For the third time in recent memory, CloudFlare has blocked large swaths of niche browsers and their users from accessing web sites that CloudFlare gate-keeps. In the past these issues have been resolved quickly (within a week) and apologies issued with promises to do better:
2024-03-11: Cloudflare checks broken again?
2024-07-08: Cloudflare checks broken yet AGAIN?
2025-01-30: Cloudflare Verification Loop issues
This time around it has been over 6 weeks and CloudFlare has been unable or unwilling to fix the problem on their end, effectively stalling any progress on the matter with various tactics including asking browser developers to sign overarching NDAs:
Re: CloudFlare: summary and status
Some of the affected browsers:
• Pale Moon
• Basilisk
• Waterfox
• Falkon
• SeaMonkey
• Various Firefox ESR flavors
• Thorium (on some systems)
• Ungoogled Chromium
From the main developer of Pale Moon:
Our current situation remains unchanged: CloudFlare is still blocking our access to websites through the challenges, and the captcha/turnstile continues to hang the browser until our watchdog terminates the hung script after which it reloads and hangs again after a short pause (but allowing users to close the tab in that pause, at least). To say that this upsets me is an understatement. Other than deliberate intent or absolute incompetence, I see no reason for this to endure. Neither of those options are very flattering for CloudFlare.
I wish I had better news.
Read more of this story at SoylentNews.
]]>NIST has chosen a new algorithm for post-quantum encryption called HQC, which will serve as a backup for ML-KEM, the main algorithm for general encryption.
HQC is based on different math than ML-KEM, which could be important if a weakness were discovered in ML-KEM.
NIST plans to issue a draft standard incorporating the HQC algorithm in about a year, with a finalized standard expected in 2027.
The overall process at NIST is https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography_Standardization
The algo's "homepage" seems to be https://pqc-hqc.org/
Currently there only seems to be a C++ implementation; has anyone else found other implementations? Have you upgraded your software, including SN, to PQC?
Read more of this story at SoylentNews.
]]>Here's the Story
If you thought the Raspberry Pi's chip was dinky, well, get a load of the nattily named Texas Instruments MSPM0C1104, said to the world's smallest microcontroller or MCU and measuring a mere 1.38 mm².
If you look carefully at the image [...] , you can just make out the eight ball-grid connectors on the tiny 1.38 mm² chip package. In other words, that almost-invisible thing isn't just the silicon chip, but the entire chip package equivalent to a fully packaged CPU from Intel or AMD, not just the silicon inside. Yup, mind veritably blown. For reference, the package for the Broadcom BCM2712 chip that powers the Raspberry Pi 5 is about 20 mm². So you could fit about 200 of these things in the space the Broadcom BCM2712 takes up.
[...]
Despite the diminutive proportions, which Texas Instruments claims to be 38% smaller than any other MCU, this teensy spec of a chip packs a fully functional Arm 32-bit Cortex-M0+ CPU core running at a towering 24 MHz. It also has 16 KB of flash memory and 1 KB of SRAM.
Read more of this story at SoylentNews.
]]>The European Space Agency this week inaugurated its new supercomputing facility built with HPE.
The aptly named "SpaceHPC" facility is billed as being "demonstrator infrastructure" designed to help Europe's space industry "mitigate risks associated with data processing, modelling, and simulations."
Located in the Italian town of Frascati, 20km outside Rome, Space HPC houses a machine packing 34,000 cores' worth of the "latest generation of AMD & Intel processors." 108 Nvidia H100 GPUs are also present, giving the machine 5 petaflops of raw performance potential.
That power would see Space HPC ranked in around 210th place on the current Top 500 List of Earth's mightiest supercomputers.
The machine uses InfiniBand networking, packs 156 TB of RAM, and includes 3.6 PB of solid state disk storage.
Direct liquid cooling allowed it to bag a power usage effectiveness score of "below 1.09." The machine is also plumbed into the heating system of the campus where it resides.
As is usually the case with supercomputers, Space HPC can be configured to run different workloads. The machine therefore offers partitions dedicated to general compute tasks, and two other partitions that take advantage of the H100s to run AI/ML workloads or other software that needs accelerators.
ESA's Space Safety Programme has already tested Space HPC to improve its ability to – you guessed it – model space weather. Among other things, it can improve warnings of future solar activity that could pose a danger to infrastructure in orbit or on the ground.
[...] The org is, however, already considering expressions of interest for time on the machine at a form you can find here.
Read more of this story at SoylentNews.
]]>https://newatlas.com/energy/quaise-energy-reaches-back-push-geothermal-power-forward/
Quaise Energy has been dazzling us lately with its bleeding-edge plans to tap super-deep, superheated steam as a global power source. Now, the company's reaching back over a century to adapt yesterday's technology for tomorrow's energy.
Quaise Energy can't be accused of being unambitious. Geothermal power has a tremendous potential for providing humanity with unlimited energy for the foreseeable future, but it suffers from the fact that it's only really practical in a few places where the sources of subterranean heat are close enough to the surface to be easily tapped.
What Quaise Energy wants to do is get around this by going straight to the source. In other words, instead of waiting for the heat to come to us, we go to the heat. Using a traditional rotary drill bit and a gyrotron-powered energy beam to burrow up to an incredible 12.4 miles (20 km) to a region in the Earth's crust that is heated to 500 °C (932 °F).
Not only would this make geothermal power accessible in almost any place that isn't a high mountain chain, it also brings a bonus. At this depth and that heat, water is heated and squashed to the point where it is supercritical. That is, when the temperature is above 373.9 °C (705.2 °F) and the pressure is over 218 atmospheres, the water enters a state where it is neither a liquid nor a gas. Instead, it behaves as a single homogeneous fluid and shifts from being an almost-liquid to an almost-gas depending on the current conditions.
When in a supercritical state, water has lower viscosity than liquid water, yet higher than steam, allowing for improved flow dynamics in turbines and heat exchangers. It also has lower thermal conductivity than liquid water but higher than that of dry steam, aiding heat transfer. It expands very rapidly when depressurized, and its specific heat capacity changes dramatically near the critical point, allowing for efficient energy absorption. This gives it higher thermal efficiency and the ability to hold 10 times more energy than regular water or steam.
If that isn't enough, it can even clean the pipes it's flowing through thanks to its ability to dissolve salts and other impurities.
[...] The question is, how to make it work? For the answer, Quaise went back to the first geothermal plant, Larderello 1, that opened in Italy in 1914. Instead of having one loop with water going into the Earth and then returning steam to the surface, this used two loops of water with one collecting the heat deep underground and the second swapping the heat from the first to bring it to the turbines on the surface.
[...] "The applications are diverse, from power plants to regional heating to domestic ground-source heat pumps, and there are a lot of fresh new eyes on the field," said Daniel W. Dichter of Quaise Energy. "There's a renaissance happening in geothermal right now."
Read more of this story at SoylentNews.
]]>The Home Office has demanded the right to access data from Apple users that have turned on Advanced Data Protection (ADP), a tool that prevents anyone other than the user - including the tech giant - from reading their files.
Apple says it is important for privacy - but the UK government says it needs to be able access data if there is a national security risk.
The BBC - along with civil liberties groups and some US politicians - argue the case should be heard in public.
But Friday's session of the Investigatory Powers Tribunal - which is hearing the matter - was held behind closed doors.
[...] The case is about balancing national security against privacy rights.
ADP is end to end encrypted, meaning no-one can access files that have been secured with it apart from their owner.
Other end to end encrypted services in the UK include Signal, Meta's WhatsApp, and Apple's iMessage.
In February, it emerged the UK government was seeking the right to be able to access data protected in this way using powers granted to it under the Investigatory Powers Act.
The Act allows it to compel firms to provide information to law enforcement agencies.
Apple responded by pulling ADP in the UK and then launching legal action to challenge the government's demand.
Apple says agreeing to what the UK is asking for it would require the creation of a so-called backdoor, a capability critics say would eventually be exploited by hackers.
"As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will," Apple says on its website.
The Home Office has previously told the BBC: "The UK has a longstanding position of protecting our citizens from the very worst crimes, such as child sex abuse and terrorism, at the same time as protecting people's privacy.
"The UK has robust safeguards and independent oversight to protect privacy and privacy is only impacted on an exceptional basis, in relation to the most serious crimes and only when it is necessary and proportionate to do so."
Read more of this story at SoylentNews.
]]>Five years ago, on March 11, 2020, the World Health Organization declared COVID-19 a pandemic. Whether it still is depends on who you ask. There are no clear criteria to mark the end of a pandemic, and the virus that causes the disease — SARS-CoV-2 — continues evolving and infecting people worldwide.
“Whether the pandemic ended or not is an intellectual debate,” says clinical epidemiologist and long COVID researcher Ziyad Al-Aly of Washington University in St. Louis. “For the family that lost a loved one a week ago in the ICU, that threat is real. That pain is real. That loss is real.”
According to recent WHO data, 521 people in the United States died of COVID-19 in the last week of 2024. That’s drastically lower than at the height of the pandemic in 2020. Nearly 17,000 people died of COVID-19 the last week of that year.
Dropping death and hospitalization rates, largely due to vaccinations and high levels of immunity, led to WHO and the United States ending their COVID-19 public health emergencies in 2023. The U.S. government has since reduced reporting of infections and access to free vaccines, tests and treatments. In the last two years, health professionals, scientists and policymakers have shifted to managing COVID-19 as an endemic disease, one that’s always present and may surge at certain times of the year.
Over the last five years, researchers have learned heaps about the virus and how to thwart it. But the pandemic also provided insights into health inequities, flaws in health care systems and the power of collaboration. But it’s hard to predict how the United States and other countries will manage COVID-19 going forward, let alone future pandemics.
[...] Long COVID can affect nearly every organ system. People think about it [as causing] brain frog and fatigue. Those can be symptoms of long COVID, but it’s much more than that. We have people with heart problems, kidney problems and metabolic problems. In some individuals, long COVID can be mild and not disabling. But in others, it can be severely disabling, to the point of people being in bed and losing their jobs.
Read more of this story at SoylentNews.
]]>Kaspersky described Sidewinder as a "highly prolific" advanced persistent threat (APT) group whose previous prey were mostly government and military instituions in China, Pakistan, Sri Lanka, and parts of Africa.
Its recent wider expansion into Africa has caught researchers' attention. Sidewinder ramped up attacks in Djibouti in 2024 and has since focused its attention on Egypt, representing a shift in tactics.
Part of that shift is the increase in attacks against nuclear power plants and other nuclear energy organizations, particularly in South Asia.
Sidewinder, which launched in 2012 and has suspected but not formally confirmed roots in India, hasn't changed its attack methodology much, still relying on old remote code execution (RCE) bugs that are exploited by malicious documents delivered in spear-phishing campaigns.
"The attacker sends spear-phishing emails with a DOCX file attached," said Kaspersky researchers Giampolo Dedola and Vasily Berdinkov. "The document uses the remote template injection technique to download an RTF file stored on a remote server controlled by the attacker.
