SoylentNews

hubie writes:

https://arstechnica.com/science/2025/11/research-roundup-6-cool-science-stories-we-almost-missed-3/

It's a regrettable reality that there is never enough time to cover all the interesting scientific stories we come across each month. In the past, we've featured year-end roundups of cool science stories we (almost) missed. This year, we're experimenting with a monthly collection. October's list includes the microstructural differences between regular and gluten-free spaghetti, capturing striking snakes in action, the mystery behind the formation of Martian gullies, and—for all you word game enthusiasts—an intriguing computational proof of the highest possible scoring Boggle board.

Highest-scoring Boggle board

Sometimes we get handy story tips from readers about quirkily interesting research projects. Sometimes those projects involve classic games like Boggle, in which players find as many words as they can from a 4×4 grid of 16 lettered cubic dice, within a given time limit. Software engineer Dan Vanderkam alerted us to a preprint he posted to the physics arXiv, detailing his quest to find the Boggle board configuration that yields the highest possible score. It's pictured above, with a total score of 3,625 points, according to Vanderkam's first-ever computational proof. There are more than 1000 possible words, with "replastering" being the longest.

Vanderkam has documented his quest and its resolution (including the code he used) extensively on his blog, admitting to the Financial Times that, "As far as I can tell, I'm the only person who is actually interested in this problem." That's not entirely true: there was an attempt in 1982 that found an optimal board yielding 2,195 points. Vanderkam's board was known as possibly being the highest scoring, it was just very difficult to prove using standard heuristic search methods. Vanderkam's solution involved grouping board configurations with similar patterns into classes, and then finding upper bounds to discard clear losers, rather than trying to tally scores for each board individually—i.e., an old school "branch and bound" technique.

Origins of Egypt's Karnak Temple

Egypt's Karnak Temple complex, located about 500 meters of the Nile River near Luxor, has long been of interest to archaeologists and millions of annual tourists alike. But its actual age has been a matter of much debate. The most comprehensive geological survey conducted to date is yielding fresh insights into the temple's origins and evolution over time, according to a paper published in the journal Antiquity.

The authors analyzed sediment cores and thousands of ceramic fragments from within and around the site to map out how the surrounding landscape has changed. They concluded that early on, circa 2520 BCE, the site would have experienced regular flooding from the Nile; thus, the earliest permanent settlement at Karnak would have emerged between 2591 and 2152 BCE, in keeping with the earliest dated ceramic fragments. This would have been after river channels essentially created an island of higher ground that served as the foundation for constructing the temple. As those channels diverged over millennia, the available area for the temple expanded and thus, so did the complex.

An Anonymous Coward writes:

Qilin ransomware abuses WSL to run Linux encryptors in Windows
https://archive.ph/lhpiX

The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.

The ransomware first launched as "Agenda" in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day.

Qilin has become one of the most active ransomware operations, with new research from Trend Micro and Cisco Talos stating that the cybercrime gang has attacked more than 700 victims across 62 countries this year.

Both firms say the group has become one of the most active ransomware threats worldwide, publishing over 40 new victims per month in the second half of 2025.

Both cybersecurity firms report that Qilin affiliates use a mix of legitimate programs and remote management tools to breach networks and steal credentials, including applications such as AnyDesk, ScreenConnect, and Splashtop for remote access, and Cyberduck and WinRAR for data theft.

The threat actors also use common built-in Windows utilities, such as Microsoft Paint (mspaint.exe) and Notepad (notepad.exe), to inspect documents for sensitive data before stealing them.

[...] "After gaining access, the attackers enabled or installed WSL using scripts or command-line tools, then deployed the Linux ransomware payload within that environment. This gave them the ability to execute a Linux-based encryptor directly on a Windows host while avoiding many defenses that are focused on detecting traditional Windows malware."

