SoylentNews

An Anonymous Coward writes:

As a followup to this SN story, we have a ruling!

decathorpe (Fabio Valentini) posted:

Given feedback in this thread (and to a lesser extent, also on the mailing list) I have decided to withdraw this proposal.

• It is clear that the Fedora 44 target for this Change was too early. To some degree, I expected this to be the case, and was prepared to move the proposed implementation of the Change to a later release. Fedora 44 was just the earliest "reasonable" target. However, I think this also shows an inherent conflict in the current Changes process - if a big Change (like this one) is submitted quite early (out of caution!), that also front-loads the discussion and decision process instead of giving things more time. For example, I don't think the discussion would have been meaningfully different if the targeted release had been Fedora 46 instead of 44 - which is one of the reasons why I decided to withdraw the change instead of just re-targeting it at a later Fedora release.
• I don't think the problem that was attempted to be addressed with this proposal will go away. With more and more projects dropping official support for building / running their software on 32-bit architectures, it's just going to get worse over the next few years. Dealing with widely used software falling out from under our feet won't be fun. To some degree, always pushing the latest and greatest :tm: software in Fedora is also working against us here - if we just stuck with foo 1.0 LTS for 10 years, we just wouldn't need to care that foo 3.0 dropped support for running on 32-bit systems ...
• I am disappointed in some of the reactions this :double_exclamation_mark: proposal :double_exclamation_mark: has received, with some people apparently reading it in the most uncharitable way. It was a proposal that tried to address technical problems package maintainers and release engineering is facing, not some conspiracy to break the "gaming use case". That said, I was expecting a lot of feedback feedback on this one, but not hundreds of people shouting "DON'T DO THIS WHY DON'T YOU CARE ABOUT YOUR USERS I WILL SWITCH DISTROS IMMEDIATELY levels of feedback (though to some degree, I also blame clickbait "tech press" or YouTubers for that ...)

I am now looking forward to seeing actual (and actionable) counter-proposals.

— Fabio

Original Submission

canopic jug writes:

Standards nerd and technology enthusiast, Terence Eden, has analyzed the Brother printers' default password scandal in light of the UK computer security legislation.

So, to recap. The law says an Internet-connected device (including printers) must have a password which is not "based on or derived from publicly available information". As I understand it, having a serial-number based password is OK as long as you don't publicise the serial number. I expect that if it were printed on a sticker that would be fine. But because the serial can be discovered remotely, it fails at this point.

The UK law in question is The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023. Brother might also have crossed the line in California which had already outlawed default passwords from 2020 onward.

Previously:
(2025) Massive Privacy Concern: Over 40,000 Security Cameras Are Streaming Unsecured Footage Worldwide
(2024) Secure Boot is Completely Broken on 200+ Models From 5 Big Device Makers
(2022) An Update to Raspberry Pi OS Bullseye
(2018) Weak Passwords to be Banned in California

Original Submission

upstart writes:

Mexican drug cartel hacker spied on FBI official's phone to track and kill informants, report says:

In 2018, a hacker hired by the Mexican Sinaloa drug cartel run by the infamous kingpin Joaquín "El Chapo" Guzmán spied on the U.S. Embassy in Mexico City with the goal of identifying "people of interest" for the cartel to target and kill, according to a new U.S. government watchdog report.

[...] The hacker "offered a menu of services related to exploiting mobile phones and other electronic devices," and was able to observe people going in and out of the U.S. Embassy in Mexico's capital, according to the report, including the FBI assistant legal attaché, a federal agent who works overseas along with local law enforcement authorities.

Somehow — the report does not detail exactly how — the hacker was "able to use" the official's mobile phone number to "obtain calls made and received, as well as geolocation data, associated with" the official's phone.

According to the FBI, the hacker also accessed Mexico City's camera system to follow the attaché through the city and "identify people" who the attaché met with, read the report.

"According to the case agent, the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses," the report added.

