Last month TIOBE announced its estimate that the four most popular programming languages were: 1. Python2. C3. C++4. Java But this month C++ "overtook" C for the first time, TIOBE announced, becoming (according to the same methodology) the #2 most popular programming language, with C dropping to #3. " C++ has never been that high in the TIOBE index," says TIOBE Software CEO Paul Jansen in the announcement, "whereas C has never been that low." 1. Python2. C++3. C4. Java C++ started a new life as of 2011 with its consistent 3 yearly updates. Although most compilers and most engineers can't take up with this pace, it is considered a success to see the language evolve. The main strengths of C++ are its performance and scalability. Its downside is its many ways to get things done, i.e. its rich idiom of features, which is caused by its long history and aim for backward compatibility. C++ is heavily used in embedded systems, game development and financial trading software, just to name a few domains. There's different rankings from the rival PYPL index of programming language popularity. It lumps C and C++ together to award them a collective ranking (#5). But unlike TIOBE, it shows Java [and JavaScript and C#] all being more popular (with Python still the #1 most popular language). Of course, statistical anomalies could be also skewing the results. Visual Basic also lost two ranks in popularity in the last month, according to TIOBE, dropping from the #7 position to the #9 position (now falling just behind Go and SQL). This becomes the first time that Go has risen as high as #7, according to TIOBE's announcement - with Rust also reaching an all-time high of #17...Read more of this story at Slashdot.
The $22 million paid by Change Healthcare's parent company to unlock its systems "may have emboldened bad actors to further target the vulnerable industry," writes Axios:There were 44 attacks against the health care sector in April, the most that [cybersecurity firm] Recorded Future has seen in the four years it's been collecting data. It was also the second-largest month-over-month jump, after 30 ransomware attacks were recorded in March. There were 32 attacks in February and May. But an analysis by the security-focused magazine CSO says the "disastrous" incident also "starkly illustrated the fragility of the healthcare sector, prompting calls for regulatory action."In response to the attack, US politicians have called for mandated baseline cybersecurity standards in the health sector, as well as better information sharing. They have also raised concerns that industry consolidation is increasing cyber risk. So what went wrong? The attackers used a set of stolen credentials to remotely access the company's systems. But the article also notes Change Healthcare's systems "suffered from a lack of segmentation, which enables easy lateral movement of the attack" - and that the company's acquisition may have played a role:Mergers and acquisitions create new cyber threats because they involve the integration of systems, data, and processes from different organizations, each with its own security protocols and potential vulnerabilities. "During this transition, cybercriminals can exploit discrepancies in security measures, gaps in IT governance, and the increased complexity of managing merged IT environments," Aron Brand, CTO of CTERA told CSOonline. "Additionally, the heightened sharing of sensitive information between parties provides more opportunities for data breaches." And "In the end, paying the ransom failed to protect UHG from secondary attempts at extortion."In April, cybercriminals from the RansomHub group threatened to leak portions of 6TB of sensitive data stolen from the breach of Change Healthcare, and obtained through Nichy, according to an analysis by security vendor Forescout. An estimated one in three Americans had their sensitive data exposed as a result of the attack. Such secondary scams are becoming increasingly commonplace and healthcare providers are particularly at risk, according to compliance experts... The US Department of Health and Human Services (HHS) is investigating whether a breach of protected health information occurred in assessing whether either UHG or Change Healthcare violated strict healthcare sector privacy regulations. Thanks to Slashdot reader snydeq for sharing the article.Read more of this story at Slashdot.
The New York Times magazine remembers that once upon a time, in the early 1990s, "some prominent researchers were promoting, and the media helped popularize, the idea that moderate drinking...was linked to greater longevity. "The cause of that association was not clear, but red wine, researchers theorized, might have anti-inflammatory properties that extended life and protected cardiovascular health..."More recently, though, research has piled up debunking the idea that moderate drinking is good for you. Last year, a major meta-analysis that re-examined 107 studies over 40 years came to the conclusion that no amount of alcohol improves health; and in 2022, a well-designed study found that consuming even a small amount brought some risk to heart health. That same year, Nature published research stating that consuming as little as one or two drinks a day (even less for women) was associated with shrinkage in the brain - a phenomenon normally associated with aging... [M]ore people are now reporting that they consume cannabis than alcohol on a daily basis. Some governments are responding to the new research by overhauling their messaging. Last year, Ireland became the first country to pass legislation requiring a cancer warning on all alcohol products sold there, similar to those found on cigarettes: "There is a direct link between alcohol and fatal cancers," the language will read. And in Canada, the government has revised its alcohol guidelines, announcing: "We now know that even a small amount of alcohol can be damaging to health." The guidelines characterize one to two drinks a week as carrying "low risk" and three to six drinks as carrying "moderate risk." (Previously the guidelines suggested that women limit themselves to no more than two standard drinks most days, and that men place that limit at three.)Read more of this story at Slashdot.
Wednesday The Information reported that OpenAI had doubled its annualized revenue - a measure of the previous month's revenue multiplied by 12 - in the last six months. It's now $3.4 billion (which is up from around $1 billion last summer, notes Engadget). And now an anonymous reader shares a new report from The Information:OpenAI CEO Sam Altman recently told some shareholders that the artificial intelligence developer is considering changing its governance structure to a for-profit business that OpenAI's nonprofit board doesn't control, according to a person who heard the comments. One scenario Altman said the board is considering is a for-profit benefit corporation, which rivals such as Anthropic and xAI are using, this person said.Such a change could open the door to an eventual initial public offering of OpenAI, which currently sports a private valuation of $86 billion, and may give Altman an opportunity to take a stake in the fast-growing company, a move some investors have been pushing. More from Reuters:The restructuring discussions are fluid and Altman and his fellow directors could ultimately decide to take a different approach, The Information added.In response to Reuters' queries about the report, OpenAI said: "We remain focused on building AI that benefits everyone. The nonprofit is core to our mission and will continue to exist." Is that a classic non-denial denial? Note that the nonprofit's "continuing to exist" does not in any way preclude OpenAI from becoming a for-profit business - with a spin-off nonprofit, continuing to exist...Read more of this story at Slashdot.
