alarms, for instance, or our emergency funds. These are the very things that we can't neglect, though, because when we need them, we really, really need them. Another solid example for drivers is a spare tire. Are you one of those unfortunate souls who has been stuck on an unfamiliar road late at night while waiting for your mechanic to hook you up with a spare? This topic is sure to strike a real chord with you, then. 

In November 2023, the UK's RAC reported that it had reviewed "equipment lists of more than 300 car models across 28 brands — everything from the smallest superminis to the largest 4x4s," and what did the British auto servicing brand discover? Less than 3% of those models were sold new with a spare wheel included in the price. 

For the manufacturer, of course, there's a money-saving benefit to limiting production of spares, while there are also some performance-related reasons to dispense with them. They add weight when kept in the back, and because they aren't always offered as full-size spares, they can limit performance while being driven on. As they're something of a last resort, drivers may not be inclined to use them anyway, which also limits the call for them. There are also more lightweight and convenient approaches to dealing with a flat, which is a further factor in the reduction of spare tires. 

If you were a fan of the fearsome muscle cars of the mid-to-late twentieth century, you surely still lament the fact that these mighty models became increasingly less practical, and then all but impossible to drive as a result of such paradigm shifts as the Clean Air Act. Enacted in 1970, the EPA reports that "this legislation authorized the development of comprehensive federal and state regulations to limit emissions from both stationary (industrial) sources and mobile sources," and there weren't many mobile sources more majestic than the Dodge Charger R/T (pictured here) and its kind. Fuel increasingly had to be cleaner, engines needed to be more efficient and generally smaller, and the trend for lighter, more practical models began.

 As important as a spare tire can be, there's no getting around the fact that it can add considerable weight to a vehicle: 44 pounds (20 kg) or so depending on the type of vehicle. This complicates the matter of hitting eco-friendlier targets. This could be seen as an advantage of the trend away from spare tires, having a potential positive effect on a vehicle's fuel economy, but the benefits of this compared to the risks associated with driving without a spare tire are a matter for the individual driver to decide on. 

After all, spares can certainly be hefty and unwieldy to work with at the roadside. Another part of the reasoning is that lots of drivers don't use them, which means they're often dead weight. Additionally, the vehicle not only has to store the wheel itself, but also the means to actually use it should the need arise. The jack alone can be quite the bulky accessory.

Booga1 writes:

https://petapixel.com/2025/03/19/us-court-of-appeals-unanimously-denies-copyright-protection-for-ai-created-images/

A unanimous federal appeals court ruled that pictures generated solely by machines do not qualify for copyright protection.
"The Copyright Act of 1976 requires all eligible work to be authorized in the first instance by a human being," said the U.S. Court of Appeals for the District of Columbia.
The 3-0 court ruling, issued March 18, was written by Circuit Judge Patricia A. Millett, who was nominated by President Obama in 2013.

Background
Computer scientist Dr. Stephen Thaler created a generative artificial intelligence named "Creativity Machine," which made a picture that Thaler titled "A Recent Entrance to Paradise."
The U.S. Copyright Office denied Thaler's application (for copyright registration) based on its requirement that work must be authored in the first instance by a human being. The copyright application listed Creativity Machine as the work's sole author.
Thaler litigated. A federal court (U.S. District Court for the District of Columbia) upheld the Copyright Office's denial; the federal appeals court affirmed the ruling of the federal district court.

After the March 18 opinion from the federal appeals court, Thaler's attorney, Ryan Abbott, said he and his client "strongly disagree" with the ruling and intend to appeal. The Copyright Office said it "believes the court reached the correct result."

"Judge Millett explained it best that, 'machines are tools, not authors.' Interpretations of the Copyright Act would be nonsensical if the 'author' could be a computer or other machine. Machines do not have children, they do not die, they do not have nationalities or hold property. All of these concepts referenced in copyright law would have absurd results if authorship was granted to a computer program, and courts are simply not allowed to re-interpret statutes or ignore portions of a statute." -- Alicia Calzada, Deputy General Counsel of the National Press Photographers Association (NPPA)

Previously: https://soylentnews.org/article.pl?sid=23/08/24/0036210

Original Submission

owl writes:

https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/

On Wednesday, web infrastructure provider Cloudflare announced a new feature called "AI Labyrinth" that aims to combat unauthorized AI data scraping by serving fake AI-generated content to bots. The tool will attempt to thwart AI companies that crawl websites without permission to collect training data for large language models that power AI assistants like ChatGPT.

Cloudflare, founded in 2009, is probably best known as a company that provides infrastructure and security services for websites, particularly protection against distributed denial-of-service (DDoS) attacks and other malicious traffic.

Instead of simply blocking bots, Cloudflare's new system lures them into a "maze" of realistic-looking but irrelevant pages, wasting the crawler's computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler's operators that they've been detected.