[...] For years, Mexico has been at the bleeding edge of surveillance and hacking capabilities, on both sides of the drug war.

upstart writes:

Genetic Study Reveals Humanity's Longest Migration:

Modern humans are thought to have walked out of Africa around 60,000 years ago, and they kept going until they reached every habitable part of the planet. Researchers have now revealed more about the longest migration in human history. Reporting in Science, a new study has indicated that early Asians embarked on the longest prehistory migration of humans in history. This trek was over 20,000 kilometers long (12,427 miles), and took multiple generations of people traveling over thousands of years, as they moved from North Asia to the southernmost part of South America, on foot. Ice bridges are thought to have made this route possible.

This study involved a genetic analysis of over 1,537 individuals who are meant to represent 139 diverse ethnic groups. Patterns of ancestry were analyzed, such as sequences that were shared among individuals, or variations that arose and accumulated over time. These differences and similarities showed how various groups moved, adapted, and split apart as they encountered new environments during their journey from Africa, to North Asia, and finally to Tierra del Fuego in what is now Argentina.

We have some good news to share. The Stripe donation system, which some of you may have noticed has been unavailable for a while, is now fully functional again.

It took a bit of digging, but after a thorough investigation, kolie was able to isolate the problem and has successfully deployed a fix. A huge thank you is owed to him for his persistence in resolving this.

As all of you know, SoylentNews is a user-supported, community-run project. We rely entirely on the generosity of our readers to cover the server costs and other expenses that keep this site operational. Now that the donation pipeline is open again, it's time to pass around the hat.

If you find value in this community and have the means, please consider making a one-time or recurring donation. Every contribution, no matter the size, is critical in ensuring that everyone's favorite place for news and discussion can continue to operate and remain independent.

You can find the donation link here.

Feedback is always welcome. If you encounter any problems at all with the donation process, please let us know in the comments below so we can look into it. Thank you for your continued support.

Original Submission

upstart writes:

New theory proposes time has three dimensions, with space as a secondary effect:

Time, not space plus time, might be the single fundamental property in which all physical phenomena occur, according to a new theory by a University of Alaska Fairbanks scientist.

The theory also argues that time comes in three dimensions rather than just the single one we experience as continual forward progression. Space emerges as a secondary manifestation.

"These three time dimensions are the primary fabric of everything, like the canvas of a painting," said associate research professor Gunther Kletetschka at the UAF Geophysical Institute. "Space still exists with its three dimensions, but it's more like the paint on the canvas rather than the canvas itself."

Those thoughts are a marked difference from generally accepted physics, which holds that a single dimension of time plus the three dimensions of space constitute reality. This is known as spacetime, the concept developed more than a century ago that views time and space as one entity.

Kletetschka's mathematical formula of six total dimensions—of time and space combined—could bring scientists closer to finding the single unifying explanation of the universe.

Kletetschka's work, published April 21 in Reports in Advances of Physical Science, adds to a long-running body of research by theoretical physicists on a subject outside of mainstream physics.

He writes that his mathematical framework for three-dimensional time improves on others' proposals by making testable reproductions of known particle masses and other physical properties.

"Earlier 3D time proposals were primarily mathematical constructs without these concrete experimental connections," he said. "My work transforms the concept from an interesting mathematical possibility into a physically testable theory with multiple independent verification channels."

Arthur T Knackerbracket has processed the following story:

"In the cyber world, there's no such thing as a ceasefire," he told The Register.

If we see something in cyberspace that can disrupt us, we're going to attack it first, and we have that under US Cyber Command's mission

Bolukbas is chief technology officer and founder of Black Kite, a cyber-risk intelligence firm that assesses businesses' third-party supplier risks. His company also shares and receives threat intel with and from the US National Security Agency (NSA), as do other private security firms.

Prior to founding Black Kite in 2016, Bolukbas worked for NATO as a part of its counter cyberterrorism task force, helping member and partner countries harden their network defenses by simulating offensive cyber attacks against government agencies.