Have scientists discovered infrared radiation, evidence of waste heat generated by the energy-harvesting star-surrounding spheres first proposed by British American physicist Freeman Dyson? CNN reports:[A] new study that looked at 5 million stars in the Milky Way galaxy suggests that seven candidates could potentially be hosting Dyson spheres - a finding that's attracting scrutiny and alternate theories... Using historical data from telescopes that pick up infrared signatures, the research team looked at stars located within less than 1,000 light-years from Earth: "We started with a sample of 5 million stars, and we applied filters to try to get rid of as much data contamination as possible," said lead study author Matias Suazo, a doctoral student in the department of physics and astronomy of Uppsala University in Sweden. "So far, we have seven sources that we know are glowing in the infrared but we don't know why, so they stand out...." Among the natural causes that could explain the infrared glow are an unlucky alignment in the observation, with a galaxy in the background overlapping with the star, planetary collisions creating debris, or the fact that the stars may be young and therefore still surrounded by disks of hot debris from which planets would later form... An earlier study, published in March and using data from the same sources as the new report, had also found infrared anomalies among a sample dataset of 5 million stars in our galaxy. "We got 53 candidates for anomalies that cannot be well explained, but can't say that all of them are Dyson sphere candidates, because that's not what we are specifically looking for," said Gabriella Contardo, a postdoctoral research fellow at the International School for Advanced Studies in Trieste, Italy, who led the earlier study. She added that she plans to check the candidates against Suazo's model to see how many tie into it. "You need to eliminate all other hypotheses and explanations before saying that they could be a Dyson sphere," she added. "To do so you need to also rule out that it's not some kind of debris disk, or some kind of planetary collision, and that also pushes the science forward in other fields of astronomy - so it's a win-win." Both Contardo and Suazo agree that more research is needed on the data, and that ultimately they could turn to NASA's James Webb Space Telescope for more information, as it is powerful enough to observe the candidate stars directly. However, because of the lengthy, competitive procedures that regulate use of the telescope, securing access might take some time. CNN adds that "A May 23 paper published in response to the one by Suazo and his colleagues suggests that at least three of the seven stars have been 'misidentified' as Dyson spheres and could instead be 'hot DOGs' - hot dust-obscured galaxies - and that the remaining four could probably be explained this way as well." But "As for Dyson himself, if he were still alive, he also would be highly skeptical that these observations represent a technological signature, his son George argued: 'But the discovery of new, non-technological astronomical phenomena is exactly why he thought we should go out and look.' "Read more of this story at Slashdot.
This week the Rust Foundation jointly announced "the Safety-Critical Rust Consortium" with industry partners including Arm, AdaCore, Lynx Software Technologies, and Toyota's mobility tech subsidiary Woven. Its goal is supporting "responsible use" of Rust "in safety-critical software - systems whose failure can impact human life or cause severe environmental or property harm." "This is exciting," said Rust creator Graydon Hoare in a statement. "I am truly pleased to see the Rust Foundation and anyone in the safety-critical space coming together on this topic." From the announcement:"Safety is our foremost priority in vehicle software development. Traditionally, achieving the highest levels of safety has been a complex and lengthy endeavor, requiring the use of specialized tools and processes beyond the programming language," said JF Bastien, Distinguished Engineer at Woven by Toyota. "We are therefore pleased to collaborate with leading experts in the safety industry to integrate new tools such as Rust into our safety-critical systems...."Industries that are particularly concerned with functional safety include transportation (such as automotive, aviation, space), energy, life sciences, and more. Because of their potential impacts, these industries are often regulated, have liability considerations, and are guided by standards... These industries have decades of experience delivering products, learning from iterating based on real-world feedback, and improving processes. An ecosystem of tools and tool vendors have evolved, and best practices have been learned to create a safety culture around tooling. Rust offers particular advantages in terms of developer ergonomics, productivity and software quality; however, it lacks a deep and established well of safety-processes and collective industry knowledge of safety-critical systems. Without closing this gap, a developer must primarily rely on best practices and normative precautions, which can limit innovation. Rust developers who stray from the well-trod path can find themselves facing an inquiry were an accident to occur. In these circumstances, anything that seems unusual will be investigated for fault. This risk creates a disincentive to widespread Rust adoption, leaving developers unable to reap all its advantages while potentially facing financial, reputational and moral costs. The gap in safety-critical resources within the Rust programming language ecosystem is also an exciting opportunity. By rapidly incorporating lessons learned from years of careful development and past mistakes in the wider open source ecosystem, Rust can become a valuable component of a safety toolkit adaptable to various safety-critical industries and severity levels. "Work under the consortium will begin with the creation of a public charter and goals," according to the announcement, with a scope possibly including "the development of guidelines, linters, libraries, static analysis tools, formal methods and language subsets to meet industrial and legal requirements.The group may further shepherd Rust Foundation-funded implementation work, including grants to existing academic teams or FOSS projects... The group will further attempt to coordinate with and expand on existing safety-critical projects and standards including SAE JA1020. The group will maintain communication with the larger Rust Project, and "The Consortium's deliverables will be developed and licensed in a manner compatible with other Rust Project endeavors."Read more of this story at Slashdot.
French photovoltaics group Hespul tested solar panels installed in 1992, reports PV Magazine:The testing showed that the modules still produce on average 79.5% of their initial power after 31 years of operation. In a previous testing carried out 11 years ago, the panels were found to produce 91.7% of their initial power. "This result exceeds the performance promised by the manufacturers who said the panels would have maintained 80% of their output after 25 years," said Hespul. The drop in performance is on average 20.5%, or 0.66% per year over 31 years, and 1.11% per year over the last 11 years... Another more recent study carried out by the US Department of Energy's National Renewable Energy Laboratory (NREL) on 1,700 American sites totaling 7.2 GW of power, showed a median degradation of around -0.75%/year. Moveover, another research study focused on 4,300 residential installations in operation in Europe and used different data processing methodologies. Depending on the methods, a median loss of -0.36% to -0.67%/year was obtained. Thanks to long-time Slashdot reader storkus for sharing the news.Read more of this story at Slashdot.