"The file exploits a known vulnerability (CVE-2017-11882) to run a malicious shellcode and initiate a multi-level infection process that leads to the installation of malware we have named Backdoor Loader. This acts as a loader for StealerBot, a private post-exploitation toolkit used exclusively by Sidewinder."
The StealerBot implant was first identified in 2024, but SideWinder has continued to use and refine it in ongoing campaigns. Kaspersky noted that the implant has remained unchanged since its discovery, but the group appears to be developing new iterations of its loader regularly.
The fake documents attached to spear-phishing emails are carefully crafted and appear legitimate upon a cursory inspection. They are also tailored for each target.
[...] The group's main tactics – phishing and an eight-year-old vulnerability – don't immediately bear the hallmarks of a sophisticated bunch of attackers. Kaspersky made the same observation in its previous report on the group but suspects those behind the attacks are highly skilled.
"Sidewinder has already demonstrated its ability to compromise critical assets and high-profile entities, including those in the military and government. We know [of] the group's software development capabilities, which became evident when we observed how quickly they could deliver updated versions of their tools to evade detection, often within hours."
The fact that it uses well-maintained and effective in-memory malware such as StealerBot also suggests that Sidewinder's various capabilities make it "a highly advanced and dangerous adversary," as Kaspersky puts it.
Read more of this story at SoylentNews.
]]>SpaceX successfully launched four people into space on Friday, beginning a mission that will give the International Space Station enough crew members to allow astronauts Suni Williams and Butch Wilmore to return to Earth after their nine-month stay.
The mission, known as Crew-10, will see SpaceX's Dragon spacecraft dock with the International Space Station (ISS) late Saturday. The new astronauts will overlap with the existing crew for a few days before Williams and Wilmore (along with two others) return to our planet. That could happen as soon as March 19, weather permitting.
SpaceX crew launches to the ISS have become routine, but this mission has been hotly anticipated because of how Williams and Wilmore got to the station in the first place — and because SpaceX CEO Elon Musk has blamed their prolonged stay on former President Joe Biden.
The duo was part of the first crewed launch of Boeing's Starliner spacecraft last June. The test mission was supposed to be a crucial milestone in Boeing's quest to compete with SpaceX for these types of crewed launches to the ISS.
Starliner was supposed to dock with the ISS for 10 days before returning Williams and Wilmore to Earth. But the spacecraft experienced leaks and thruster problems, which delayed Starliner from docking with the ISS.
Starliner eventually coupled with the station and the astronauts were able to board. But Boeing and NASA spent weeks performing testing and analysis before they decided in August to bring Starliner back to Earth empty.
NASA and SpaceX agreed to bring the astronauts home on the next crewed mission to the ISS, Crew-9. They bumped two astronauts off that flight to accommodate the return of Williams and Wilmore. A return flight was slated for February 2025; an earlier flight would have left the ISS understaffed, according to NASA.
While Williams and Wilmore have been aboard the ISS, though, Musk finished helping Donald Trump get elected for a second time, and began his rampage through the federal government with his Department of Government Efficiency. Musk started saying — both on X and in interviews — that he offered to bring the astronauts back earlier but that Biden refused because of political reasons.
Musk has not provided any evidence to support this claim. NASA's former administrator and deputy administrator under Biden have both said that no offer from Musk made it to the space agency's headquarters.
Read more of this story at SoylentNews.
]]>Author, sysadmin, and Grumpy BSD Guy, Peter N M Hansteen, has written a post about Software Bill of Materials (SBOM) and how they relate to all software, both proprietary and Free and Open Source Software (FOSS). Increasingly maintaining a machine-readable inventory of runtime and build dependencies in the form of an SBOM is becoming the cost of doing business, even for FOSS projects.
Whether you let others see the code you wrote nor not, the software does not exist in isolation.
All software has dependencies, and in the open source world this fact has been treated as a truth out in the open. Every free operating system, and in fact most modern-ish programming languages come with a package system to install software and to track and handle the web of depenencies, and you are supposed to use the corresponding package manager for the bulk of maintenance tasks.
So when the security relevant incidents hit, the open source world was fairly well stocked with code that did almost all the things that were needed for producing what became known as Software Bill of Materials, or SBOM for short.
So what would a Software Bill of Materials even look like?
Obviously nuts and bots would not be involved, but items such as the source code files in your project, any libraries or tools needed to build the thing would be nice-to-knows, and once you have the thing built, what other things -- libraries, suites of utilities, services that are required to be running or other software frameworks of any kind -- that are required in order to have the thing run are bivious items of interest.
So basically, any item your code would need comes out as a dependency, and you will find that your code has both build time and run time dependencies.
There is increasing agreement that SBOMs are now necessary. The question is now becoming how to implement them without adding undue burdens onto developers or even onto whole development teams. Perhaps the way would be to separate out the making of these machine-readable inventories similarly to how packaging is generally separate from the main development activities.
Previously:
(2023) Managing Open Source Software and Software Bill of Materials
(2022) Open Source Community Sets Out Path to Secure Software
Read more of this story at SoylentNews.
]]>https://phys.org/news/2025-03-rapidly-population-crocs-impacting-australia.html
A team of marine biologists, environmental researchers and land management specialists affiliated with several institutions in Australia, working with a colleague from Canada, has conducted a study of the ecological impact of a huge rise in the population of saltwater crocodiles in Australia's Northern Territories.
In their paper published in the journal Proceedings of the Royal Society B: Biological Sciences, the group describes what they learned about changes in croc size, diet, and the sharp rise in nutrients they excrete into the water system.
Fifty-four years ago, the Australian government banned the hunting of saltwater crocodiles in its Northern Territories. Since that time, the population of crocs has grown from approximately 1,000 to approximately 100,000. The research team wondered about the ecological impact of such a rapid change, and more specifically, if it was possible to quantify the changes that had taken place.
The work by the team involved conducting two major studies. One involved analyzing data that has been amassed by various researchers over the past half-century and then using it to conduct bioenergetic modeling of croc size and population. They then used the models to make estimates about consumption rates of various foods the crocs have been consuming and what they were excreting, and how much.
The other study involved analyzing bones that have been recovered in the region over the years 1970 to 2022. From these, the team was able to learn more about what the crocs had been eating and how much by measuring carbon and nitrogen isotopes.
The researchers found that the size of the crocs has been growing slightly and that increases in population have led to a total biomass increase from an average of 10 kg to 400 kg per kilometer of river area. They also found that the amount of food they ate as a group increased approximately nine-fold. Additionally, the amount of phosphorous and nitrogen excreted rose 56 and 186-fold—most of which went into the water.
Journal Reference: Mariana A. Campbell et al, Quantifying the ecological role of crocodiles: a 50-year review of metabolic requirements and nutrient contributions in northern Australia, Proceedings of the Royal Society B: Biological Sciences (2025). DOI: 10.1098/rspb.2024.2260
Read more of this story at SoylentNews.
]]>A federal judge has dealt a blow to Elon Musk’s DOGE agenda. On Thursday, Judge William Alsup of San Francisco said that the firing of tens of thousands of federal probationary workers had been based on a “lie” and that the government had conducted the expulsions illegally—further calling the initiative a “sham.” Alsup ordered that the workers be reinstated immediately.
Probationary workers—that is, workers who are new to the workforce and haven’t received more advanced benefits and protections—have suffered massive cuts across the government, as DOGE and the Trump administration have attempted to greatly reduce the federal workforce. The case before Alsup concerns litigation brought by union groups representing those workers.
Alsup’s reinstatement order applies to thousands of federal workers fired from the Defense Department, the Department of Veterans Affairs, the Department of Agriculture, the Department of Energy, the Treasury Department, and the Department of the Interior. Government Executive reports that some 24,000 employees would regain their jobs as a result of the judge’s decision.
The government’s firing of the employees was illegitimate because the agencies impacted by the cuts were directed by the Office of Personnel Management to do so, Alsup said. The OPM does not have the authority to make such orders, as those orders could only be made by the agencies themselves, the judge concluded.
Many of the cuts in question took place not long after Musk’s DOGE initiative was announced and a team of Musk-linked workers took over the OPM. That team is said to have included numerous current and former employees of Musk, including Amanda Scales, a former Musk employee who was appointed chief of staff at the agency. On January 31, Reuters reported that Musk aides had locked career civil servants out of the computer systems at the agency and were engaged in some sort of undisclosed work involving said systems. Democratic lawmakers subsequently accused Musk of leading a “hostile takover” of the agency.
On February 14, Reuters reported that, as part of the government downsizing initiative being led by Musk, the Trump administration had begun to fire “scores” of government employees, a majority of which were still on probation. A statement from the OPM at the time said that the Trump administration was “encouraging agencies to use the probationary period as it was intended: as a continuation of the job application process, not an entitlement for permanent employment.”
Charles Ezell, the acting director of the OPM, met with the heads of numerous federal agencies on February 13 and ordered them to fire tens of thousands of employees, according to the unions representing the workers. The government has claimed that Ezell was not issuing orders and was merely providing “guidance.” However, Alsup recently determined that the OPM had, indeed, ordered the firings, and done so illegally.
“The court finds that Office of Personnel Management did direct all agencies to terminate probationary employees with the exception of mission critical employees,” Alsup recently said.
Read more of this story at SoylentNews.
]]>Earth's atmosphere is shrinking due to climate change and one of the possible negative impacts is that space junk will stay in orbit for longer, bonk into other bits of space junk, and make so much mess that low Earth orbits become less useful.
That miserable set of predictions appeared on Monday in a Nature Sustainability paper titled "Greenhouse gases reduce the satellite carrying capacity of low Earth orbit."
Penned by two boffins from MIT, and another from the University of Birmingham, the paper opens with the observation: "Anthropogenic contributions of greenhouse gases in Earth's atmosphere have been observed to cause cooling and contraction in the thermosphere."
The thermosphere extends from about 90 km to 500 km above Earth's surface. While conditions in the thermosphere are hellish, it's not a hard vacuum. NASA describes it as home to "very low density of molecules" compared to the exosphere's "extremely low density."
Among the molecules found in the thermosphere is carbon dioxide (CO2), which conducts heat from lower down in the atmosphere then radiates it outward.
"Thus, increasing concentrations of CO2 inevitably leads to cooling in the upper atmosphere. A consequence of cooling is a contraction of the global thermosphere, leading to reductions in mass density at constant altitude over time."
That's unwelcome because the very low density of matter in the thermosphere is still enough to create drag on craft in low Earth orbit – enough that the International Space Station requires regular boosts to stay in orbit.
It's also enough drag to gradually slow space junk, causing it to descend into denser parts of the atmosphere where it vaporizes. A less dense thermosphere, the authors warn, means more space junk orbiting for longer and the possibility of Kessler syndrome instability – space junk bumping into space junk and breaking it up into smaller pieces until there's so much space junk some orbits become too dangerous to host satellites.
[...] The good news is the paper notes that satellite makers know Kessler syndrome instability is a possibility, so often build collision avoidance capabilities that let them avoid debris.