His final mission with NATO involved red-teaming a critical power grid in Kiev, Ukraine. Most of the facilities' systems were airgapped, isolated from external networks, which made it more difficult to break into. 

"It wasn't easy to target, so I said, 'OK, let me find the suppliers for this organization'," Bolukbas recalled. "I found 20 of them, picked one that would be the easiest to find and target, and used that to access the grid control panel, literally one command away from taking down the grid."

Shortly after, in 2015, Russia's Sandworm did shut off part of Ukraine's electricity grid, resulting in power outages for tens of thousands of Ukraine residents for a number of hours.

Ten years later, Bolukbas says he's worried about one of Iran's cyber-arms doing something similar to Israeli or American critical infrastructure in retaliation for the air strikes earlier this month.

"My belief is that they're going to go after the supply chain, because that's our weak spot," Bolukbas said, adding that while it's really difficult to breach the Pentagon's networks directly, Iran is "going to go after the supply chains of Israel and US Department of Defense suppliers."

He pointed to Russia compromising Western logistics firms and tech companies, including email providers, as a means of collecting valuable intel about Ukrainian targets and military strategy in that ongoing conflict. Russian cyberspies also breached internet-connected cameras at Ukrainian border crossings to track aid shipments, and targeted at least one provider of industrial control system (ICS) components for railway management, according to a joint government advisory issued last month.

hubie writes:

As AI kills search traffic, Google launches Offerwall to boost publisher revenue:

Google's AI search features are killing traffic to publishers, so now the company is proposing a possible solution. On Thursday, the tech giant officially launched Offerwall, a new tool that allows publishers to generate revenue beyond the more traffic-dependent options, like ads.

Offerwall lets publishers give their sites' readers a variety of ways to access their content, including through options like micropayments, taking surveys, watching ads, and more. In addition, Google says that publishers can add their own options to the Offerwall, like signing up for newsletters.

[...] Google notes that it's also using AI to determine when to display the Offerwall to each site visitor to increase engagement and revenue. However, publishers can set their own thresholds before the Offerwall is displayed, if they prefer.

Many of the solutions Offerwall introduces have been tried by publishers before, across a range of products and services. Micropayments, for instance, have repeatedly failed to take off. The economics don't tend to work, and there's additional friction in having to pay per article that's not been worth the payoff for readers or publishers alike, given implementation and maintenance costs.

[...] In Google's case, it's working with a third party, Supertab, which allows site visitors to pay a small amount to access the online content for a period of time — like 24 hours, a few days, a week, etc. The option (currently in beta) also supports subscription sign-ups and integrates with Google Ad Manager.

Google notes that publishers can also configure Offerwall to include their own logo and introductory text, then customize the choices it presents. One option that's enabled by default has visitors watch a short ad to earn access to the publisher's content. This is the only option that has a revenue share, and, on that front, it works the same way all Ad Manager solutions do, Google notes.

Another option has visitors click to choose from a set of topics they're interested in, which is then saved and used for ads personalization.

[...] However, early reports during the testing period said that publishers saw an average revenue lift of 9% after 1 million messages on AdSense, for viewing rewarded ads. Google Ad Manager customers saw a 5% to 15% lift when using Offerwall as well. Google also confirmed to TechCrunch via email that publishers with Offerwall saw an average revenue uplift of 9% during its year-plus in testing.

If Google AI is taking all of their clicks away, it would seem the publishers are over a barrel here and don't have much choice.

Original Submission

hubie writes:

Facebook is starting to feed its AI with private, unpublished photos

Always read the terms and conditions, folks:

For years, Meta trained its AI programs using the billions of public images uploaded by users onto Facebook and Instagram's servers. Now, it's also hoping to access the billions of images that users haven't uploaded to those servers. Meta tells The Verge that it's not currently training its AI models on those photos, but it would not answer our questions about whether it might do so in future, or what rights it will hold over your camera roll images.

On Friday, TechCrunch reported that Facebook users trying to post something on the Story feature have encountered pop-up messages asking if they'd like to opt into "cloud processing", which would allow Facebook to "select media from your camera roll and upload it to our cloud on a regular basis", to generate "ideas like collages, recaps, AI restyling or themes like birthdays or graduations."