Slashdot reader BrianFagioli shares his report from BetaNews:The PC community is abuzz with Qualcomm's recent announcement of its Snapdragon X Elite SoC, a powerhouse chipset that promises to revolutionize the performance and energy efficiency of laptops and tablets. While Windows 11 Copilot+ PCs are set to feature this advanced processor, Linux enthusiasts have reasons to celebrate as well. You see, TUXEDO Computers is bringing this cutting-edge technology to the Linux world with its upcoming ARM notebook, positioning it as a strong competitor to Windows 11 Copilot+ devices. In a recent update, TUXEDO Computers revealed its ambitious project of developing an ARM notebook powered by the Snapdragon X Elite SoC from Qualcomm. This announcement has generated significant excitement, as it presents a viable alternative to traditional x86 notebooks, offering comparable performance with lower energy consumption, directly challenging the dominance of Windows 11 Copilot+... Benchmarks suggest that the Snapdragon X Elite can not only rival but potentially surpass Apple's M2 SoCs, boasting higher energy efficiency. TUXEDO's preliminary tests confirm these impressive claims, setting the stage for a fierce competition with Windows 11 Copilot+ PCs. "We recently presented a prototype of the ARM notebook we are working on at the Computex computer trade fair in Taiwan," according to TUXEDO's announcement. "On the software side, a port of TUXEDO OS with KDE Plasma to the ARM platform is our goal for this project running internally under the working title Drako... "It is quite conceivable that an ARM notebook from TUXEDO will be under your Christmas tree in 2024... If you have subscribed to our newsletter, you will be the first to know."Read more of this story at Slashdot.
An anonymous reader shared this report from Futurism:An AI chatbot named VIC, or Virtually Integrated Citizen, is trying to make it onto the ballot in this year's mayoral election for Wyoming's capital city of Cheyenne. But as reported by Wired, Wyoming's secretary of state is battling against VIC's legitimacy as a candidate - and now, an investigation is underway. According to Wired, VIC, which was built on OpenAI's GPT-4 and trained on thousands of documents gleaned from Cheyenne council meetings, was created by Cheyenne resident and library worker Victor Miller. Should VIC win, Miller told Wired that he'll serve as the bot's "meat puppet," operating the AI but allowing it to make decisions for the capital city.... "My campaign promise," Miller told Wired, "is he's going to do 100 percent of the voting on these big, thick documents that I'm not going to read and that I don't think people in there right now are reading...." Unfortunately for the AI and its - his? - meat puppet, however, they've already made some political enemies, most notably Wyoming Secretary of State Chuck Gray. As Gray, who has challenged the legality of the bot, told Wired in a statement, all mayoral candidates need to meet the requirements of a "qualified elector." This "necessitates being a real person," Gray argues... Per Wired, it's also run amuck with OpenAI, which says the AI violates the company's "policies against political campaigning." (Miller told Wired that he'll move VIC to Meta's open-source Llama 3 model if need be, which seems a bit like VIC will turn into a different candidate entirely.) The Wyoming Tribune Eagle offers more details:[H]is dad helped him design the best system for VIC. Using his $20-a-month ChatGPT subscription, Miller had an 8,000-character limit to feed VIC supporting documents that would make it an effective mayoral candidate... While on the phone with Miller, the Wyoming Tribune Eagle also interviewed VIC itself. When asked whether AI technology is better suited for elected office than humans, VIC said a hybrid solution is the best approach. "As an AI, I bring unique strengths to the role, such as impartial decision-making, data-driven policies and the ability to analyze information rapidly and accurately," VIC said. "However, it's important to recognize the value of human experience and empathy and leadership. So ideally, an AI and human partnership would be the most beneficial for Cheyenne...." The artificial intelligence said this unique approach could pave a new pathway for the integration of human leadership and advanced technology in politics.Read more of this story at Slashdot.
Friday the Python Software Foundation published several blog posts about this year's "Python Language Summit" May 15th (before PyCon US), which featured talks and discussions by core developers, triagers, and Python implementation maintainers. There were several lightning talks. One talk came from the maintainer of the PyO3 project, offering Rust bindings for the Python C API (which requires mapping Rust concepts to Python - leaving a question as to how to map Rust's error-handling panic! macro). There was a talk on formalizing the PEP prototype process, and a talk on whether the Python team should have a more official presence in the Apple App Store (and maybe the Google Play Store). One talk suggested changing the formatting of error messages for assert statements, and one covered a "highly experimental" project to support structured data sharing between Python subinterpreters. One talk covered Python's "unsupported build" warning and how it should behave on platforms beyond Python's officially supported list. Python Foundation blog posts also covered some of the longer talks, including one on the idea of using type annotations as a mechanism for transformers. One talk covered the new interactive REPL interpreter coming to Python 3.13. And one talk focused on Python's security model after the xz-utils backdoor:Pablo Galindo Salgado, Steering Council member and the release manager for Python 3.10 and 3.11, brought this topic to the Language Summit to discuss what could be done to improve Python's security model... Pablo noted the similarities shared between CPython and xz-utils, referencing the previous Language Summit's talk on core developer burnout, the number of modules in the standard library that have one or zero maintainers, the high ratio of maintainers to source code, and the use of autotools for configuration. Autotools was used by [xz's] Jia Tan as part of the backdoor, specifically to obscure the changes to tainted release artifacts. Pablo confirmed along with many nods of agreement that indeed, CPython could be vulnerable to a contributor or core developer getting secretly malicious changes merged into the project. For multiple reasons like being able to fix bugs and single-maintainer modules, CPython doesn't require reviewers on the pull requests of core developers. This can lead to "unilateral action", meaning that a change is introduced into CPython without the review of someone besides the author. Other situations like release managers backporting fixes to other branches without review are common. Much discussion ensued about the possibility of altering workflows (including pull request reviews), identity verification, and the importance of post-incident action plans. Guido van Rossum suggested a "higher bar" for granting write access, but in the end "Overall it was clear there is more discussion and work to be done in this rapidly changing area." In another talk, Hugo van Kemenade, the newly announced Release Manager for Python 3.14 and 3.15, "started the Language Summit with a proposal to change Python's versioning scheme.The perception of Python using semantic versioning is a source of confusion for users who don't expect backwards incompatible changes when upgrading to new versions of Python. In reality almost all new feature releases of Python include backwards incompatible changes such as the removal of "dead batteries" where PEP 594 marked 19 modules for removal in Python 3.13. Calendar Versioning (CalVer) encompasses a wide array of different versioning schemes that have one property in common: using the release date as part of a release's version... Hugo offered multiple proposed versioning schemes, including: - Using the release year as minor version (3.YY.micro, "3.26.0")- Using the release year as major version (YY.0.micro, "26.0.0")- Using the release year and month as major and minor version (YY.MM.micro, "26.10.0") [...] Overall the proposal to use the current year as the minor version was well-received, Hugo mentioned that he'd be drafting up a PEP for this change.Read more of this story at Slashdot.