Original Submission

An Anonymous Coward writes:

https://www.phoronix.com/news/Linux-6.15-slab

Ahead of the upcoming Linux 6.15 kernel cycle a few early pull requests have already been sent in to Linus Torvalds in advance of the anticipated v6.14 release on Sunday. Among those early changes for Linux 6.15 are the SLAB allocator updates that include a fix for cache randomization with kvmalloc inadvertently being inadequate due to accidentally using the same randomization seed.

With the SLAB pull request ahead of the Linux 6.15 merge window, most notable besides a few minor improvements is improving the kmalloc cache randomization within the kvmalloc code.

Google engineers discovered that the CONFIG_RANDOM_KMALLOC_CACHES hardening feature wasn't properly being employed. CONFIG_RANDOM_KMALLOC_CACHES creates multiple copies of slab caches and makes kmalloc randomly pick one based on the code address in order to help fend off memory vulnerability exploits. But the problem was the same random seed always ended up being used with the current Linux kernel code. From the Google code comments:

        "...This is problematic because `__kmalloc_node` will use the return address as the seed to derive the *random* cache to use. Since all calls to `kvmalloc_node` will use the same seed when the size is large, the hardening is rendered completely pointless."

Gong Ruiqi of Huawei who worked out the solution to the issue explained:

        "That literally means all kmalloc invoked via kvmalloc would use the same seed for cache randomization (CONFIG_RANDOM_KMALLOC_CACHES), which makes this hardening non-functional.

        The root cause of this problem, IMHO, is that using RET_IP only cannot identify the actual allocation site in case of kmalloc being called inside non-inlined wrappers or helper functions. And I believe there could be similar cases in other functions. Nevertheless, I haven't thought of any good solution for this. So for now let's solve this specific case first.

        For __kvmalloc_node_noprof, replace __kmalloc_node_noprof and call __do_kmalloc_node directly instead, so that RET_IP can take the return address of kvmalloc and differentiate each kvmalloc invocation."

At least with these pending SLAB updates for the Linux 6.15 merge window, this issue will be resolved and presumably be likely back-ported to existing stable kernels to address this ineffective security hardening.

- https://www.phoronix.com/news/Linux-6.15-Likely-Features
- https://lore.kernel.org/lkml/2f7985a8-0460-42de-9af0-4f966b937695@suse.cz/
- https://github.com/google/security-research/blob/908d59b573960dc0b90adda6f16f7017aca08609/pocs/linux/kernelctf/CVE-2024-27397_mitigation/docs/exploit.md?plain=1#L259
- https://patchwork.kernel.org/project/linux-mm/patch/20250212081505.2025320-3-gongruiqi1@huawei.com/

Original Submission

AnonTechie writes:

As civilisations become more and more advanced, their power needs also increase. It's likely that an advanced civilisation might need so much power that they enclose their host star in solar energy collecting satellites. These Dyson Swarms will trap heat so any planets within the sphere are likely to experience a temperature increase. A new paper explores this and concludes that a complete Dyson swarm outside the orbit of the Earth would raise our temperature by 140 K !

The concept of a Dyson swarm is purely a hypothetical concept, a theorised megastructure consisting of numerous satellites or habitats orbiting a star to capture and harness its energy output. Unlike the solid shell of a Dyson sphere, a swarm represents less of an engineering challenge, allowing for incremental construction as energy needs increase. The concept, first popularised by physicist Freeman Dyson in 1960, represents one of the most ambitious yet potentially achievable feats of astroengineering that could eventually allow a civilisation to use a significant fraction of its host star's total energy output.

... The paper concludes that a Dyson sphere surrounding the sun would significantly impact Earth's climate. Small spheres positioned inside Earth's orbit prove impractical, either becoming too hot for their own efficiency or having too great an impact on solar energy arriving on our planet. While large spheres enable efficient energy conversion, they would raise Earth's temperature by 140 K, making Earth completely uninhabitable.

A compromise might involve creating a partial structure (the Dyson swarm) at 2.13AU from the sun. This would harvest 4% of solar energy (15.6 yottawatts, or 15.6 million billion billion watts) while increasing Earth's temperature by less than 3K—comparable to current global warming trends. It's still quite an engineering feat though, requiring 1.3×1023 kg of silicon.

[Source]: The Universe Today

[Journal Ref]: The photovoltaic Dyson sphere

Original Submission

Arthur T Knackerbracket has processed the following story:

A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation.

Senior principal vulnerability analyst Will Dormann said last week he contacted Microsoft Security Response Center (MSRC) with a clear description of the bug and supporting screenshots, only to be told that his report wouldn't be looked at without a video.

MSRC told Dormann: "As requested, please provide clear video POC (proof of concept) on how the said vulnerability is being exploited? We are unable to make any progress without that. It will be highly appreciated."