By allowing this feature, the message continues, users are agreeing to Meta AI terms, which allows their AI to analyze "media and facial features" of those unpublished photos, as well as the date said photos were taken, and the presence of other people or objects in them. You further grant Meta the right to "retain and use" that personal information.

Meta's public stance is that the feature is "very early," innocuous and entirely opt-in: "We're exploring ways to make content sharing easier for people on Facebook by testing suggestions of ready-to-share and curated content from a person's camera roll. These suggestions are opt-in only and only shown to you – unless you decide to share them – and can be turned off at any time. Camera roll media may be used to improve these suggestions, but are not used to improve AI models in this test," reads a statement from Meta comms manager Maria Cubeta.

[...] And while Daniels and Cubeta tell The Verge that opting in only gives Meta permission to retrieve 30 days worth of your unpublished camera roll at a time, it appears that Meta is retaining some data longer than that. "Camera roll suggestions based on themes, such as pets, weddings and graduations, may include media that is older than 30 days," Meta writes.

Thankfully, Facebook users do have an option to turn off camera roll cloud processing in their settings, which, once activated, will also start removing unpublished photos from the cloud after 30 days.

Facebook is asking to use Meta AI on photos in your camera roll you haven't yet shared:

Facebook is asking users for access to their phone's camera roll to automatically suggest AI-edited versions of their photos — including ones that haven't been uploaded to Facebook yet.

The feature is being suggested to Facebook users when they're creating a new Story on the social networking app. Here, a screen pops up and asks if the user will opt into "cloud processing" to allow creative suggestions.

As the pop-up message explains, by clicking "Allow," you'll let Facebook generate new ideas from your camera roll, like collages, recaps, AI restylings, or photo themes. To work, Facebook says it will upload media from your camera roll to its cloud (meaning its servers) on an "ongoing basis," based on information like time, location, or themes.

[...] The creative tool is another example of the slippery slope that comes with sharing our personal media with AI providers. Like other tech giants, Meta has grand AI ambitions. Being able to tap into the personal photos users haven't yet shared on Facebook's social network could give the company an advantage in the AI race.

Unfortunately for end users, in tech companies' rush to stay ahead, it's not always clear what they're agreeing to when features like this appear.

[...] So far, there hasn't been much backlash about this feature. A handful of Facebook users have stumbled across the AI-generated photo suggestions when creating a new story and raised questions about it. For instance, one user on Reddit found that Facebook had pulled up an old photo (in this case, one that had previously been shared to the social network) and automatically turned it into an anime using Meta AI.

When another user in an anti-AI Facebook group asked for help shutting this feature off, the search led to a section called camera roll sharing suggestions in the app's Settings.

[...] Reached for comment, Meta spokesperson Maria Cubeta confirmed the feature is a test, saying, "We're exploring ways to make content sharing easier for people on Facebook by testing suggestions of ready-to-share and curated content from a person's camera roll."

"These suggestions are opt-in only and only shown to you – unless you decide to share them – and can be turned off at any time," she continued. "Camera roll media may be used to improve these suggestions, but are not used to improve AI models in this test."

The company is currently testing suggestions in the U.S. and Canada.

Original Submission

An Anonymous Coward writes:

https://www.bleepingcomputer.com/news/security/bluetooth-flaws-could-let-hackers-spy-through-your-microphone/

Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information.

Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are affected.

The list of impacted products includes speakers, earbuds, headphones, and wireless microphones.

The security problems could be leveraged to take over a vulnerable product and on some phones, an attacker within connection range may be able to extract call history and contacts.
Snooping over a Bluetooth connection

At the TROOPERS security conference in Germany, researchers at cybersecurity company ERNW disclosed three vulnerabilities in the Airoha systems on a chip (SoCs), which are widely used in True Wireless Stereo (TWS) earbuds.