wgoodman shares a report from The Register: NASA's Voyager 1 spacecraft is back in action and conducting normal science operations for the first time since the veteran probe began spouting gibberish at the end of 2023. All four of the spacecraft's remaining operational instruments are now returning usable data to Earth, according to NASA. Some additional work is needed to tidy up the effects of the issue. Engineers need to resynchronize the timekeeping software of Voyager 1's three onboard computers to ensure that commands are executed at the correct times. Maintenance will also be performed on the digital tape recorder, which records some data from the plasma instrument for a six-monthly downlink to Earth. Voyager 1's woes began in November 2023, when the spacecraft stopped transmitting usable data back to Earth. Rather than engineering and science data, NASA found itself faced with a repeating pattern of ones and zeroes, as though the spacecraft was somehow stalled. Engineers reckoned the issue lay with the Flight Data System (FDS) and in March sent a command -- dubbed a "poke" -- to get the FDS to try some other software sequences and thus circumvent whatever was causing the problem. The result was a complete memory dump from the computer, which allowed engineers to pinpoint where the corruption had occurred. It appeared that a single chip was malfunctioning, and engineers were faced with the challenge of devising a software update that would work around the defective hardware. Usable engineering data began to be returned later in April, and in May the mission team sent commands to instruct the probe to keep science data flowing. The result was that the plasma wave subsystem and magnetometer instrument began sending data immediately. According to NASA, the cosmic ray subsystem and low energy charged particle instrument required a little more tweaking but are now operational. The rescue was made all the more impressive by the fact that it takes 22.5 hours for a command to reach Voyager 1 and another 22.5 hours for a response to be received on Earth.Read more of this story at Slashdot.
The Pentagon announced the first winners of its $5.6 billion National Security Space Launch program, with Jeff Bezos' Blue Origin securing a spot for the first time alongside Elon Musk's SpaceX and United Launch Alliance (ULA). These companies will compete for contracts through mid-2029 under the program's Phase 3, which is expected to include 90 rocket launch orders. CNBC reports: Under the program, known as NSSL Phase 3 Lane 1, the trio of companies will be eligible to compete for contracts through mid-2029. ULA and SpaceX have already been competing for contracts under the previous Phase 2 edition of NSSL: In total, over five years of Phase 2 launch orders, the military assigned ULA with 26 missions worth $3.1 billion, while SpaceX got 22 missions worth $2.5 billion. Blue Origin, as well as Northrop Grumman, missed out on Phase 2 when the Pentagon selected ULA and SpaceX for the program in August 2020. But with Phase 3, the U.S. military is raising the stakes -- and widening the field -- on a high-profile competition for Space Force mission contracts. Phase 3 is expected to see 90 rocket launch orders in total, with a split approach of categories Lane 1 and Lane 2 to allow even more companies to bid.Read more of this story at Slashdot.
An anonymous reader quotes a report from Reuters: Alphabet's Google must face trial on U.S. antitrust enforcers' claim that the internet search juggernaut illegally dominates the online advertising technology market, a federal judge ruled on Friday. U.S. District Judge Leonie Brinkema in Alexandria, Virginia, denied Google's motion during a hearing, according to court records. Google had argued for a win without a trial, saying that antitrust laws do not block companies from refusing to deal with rivals and that regulators had not accurately defined the ad tech market. Court papers did not specify what reasons the judge provided at the hearing. Motions like the one Google filed are only granted where a judge determines there is no factual dispute to send to trial. Last year, the U.S. Justice department and eight states sued Google, calling for the break up of the search giant's ad-technology business over alleged illegal monopolization of the digital advertising market.Read more of this story at Slashdot.
Drew Turney reports via Live Science: The "Turing test," first proposed as "the imitation game" by computer scientist Alan Turing in 1950, judges whether a machine's ability to show intelligence is indistinguishable from a human. For a machine to pass the Turing test, it must be able to talk to somebody and fool them into thinking it is human. Scientists decided to replicate this test by asking 500 people to speak with four respondents, including a human and the 1960s-era AI program ELIZA as well as both GPT-3.5 and GPT-4, the AI that powers ChatGPT. The conversations lasted five minutes -- after which participants had to say whether they believed they were talking to a human or an AI. In the study, published May 9 to the pre-print arXiv server, the scientists found that participants judged GPT-4 to be human 54% of the time. ELIZA, a system pre-programmed with responses but with no large language model (LLM) or neural network architecture, was judged to be human just 22% of the time. GPT-3.5 scored 50% while the human participant scored 67%. "Machines can confabulate, mashing together plausible ex-post-facto justifications for things, as humans do," Nell Watson, an AI researcher at the Institute of Electrical and Electronics Engineers (IEEE), told Live Science. "They can be subject to cognitive biases, bamboozled and manipulated, and are becoming increasingly deceptive. All these elements mean human-like foibles and quirks are being expressed in AI systems, which makes them more human-like than previous approaches that had little more than a list of canned responses." Further reading: 1960s Chatbot ELIZA Beat OpenAI's GPT-3.5 In a Recent Turing Test StudyRead more of this story at Slashdot.