Original Submission

upstart writes:

"I don't believe we're in an AI bubble," says Huang after announcing $500B in orders:

On Wednesday, Nvidia became the first company in history to reach a $5 trillion market capitalization, fresh on the heels of a GTC conference keynote in Washington, DC, where CEO Jensen Huang announced $500 billion in AI chip orders and plans to build seven supercomputers for the US government. The milestone comes a mere three months after Nvidia crossed the $4 trillion mark in July, vaulting the company past tech giants like Apple and Microsoft in market valuation but also driving continued fears of an AI investment bubble.

Nvidia's shares have climbed nearly 12-fold since the launch of ChatGPT in late 2022, as the AI boom propelled the S&P 500 to record highs. Shares of Nvidia stock rose 4.6 percent on Wednesday following the Tuesday announcement at the company's GTC conference. During a Bloomberg Television interview at the event, Huang dismissed concerns about overheated valuations, saying, "I don't believe we're in an AI bubble. All of these different AI models we're using—we're using plenty of services and paying happily to do it."

Nvidia expects to ship 20 million units of its latest chips, compared to just 4 million units of the previous Hopper generation over its entire lifetime, Huang said at the conference. The $500 billion figure represents cumulative orders for the company's Blackwell and Rubin processors through the end of 2026, though Huang noted that his projections did not include potential sales to China.

While it probably feels like glory days for Nvidia at the moment, the success comes with a large dose of caution. Even prior to the latest valuation boom of the past 24 hours, the rapid rise in AI-related investments has fueled persistent concerns that market enthusiasm has outstripped the technology's ability to deliver immediate economic value.

Some analysts warn that valuations may be overheated. Matthew Tuttle, CEO of Tuttle Capital Management, told Reuters that "AI's current expansion relies on a few dominant players financing each other's capacity. The moment investors start demanding cash flow returns instead of capacity announcements, some of these flywheels could seize."

An Anonymous Coward writes:

https://www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-malware-steals-europeans-credit-cards/

Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months.

Contrary to the traditional banking trojans that use overlays to steal banking credentials or remote access tools to perform fraudulent transactions, NFC malware abuses Android's Host Card Emulation (HCE) to emulate or steal contactless credit card and payment data.

They capture EMV fields, respond to APDU commands from a POS terminal with attacker-controlled replies, or forward terminal requests to a remote server, which crafts the proper APDU responses to enable payments at the terminal without the physical cardholder present.

[...] The apps used to distribute the malware impersonate Google Pay or financial institutions such as Santander Bank, VTB Bank, Tinkoff Bank, ING Bank, Bradesco Bank, Promsvyazbank (PSB), and several others.

Original Submission

hubie writes:

Before being considered for submission to arXiv's CS category, review articles and position papers must now be accepted at a journal or a conference and complete successful peer review:

arXiv's computer science (CS) category has updated its moderation practice with respect to review (or survey) articles and position papers. Before being considered for submission to arXiv's CS category, review articles and position papers must now be accepted at a journal or a conference and complete successful peer review. When submitting review articles or position papers, authors must include documentation of successful peer review to receive full consideration. Review/survey articles or position papers submitted to arXiv without this documentation will be likely to be rejected and not appear on arXiv.

This change is being implemented due to the unmanageable influx of review articles and position papers to arXiv CS.

[...] In the past few years, arXiv has been flooded with papers. Generative AI / large language models have added to this flood by making papers – especially papers not introducing new research results – fast and easy to write. While categories across arXiv have all seen a major increase in submissions, it's particularly pronounced in arXiv's CS category.

[...] In the past, arXiv CS received a relatively small amount of review or survey articles, and those we did receive were of extremely high quality, written by senior researchers at the request of publications like Annual Reviews, Proceedings of the IEEE, and Computing Surveys. Position paper submissions to arXiv were similarly rare, and usually produced by scientific societies or government study groups (for example,the Computing Research Association of the National Academies of Science, Engineering, and Medicine). While, as now, these papers were not content types officially accepted by arXiv, the arXiv moderators accepted them because of their scholarly value to the research community.