The authors hope manufacturers and operators work together on many debris-reduction tactics, and that greenhouse gas emissions are reduced to keep the thermosphere in fine trim.
Read more of this story at SoylentNews.
]]>According to two leakers.
AMD’s upcoming Zen 6 processors will remain compatible with AM5, but they are set to introduce a new chiplet-based CPU design and significantly boost core counts across desktop and laptop products, according to sources of ChipHell, as well as Moore's Law Is Dead. Premium processors for gamers will also feature 3D V-Cache.
AMD's next-generation Ryzen processors based on the Zen 6 microarchitecture will feature 12-core core chiplet dies (CCDs), marking a major shift from eight-core CCDs used in Zen 3/4/5 generation processors, if the linked reports are accurate. As a result, desktop AM5 processors will be able to feature up to 24 cores. Meanwhile, advanced laptop APUs will transition from a four Zen 5 eight Zen 5c (8+4) configuration to a 12-core structure, at least according to MLID. A Zen 6 CCD is 75mm^2 large, MLID claims.
Now, the increased number of cores is a big deal. However, premium versions of AMD's desktop processors will feature up to 96MB of L3 cache, which is 4MB per core. 4MB per core is in line with existing Zen 5 configurations, so AMD does not cut down caches in favor of core count.
AMD is expected to release Zen 6-based products in 2026, so it is reasonable to expect them to use a more advanced node than they use today (TSMC's 4nm-class), so think TSMC's N3P (3nm-class) given that AMD does exactly use leading-edge nodes (possibly due to supply constraints), which will be N2 (2nm-class) next year.
AMD's Zen 6-based Ryzens for gaming PCs will also feature 3D V-Cache. Some laptop processors with built-in graphics will also feature 3D V-Cache, though exact configuration is something that remains to be seen.
Interestingly, and according to MLID, AMD's standard APUs will be chiplet-based, moving away from the monolithic approach. Medusa Point — a laptop APU — is expected to feature a Zen 6 CCD with 12 cores and a 200mm^2 I/O die (IOD), featuring eight RDNA work groups, a 128-bit memory controller, and a large NPU. There is speculation that Infinity Cache may be added to enhance GPU performance.
MLID also claims that the desktop version of Medusa Point — allegedly called Medusa Ridge — will use up to two 12-core Zen 6 CCD in the AM5 form-factor. That product will have a 155mm^2 IOD without an advanced built-in GPU, but possibly with a large NPU.
Read more of this story at SoylentNews.
]]>US electricity consumption is rising faster than it has in decades, thanks in part to the boom in data center development, the resurgence in manufacturing, and the increasing popularity of electric vehicles.
Accommodating that growth will require building wind turbines, solar farms, and other power plants faster than we ever have before—and expanding the network of wires needed to connect those facilities to the grid.
But one major problem is that it's expensive and slow to secure permits for new transmission lines and build them across the country. This challenge has created one of the biggest obstacles to getting more electricity generation online, reducing investment in new power plants and stranding others in years-long "interconnection queues" while they wait to join the grid.
Fortunately, there are some shortcuts that could expand the capacity of the existing system without requiring completely new infrastructure: a suite of hardware and software tools known as advanced transmission technologies (ATTs), which can increase both the capacity and the efficiency of the power sector.
ATTs have the potential to radically reduce timelines for grid upgrades, avoid tricky permitting issues, and yield billions in annual savings for US consumers. They could help us quickly bring online a significant portion of the nearly 2,600 gigawatts of backlogged generation and storage projects awaiting pathways to connect to the electric grid.
The opportunity to leverage advanced transmission technologies to update the way we deliver and consume electricity in America is as close to a $20 bill sitting on the sidewalk as policymakers may ever encounter. Promoting the development and use of these technologies should be a top priority for politicians in Washington, DC, as well as electricity market regulators around the country.
[...] ATTs generally fall into four categories: dynamic line ratings, which combine local weather forecasts and measurements on or near the transmission line to safely increase their capacity when conditions allow; high-performance conductors, which are advanced wires that use carbon fiber, composite cores, or superconducting materials to carry more electricity than traditional steel-core conductors; topology optimization, which uses software to model fluctuating conditions across the grid and identify the most efficient routes to distribute electricity from moment to moment; and advanced power flow control devices, which redistribute electricity to lines with available capacity.
[...] So why are we not seeing an explosion in ATT investment and deployment in the US? Because despite their potential to unlock 21st-century technology, the 20th-century structure of the nation's electricity markets discourages adoption of these solutions.
Read more of this story at SoylentNews.
]]>Humans have a third set of teeth: Scientists discover medicine to grow them:
Kiran Mazumdar-Shaw called the newly developed drug capable of regrowing human teeth an "amazing discovery" that could make dental implants obsolete. Imagine a world in which losing a tooth does not require the use of dentures or implants. Scientists in Japan have unearthed an important first in regenerative medicine: a medication that could enable humans develop a third set of teeth. This study, which focusses on a single gene responsible for tooth growth, has begun clinical testing and could be accessible for general use by 2030. If successful, this finding has the potential to improve dental treatment and provide hope to millions of people who are missing teeth.A team of Japanese researchers, lead by Dr. Katsu Takahashi of the Medical Research Institute Kitano Hospital in Osaka, has been studying the genetic principles of tooth development. Their findings build on a 2021 study published in Scientific Reports, which found that reducing the USAG-1 gene in mice resulted in the creation of new teeth.The USAG-1 gene produces a protein that suppresses tooth development. Researchers discovered that employing an antibody that disables this protein allowed mice to regenerate teeth. Encouraged by these findings, the team has shifted its focus to humans, assuming that comparable genetic systems exist within us.Handout images from the Medical Research Institute Kitano Hospital show before (top) and after images of the regrowth of teeth in a ferret (centre) and mice (R and L).Humans already have a hidden third set of teeth
One of the most intriguing aspects of this discovery is that humans already have the potential to grow a third set of teeth. "The idea of growing new teeth is every dentist's dream," Dr Takahashi told Mainichi. "We're hoping to see a time when tooth regrowth medicine is a third choice alongside dentures and implants."While most people develop only two sets of teeth—baby teeth and permanent teeth—some individuals with a condition called hyperdontia naturally grow extra teeth. This suggests that the body already has the biological framework for an additional set. Scientists believe that activating these latent tooth buds using gene-targeting therapy could stimulate controlled regrowth in the general population.How this discovery could revolutionise dentistry
Read more of this story at SoylentNews.
]]>https://phys.org/news/2025-03-attention-limitations-idea-thieves-workplaces.html
It happens all the time. You're in a meeting, brainstorming with your team to uncover the next big idea. As the discussion unfolds, one of the standout ideas is yours—or so you thought. Suddenly, you realize a colleague is getting the credit.
You've just encountered an idea thief.
Despite the high reputational cost of being caught, idea theft is surprisingly common. A 2015 poll of 1,000 British workers revealed nearly half had their ideas stolen by colleagues, while 1 in 5 admitted to stealing an idea themselves.
Why is idea theft so common? And how do so many idea thieves get away with it? Zoe Kinias, professor of organizational behavior and sustainability at Ivey Business School, tackled these questions with her colleagues in a new study, "Social inattentional blindness to idea stealing in meetings," published in Scientific Reports.
Today's managers and executives are juggling more than ever, balancing diverse tasks in dynamic and information-rich workplaces. It's hard to stay fully informed and keep a finger on the pulse of everything that matters, experts say.
"As humans, our senses are constantly working together to create a vivid and detailed perception of the world," said Kinias. "Yet, our brains process only a tiny fraction of the information around us, leaving much unnoticed. This phenomenon, known as inattentional blindness, highlights just how selective our attention truly is."
Inattentional blindness offers profound opportunities for understanding complex social dynamics. But how do you study something most people fail to notice? Enter Theodore C. Masters-Waage, then a Ph.D. student at Singapore Management University, who approached Kinias—an expert in empowering workers—with a bold idea: leveraging virtual reality (VR) to explore social attention in the workplace.
"While VR has long been a powerful tool in STEM (science, technology, engineering and math) fields, its use in organizational behavior research is still in its early days," Kinias said. "For this study, VR was essential. It allowed us to create a hyper-realistic scenario with complete control, enabling us to examine how subtle social changes influence where people focus, or fail to focus, their attention."
In their experiment, 154 participants used VR headsets to enter a virtual meeting, where they watched four team members brainstorm ideas. Their task was straightforward: Identify the best idea. But there was a twist—midway through the meeting, one person blatantly stole another's idea and claimed it as their own.
The results were surprising: While nearly all participants—more than 99%—could pinpoint the best idea, only 30% could recall who originally shared it. The study revealed that the person who swooped in and claimed the idea as their own reaped the rewards. In fact, 42 percent of participants mistakenly credited the idea thief.
Journal Reference: Masters-Waage, T.C., Kinias, Z., Argueta-Rivera, J. et al. Social inattentional blindness to idea stealing in meetings. Sci Rep 14, 8060 (2024). https://doi.org/10.1038/s41598-024-56905-6
Read more of this story at SoylentNews.
]]>Exclusive: General Fusion fires up its newest steampunk fusion reactor:
General Fusion announced on Tuesday that it had successfully created plasma, a superheated fourth state of matter required for fusion, inside a prototype reactor. The milestone marks the beginning of a 93-week quest to prove that the outfit's steampunk approach to fusion power remains a viable contender.
The reactor, called Lawson Machine 26 (LM26), is General Fusion's latest iteration in a string of devices that have tested various parts of its unique approach. The company assembled LM26 in just 16 months, and it hopes to hit "breakeven" sometime in 2026.
General Fusion is one of the oldest fusion companies still operating. Founded in 2002, it has raised $440 million to date, according to PitchBook. Over that time, it has seen competitors rise and fall, and, like the fusion industry writ large, it has failed to meet breakeven promises, including one made over 20 years ago.
In fusion power, there are two points at which a reaction is said to breakeven. The one most people think of is called commercial breakeven. That's when a fusion reaction produces more power than the entire facility consumes, allowing the power plant to put electricity on the grid. No one has reached this milestone yet.
The other is known as scientific breakeven. In this case, the fusion reaction needs to produce at least as much power as was delivered directly to the fuel. Scientific breakeven only looks within the boundaries of the experimental system, ignoring the rest of the facility. Still, it's an important milestone for any fusion attempt. So far, only the U.S. Department of Energy's National Ignition Facility has reached it.
General Fusion's approach to fusion power differs significantly from other startups. Called magnetized target fusion (MTF), it's similar in some regards to inertial confinement, the technique the National Ignition Facility used in late 2022 to prove that fusion reactions could generate more power than was required to start them.
But where the National Ignition Facility uses lasers to compress a fuel pellet, General Fusion's MTF reactor design relies on steam-driven pistons. Inside the chamber, deuterium-tritium fuel is zapped with a bit of electricity to generate a magnetic field, which helps keep the plasma contained. The pistons then drive a liquid lithium wall inward on the plasma, compressing it.