The Energy Information Administration (EIA) expects Americans' monthly electricity bills to average $173 between June through August, compared to $168 last summer. "The slight bump in costs comes from consumers cranking up their air conditioning more to cope with a warmer season than last year," writes The Verge's Justine Calma. "Bills would have jumped higher, if not for lower residential electricity prices helping to balance out some of the increased energy use from air conditioning." From the report: Some regions are likely to be harder hit by the weather than others. Because of heat and humidity along the Gulf Coast, residents in Southern states typically use the most electricity in the summer to cool their homes. The Pacific Coast, meanwhile, faces the biggest potential percentage increase in retail electricity prices in the nation -- a 7 percent jump since last year. Wholesale electricity costs there have risen since 2022, in part because of a heat and drought-induced shortfall in hydroelectricity generation. Households along the Pacific could see their electricity bills go up an average of $11 per month this summer, according to the EIA. To be sure, the EIA says that weather is "the main source of uncertainty" in its forecasts for folks' utility bills. If this summer winds up being hotter than expected, households could wind up paying even more. Residential electricity use typically peaks in the summer for most of the US because of air conditioning. Extreme heat can even trigger power outages if demand suddenly rises too sharply. California, the Southwest, the Midwest, Texas, and New England are at "elevated risk" of electricity supply shortages during any extreme weather this summer, according to an assessment (PDF) by the North American Electric Reliability Corporation.Read more of this story at Slashdot.
A critical vulnerability in the PHP programming language (CVE-2024-4577) has been exploited by ransomware criminals, leading to the infection of up to 1,800 servers primarily in China with the TellYouThePass ransomware. This vulnerability, which affects PHP when run in CGI mode, allows attackers to execute malicious code on web servers. Ars Technica's Dan Goodin reports: As of Thursday, Internet scans performed by security firm Censys had detected 1,000 servers infected by a ransomware strain known as TellYouThePass, down from 1,800 detected on Monday. The servers, primarily located in China, no longer display their usual content; instead, many list the site's file directory, which shows all files have been given a .locked extension, indicating they have been encrypted. An accompanying ransom note demands roughly $6,500 in exchange for the decryption key. The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012. CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn't set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web server. This configuration is extremely rare, with the exception of the XAMPP platform, which uses it by default. An additional requirement appears to be that the Windows locale -- used to personalize the OS to the local language of the user -- must be set to either Chinese or Japanese. The critical vulnerability was published on June 6, along with a security patch. Within 24 hours, threat actors were exploiting it to install TellYouThePass, researchers from security firm Imperva reported Monday. The exploits executed code that used the mshta.exe Windows binary to run an HTML application file hosted on an attacker-controlled server. Use of the binary indicated an approach known as living off the land, in which attackers use native OS functionalities and tools in an attempt to blend in with normal, non-malicious activity. In a post published Friday, Censys researchers said that the exploitation by the TellYouThePass gang started on June 7 and mirrored past incidents that opportunistically mass scan the Internet for vulnerable systems following a high-profile vulnerability and indiscriminately targeting any accessible server. The vast majority of the infected servers have IP addresses geolocated to China, Taiwan, Hong Kong, or Japan, likely stemming from the fact that Chinese and Japanese locales are the only ones confirmed to be vulnerable, Censys researchers said in an email. Since then, the number of infected sites -- detected by observing the public-facing HTTP response serving an open directory listing showing the server's filesystem, along with the distinctive file-naming convention of the ransom note -- has fluctuated from a low of 670 on June 8 to a high of 1,800 on Monday. Censys researchers said in an email that they're not entirely sure what's causing the changing numbers.Read more of this story at Slashdot.
In a featured article for The Verge, David Pierce explores the world of competitive Excel, highlighting its rise from a hobbyist activity to a potential esport, showcased during the Excel World Championship in Las Vegas. Top spreadsheet enthusiasts competed at the MGM Grand to solve complex Excel challenges, emphasizing the transformative power and ubiquity of spreadsheets in both business and entertainment. An anonymous reader quotes an excerpt from the report: Competitive Excel has been around for years, but only in a hobbyist way. Most of the people in this room full of actuaries, analysts, accountants, and investors play Excel the way I play Scrabble or do the crossword -- exercising your brain using tools you understand. But last year's competition became a viral hit on ESPN and YouTube, and this year, the organizers are trying to capitalize. After all, someone points out to me, poker is basically just math, and it's all over TV. Why not spreadsheets? Excel is a tool. It's a game. Now it hopes to become a sport. I've come to realize in my two days in this ballroom that understanding a spreadsheet is like a superpower. The folks in this room make their living on their ability to take some complex thing -- a company's sales, a person's lifestyle, a region's political leanings, a race car -- and pull it apart into its many component pieces. If you can reduce the world down to a bunch of rows and columns, you can control it. Manipulate it. Build it and rebuild it in a thousand new ways, with a couple of hotkeys and an undo button at the ready. A good spreadsheet shows you the universe and gives you the ability to create new ones. And the people in this room, in their dad jeans and short-sleeved button-downs, are the gods on Olympus, bending everything to their will. There is one inescapably weird thing about competitive Excel: spreadsheets are not fun. Spreadsheets are very powerful, very interesting, very important, but they are for work. Most of what happens at the FMWC is, in almost every practical way, indistinguishable from the normal work that millions of people do in spreadsheets every day. You can gussy up the format, shorten the timelines, and raise the stakes all you want -- the reality is you're still asking a bunch of people who make spreadsheets for a living to just make more spreadsheets, even if they're doing it in Vegas. You really can't overstate how important and ubiquitous spreadsheets really are, though. "Electronic spreadsheets" actually date back earlier than computers and are maybe the single most important reason computers first became mainstream. In the late 1970s, a Harvard MBA student named Dan Bricklin started to dream up a software program that could automatically do the math he was constantly doing and re-doing in class. "I imagined a magic blackboard that if you erased one number and wrote a new thing in, all of the other numbers would automatically change, like word processing with numbers," he said in a 2016 TED Talk. This sounds quaint and obvious now, but it was revolutionary then. [...] Competitive Excel has been around for years, but only in a hobbyist way. Most of the people in this room full of actuaries, analysts, accountants, and investors play Excel the way I play Scrabble or do the crossword -- exercising your brain using tools you understand. But last year's competition became a viral hit on ESPN and YouTube, and this year, the organizers are trying to capitalize. After all, someone points out to me, poker is basically just math, and it's all over TV. Why not spreadsheets? Excel is a tool. It's a game. Now it hopes to become a sport. I've come to realize in my two days in this ballroom that understanding a spreadsheet is like a superpower. The folks in this room make their living on their ability to take some complex thing -- a company's sales, a person's lifestyle, a region's political leanings, a race car -- and pull it apart into its many component pieces. If you can reduce the world down to a bunch of rows and columns, you can control it. Manipulate it. Build it and rebuild it in a thousand new ways, with a couple of hotkeys and an undo button at the ready. A good spreadsheet shows you the universe and gives you the ability to create new ones. And the people in this room, in their dad jeans and short-sleeved button-downs, are the gods on Olympus, bending everything to their will.Read more of this story at Slashdot.