Fast forward to present day – submissions to arXiv in general have risen dramatically, and we now receive hundreds of review articles every month. The advent of large language models have made this type of content relatively easy to churn out on demand, and the majority of the review articles we receive are little more than annotated bibliographies, with no substantial discussion of open research issues.

arXiv believes that there are position papers and review articles that are of value to the scientific community, and we would like to be able to share them on arXiv. However, our team of volunteer moderators do not have the time or bandwidth to review the hundreds of these articles we receive without taking time away from our core purpose, which is to share research articles.

[...] Each category of arXiv has different moderators, who are subject matter experts with a terminal degree in their particular subject, to best serve the scholarly pursuits, goals, and standards of their category. While all moderators adhere to arXiv policy, the only policy arXiv has in place with regard to review articles and position papers is that they are not a generally accepted content type. The goal of the moderators of each category is to make sure the work being submitted is actually science, and that it is of potential interest to the scientific community. If other categories see a similar rise in LLM-written review articles and position papers, they may choose to change their moderation practices in a similar manner to better serve arXiv authors and readers. We will make these updates public if and when they do occur.

Original Submission

looorg writes:

Meta: Pirated Adult Film Downloads Were For "Personal Use," Not AI Training.

[...] As the most prolific copyright litigant in the United States, the adult film producer has filed tens of thousands of lawsuits against alleged BitTorrent pirates. This summer it expanded its scope by taking aim at Meta.

[...] The adult producers discovered the alleged infringements after Meta's BitTorrent activity was revealed in a lawsuit filed by several book authors. In that case, Meta admitted that it obtained content from pirate sources.

[...] Meta clearly denies that the adult video downloads were used for AI purposes. Since there is no evidence that Meta directed this activity, it can't be held liable for direct copyright infringement.

The tech company doesn't just deny the allegations; it also offers an alternative explanation. Meta suggests that employees or visitors may have downloaded the pirated videos for personal use.

Meta denies torrenting porn to train AI, says downloads were for "personal use".

This week, Meta asked a US district court to toss a lawsuit alleging that the tech giant illegally torrented pornography to train AI.

The move comes after Strike 3 Holdings discovered illegal downloads of some of its adult films on Meta corporate IP addresses, as well as other downloads that Meta allegedly concealed using a "stealth network" of 2,500 "hidden IP addresses." Accusing Meta of stealing porn to secretly train an unannounced adult version of its AI model powering Movie Gen, Strike 3 sought damages that could have exceeded $350 million, TorrentFreak reported.

Filing a motion to dismiss the lawsuit on Monday, Meta accused Strike 3 of relying on "guesswork and innuendo," while writing that Strike 3 "has been labeled by some as a 'copyright troll' that files extortive lawsuits." Requesting that all copyright claims be dropped, Meta argued that there was no evidence that the tech giant directed any of the downloads of about 2,400 adult movies owned by Strike 3—or was even aware of the illegal activity.

Original Submission

An Anonymous Coward writes:

https://www.bleepingcomputer.com/news/security/cisa-linux-privilege-escalation-flaw-now-exploited-in-ransomware-attacks/

CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks.

While the vulnerability (tracked as CVE-2024-1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced by a decade-old commit in February 2014.

Successful exploitation enables attackers with local access to escalate privileges on the target system, potentially resulting in root-level access to compromised devices.

As Immersive Labs explains, potential impact includes system takeover once root access is gained (allowing attackers to disable defenses, modify files, or install malware), lateral movement through the network, and data theft.

In late March 2024, a security researcher using the 'Notselwyn' alias published a detailed write-up and proof-of-concept (PoC) exploit code targeting CVE-2024-1086 on GitHub, showcasing how to achieve local privilege escalation on Linux kernel versions between 5.14 and 6.6.

The flaw impacts many major Linux distributions, including but not limited to Debian, Ubuntu, Fedora, and Red Hat, which use kernel versions from 3.15 to 6.8-rc1

In a Thursday update to its catalog of vulnerabilities exploited in the wild, the U.S. cybersecurity agency said the flaw is now known to be used in ransomware campaigns, but didn't provide more information regarding ongoing exploitation attempts.