Read more of this story at SoylentNews.
]]>It's longer than the width of Rhode Island, snakes across the oil fields of the southwest U.S. and crawls at 10 mph – too slow for a truck and too long for a train.
It's a new sight: the longest conveyer belt in America.
Atlas Energy Solutions, a Texas-based oil field company, has installed a 42-mile long (67 kilometers) conveyer belt to transport millions of tons of sand for hydraulic fracturing. The belt the company named "The Dune Express" runs from tiny Kermit, Texas, and across state borders into Lea County, New Mexico. Tall and lanky with lids that resemble solar modules, the steel structure could almost be mistaken for a roller coaster.
In remote West Texas, there are few people to marvel at the unusual machine in Kermit, a city with a population of less than 6,000, where the sand is typically hauled by tractor-trailers. During fracking, liquid is pumped into the ground at a high pressure to create holes, or fractures, that release oil. The sand helps keep the holes open as water, oil and gas flow through it.
Read more of this story at SoylentNews.
]]>Chipmaking tool biz ASML plans to open a new facility in China this year amid rising trade tensions between Washington and Beijing.
The supplier of advanced lithography equipment disclosed in its latest Annual Report that it aims to inaugurate a Beijing-based Reuse & Repair Center in 2025, recognizing the importance of China as one of its largest markets, alongside Taiwan.
This is a facility for reconditioning and reusing materials from systems that have been returned from the field, so the unit won't manufacture from scratch.
The decision comes after US authorities extended the list of restrictions on suppliers of chip manufacturing tech in December to include metrology – the precise measurement and validation of semiconductor materials using e-beams, X-rays and more – and software. Meanwhile further fab locations, mainly in China, were added to the export blacklist.
In retaliation, Beijing kicked off an investigation in January to decide if US subsidies to chipmakers are harming its semiconductor companies and amount to unreasonable trade practices.
This was days before President Donald Trump's administration - which itself isn't keen on the CHIPs Act - took over in Washington and introduced a further hardening of its stance on China, hiking tariffs on goods imported from the country by an extra ten percent.
ASML is currently the world's only supplier of extreme ultraviolet (EUV) photolithography equipment, used in the making of advanced chips with smaller features to cram in more circuitry. Export of these products to China was blocked by the Dutch government several years ago.
Fresh reports from China now suggest local researchers may have found a way to produce light at a 13.5 nm wavelength – the same in ASML's EUV kit – and are working to produce homegrown tech to sidestep the export ban.
Read more of this story at SoylentNews.
]]>https://phys.org/news/2025-03-psychological-booster-shots-resistance-misinformation.html
A new study has found that targeted psychological interventions can significantly enhance long-term resistance to misinformation. Dubbed "psychological booster shots," these interventions improve memory retention and help individuals recognize and resist misleading information more effectively over time.
The study, published in Nature Communications, explores how different approaches, including text-based messages, videos, and online games, can inoculate people against misinformation.
The researchers from the Universities of Oxford, Cambridge, Bristol, Potsdam and King's College London conducted five large-scale experiments with over 11,000 participants to examine the durability of these interventions and identify ways to strengthen their effects.
The research team tested three types of misinformation-prevention methods:
Text-based interventions, where participants read pre-emptive messages explaining common misinformation tactics.
Video-based interventions, short educational clips that expose the emotional manipulation techniques used in misleading content.
Gamified interventions, an interactive game that teaches people to spot misinformation tactics by having them create their own (fictional) fake news stories in a safe, controlled environment.
Participants were then exposed to misinformation and evaluated on their ability to detect and resist it over time. The study found that while all three interventions were effective, their effects diminished quickly over time, prompting questions about their long-term impact. However, providing memory-enhancing "booster" interventions, such as a follow-up reminder or reinforcement message, helped maintain misinformation resistance for a significantly longer period.
The study found that the longevity of misinformation resistance was primarily driven by how well participants remembered the original intervention. Follow-up reminders or memory-enhancing exercises were also found to significantly extend the effectiveness of the initial intervention, much like medical booster vaccines.
By contrast, the researchers found that boosters that did not focus on memory, but rather focused on increasing participants' motivation to defend themselves by reminding people of the looming threat of misinformation, did not have any measurable benefits for the longevity of the effects.
Journal Reference: Maertens, R., Roozenbeek, J., Simons, J.S. et al. Psychological booster shots targeting memory increase long-term resistance against misinformation. Nat Commun 16, 2062 (2025). https://doi.org/10.1038/s41467-025-57205-x
Read more of this story at SoylentNews.
]]>By Bill Toulas
March 12, 2025 11:01 AM
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.
The Mozilla certificate is set to expire this Friday, March 14, 2025, and was used to sign content, including add-ons for various Mozilla projects and Firefox itself.
Users need to update their browsers to Firefox 128 (released in July 2024) or later and ESR 115.13 or later for 'Extended Support Release' (ESR) users.
"On 14 March a root certificate (the resource used to prove an add-on was approved by Mozilla) will expire, meaning Firefox users on versions older than 128 (or ESR 115) will not be able to use their add-ons," warns a Mozilla blog post.
"We want developers to be aware of this in case some of your users are on older versions of Firefox that may be impacted."
A Mozilla support document explains that failing to update Firefox could expose users to significant security risks and practical issues, which, according to Mozilla, include:
Malicious add-ons can compromise user data or privacy by bypassing security protections.
Untrusted certificates may allow users to visit fraudulent or insecure websites without warning.
Compromised password alerts may stop working, leaving users unaware of potential account breaches.Users are recommended to check and confirm they're running Firefox version 128 and later via Menu > Help > About Firefox. This action should also automatically trigger a check for updates.
It is noted that the problem impacts Firefox on all platforms, including Windows, Android, Linux, and macOS, except for iOS, where there's an independent root certificate management system.
Mozilla says that users relying on older versions of Firefox may continue using their browsers after the expiration of the certificate if they accept the security risks, but the software's performance and functionality may be severely impacted.
"We strongly advise you to update to the latest version to avoid these issues and ensure your browser stays secure and efficient," advises Mozilla.
Mozilla has also set up a support thread for users who encounter problems or need help updating their Firefox browsers.
Users of Firefox-based browsers like Tor, LibreWolf, and Waterfox should also ensure they're running a version based on Firefox 128 and later.
Read more of this story at SoylentNews.
]]>Woolly mice are cute and impressive – but they won't bring back mammoths or save endangered species:
US company Colossal Biosciences has announced the creation of a "woolly mouse" — a laboratory mouse with a series of genetic modifications that lead to a woolly coat. The company claims this is the first step toward "de-extincting" the woolly mammoth.
The successful genetic modification of a laboratory mouse is a testament to the progress science has made in understanding gene function, developmental biology and genome editing. But does a woolly mouse really teach us anything about the woolly mammoth?
Woolly mammoths were cold-adapted members of the elephant family, which disappeared from mainland Siberia at the end of the last Ice Age around 10,000 years ago. The last surviving population, on Wrangel Island in the Arctic Ocean, went extinct about 4,000 years ago.
The house mouse (Mus musculus) is a far more familiar creature, which most of us know as a kitchen pest. It is also one of the most studied organisms in biology and medical research. We know more about this laboratory mouse than perhaps any other mammal besides humans.
Colossal details its new research in a pre-print paper, which has not yet been peer-reviewed. According to the paper, the researchers disrupted the normal function of seven different genes in laboratory mice via gene editing.
Six of these genes were targeted because a large body of existing research on the mouse model had already demonstrated their roles in hair-related traits, such as coat colour, texture and thickness.
The modifications in a seventh gene — FABP2 — was based on evidence from the woolly mammoth genome. The gene is involved in the transport of fats in the body.
Woolly mammoths had a slightly shorter version of the gene, which the researchers believe may have contributed to its adaptation to life in cold climates. However, the "woolly mice" with the mammoth-style variant of FABP2 did not show significant differences in body mass compared to regular lab mice.
Read more of this story at SoylentNews.
]]>Rust is alive and well in the Linux kernel and is expected to translate into noticeable benefits shortly, though its integration with the largely C-oriented codebase still looks uneasy.
In a hopeful coda to the recent maintainer drama that raised questions about the willingness of Linux maintainers to accommodate Rust code, Josh Aas, who oversees the Internet Security Research Group's Prossimo memory-safety project, late last week hailed Miguel Ojeda's work to advance memory safety in the kernel without mentioning the programming language schism.
"While our goal was never to rewrite the entire kernel in Rust, we are glad to see growing acceptance of Rust's benefits in various subsystems," said Aas. "Today, multiple companies have full time engineers dedicated to working on Rust in the Linux kernel."
Since at least September last year, when Microsoft software engineer Wedson Almeida Filho left the Rust for Linux project citing "non-technical nonsense," it's been clear that acceptance had limits. Tensions between Rust and C kernel contributors flared again in January over concerns about the challenges of maintaining a mixed language codebase – likened to cancer by one maintainer. Urged to intervene, Linux creator Linux Torvalds did so, making his annoyance known to both parties and prompting their departures as Linux maintainers.
Amid all that, Ojeda, who helms the Rust for Linux project, published a "Rust kernel policy" as a way to clarify that those contributing Rust code to the Linux kernel should stay the course and to underscore that Linux leaders still support the initiative.
According to Aas, the presence of Rust code is increasing in various Linux subsystems, including: PHY drivers, the null block driver, the DRM panic screen QR code generator, the Android binder driver, the Apple AGX GPU driver, the NVMe driver, and the Nova GPU driver.
"We expect that one of them will be merged into the mainline kernel in the next 12-18 months," said Aas, pointing to remarks from Linux lieutenant Greg Kroah-Hartman last November suggesting that the availability of Rust driver bindings represented a tipping point that would allow most driver subsystems to start getting Rust drivers.
Once this happens, said Aas, "the goal of the effort will start to be realized: Products and services running Linux with Rust drivers will be more secure, and that means the people using them will be more secure, too."
[...] "The good news is that with the rare exception of code that must be written in assembly for performance and/or security reasons (eg, cryptographic routines), we know how to get rid of memory safety vulnerabilities entirely: write code in languages that don't allow for those kinds of mistakes. It's a more or less solved research problem, and as such we don't need to suffer from this kind of thing any more. It can be relegated to the past like smallpox, we just have to do the work."
Between evocations of cancer and smallpox, it sounds like the Linux and Rust communities still have some issues to work out.
Read more of this story at SoylentNews.
]]>Researchers have criticised Microsoft's new Majorana 1 quantum computer, saying it has made claims about the way it works that aren't fully backed up by scientific evidence
Last month Microsoft announced, with fanfare, that it had created a new kind of matter and used it to make a quantum computer architecture that could lead to machines “capable of solving meaningful, industrial-scale problems in years, not decades”.
But since then, the tech giant has increasingly come under fire from researchers who say it has done nothing of the sort. “My impression is that the response of the expert physics community has been overwhelmingly negative. Privately, people are just outraged,” says Sergey Frolov at the University of Pittsburgh, Pennsylvania.