Paul M. Nakasone, a retired U.S. Army general and former NSA director, is now OpenAI's newest board member. Nakasone will join the Safety and Security Committee and contribute to OpenAI's cybersecurity efforts. CNBC reports: The committee is spending 90 days evaluating the company's processes and safeguards before making recommendations to the board and, eventually, updating the public, OpenAI said. Nakasone joins current board members Adam D'Angelo, Larry Summers, Bret Taylor and Sam Altman, as well as some new board members the company announced in March: Dr. Sue Desmond-Hellmann, former CEO of the Bill and Melinda Gates Foundation; Nicole Seligman, former executive vice president and global general counsel of Sony; and Fidji Simo, CEO and chair of Instacart. OpenAI on Monday announced the hiring of two top executives as well as a partnership with Apple that includes a ChatGPT-Siri integration. The company said Sarah Friar, previously CEO of Nextdoor and finance chief at Square, is joining as chief financial officer. Friar will "lead a finance team that supports our mission by providing continued investment in our core research capabilities, and ensuring that we can scale to meet the needs of our growing customer base and the complex and global environment in which we are operating," OpenAI wrote in a blog post. OpenAI also hired Kevin Weil, an ex-president at Planet Labs, as its new chief product officer. Weil was previously a senior vice president at Twitter and a vice president at Facebook and Instagram. Weil's product team will focus on "applying our research to products and services that benefit consumers, developers, and businesses," the company wrote. Edward Snowden, a former NSA contractor who leaked classified documents in 2013 that exposed the massive scope of government surveillance programs, is wary of the appointment. In a post on X, Snowden wrote: "They've gone full mask-off: Do not ever trust OpenAI or its products (ChatGPT etc). There is only one reason for appointing an NSA director to your board. This is a willful, calculated betrayal of the rights of every person on Earth. You have been warned."Read more of this story at Slashdot.
Liam Proven reports via The Register: The latest version of the systemd init system is out, with the openly confrontational tag line: "Available soon in your nearest distro, now with 42 percent less Unix philosophy." As Lennart Poettering's announcement points out, this is the first version of systemd whose version number is a nine-bit value. Version 256, as usual, brings in a broad assortment of new features, but also turns off some older features that are now considered deprecated. For instance, it won't run under cgroups version 1 unless forced. Around since 2008, cgroups is a Linux kernel containerization mechanism originally donated by Google, as The Reg noted a decade ago. Cgroups v2 was merged in 2016 so this isn't a radical change. System V service scripts are now deprecated too, as is the SystemdOptions EFI variable. Additionally, there are some new commands and options. Some are relatively minor, such as the new systemd-vpick binary, which can automatically select the latest member of versioned directories. Before any OpenVMS admirers get excited, no, Linux does not now support versions on files or directories. Instead, this is a fresh option that uses a formalized versioning system involving: "... paths whose trailing components have the .v/ suffix, pointing to a directory. These components will then automatically look for suitable files inside the directory, do a version comparison and open the newest file found (by version)." The latest function, which The Reg FOSS desk suspects will ruffle some feathers, is a whole new command, run0, which effectively replaces the sudo command as used in Apple's macOS and in Ubuntu ever since the first release. Agent P introduced the new command in a Mastodon thread. He says that the key benefit is that run0 doesn't need setuid, a basic POSIX function, which, to quote its Linux manual page, "sets the effective user ID of the calling process." [...] Another new command is importctl, which handles importing and exporting both block-level and file-system-level disk images. And there's a new type of system service called a capsule, and "a small new service manager" called systemd-ssh-generator, which lets VMs and containers accept SSH connections so long as systemd can find the sshd binary -- even if no networking is available. The release notes are available here.Read more of this story at Slashdot.
An anonymous reader quotes a report from Reuters: New York Attorney General Letitia James has recovered $50 million from the cryptocurrency platform Gemini Trust to repay investors defrauded in its Gemini Earn program, she said on Friday. Gemini, run by billionaire twin brothers Cameron and Tyler Winklevoss, will provide full recoveries to more than 230,000 Earn investors, including 29,000 in New York, and agreed to a ban on operating crypto lending programs in the state. The payout is in addition to James' related $2 billion settlement, opens new tab with crypto lender Genesis Global Capital, which she announced on May 20. "Gemini marketed its Earn program as a way for investors to grow their money, but actually lied and locked investors out of their accounts," James said. "Today's settlement will make defrauded investors whole." The funds will be accessible within seven days, Gemini told investors on Friday. "With this final distribution, Earn users will have received 100% of the assets owed to them," it said. [...] Investors are expected to recover more than they invested because they are being paid in digital assets such as bitcoin , whose value has more than tripled since redemptions were suspended.Read more of this story at Slashdot.
An artificial intelligence candidate is on the ballot for the United Kingdom's general election next month. From a report: "AI Steve," represented by Sussex businessman Steve Endacott, will appear on the ballot alongside non-AI candidates running to represent constituents in the Brighton Pavilion area of Brighton and Hove, a city on England's southern coast. "AI Steve is the AI co-pilot," Endacott said in an interview. "I'm the real politician going into Parliament, but I'm controlled by my co-pilot." Endacott is the chairman of Neural Voice, a company that creates personalized voice assistants for businesses in the form of an AI avatar. Neural Voice's technology is behind AI Steve, one of the seven characters the company created to showcase its technology. He said the idea is to use AI to create a politician who is always around to talk with constituents and who can take their views into consideration. People can ask AI Steve questions or share their opinions on Endacott's policies on its website, during which a large language model will give answers in voice and text based on a database of information about his party's policies. If he doesn't have a policy for a particular issue raised, the AI will conduct some internet research before engaging the voter and pushing them to suggest a policy.Read more of this story at Slashdot.