CISA added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog in May 2024 and ordered federal agencies to secure their systems by June 20, 2024.

If patching is not possible, IT admins are advised to apply one of the following mitigations:

        Blocklist 'nf_tables' if it's not needed/actively used,
        Restrict access to user namespaces to limit the attack surface,
        Load the Linux Kernel Runtime Guard (LKRG) module (however, this can cause system instability).

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said. "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable."

Original Submission

quietus writes:

"When the music stops ... but as long as the music is playing, you've got to get up and dance."

(Charles "Chuck" Prince, Citigroup CEO, July 2007, FT interview)

About 85 percent of US GDP. That has been the average total value of all US stocks since 1970. Warren Buffett once described this as "probably the single best measure of where valuations stand at any given moment".

On Tuesday,October 28, that value reached 220% of US GDP.

US stocks are trading at extreme levels, notes the Financial Times. Price to earnings ratios for the S&P500 are at a 25 year high; price-to-sales ratios are higher than before the dotcom bust.

AI companies are almost entirely to blame, with a focus on the Magnificent Seven: Apple, Microsoft, Meta, Amazon, Alphabet, Nvidia and Tesla. Microsoft, for example, took 35 years to reach a dazzling trillion dollar valuation, in 2021. Just 4 years later it trades at 4 trillion dollar. That valuation comes on top of impressive infrastructure investment numbers: Google, Amazon, Meta and Microsoft, for example, plan to spend more than $400bn on data centres in 2026, on top of more than $350bn this year.

Notes the article, wryly:

some investors seem to have discounted the notion that AI might prove anything less than earth-shatteringly revolutionary

Original Submission

An Anonymous Coward writes:

I recently spun up a .onion mirror of this website.

Why? Because why not. And also because I can. Oh, and free speech and anti-censorship and all that jazz.

I'd like to pretend that it was some grand technological challenge, but if I'm being entirely candid, it was like 3 commands and 4 lines of configuration.

If you, too, would like to become a member of the dark web, here's how I did it:

https://flower.codes/2025/10/23/onion-mirror.html
https://archive.ph/WADPR

Original Submission

An Anonymous Coward writes:

https://deadline.com/2025/09/spaceballs-2-cast-photo-anthony-carrigan-george-wyner-1236555748/

Amazon MGM Studios has made official what Deadline previously told you: There is a Spaceballs 2 with Rick Moranis, Bill Pullman and Daphne Zuniga reprising their respective roles as Dark Helmet, Lone Star and Princess Vespa. There's also the series additions, which we told you about, including Josh Gad, Keke Palmer and Lewis Pullman.

New cast members who were unannounced are Barry and Superman actor Anthony Carrigan and A Serious Man's George Wyner, who played Colonel Sandurz in the original 1987 movie which grossed over $38M domestic.

  And of course, the sci-fi comedy pic's architect, Mel Brooks, is back, returning to his roles as Zen Yiddish wise guy Yogurt and President Skroob.

The photo, of course, mirrors the famous table read image featuring the cast of Star Wars: The Force Awakens, which itself marked a return to a beloved franchise from a galaxy far, far away. Appropriate, given Spaceballs is a parody of that mythos.

Production is underway with Josh Greenbaum directing. Check out the great cast table read shot above, a nod to what JJ Abrams did when he assembled the Star Wars gang new and old for Force Awakens, more than a decade ago. Expected theatrical release is 2027 for the Spaceballs sequel which is currently untitled.

The screenplay logline from scribe duo Benji Samit and Dan Hernandez (Lego Star Wars: Rebuild the Galaxy; TMNT: Mutant Mayhem), and Gad is under wraps. Amazon MGM Studios aren't making official the roles of Palmer, Gad and Lewis Pullman.

Will it be as good as Spaceballs, or perhaps even better?