Microsoft’s claim rests on elusive and exotic quasiparticles called Majorana zero modes (MZMs). These can theoretically be used to create a topological qubit, a new type of quantum bit – the building blocks of information processing within a quantum computer. Because of their inherent properties, such qubits could excel at reducing errors, addressing a big shortcoming of all quantum computers in use today.
MZM’s have been theorised to emerge from the collective behaviour of electrons at the edges of thin superconducting wires. Microsoft’s new Majorana 1 chip contains several such wires and, according to the firm, enough MZMs to make eight topological qubits. A Microsoft spokesperson told New Scientist that the chip was “a significant breakthrough for us and the industry”.
Yet researchers say Microsoft hasn’t provided enough evidence to support these claims. Alongside its press announcement, the company published a paper in the journal Nature that it said confirmed its results. “The Nature paper marks peer-reviewed confirmation that Microsoft has not only been able to create Majorana particles, which help protect quantum information from random disturbance, but can also reliably measure that information from them,” said a Microsoft press release.
But editors at Nature made it explicitly clear that this statement is incorrect. A publicly available report on the peer-review process states: “The editorial team wishes to point out that the results in this manuscript do not represent evidence for the presence of Majorana zero modes in the reported devices.”
In other words, Microsoft and Nature are directly contradicting each other. “The press releases have said something totally different [than the Nature paper],” says Henry Legg at the University of St Andrews in the UK.
[...] This isn’t the only unorthodox aspect of Microsoft’s paper. Legg points out that two of the four peer reviewers initially gave rather critical and negative feedback which, in his experience, would typically disqualify a paper from publication in the prestigious journal. The peer-review report shows that by the last round of editing, one reviewer still disagreed with publication of the paper, while the other three signed off on it. A spokesperson for Nature told New Scientist that the ultimate decision to publish came down to the potential they saw for experiments with future MZMs in Microsoft’s device, rather than necessarily what it had achieved so far.
Read more of this story at SoylentNews.
]]>DOGE axes CISA 'red team' staffers amid ongoing federal cuts:
Elon Musk's Department of Government Efficiency (DOGE) has fired more than a hundred employees working for the U.S. government's cybersecurity agency CISA, including "red team" staffers, two people affected by the layoffs told TechCrunch.
The people, who asked not to be named, said affected employees were axed immediately when their network access was revoked with no prior warning.
The layoffs, which happened in late February and early March, are the latest round of staff cuts to hit the federal cybersecurity agency since the start of the Trump administration.
CISA spokesperson Tess Hyre declined to comment on the latest round of job cuts affecting the agency and wouldn't say how many employees had been affected. Hyre told TechCrunch that CISA's red team "remains operational" but said the agency is "reviewing all contracts to ensure that they align with the priorities of the new administration."
One of the people affected told TechCrunch that CISA red team employees, who simulate real-world attacks to identify security weaknesses in networks before attackers do, were affected by the DOGE-enforced cuts.
Another person affected by the layoffs, who asked to remain anonymous due to fear of government retaliation, told TechCrunch that laid-off employees also include staffers who worked for CISA's Cyber Incident Response Team (CIRT), which is responsible for penetration testing and vulnerability management of networks belonging to U.S. federal government departments and agencies.
[...] This is by our count the third known round of job cuts to affect CISA employees since January 20. More than 130 CISA employees were cut by DOGE earlier in February, according to reports, and several CISA employees working on election security were placed on leave in January.
Read more of this story at SoylentNews.
]]>A total lunar eclipse will occur on March 13-14, 2025 — the first on Earth since 2022 — but only the night side of the planet will get to see it. During this global event, which will occur at the same time across the world, the lunar surface will turn reddish for 65 minutes — a phenomenon often dubbed a "blood moon."
Although the point of greatest eclipse will be in the Pacific Ocean, North America and South America will get the best views. Some areas of Europe will get a slight view of the moonset, and East Asia will glimpse the spectacle at moonrise.
[...] The total lunar eclipse on March 13-14, 2025, will last just over six hours, beginning with a penumbral eclipse — when the moon enters Earth's fuzzy outer shadow and loses brightness — from 11:57 p.m. to 1:09 a.m. EDT (03:57 to 05:09 UTC). There will then be a partial phase — when the moon begins to enter Earth's darker umbral shadow and starts to turn red — from 1:09 a.m. to 2:26 a.m. (05:09 to 06:26 UTC). Totality — when the whole moon is within Earth's umbra — will last 65 minutes, from 2:26 a.m. to 3:31 a.m. EDT (06:26 to 07:31 UTC). The spectacle then reverses, with totality followed by a partial phase from 3:31 to 4:47 a.m. (07:31 to 08:47 UTC) and a penumbral phase from 4:47 to 6 a.m. EDT (08:47 to 10:00 UTC).
The entire eclipse will be visible — and at its best — across most of the Americas, with glimpses for Europe, Africa and East Asia. Here's a breakdown of the eclipse's visibility by region:
- North America: All phases of the eclipse will be visible across all 50 U.S. states (including Alaska and Hawaii), Canada and Mexico.
- South America: Most of the continent will witness the entire event, with totality visible from Brazil, Argentina and Chile starting after midnight on March 14.
- Europe: Western Europe — including Spain, France and the U.K. — will see totality as the moon sets early on the morning of March 14.
- Africa: Extreme Western Africa — including Cape Verde, Morocco and Senegal — will see totality as the moon sets early on the morning of March 14.
- Oceania: New Zealanders will see the eclipse in its later stages, with the moon already in partial shadow as it rises on March 14.
[...] Europe gets a poor view of this total lunar eclipse. In London, the penumbral phase will be viewable from 3:47 a.m. GMT on March 14 and the partial phase from 5:09 a.m. GMT. However, the full moon will set at 6:22 a.m. GMT, just before totality begins, so the only spectacle will be a barely distinguishable line of Earth's shadow across the moon as it sinks into the western horizon. Locations farther west get a slightly better view. From Cardiff, Wales, totality will begin at 6:26 a.m. GMT, 10 minutes before the local moonset, while in Dublin, the local moonset isn't until 6:48 a.m. GMT.
Arguably, the only locations in Europe to see this eclipse in an impressive way are Iceland and Greenland. From Reykjavik, Iceland, totality occurs between 06:26 and 7:31 a.m. GMT, and the local moonset isn't until 7:58 a.m.
Read more of this story at SoylentNews.
]]>The Hacker News has an interesting article on a PHP-CGI RCE flaw that is being exploited in the wild.
Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.
"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical report published Thursday.
"The attacker utilizes plugins of the publicly available Cobalt Strike kit 'TaoWu' for-post exploitation activities."
Targets of the malicious activity encompass companies across technology, telecommunications, entertainment, education, and e-commerce sectors in Japan.
[...] "We assess with moderate confidence that the attacker's motive extends beyond just credential harvesting, based on our observation of other post-exploitation activities, such as establishing persistence, elevating to SYSTEM level privilege, and potential access to adversarial frameworks, indicating the likelihood of future attacks," Raghuprasad said.
Read more of this story at SoylentNews.
]]>The popular political poll news and analysis website, 538, is being shut down as part of a broader shuttering effort across ABC News and Disney Entertainment, the Wall Street Journal reported on Tuesday night.
Disney is reportedly cutting 200 positions across ABC News Group and Disney Entertainment Networks, including shutting down the data-driven 538.
[...] FiveThirtyEight, which is named after the number of electors in the US electoral college, has become a popular website for predictions, analysis and watching the polls in the months and days leading up to election night.
But the website's workforce had been slowly dwindling for a couple of years. The 15 employees still with the outlet make up less than half of the team from 2023, when it had about 35 employees.
The decline began when 538's founder, Nate Silver, left the company two years ago when his Disney contract expired.
[...] The broader media landscape has been hit with mass layoffs seemingly nonstop for months. Last month, MSNBC announced a massive shakeup at the network that included letting go of Joy Reid and her production team, as well as no longer using the Spanish-language network Telemundo.
Read more of this story at SoylentNews.
]]>Short-cut method pinpoints a galaxy apparently formed from just hydrogen and helium:
Staring deep into space and far back in time, a team of astronomers may have spotted a galaxy full of stars made from only the primordial gas created in the Big Bang. Such "population III stars" would have formed from hydrogen and helium and nothing else, and researchers have been searching for them for decades, racking up many disputed sightings. If confirmed, the discovery, made with NASA's JWST space observatory, opens a window on the starting point of the chemical enrichment of the universe, in which the heavier elements needed to make planets and life began to be forged in stellar explosions.
"It's very exciting," says astronomer Elka Rusta of the University of Florence. "We hypothesize that [population III stars] exist from theory, but they have never been directly observed."
The nature of population III stars remains uncertain. Most theorists think they were huge, with masses up to 1000 times that of the Sun, 10 times larger than any star around today. That's because a cloud of gas collapsing to form a star needs to cool, which requires ionizing the atoms in the gas when they collide. But tightly bound hydrogen and helium atoms are hard to ionize, unlike the heavier elements found in later generations of stars. So a cloud of primordial gas would just keep growing as it pulled in more gas under its own gravity, reaching an enormous size before finally becoming dense enough to ignite nuclear fusion in its core.
The gigantic stars that resulted would also burn hot and fast, ending in a supernova explosion after just a few million years. That brief first flash of population III stars is hard for astronomers to spot in galaxies that went on to shine steadily for billions of years with smaller, longer lived stars. But the spectrum of the light from the giant stars might give them away. Different elements absorb and emit characteristic wavelengths of light. Population III stars would produce very strong emission lines for hydrogen and helium and would lack completely spectral lines produced by heavier elements.
Read more of this story at SoylentNews.
]]>These days most ISPs allow self-hosting to some extent. Programmer Mira Welner has published a 15-step tutorial to getting a working static web site up and running on a Raspberry Pi:
While tutorials abound in regards to getting a basic webserver set up, there is a difference between a functional server and a good usable website. I've been working on getting my personal site set up over the course of the past five years, spending an hour or so every month working on improving the Pi. I never intended for this personal project to become so lengthy or complex, but eventually I ended up with a fairly robust system for running, maintaining, and editing my website. This tutorial will describe what I've learned throughout the process of creating this site in 15 steps, so that you can use it to create and maintain your own sites.
This tutorial assumes that you already know how to use the command line, and that you have some understanding of HTML and CSS. That is about it.
Any always-on system is going to need to draw as little current as possible, and it is hard to beat a Raspberry Pi Zero 2 W which uses under 150 mA. This tutorial stands out as better than most others because of the small details filled in necessary to go from "Hello, World" page to a working, public web site.
Previously:
(2025) AI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore Robots.Txt
(2025) A Better DIY Seismometer Can Detect Faraway Earthquakes
(2024) How the Raspberry Pi is Transforming Synthesizers
(2023) Free Raspberry Pi 4B in Abandoned Scooters
... and many more.
Read more of this story at SoylentNews.