The issues are not critical and besides close physical proximity (Bluetooth range), their exploitation also requires "a high technical skill set." They received the following identifiers:

        CVE-2025-20700 (6.7, medium severity score) - missing authentication for GATT services
        CVE-2025-20701 (6.7, medium severity score) - missing authentication for Bluetooth BR/EDR
        CVE-2025-20702 (7.5, high severity score) - critical capabilities of a custom protocol

ERNW researchers say they created a proof-of-concept exploit code that allowed them to read the currently playing media from the targeted headphones.

[...] Although the ERNW researchers present serious attack scenarios, practical implementation at scale is constrained by certain limitations.

"Yes — the idea that someone could hijack your headphones, impersonate them towards your phone, and potentially make calls or spy on you, sounds pretty alarming."

"Yes — technically, it is serious," the researchers say, adding that "real attacks are complex to perform."

The necessity of both technical sophistication and physical proximity confines these attacks to high-value targets, such as those in diplomacy, journalism, activism, or sensitive industries.

Airoha has released an updated SDK incorporating necessary mitigations, and device manufacturers have started patch development and distribution.

Nevertheless, German publication Heise says that the most recent firmware updates for more than half of the affected devices are from May 27 or earlier, which is before Airoha delivered the updated SDK to its customers.

Original Submission

Arthur T Knackerbracket has processed the following story:

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week published guidance urging software developers to adopt memory-safe programming languages.

"The importance of memory safety cannot be overstated," the inter-agency report [PDF] says.

Memory safety refers to the extent to which programming languages provide ways to avoid vulnerabilities arising from the mishandling of computer memory. Languages like Rust, Go, C#, Java, Swift, Python, and JavaScript support automated memory management (garbage collection) or implement compile-time checks on memory ownership to prevent memory-based errors.

C and C++, two of the most widely used programming languages, are not memory-safe by default. And while developers can make them safer through diligent adherence to best practices and the application of static analysis tools, not everyone deploys code with that much care.

To further complicate matters, code written in nominally safe languages may still import unsafe C/C++ libraries using a Foreign Function Interface, potentially breaking memory safety guarantees.

[...] Google and Microsoft have attributed the majority of vulnerabilities in large software projects to memory safety errors. In Google's Android operating system, for example, 90 percent of high-severity vulnerabilities in 2018 came via memory safety bugs. In 2021, the Chocolate Factory noted that more than 70 percent of serious security issues in Chromium came from memory safety flaws.

The infamous Heartbleed flaw in the OpenSSL cryptographic library was the result of a memory safety error (an out-of-bounds read) in C code. And there are many other examples, including the mid-June Google Cloud outage, which Google's incident report attributes to a lack of proper error handling for a null pointer.

Within a few years, the tech industry began answering the call for memory-safe languages. In 2022, Microsoft executives began calling for new applications to be written in memory-safe languages like Rust. By 2023, Consumer Reports – a mainstream product review publication – published a report on memory safety and government officials like Jen Easterly, CISA's director at the time, cited the need to transition to memory-safe languages during public appearances.

KritonK writes:

https://www.amiga-news.de/en/news/AN-2025-06-00123-EN.html

Three weeks ago, Youtuber Christian 'Perifractic' Simpson announced in a video that he had received an offer to take over Commodore B.V., the owner of the remaining Commodore trademark rights. In a second video published on June 28 he announced the completed takeover: A group of unnamed angel investors has acquired the company for a low seven-figure sum. He himself is now the acting CEO, but the purchase price has not yet been paid - the company is still looking for investors.

In the half-hour video, Simpson lists a whole series of former Commodore employees (Michael Tomczyk, Bil Herd, David Pleasance, support staff such as James Harrison and Hans Olsen) or actor Thomas Middleditch ("Silicon Valley") as future "advisors". A financial participation of the community is not yet possible, as the international legal hurdles are too high. Commodore plans to revive the time before social networks and artificial intelligence, when computer technology was still considered a utopia rather than the scourge of mankind, with new "retro-futuristic" products. The years around the turn of the millennium are cited as a model several times.