Avian influenza outbreaks on US dairy farms have raised concerns about milk safety, leading some to consider alternatives like engineered milk proteins. Startups like Remilk and Alpine Bio are using yeast and soybeans to produce key milk proteins, aiming to replace dairy cows and reduce environmental impact. However, competing with subsidized dairy industries and their efficient use of cow byproducts remains a challenge for these biotech ventures, MIT Technology Review reports. The story adds: Everyone agrees that cow's milk will be difficult to displace. It holds a special place in the human psyche, and we owe civilization itself, in part, to domesticated animals. In fact, they've left their mark in our genes, with many of us carrying DNA mutations that make cow's milk easier to digest. But that's why it might be time for the next technological step, says Alpine's CEO Magi Richani. "We raise 60 billion animals for food every year, and that is insane. We took it too far, and we need options," she says. "We need options that are better for the environment, that overcome the use of antibiotics, and that overcome the disease risk." It's not clear yet whether the bird flu outbreak on dairy farms is a big danger to humans. But making milk without cows would definitely cut the risk that an animal virus will cause a new pandemic. As Richani says: "Soybeans don't transmit diseases to humans."Read more of this story at Slashdot.
Mozilla has reinstated certain add-ons for Firefox that earlier this week had been banned in Russia by the Kremlin. From a report: The browser extensions, which are hosted on the Mozilla store, were made unavailable in the Land of Putin on or around June 8 after a request by the Russian government and its internet censorship agency, Roskomnadzor. Among those extensions were three pieces of code that were explicitly designed to circumvent state censorship -- including a VPN and Censor Tracker, a multi-purpose add-on that allowed users to see what websites shared user data, and a tool to access Tor websites. The day the ban went into effect, Roskomsvoboda -- the developer of Censor Tracker -- took to the official Mozilla forums and asked why his extension was suddenly banned in Russia with no warning.Read more of this story at Slashdot.
The iconic recycling symbol, invented 20 years before Earth Day 1990, has become omnipresent on products, often misleading consumers about what can be recycled, according to experts cited in a story explored by Grist. The chasing arrows logo, which promises rebirth for discarded materials, is frequently plastered on items that are not recyclable, particularly plastic products. Confusion over recycling rules has led to contamination at recycling facilities, driving up costs for cities. Only around 5 percent of plastic waste in the United States gets recycled, with much of the rest ending up in landfills or incinerators. Environmental groups have called plastic recycling a "false solution." The trouble began in the 1970s when corporations, facing pressure to address litter, embraced recycling as a way to shift responsibility for waste onto individuals and local governments. The plastics industry introduced a resin code system in 1988, surrounding numbers with the chasing arrows logo, giving the impression that all plastics could be recycled. Despite industry efforts to promote recycling, experts say fulfilling the "urgent need to recycle" has proven difficult and unprofitable. The result is a lack of markets for most recycled plastics, with only 9 percent of all plastics ever produced having been recycled.Read more of this story at Slashdot.
Meta has confirmed that it will pause plans to start training its AI systems using data from its users in the European Union and U.K. From a report: The move follows pushback from the Irish Data Protection Commission (DPC), Meta's lead regulator in the EU, which is acting on behalf of several data protection authorities across the bloc. The U.K.'s Information Commissioner's Office (ICO) also requested that Meta pause its plans until it could satisfy concerns it had raised. "The DPC welcomes the decision by Meta to pause its plans to train its large language model using public content shared by adults on Facebook and Instagram across the EU/EEA," the DPC said in a statement Friday. "This decision followed intensive engagement between the DPC and Meta. The DPC, in cooperation with its fellow EU data protection authorities, will continue to engage with Meta on this issue." While Meta is already tapping user-generated content to train its AI in markets such as the U.S., Europe's stringent GDPR regulations has created obstacles for Meta -- and other companies -- looking to improve their AI systems, including large language models with user-generated training material. However, Meta last month began notifying users of an upcoming change to its privacy policy, one that it said will give it the right to use public content on Facebook and Instagram to train its AI, including content from comments, interactions with companies, status updates, photos and their associated captions. The company argued that it needed to do this to reflect "the diverse languages, geography and cultural references of the people in Europe."Read more of this story at Slashdot.
An anonymous reader shares a report: Brussels is set to charge Apple over allegedly stifling competition on its mobile app store, the first time EU regulators have used new digital rules to target a Big Tech group. The European Commission has determined that the iPhone maker is not complying with obligations to allow app developers to "steer" users to offers outside its App Store without imposing fees on them, according to three people with close knowledge of its investigation. The charges would be the first brought against a tech company under the Digital Markets Act, landmark legislation designed to force powerful "online gatekeepers" to open up their businesses to competition in the EU. The commission, the EU's executive arm, said in March it was investigating Apple, as well as Alphabet and Meta, under powers granted by the DMA. An announcement over the charges against Apple was expected in the coming weeks, said two people with knowledge of the case.Read more of this story at Slashdot.
An anonymous reader shares a report: Ita(TM)s been a rocky couple of months for Sonos -- so much so that CEO Patrick Spence now has a canned autoreply for customers emailing him to vent about the redesigned app. But as the company works to right the ship, restore trust, and get the new Sonos Ace headphones off to a strong start, it finds itself in the middle of yet another controversy. As highlighted by repair technician and consumer privacy advocate Louis Rossmann, Sonos has made a significant change to its privacy policy, at least in the United States, with the removal of one key line. The updated policy no longer contains a sentence that previously said, "Sonos does not and will not sell personal information about our customers." That pledge is still present in other countries, but it's nowhere to be found in the updated US policy, which went into effect earlier this month.Read more of this story at Slashdot.
Visa's and Mastercard's proposed $30 billion antitrust settlement to limit credit and debit card fees for merchants is in peril, after a New York judge signaled she was preparing to reject the accord. From a report: U.S. District Judge Margo Brodie in Brooklyn told lawyers for the card networks and objectors at a hearing on Thursday that she will "likely not approve the settlement," according to court records. She plans to write an opinion explaining her decision and reasoning. Both card networks said they were disappointed. Mastercard called the settlement a "fair resolution" that gave businesses more flexibility in managing card transactions, and Visa called it an "appropriate resolution" to the nearly 19-year-old case.Read more of this story at Slashdot.