]]>X outage: Thousands report issues with Elon Musk's platform:
Elon Musk's social media platform X, formerly known as Twitter, experienced massive outages throughout Monday morning that impacted thousands of users in the US and UK.
The outage came as platform monitor Downdetector said it had seen tens of thousands of reports from US users of technical issues affecting the platform.
There were more than 8,000 outage reports from UK users shortly before 14:00 GMT, following a brief but notable surge of reports on Monday morning.
Connection issues lasted for some users into the afternoon.
Many users trying to access the platform and refresh feeds on its app and desktop site during Monday's outages were met with a loading icon.
Musk claims the outages stemmed from a "massive cyber-attack" that originated "in the Ukraine area".
But the technology billionaire, who has been a frequent critic of Ukraine and its President Volodymyr Zelensky, offered no evidence to support the claim and did not say whether or not he thought state actors were involved.
Earlier, he posted on X that "either a large, coordinated group and/or a country is involved".
[...] "We're not sure exactly what happened but there was a massive cyber-attack to try and bring down the X system with [Internet Protocol] addresses originating in the Ukraine area," Musk said in an interview with the Fox Business channel.
Alp Toker, director of Netblocks, which monitors the connectivity of web services, said its own metrics suggested the outages could well be linked to a cyber-attack.
"What we've been seeing is consistent with what we've seen in past denial of service attacks, rather than a configuration or coding error in the platform," he told the BBC.
Elon Musk Claims X Being Targeted in 'Massive Cyberattack' as Service Goes Down
Elon Musk claims X being targeted in 'massive cyberattack' as service goes down:
Elon Musk's X social media platform is experiencing multiple outages. Downdetector.com says more than 28,000 users reported an outage at 11:28 a.m.
The social media platform X (FKA Twitter) went down three separate times with the longest outage lasting several hours starting around 7 a.m. PT/10 a.m. ET.
No official words has come from X save for a single tweet from owner Elon Musk claiming that the outage was due to a 'massive cyberattack.'
More than 40,000 Downdetector reports poured in from users during the second outage — around 35,000 during the third outage — stating that they couldn't even get the X website to load, and it spiked hard again for a third one.
Elon Musk Says DOGE Involvement is Making It Harder to Run His Businesses
Elon Musk says DOGE involvement is making it harder to run his businesses:
In an interview with Fox's Larry Kudlow on Monday, billionaire Elon Musk admitted that his involvement with the Department of Government Efficiency (DOGE), Donald Trump's initiative to reduce federal spending, is making it tougher to run his many businesses: X, Tesla, xAI, SpaceX, The Boring Company, Neuralink, and Starlink.
"How are you running your other businesses?" Kudlow asked at one point. "With great difficulty," Musk replied. "Frankly, I can't believe I'm here doing this."
Musk and DOGE, which has around 100 staffers — a number that Musk expects to climb to 200 — have been criticized for overpromising and underdelivering on spending cuts across U.S government agencies. Government contracting experts say that DOGE's online record of reductions contains inaccurate information and inflates claims of "savings" by including misleading math about contract cancellations.
DOGE has also put the U.S.'s data and computing infrastructure at risk through its work, according to cybersecurity analysts. DOGE staffers, some of whom have little experience working with government systems, have reportedly accessed agency data through insecure means and copied that data onto unprotected servers.
[...] While Musk complains that his work advising DOGE has stretched him thin, the billionaire has been accused of using the initiative to weaken regulations that oversee his business ventures.
When asked by Kudlow if he would extend his involvement in DOGE by "another year," Musk said, "Yeah." "We're just getting things done, as opposed to writing a report," Musk added. "Like, reports don't mean anything. You've got to actually take action."
Original Submission #1 Original Submission #2 Original Submission #3
Read more of this story at SoylentNews.
]]>A Paleoarchaean impact crater in the Pilbara Craton, Western Australia:
The role of meteorite impacts in the origin, modification, and destruction of crust during the first two billion years of Earth history (4.5–2.5 billion years ago; Ga) is disputed. Whereas some argue for a relatively minor contribution overall, others have proposed that individual giant impactors (10–50 km diameter) can initiate subduction zones and deep mantle plumes, arguably triggering a chain of events that formed cratons, the ancient nuclei of the continents. The uncertainty is compounded by the seeming absence of impact structures older than 2.23 Ga, such that the evidence for the terrestrial impact flux in the Hadean and Archaean eons is circumstantial. Here, we report the discovery of shatter cones in a complex, dominantly metasedimentary layer, the Antarctic Creek Member (ACM), in the centre of the East Pilbara Terrane, Western Australia, which provide unequivocal evidence for a hypervelocity meteorite impact. The shocked rocks of the crater floor are overlain by (unshocked) carbonate breccias and pillow lavas, stratigraphically constraining the age of the impact to 3.47 Ga and confirming discovery of the only Archaean crater known thus far.
With more than a million craters exceeding 1 km in diameter, and around forty more than 100 km across1,2, the Moon preserves an exquisite record of the intense bombardment endured by bodies in the inner solar system during the first billion years or so of its history (Fig. 1a)3. On Earth, this early impact record has seemingly been lost, reflecting the destructive efficiency of erosion and subduction in recycling primary (basaltic, oceanic) crust back into the convecting mantle. Nevertheless, the oldest parts of many cratons, the ancient Archaean (4.0–2.5 billion years ago; Ga) nuclei of the continents, formed at or before 3.5 Ga4, and should preserve some evidence for an impact flux that would have exceeded that of a similar area of the Moon of comparable age5,6,7 (Fig. 1a). However, the oldest recognized terrestrial impact structure, at Yarrabubba, Western Australia, is dated at 2.23 Ga8. Where are all the Archaean craters?
Finding direct evidence for Archaean impacts (i.e., craters or impact structures8), and thereby better constraining the Archaean impact flux, is important. Large impactors (here bodies or 10 km in diameter) travelling in excess of 10 km.s–1 deliver enormous quantities of kinetic energy, most of which will decay to heat, warming the crust and upper mantle9, with potential consequences for plausible tectonic modes on the early Earth10,11. Further, numerical models have shown that individual bolide impacts can instigate subduction, mantle upwellings (plumes), and voluminous production of primary (basaltic) crust12,13,14. Moreover, impacts provide a ready mechanism to fracture (brecciate) the crust and, in the presence of a hydrosphere15, drive intense hydrothermal alteration of this regolith, concentrating key mineral deposits16. Notably, impact craters may have provided the physical and chemical environments required for life to emerge on Earth and elsewhere17,18.
Read more of this story at SoylentNews.
]]>https://www.theregister.com/2025/03/10/infosec_in_brief/
Infosec in Brief -- Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.
Discovered by Microsoft Threat Intelligence late last year, the campaign saw pirate vid-streaming websites embed malvertising redirectors to generate pay-per-view or pay-per-click revenue from malvertising platforms.
"These redirectors subsequently routed traffic through one or two additional malicious redirectors, ultimately leading to another website, such as a malware or tech support scam website, which then redirected to GitHub," according to Microsoft's threat research team.
GitHub hosted a first-stage payload that installed code that dropped two other payloads. One gathered system configuration info such as data on memory size, graphics capabilities, screen resolution, the operating system present, and user paths.
Third-stage payloads varied but most "conducted additional malicious activities such as command and control (C2) to download additional files and to exfiltrate data, as well as defense evasion techniques."
The attackers built four to five redirect layers in the campaign, each of which followed on from the GitHub dropper to install more nastiness that it appears were designed to steal information including stored browser credentials.
Microsoft noted that the malicious repos have since been taken down, and provided plenty of indicators of compromise and other valuable information in its report to aid in hunting down and stopping related campaigns.
Read more of this story at SoylentNews.
]]>US supreme court weakens rules on discharge of raw sewage into water supplies:
The US supreme court has weakened rules on the discharge of raw sewage into water supplies in a 5-4 ruling that undermines the 1972 Clean Water Act.
The CWA is the principal law governing pollution control and water quality of the nation's waterways.
The Republican super majority court ruled on Tuesday that the Environmental Protection Agency (EPA) cannot employ generic, water body-focused pollution discharge limits to Clean Water Act permit holders, and must provide specific limitations to pollution permittees.
The ruling is a win for San Francisco, which challenged nonspecific, or "narrative," wastewater permits that the EPA issues to protect the quality of surface water sources like rivers and streams relied upon for drinking water.
In a 5-4 ruling written by Justice Samuel Alito, the court blocked the EPA from issuing permits that make a permittee responsible for surface water quality, or "end result" permits – a new term coined by the court.
"The agency has adequate tools to obtain needed information from permittees without resorting to end-result requirements," wrote Justice Samuel Alito, who was joined by Chief Justice John Roberts and Justices Clarence Thomas and Brett Kavanaugh, along with Justice Neil Gorsuch, who joined part of the majority opinion.
Read more of this story at SoylentNews.
]]>[Ed note: Most of the headlines for this story uses the security vendor's description of this is a "backdoor", which is getting called out as deliberate clickbait and hype given the physical access needed to load malicious code --hubie]
Undocumented commands found in Bluetooth chip used by a billion devices
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.
The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.
"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.
"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."
The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.
Read more of this story at SoylentNews.
]]>Just how tiny can something be made...and still have it work?
https://www.earth.com/news/unexpected-find-inside-the-eye-of-a-tiny-wasp-megaphragma-viggianii/
Megaphragma wasps do more than just outsmart thrips. They also show how far miniaturization can go before basic features stop working.
Most insects rely on their eyes for movement and exploration. Ommatidia form the building blocks of these compound eyes and act like small detectors for incoming light.
In Megaphragma viggianii, researchers have counted a total of 29 ommatidia, which is extremely low compared to the number in the eyes of bigger insects.
Each tiny ommatidium uses a lens that measures around 8 micrometers, but that's still enough to focus light onto specialized structures below.
The rhabdom within each ommatidium (the optical units that make up the insect's compound eye) has stayed thick enough – about 2 micrometers – to catch adequate light and send signals to the brain.
This balance between lens size and rhabdom thickness seems to preserve clear vision during daylight hours.
Packed pigment granules line the sides of each ommatidium. They block stray light that might otherwise blur the wasp's vision.
Maintaining sight at such a small scale may demand a lot of energy. Some data hint at heavy loads of mitochondria in these photoreceptor cells, suggesting that vision comes with a metabolic price.
Roughly a third of the ommatidia cluster near the dorsal region of the eye. These specialized structures appear to detect polarized light, a feature known to help insects orientate under open skies.
In many insects, the dorsal rim area is essential for successful navigation and migration. It provides steady guidance, even when visual landmarks are absent.
In addition, a few unique photoreceptor cells hide behind the first row of ommatidia. They are positioned to receive light indirectly.
Read more of this story at SoylentNews.
]]>CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems:
While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it.
The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges.
Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.
The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices.
According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.
Originally spotted on Schneier on Security.
Read more of this story at SoylentNews.
]]>A Norwegian robotics firm has unveiled a knitted-nylon-covered humanoid robot designed to complete household chores.