Original Submission

upstart writes:

Scientists unlock the light-bending secrets of squid skin:

Squid are famous for flashing from glass-clear to kaleidoscopic in the blink of an eye, but biologists have long puzzled over the physical trick behind the act.

A research team led by the University of California, Irvine, joined by cephalopod experts at the Marine Biological Laboratory in Woods Hole, took that mystery head-on.

By peering into squid skin in three dimensions, they uncovered a hidden forest of nano-columns built from an uncommon protein called reflectin.

How squid skin bends light

These columns act much like tiny mirrors, bouncing or passing light depending on how close together they sit.

Alon Gorodetsky, an expert in chemical and biomolecular engineering at UC Irvine, is the senior author of the research.

"In nature, many animals use Bragg reflectors [which selectively transmit and reflect light at specific wavelengths] for structural coloration," he said. "A squid's ability to rapidly and reversibly transition from transparent to colored is remarkable."

"We found that cells containing specialized subcellular columnar structures with sinusoidal refractive index distributions enable the squid to achieve such feats."

hubie writes:

AI isn't just impacting how we write — it's changing how we speak and interact with others. And there's only more to come:

Join any Zoom call, walk into any lecture hall, or watch any YouTube video, and listen carefully. Past the content and inside the linguistic patterns, you'll find the creeping uniformity of AI voice. Words like "prowess" and "tapestry," which are favored by ChatGPT, are creeping into our vocabulary, while words like "bolster," "unearth," and "nuance," words less favored by ChatGPT, have declined in use. Researchers are already documenting shifts in the way we speak and communicate as a result of ChatGPT — and they see this linguistic influence accelerating into something much larger.

In the 18 months after ChatGPT was released, speakers used words like "meticulous," "delve," "realm," and "adept" up to 51 percent more frequently than in the three years prior, according to researchers at the Max Planck Institute for Human Development, who analyzed close to 280,000 YouTube videos from academic channels. The researchers ruled out other possible change points before ChatGPT's release and confirmed these words align with those the model favors, as established in an earlier study comparing 10,000 human- and AI-edited texts. The speakers don't realize their language is changing. That's exactly the point.

One word, in particular, stood out to researchers as a kind of linguistic watermark. "Delve" has become an academic shibboleth, a neon sign in the middle of every conversation flashing ChatGPT was here. "We internalize this virtual vocabulary into daily communication," says Hiromu Yakura, the study's lead author and a postdoctoral researcher at the Max Planck Institute of Human Development.

Arthur T Knackerbracket has processed the following story:

When we look out into the universe, we know it can support life – if it couldn’t, we wouldn’t exist. This has been stated in different ways over the years, but the essential thrust makes up the core of a philosophical argument known as the anthropic principle. It sounds obvious, even tautological, but it isn’t quite as simple as that.

To get your head around it, start with what scientists call the fine-tuning problem, the fact our universe seems perfectly balanced on the knife’s edge of habitability. Many fundamental constants, from the mass of a neutron to the strength of gravity, must have very specific values for life to be possible. “Some of these constants, if you make them too large, you just destabilise every atom,” says Luke Barnes at Western Sydney University in Australia.

The anthropic principle began as an attempt to explain why the universe is in this seemingly improbable state, and it boils down to a simple idea: the universe has to be this way, or else we wouldn’t be here to observe it.

There are two main formulations of the principle, both of which were set out in a 1986 book by cosmologist-mathematicians John Barrow and Frank Tipler. The weak principle states that because life exists, the universe’s fundamental constants are – at least here and now – in the range that allows life to develop. The strong principle adds the powerful statement that the fundamental constants must have values in that range because they are consistent with life existing. The “must” is important, as it can be taken as implying that the universe exists in order to support life.

If the weak principle is “I heard a tree fall in the forest, and therefore I must be in a place where trees can grow”, the strong principle says “A tree has fallen nearby, and therefore this planet was destined to have forests all along.”