Original Submission

FunkyLich writes:

Source: https://www.tomshardware.com/software/china-releases-ubios-standard-to-replace-uefi-huawei-backed-bios-firmware-replacement-charges-chinas-domestic-computing-goals

China has worked for years to further separate its computing progress from the United States and its tech companies. Today [October 23, 2025] heralds a major development to this end, as the Global Computing Consortium has announced the "UBIOS" global standard, a new replacement for UEFI and BIOS. The GCC's new standard is a rebuilding of BIOS firmware from the ground up, bypassing UEFI development entirely.

UBIOS, or "Unified Basic Input/Output System", is a firmware standard to replace BIOS and UEFI, the first and most prolific motherboard firmware architectures, respectively, that bridge the gap between processors and operating systems. The UBIOS standard was drafted by 13 Chinese tech companies, including Huawei, CESI (China Electronics Standardization Institute), Byosoft, and Kunlun Tech.

The working group claims it chose to avoid the UEFI spec due to the development bloat of UEFI and TianoCore EDK II, the Intel-made reference implementation of UEFI used almost universally among UEFI hardware and software developers.

UBIOS's unique features over UEFI include increased support for chiplets and other heterogeneous computing use-cases, such as multi-CPU motherboards with mismatching CPUs, something UEFI struggles with or does not support. It will also better support non-x86 CPU architectures such as ARM, RISC-V, and LoongArch, the first major Chinese operating system.

Original Submission

upstart writes:

Nvidia reveals Vera Rubin Superchip for the first time:

At its GTC keynote in DC on Tuesday, Nvidia unveiled its next-generation Vera Rubin Superchip, comprising two Rubin GPUs for AI and HPC as well as its custom 88-core Vera CPU. All three components will be in production this time next year, Nvidia says.

"This is the next generation Rubin," said Jensen Huang, chief executive of Nvidia, at GTC. "While we are shipping GB300, we are preparing Rubin to be in production this time next year, maybe slightly earlier. [...] This is just an incredibly beautiful computer. So, this is amazing, this is 100 PetaFLOPS [of FP4 performance for AI]."

Indeed, Nvidia's Superchips tend to look more like a motherboard (on an extremely thick PCB) rather than a 'chip' as they carry a general-purpose custom CPU and two high-performance compute GPUs for AI and HPC workloads. The Vera Rubin Superchip is not an exception, and the board carries Nvidia's next-generation 88-core Vera CPU surrounded by SOCAMM2 memory modules carrying LPDDR memory and two Rubin GPUs covered with two large rectangular aluminum heat spreaders.

Markings on the Rubin GPU say that they were packaged in Taiwan on the 38th week of 2025, which is late September, something that proves that the company has been playing with the new processor for some time now. The size of the heatspreader is about the same size as the heatspreader of Blackwell processors, so we cannot figure out the exact size of GPU packaging or die sizes of compute chiplets. Meanwhile, the Vera CPU does not seem to be monolithic as it has visible internal seams, implying that we are dealing with a multi-chiplet design.

A picture of the board that Nvidia demonstrated once again reveals that each Rubin GPU is comprised of two compute chiplets, eight HBM4 memory stacks, and one or two I/O chiplets. Interestingly, but this time around, Nvidia demonstrated the Vera CPU with a very distinct I/O chiplet located next to it. Also, the image shows green features coming from the I/O pads of the CPU die, the purpose of which is unknown. Perhaps, some of Vera's I/O capabilities are enabled by external chiplets that are located beneath the CPU itself. Of course, we are speculating, but there is definitely an intrigue with the Vera processor.

Interestingly, the Vera Rubin Superchip board no longer has industry-standard slots for cabled connectors. Instead, there are two NVLink backplane connectors on top to connect GPUs to the NVLink switch, enabling scale-up scalability within a rack and three connectors on the bottom edge for power, PCIe, CXL, and so on.

In general, Nvidia's Vera Rubin Superchip board looks quite baked, so expect the unit to ship sometime in late 2026 and get deployed by early 2027.

Original Submission

An Anonymous Coward writes:

Videos on social media show officers from ICE and CBP using facial recognition technology on people in the field. One expert described the practice as "pure dystopian creep."