"Neo Gamma," built by robotics company 1X, is a bipedal android equipped to perform everyday tasks such as vacuuming, tidying clothes and making coffee.
In a promotional video released Feb 21. On YouTube, the machine is shown serving tea, fixing a wonky picture frame, carrying laundry, hoovering, wiping windows and collecting groceries, before taking a seat as its human owners eat.
Although the company has said the humanoid robot is not ready to go on sale to the public, they claim the new model has been made available for limited testing in some homes. This will enable engineers to test the robot's navigational, speech and body language artificial intelligence (AI) features. These capabilities are being developed in-house, although ChatGPT developer OpenAI was an early investor.
"There is a not-so-distant future where we all have our own robot helper at home, like Rosey the Robot or Baymax," Bernt Børnich, the CEO of 1X, said in a statement. "But for humanoid robots to truly integrate into everyday life, they must be developed alongside humans, not in isolation."
"The home provides real-world context and the diversity of data needed for humanoids to grow in intelligence and autonomy. It also teaches them the nuances of human life — how to open the door for the elderly, move carefully around pets, or adapt to the unpredictability of the surrounding world," Børnich said.
[...] Its multi-joined hands use elastic motors that mimic human tendons, and it has four microphones and a speaker system integrated into its body to communicate with humans. Its knitted exterior was designed to reduce the force of potential impacts with the exterior environment and increase its overall safety.
Read more of this story at SoylentNews.
]]>An international team of researchers has revealed evidence of bygone “vacation-style” sandy beaches on Mars: underground rock layers that testify to an ancient northern ocean with gently lapping waves, as detailed in a study published January 14 in the journal PNAS. Their work bolsters previous research suggesting that Mars once hosted large bodies of water and a potentially habitable environment.
“We’re finding places on Mars that used to look like ancient beaches and ancient river deltas,” Benjamin Cardenas, a geologist at Pennsylvania State University and a co-author of the study, said in a university statement. “We found evidence for wind, waves, no shortage of sand—a proper, vacation-style beach.”
Cardenas and his colleagues studied geological data collected by the Chinese Zhurong rover in 2021 in an area of Mars called Utopia Planitia. Zhurong comes equipped with ground-penetrating radar, a tool that “gives us a view of the subsurface of the planet, which allows us to do geology that we could have never done before,” said Michael Manga, a planetary scientist at the University of California, Berkeley, who also participated in the study.
The radar data revealed underground rock layers bearing a striking resemblance to geological structures on Earth called “foreshore deposits”—downward sloping formations shaped by water currents pulling sediments into oceans. The researchers confirmed the similarities by comparing the Mars data to radar images of Earthly coastal deposits—even the angles of the underground Martian slopes aligned with those on our planet.
“This stood out to us immediately because it suggests there were waves, which means there was a dynamic interface of air and water,” Cardenas explained. “When we look back at where the earliest life on Earth developed, it was in the interaction between oceans and land, so this is painting a picture of ancient habitable environments, capable of harboring conditions friendly toward microbial life.”
After making sure that the formation couldn’t be explained by other factors such as rivers, wind, or volcanic activity, the researchers suggest that the Martian formations, as well as the thickness of their sediments, imply the presence of a bygone oceanic coast.
[...] If Mars really had oceanfront property, its ancient shores might be some of the best places to hunt for signs of past life. Future missions could help settle the question: Did microbes once call these beaches home, or were they just waves rolling over an empty, lifeless world?
Read more of this story at SoylentNews.
]]>https://www.nature.com/articles/d41586-025-00554-w
A slimy barrier lining the brain's blood vessels could hold the key to shielding the organ from the harmful effects of ageing, according to a study in mice.
The study showed that this oozy barrier deteriorates with time, potentially allowing harmful molecules into brain tissue and sparking inflammatory responses. Gene therapy to restore the barrier reduced inflammation in the brain and improved learning and memory in aged mice. The work was published today in Nature1.
The finding shines a spotlight on a cast of poorly understood molecules called mucins that coat the interior of blood vessels throughout the body and give mucus its slippery texture, says Carolyn Bertozzi, a Nobel-prizewinning chemist at Stanford University in California and a lead author of the study. "Mucins play a lot of interesting roles in the body," she says. "But until recently, we didn't have the tools to study them. They were invisible."
Mucins are large proteins decorated with carbohydrates that form linkages with one another, creating a water-laden, gel-like substance. They are crucial constituents of the blood–brain barrier, a system that restricts the movement of some molecules from the blood into the brain.
Researchers have long sought ways to sneak medicines past this barrier to treat diseases of the brain. Previous work also showed that the integrity of the barrier erodes with age2, suggesting that it could be an important target for therapies to combat diseases associated with ageing, such as Alzheimer's disease.
But scientists knew little about the contribution of mucins to these changes, until Sophia Shi, a graduate student at Stanford, decided to focus on a mucin-rich layer called the glycocalyx, which lines blood vessels. Shi and her colleagues looked at what happens to the glycocalyx in the brain as mice age. "The mucins on the young blood vessels were thick and juicy and plump," says Bertozzi. "In the old mice, they were thin and lame and patchy."
[Ed's Note: Unable to access the full article. If you have full access please leave a link in the comments.--JR]
Journal Reference:
Ledford, Heidi. 'Slime' keeps the brain safe ― and could guard against ageing, (DOI: 10.1038/d41586-025-00554-w)
Read more of this story at SoylentNews.
]]>Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying
At EFF we spend a lot of time thinking about Street Level Surveillance technologies—the technologies used by police and other authorities to spy on you while you are going about your everyday life—such as automated license plate readers, facial recognition, surveillance camera networks, and cell-site simulators (CSS). Rayhunter is a new open source tool we've created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out CSS around the world:
CSS operate by conducting a general search of all cell phones within the device's radius. Law enforcement use CSS to pinpoint the location of phones often with greater accuracy than other techniques such as cell site location information (CSLI) and without needing to involve the phone company at all. CSS can also log International Mobile Subscriber Identifiers (IMSI numbers) unique to each SIM card, or hardware serial numbers (IMEIs) of all of the mobile devices within a given area. Some CSS may have advanced features allowing law enforcement to intercept communications in some circumstances.
What makes CSS especially interesting, as compared to other street level surveillance, is that so little is known about how commercial CSS work. We don't fully know what capabilities they have or what exploits in the phone network they take advantage of to ensnare and spy on our phones, though we have some ideas.
We also know very little about how cell-site simulators are deployed in the US and around the world. There is no strong evidence either way about whether CSS are commonly being used in the US to spy on First Amendment protected activities such as protests, communication between journalists and sources, or religious gatherings. There is some evidence—much of it circumstantial—that CSS have been used in the US to spy on protests. There is also evidence that CSS are used somewhat extensively by US law enforcement, spyware operators, and scammers. We know even less about how CSS are being used in other countries, though it's a safe bet that in other countries CSS are also used by law enforcement.
CSS (also known as Stingrays or IMSI catchers) are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower.
CSS operate by conducting a general search of all cell phones within the device's radius. Law enforcement use CSS to pinpoint the location of phones often with greater accuracy than other techniques such as cell site location information (CSLI) and without needing to involve the phone company at all. CSS can also log International Mobile Subscriber Identifiers (IMSI numbers) unique to each SIM card, or hardware serial numbers (IMEIs) of all of the mobile devices within a given area. Some CSS may have advanced features allowing law enforcement to intercept communications in some circumstances.
[...] Until now, to detect the presence of CSS, researchers and users have had to either rely on Android apps on rooted phones, or sophisticated and expensive software-defined radio rigs. Previous solutions have also focused on attacks on the legacy 2G cellular network, which is almost entirely shut down in the U.S. Seeking to learn from and improve on previous techniques for CSS detection we have developed a better, cheaper alternative that works natively on the modern 4G network.
[...] Rayhunter works by intercepting, storing, and analyzing the control traffic (but not user traffic, such as web requests) between the mobile hotspot Rayhunter runs on and the cell tower to which it's connected. Rayhunter analyzes the traffic in real-time and looks for suspicious events, which could include unusual requests like the base station (cell tower) trying to downgrade your connection to 2G which is vulnerable to further attacks, or the base station requesting your IMSI under suspicious circumstances.
Originally spotted on Schneier on Security.
Read more of this story at SoylentNews.
]]>Asteroid Mining Startup Loses Its Spacecraft Somewhere Beyond the Moon:
A privately built spacecraft is tumbling aimlessly in deep space, with little hope of being able to contact its home planet. Odin is around 270,000 miles (434,522 kilometers) away from Earth, on a silent journey that's going nowhere fast.
California-based startup AstroForge launched its Odin spacecraft on February 26 on a SpaceX Falcon 9 rocket. The probe was headed toward a small asteroid to scan it for valuable metals, in service of the company's ambitious goal of mining asteroids for profit. AstroForge was also hoping to become the first company to launch a commercial mission to deep space with its in-house spacecraft, a dream that fell apart shortly after launch.
After Odin separated from the rocket, the company's primary ground station in Australia suffered major technical issues due to a power amplifier breaking, delaying AstroForge's first planned attempt to contact the spacecraft, the company revealed in an update on Thursday. The mission went downhill from there, as several attempts to communicate with Odin failed and the spacecraft's whereabouts were unknown. "I think we all know the hope is fading as we continue the mission," AstroForge founder Matt Gialich said in a video update shared on X.
AstroForge is working on developing technologies for mining precious metals from asteroids millions of miles away. The company launched its first mission in April 2023 to demonstrate its ability to refine asteroid material in orbit. Its initial task also did not go as planned, as the company struggled to communicate with its satellite.
For its second mission, AstroForge opted to build its spacecraft in-house to avoid some of the problems encountered during its first mission, Gialich told Gizmodo in an interview last year. AstroForge built the $3.5 million spacecraft in less than ten months. "We know how to build these craft. These have been built before. They just cost a billion fucking dollars. How do we do it for a fraction of the cost?" Gialich is quoted as saying in AstroForge's recent update. "At the end of the day, like, you got to fucking show up and take a shot, right? You have to try."
Read more of this story at SoylentNews.
]]>Amid a growing measles outbreak, doctors worry RFK is sending the wrong message:
[...] Two people have now died in the growing measles outbreak in west Texas and New Mexico.
New Mexico Health officials on Thursday confirmed the death of an unvaccinated adult who tested positive for measles. The first death was a school-age child in Gaines County, Texas last week.
News of a second death comes as infectious disease doctors worry that the federal government's messaging about the outbreak is putting more emphasis on treatments like vitamin A than on vaccination, even as misinformation about some of these treatments is spreading online.
Those concerns come in the wake of recent comments made by Health and Human Services Secretary Robert F. Kennedy Jr. Kennedy addressed the growing measles outbreak in an editorial for FOX News published on Sunday, also posted on the HHS website.