Frustrated with Microsoft's demand, which Dormann said would only show him typing commands that were already depicted in the screenshots, and hitting Enter in CMD, the analyst created a video laden with malicious compliance.

The video is 15 minutes long and at the four-second mark flashes a screenshot from Zoolander, in which the protagonist unveils the "Center for Kids Who Can't Read Good."

It also features a punchy techno backing track while wasting the reviewer's time with approximately 14 minutes of inactivity.

Dormann said via Mastodon: "I get that people doing grunt work have mostly fixed workflows that they go through with common next steps.

"But to request a video that now captures (beyond my already-submitted screenshots) the act of me typing, and the Windows response being painted on the screen adds what of value now?"

To top it all off, when trying to submit the video via Microsoft's portal, the upload failed due to a 403 error.

Arthur T Knackerbracket has processed the following story:

A group of technology companies and lobbyists want the European Commission (EC) to take action to reduce the region's reliance on foreign-owned digital services and infrastructure.

In an open letter to EC President Ursula von der Leyen and Executive Vice-President for Tech Sovereignty Henna Virkkunen, the group of nearly 100 organizations proposed the creation of a sovereign infrastructure fund to invest in key technology and lessen dependence on US corporations.

The letter points to recent events, including the farcical Munich Security Conference, as a sign of "the stark geopolitical reality Europe is now facing," and says that building strategic autonomy in key sectors is now an urgent imperative for European countries.

Signatories include aerospace giant Airbus, France's Dassault Systèmes, European cloud operator OVHcloud, chip designer SiPearl, open source biz Nextcloud, and a host of others including organizations such as the European Startup Network.

OVHcloud said the group was calling "for a collective industrial policy strategy to strengthen Europe's competitiveness and strategic autonomy. We are convinced this is the premise of what we hope will be a larger movement of the entire ecosystem."

Proposals include the sovereign infrastructure fund, which would be able to support public investment, especially in capital-intensive sectors like semiconductors, with "significant additional commitment of funds allocated and/or underwritten" by the European Investment Bank (EIB) and national public funding bodies.

It also suggests there should be a formal requirement for the public sector to "buy European" and source their IT requirements from European-led and assembled solutions, while recognizing that these may involve complex supply chains with foreign components.

Arthur T Knackerbracket has processed the following story:

The Chinese Communist Party’s (CCP's) national internet censor just announced that all AI-generated content will be required to have labels that are explicitly seen or heard by its audience and embedded in metadata. The Cyberspace Administration of China (CAC) just released the transcript for the media questions and answers (akin to an FAQ) on its Measures for the Identification of Artificial Intelligence Generated and Synthetic Content [machine translated]. We saw the first signs of this policy move last September when the CAC's draft plans emerged.

This regulation takes effect on September 1, 2025, and will compel all service providers (i.e., AI LLMs) to “add explicit labels to generated and synthesized content.” The directive includes all types of data: text, images, videos, audio, and even virtual scenes. Aside from that, it also orders app stores to verify whether the apps they host follow the regulations.

Users will still be able to ask for unlabeled AI-generated content for “social concerns and industrial needs.” However, the generating app must reiterate this requirement to the user and also log the information to make it easier to trace. The responsibility of adding the AI-generated label and metadata falls on the shoulders of this end-user person or entity.

The CAC also outlaws the malicious removal, tampering, forgery, or concealment of these AI labels, including the provision of tools that will help carry out these acts. Although this obviously means that you’re prohibited from deleting the AI label and metadata on AI-generated content, it also prohibits the addition of this identifier for human-created data.

The CCP, through the CAC, aims to control the spread of disinformation and prevent internet users from being confused by AI-generated content via the application of this law. At the moment, we haven’t seen any prescribed punishments for violators, but there is always the threat of legal action from the Chinese government.

This isn’t the first law that attempts to control the development and use of AI technologies, and the EU enacted its Artificial Intelligence Act in 2024. Many may react negatively to this move by the CAC, especially as it’s known for administering the Great Firewall of China to limit and control the internet within China’s borders. Nevertheless, this move will help reduce misinformation from anyone and everyone, especially as AI LLMs become more advanced. By ensuring that artificially generated content is marked clearly, people could more easily determine if they’re looking at or listening to a real event or something conjured by a machine on some server farm.

Original Submission

Frosty Piss writes:

https://www.theregister.com/2025/03/19/ubuntu_2510_rust/

Efforts are afoot to replace the GNU coreutils with Rust ones in future versions of Ubuntu - which also means changing the software license. Canonical plans to replace the current core utilities – from the GNU project and implemented in C – with the newer uutils suite, which is written in Rust. Rather than technical issues, most concerns raised in the discussion on Ubuntu Discourse are about licensing. As a product of the GNU project, the existing coreutils are licensed under the GPL – specifically, GPL 3. The Rust replacements are licensed under the much more permissive MIT license.

Original Submission