"You don't got no ID?" a Border Patrol agent in a baseball cap, sunglasses, and neck gaiter asks a kid on a bike. The officer and three others had just stopped the two young men on their bikes during the day in what a video documenting the incident says is Chicago. One of the boys is filming the encounter on his phone. He says in the video he was born here, meaning he would be an American citizen.

When the boy says he doesn't have ID on him, the Border Patrol officer has an alternative. He calls over to one of the other officers, "can you do facial?" The second officer then approaches the boy, gets him to turn around to face the sun, and points his own phone camera directly at him, hovering it over the boy's face for a couple seconds. The officer then looks at his phone's screen and asks for the boy to verify his name. The video stops.

- Extended article:
https://www.404media.co/ice-and-cbp-agents-are-scanning-peoples-faces-on-the-street-to-verify-citizenship/
https://archive.ph/HUQwc

Original Submission

An Anonymous Coward writes:

https://www.tomshardware.com/software/linux/nearly-90-percent-of-windows-games-now-run-on-linux-latest-data-shows-as-windows-10-dies-gaming-on-linux-is-more-viable-than-ever

The viability of Linux as a gaming platform has come on leaps and bounds in recent years due to the sterling work of WINE and Proton developers, among others, and interest in hardware like the Steam Deck. However, the most recent stats from ProtonDB (via Boiling Steam) highlight that we are edging towards a magnificent milestone. The latest distilled data shows that almost 90% of Windows games now run on Linux.

Having nine in ten Windows games accessible in a new Linux install is quite an achievement. The milestone comes as we see computer users flocking to other platforms during the transition from the Windows 10 to 11 eras. Of course, the underlying data isn't quite so simple as the headline stat. There are different degrees of compatibility gamers must consider when checking if their favorite Windows games work on Linux distros like Mint, Zorin, Bazzite, or even SteamOS.

[...] On the flip side, there are some popular titles that don't look like they will be becoming Linux-friendly anytime soon. The well-known compatibility issues with various anti-cheat technology platforms look set to persist, for now. Moreover, Boiling Steam notes that other devs just seem to be averse to non-Windows gamers. There is quite a bit that can be done with those non-intentionally stubborn games, though. We'd recommend researching community-driven Linux compatibility tips and tweaks for your favorite games.

Original Submission

upstart writes:

Quantum Mechanics Trumps the Second Law of Thermodynamics at the Atomic Scale:

Two physicists at the University of Stuttgart have proven that the Carnot principle, a central law of thermodynamics, does not apply to objects on the atomic scale whose physical properties are linked (so-called correlated objects). This discovery could, for example, advance the development of tiny, energy-efficient quantum motors. The derivation has been published in the journal Science Advances.

Internal combustion engines and steam turbines are thermal engines: They convert thermal energy into mechanical motion—or, in other words, heat into motion. In recent years, quantum mechanical experiments have succeeded in reducing the size of heat engines to the microscopic range.

"Tiny motors, no larger than a single atom, could become a reality in the future," says Professor Eric Lutz from the Institute for Theoretical Physics I at the University of Stuttgart. "It is now also evident that these engines can achieve a higher maximum efficiency than larger heat engines."

Scientists break 200-year-old principle to create atomic engines that power future nanobots:

A research team in Germany has achieved a stunning theoretical breakthrough that could reshape one of physics' oldest foundations after demonstrating that the no longer holds true for objects on the atomic scale.

Their findings, made by Eric Lutz, PhD, a physics professor and Milton Aguilar, PhD, a postdoctoral researcher at the University of Stuttgart, show that quantum systems can exceed efficiency limit defined by the Carnot principle.

The law, which was developed by French physicist Nicolas Léonard Sadi Carnot in 1824, is a central law of thermodynamics that has remained unchallenged for two centuries.

It states that all heat engines operating between the same two thermal or heat reservoirs can not have efficiencies greater than a reversible heat engine operating between the same reservoirs.

"Our results provide a unified formalism to determine the efficiency of correlated microscopic quantum machines," the two physicists stated.