While mentioning the value of vaccination for community immunity, Kennedy said "the decision to vaccinate is a personal one." He emphasized treatment for measles, saying that vitamin A can "dramatically" reduce deaths from the disease. In an interview with FOX News Tuesday, he said Texas doctors are giving steroids and cod liver oil to their measles patients and "getting very, very, good results."
In his editorial, he said good nutrition is "a best defense against most chronic and infectious illnesses." That emphasis on nutrition and vitamin A to treat measles is concerning some infectious disease doctors.
"Mentions of cod liver oil and vitamins [are] just distracting people away from what the single message should be, which is to increase the vaccination rate, " said Dr. Amesh Adalja, an infectious disease physician and senior scholar with the Johns Hopkins Center for Health Security.
While vitamin A can play a role in preventing severe disease, discussion of vitamins, "doesn't replace the fact that measles is a preventable disease. And really, the way to deal with a measles outbreak is to vaccinate people against measles," says Dr. Adam Ratner, a member of the infectious disease committee of the American Academy of Pediatrics.
Kennedy did acknowledge that measles is highly contagious and that it poses health risks, especially to people who are not vaccinated. He said vaccines not only protect individual children from measles, but also protect people who can't be vaccinated. But he didn't strongly encourage people to get their children vaccinated — which is usually a key part of the public health response during an outbreak.
In 2019, when a measles outbreak was raging in the U.S., then health secretary Alex Azar came out with a statement strongly supporting vaccination and warning of the risks of under-vaccination.
Read more of this story at SoylentNews.
]]>https://www.wired.com/story/doge-government-salaries-elon-musk/
Engineers and executives at the so-called Department of Government Efficiency are drawing healthy taxpayer-funded salaries—sometimes from the very agencies they are cutting.
[...] Jeremy Lewin, one of the DOGE employees tasked with dismantling USAID, who has also played a role in DOGE's incursions into the National Institutes of Health and the Consumer Financial Protection Bureau, is listed as making just over $167,000 annually, WIRED has confirmed. Lewin is assigned to the Office of the Administrator within the General Services Administration.
Kyle Schutt, a software engineer at the Cybersecurity and Infrastructure Security Agency, is listed as drawing a salary of $195,200 through GSA, where he is assigned to the Office of the Deputy Administrator. That is the maximum amount that any "General Schedule" federal employee can make annually, including bonuses. "You cannot be offered more under any circumstances," the GSA compensation and benefits website reads.
Nate Cavanaugh, a 28-year-old tech entrepreneur who has taken a visible internal role interviewing GSA employees as part of DOGE's work at the agency, is listed as being paid just over $120,500 per year. According to DOGE's official website, the average GSA employee makes $128,565 and has worked at the agency for 13 years.
When Elon Musk started recruiting for DOGE in November, he described the work as "tedious" and noted that "compensation is zero." WIRED previously reported that the DOGE recruitment effort relied in part on a team of engineers associated with Peter Thiel and was carried out on platforms like Discord.
Since Trump took office in January, DOGE has overseen aggressive layoffs within the GSA, including the recent elimination of 18F, the agency's unit dedicated to technology efficiency. It also developed a plan to sell off more than 500 government buildings.
Although Musk has described DOGE as "maximum transparent," it has not made its spending or salary ranges publicly available. Funding for DOGE had grown to around $40 million as of February 20, according to a recent ProPublica report. The White House did not respond to questions about the salary ranges for DOGE employees or how the budget is allocated to pay them.
Read more of this story at SoylentNews.
]]>Alphabet has announced a new development for Taara's technology that could lead to low-cost, high-speed internet connectivity, even in far-flung locations. Taara's general manager, Mahesh Krishnaswamy, has introduced the Taara chip, a silicon photonic chip that uses light to transmit high-speed data through the air. The Taara chip is abut the size of a fingernail, far smaller than the technology the Alphabet division has been using. Taara Lightbridge, which is what its first-generation technology is called, is the size of a traffic light and uses a system of mirrors and sensors to physically steer light to where it needs to go. The new chip uses software instead.
Taara is a project under X, Alphabet's moonshot factory. The high speed wireless optical link technology underpinning the project was originally developed for X's Project Loon internet broadcasting balloons. Alphabet pulled the plug on Loon in 2021 and focused on Taara instead, using its technology to beam broadband across the Congo River and the streets of Nairobi. Even years before Loon shut down, Alphabet's X was already toying with the idea of using light to beam internet and tested the technology in India.
Taara's technology works by using a "very narrow, invisible light beam to transmit data at speeds as high as 20 gigabits per second, up to distances of 20 kilometers (12.1 miles)." It's like traditional fiber, in the sense that it uses light to carry data, except that light doesn't travel through cables. Instead, Taara's hardware emits beams of light. The beams from two units must be aligned with each other to be able to form a secure link that can transmit data, which is why Lightbridge was fitted with the parts needed to be able to physically steer the light. Taara's new chip doesn't need those components: It contains hundreds of tiny light emitters controlled by software with automatic steering
Krishnaswamy said Taara's light-beaming units will only take days to install instead of the months or years it can take to lay fiber. During tests in the lab, the Taara team was able to transmit data at speeds of 10 Gbps over a distance of one kilometer (0.62 miles) using two of the new chips. They're now looking to improve the chip's capacity and range by creating an "iteration with thousands of [light] emitters." The team expects the chip to be available in 2026.
Read more of this story at SoylentNews.
]]>For the moment I suggest that you either subscribe using Paypal or wait until the problem has been fixed. I will notify the community when the problem has been resolved.
If you cannot/will not use Paypal and you need to have a valid subscription to limit access to your journal then you can contact me (either as janrinok or admin (at) soylentnews (dot) org) via email and I can give you a short subscription grant of a few days to enable you to publish your journal.
Read more of this story at SoylentNews.
]]>Hugging Face's chief science officer worries AI is becoming 'yes-men on servers':
AI company founders have a reputation for making bold claims about the technology's potential to reshape fields, particularly the sciences. But Thomas Wolf, Hugging Face's co-founder and chief science officer, has a more measured take.
In an essay published to X on Thursday, Wolf said that he feared AI becoming "yes-men on servers" absent a breakthrough in AI research. He elaborated that current AI development paradigms won't yield AI capable of outside-the-box, creative problem-solving — the kind of problem-solving that wins Nobel Prizes.
"The main mistake people usually make is thinking [people like] Newton or Einstein were just scaled-up good students, that a genius comes to life when you linearly extrapolate a top-10% student," Wolf wrote. "To create an Einstein in a data center, we don't just need a system that knows all the answers, but rather one that can ask questions nobody else has thought of or dared to ask."
Wolf's assertions stand in contrast to those from OpenAI CEO Sam Altman, who in an essay earlier this year said that "superintelligent" AI could "massively accelerate scientific discovery." Similarly, Anthropic CEO Dario Amodei has predicted AI could help formulate cures for most types of cancer.
Wolf's problem with AI today — and where he thinks the technology is heading — is that it doesn't generate any new knowledge by connecting previously unrelated facts. Even with most of the internet at its disposal, AI as we currently understand it mostly fills in the gaps between what humans already know, Wolf said.
Some AI experts, including ex-Google engineer François Chollet, have expressed similar views, arguing that while AI might be capable of memorizing reasoning patterns, it's unlikely it can generate "new reasoning" based on novel situations.
Wolf thinks that AI labs are building what are essentially "very obedient students" — not scientific revolutionaries in any sense of the phrase. AI today isn't incentivized to question and propose ideas that potentially go against its training data, he said, limiting it to answering known questions.
Read more of this story at SoylentNews.
]]>In late 2013, the Spike Jonze film Her imagined a future where people would form emotional connections with AI voice assistants. Nearly 12 years later, that fictional premise has veered closer to reality with the release of a new conversational voice model from AI startup Sesame that has left many users both fascinated and unnerved.
"I tried the demo, and it was genuinely startling how human it felt," wrote one Hacker News user who tested the system.
[...]
In late February, Sesame released a demo for the company's new Conversational Speech Model (CSM) that appears to cross over what many consider the "uncanny valley" of AI-generated speech
[...]
"At Sesame, our goal is to achieve 'voice presence'—the magical quality that makes spoken interactions feel real, understood, and valued," writes the company in a blog post.
[...]
Sometimes the model tries too hard to sound like a real human. In one demo posted online by a Reddit user called MetaKnowing, the AI model talks about craving "peanut butter and pickle sandwiches."
[...]
"I've been into AI since I was a child, but this is the first time I've experienced something that made me definitively feel like we had arrived," wrote one Reddit user.
[...]
Many other Reddit threads express similar feelings of surprise, with commenters saying it's "jaw-dropping" or "mind-blowing."
[...]
Mark Hachman, a senior editor at PCWorld, wrote about being deeply unsettled by his interaction with the Sesame voice AI. "Fifteen minutes after 'hanging up' with Sesame's new 'lifelike' AI, and I'm still freaked out," Hachman reported.
[...]
Others have compared Sesame's voice model to OpenAI's Advanced Voice Mode for ChatGPT, saying that Sesame's CSM features more realistic voices, and others are pleased that the model in the demo will roleplay angry characters, which ChatGPT refuses to do.
[...]
Under the hood, Sesame's CSM achieves its realism by using two AI models working together (a backbone and a decoder) based on Meta's Llama architecture that processes interleaved text and audio. Sesame trained three AI model sizes, with the largest using 8.3 billion parameters (an 8 billion backbone model plus a 300 million parameter decoder) on approximately 1 million hours of primarily English audio.
Read more of this story at SoylentNews.
]]>Apple appeal to Investigatory Powers Tribunal may be the first case of its type:
Apple reportedly filed an appeal in hopes of overturning a secret UK order requiring it to create a backdoor for government security officials to access encrypted data.
"The iPhone maker has made its appeal to the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the UK security services, according to people familiar with the matter," the Financial Times reported today. The case "is believed to be the first time that provisions in the 2016 Investigatory Powers Act allowing UK authorities to break encryption have been tested before the court," the article said.
A Washington Post report last month said UK security officials "demanded that Apple create a backdoor allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud," including "blanket capability to view fully encrypted material."
Apple has publicly criticized the law, warning last year that the UK government is claiming power to demand access to the data of users in any country, not just the UK.
Apple responded to the recent order by pulling its Advanced Data Protection (ADP) service from the UK. The optional level of encryption for iCloud prevents even Apple from seeing user data. "Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature," Apple said last month.
"As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will," Apple also said.
Backdoors demanded by governments have alarmed security and privacy advocates, who say the special access would be exploited by criminal hackers and other governments. Bad actors typically need to rely on vulnerabilities that aren't intentionally introduced and are patched when discovered. Creating backdoors for government access would necessarily involve tech firms making their products and services less secure.
The order being appealed by Apple is a Technical Capability Notice issued by the UK Home Office under the 2016 law, which is nicknamed the Snoopers' Charter and forbids unauthorized disclosure of the existence or contents of a warrant issued under the act.
[...] Under the law, Investigatory Powers Tribunal decisions can be challenged in an appellate court.
Read more of this story at SoylentNews.
]]>