An anonymous reader shares a report: City building simulations are not real life. They can be helpful teaching tools, but they abstract away many of the real issues in changing communities. And yet, sometimes a game like Cities: Skylines 2 (C:S2) will present an issue that's just too timely and relevant to ignore. Such is the case with "Economy 2.0," a big update to the beleaguered yet continually in-development game, due to arrive within the next week or so. The first and most important thing it tackles is the persistent issue of "High Rent," something that's bothering the in-game citizens ("cims" among fans), C:S2 players, and nearly every human living in the United States and many other places. C:S2 has solutions to high rent, at least for their virtual citizens. They removed the "virtual landlord" that takes in rent, so now a building's upkeep is evenly split among renters. There's a new formula for calculating rent, one that evokes a kind of elegant mathematical certainty none of us will ever see: "Rent = (LandValue + (ZoneType * Building Level)) * LotSize * SpaceMultiplier"Read more of this story at Slashdot.
An anonymous reader shares a report: After five years of pioneering research into the abuse of social platforms, the Stanford Internet Observatory is winding down. Its founding director, Alex Stamos, left his position in November. Renee DiResta, its research director, left last week after her contract was not renewed. One other staff member's contract expired this month, while others have been told to look for jobs elsewhere, sources say. Some members of the eight-person team might find other jobs at Stanford, and it's possible that the university will retain the Stanford Internet Observatory branding, according to sources familiar with the matter. But the lab will not conduct research into the 2024 election or other elections in the future.Read more of this story at Slashdot.
A group of London hospitals struggling to contain the fallout from a cyberattack against a critical supplier had known for years about weaknesses that left them vulnerable to hacks, Bloomberg News reported Friday, citing internal documents. From the report: The Guy's and St Thomas' NHS Foundation Trust, which runs five major hospitals in the London area, has failed to meet the UK health service's data security standards in recent years and acknowledged as recently as April that 'cybersecurity remained a high risk" to its operations, according to publicly available documents that outline board of directors' meetings. In January, the board of directors raised questions about the security of digital links between hospital computer systems and those of third-party companies. Hackers last week brought down the trust's pathology services provider, Synnovis, with severe knock-on effects at hospitals. Doctors have, among other things, been forced to delay medical operations, postpone blood tests and resort to handwritten records. The attack has disrupted blood services so drastically that medical facilities are asking the public for donations, and one hospital is calling on its own staff to contribute. The April report proposed an audit to identify where improvements could be made. It's not clear if improvements took place before the hack on June 3, or whether the vulnerabilities identified in the board of directors' reports -- which include dated IT systems and hardware devices -- had any bearing on the ransomware infection at Synnovis.Read more of this story at Slashdot.
A facial recognition start-up, accused of invasion of privacy in a class-action lawsuit, has agreed to a settlement, with a twist: Rather than cash payments, it would give a 23 percent stake in the company to Americans whose faces are in its database. From a report: Clearview AI, which is based in New York, scraped billions of photos from the web and social media sites like Facebook, LinkedIn and Instagram to build a facial recognition app used by thousands of police departments, the Department of Homeland Security and the F.B.I. After The New York Times revealed the company's existence in 2020, lawsuits were filed across the country. They were consolidated in federal court in Chicago as a class action. The litigation has proved costly for Clearview AI, which would most likely go bankrupt before the case made it to trial, according to court documents. The company and those who sued it were "trapped together on a sinking ship," lawyers for the plaintiffs wrote in a court filing proposing the settlement. "These realities led the sides to seek a creative solution by obtaining for the class a percentage of the value Clearview could achieve in the future," added the lawyers, from Loevy + Loevy in Chicago. Anyone in the United States who has a photo of himself or herself posted publicly online -- so almost everybody -- could be considered a member of the class. The settlement would collectively give the members a 23 percent stake in Clearview AI, which is valued at $225 million, according to court filings. (Twenty-three percent of the company's current value would be about $52 million.) If the company goes public or is acquired, those who had submitted a claim form would get a cut of the proceeds. Alternatively, the class could sell its stake. Or the class could opt, after two years, to collect 17 percent of Clearview's revenue, which it would be required to set aside.Read more of this story at Slashdot.
Germany's Federal Statistical Office (Destatis) on Friday said 5,209 companies filed for bankruptcy in Germany in the first three months of 2024 -- with the trend expected to continue. From a report: Experts think the number of corporate insolvencies in Germany will increase to about 20,000 cases this year as part of a longer-term pattern. The latest figure means corporate insolvencies are up 26.5% compared with the first quarter of 2023. They are also 11.2% more than in the first quarter of 2020 when 4,683 corporate insolvencies were filed before the COVID-19 pandemic had its full impact. The coronavirus pandemic period itself saw special, temporary regulations introduced and low insolvency rates. The transport and warehousing sector accounted for most insolvencies per 10,000 companies, with 29.6 cases at the start of 2024. This was followed by the construction industry with 23.5 cases, and other economic services such as employment agencies on 23 cases. Manufacturing saw 20.3 insolvencies per 10,000 companies. Local courts estimated the creditors' claims from the corporate insolvencies until the end of March was about $12.07 billion compared with $7.16 billion last year. There were also 17,478 consumer bankruptcies in the first quarter of 2024 a" an increase of 4.8% compared to the period in 2023.Read more of this story at Slashdot.
An anonymous reader quotes a report from Reuters: NASA accidentally broadcast a simulation of astronauts being treated for decompression sickness on the International Space Station (ISS) on Wednesday, prompting speculation of an emergency in posts on social media. About 5:28 p.m. U.S. Central Time (2228 GMT), The National Aeronautics and Space Administration's (NASA) live YouTube channel broadcast audio that indicated a crew member was experiencing the effects of decompression sickness (DCS), NASA said on its official ISS X account. A female voice asks crew members to "get commander back in his suit", check his pulse and provide him with oxygen, later saying his prognosis was "tenuous", according to copies of the audio posted on social media. NASA did not verify the recordings or republish the audio. Several space enthusiasts posted a link to the audio on X with warnings that there was a serious emergency on the ISS. "This audio was inadvertently misrouted from an ongoing simulation where crew members and ground teams train for various scenarios in space and is not related to a real emergency," the ISS account post said. "There is no emergency situation going on aboard the International Space Station," it added. Crew members on the ISS were in their sleep period at the time of the audio broadcast as they prepared for a spacewalk at 8 a.m. EDT on Thursday, the ISS post said. NASA's ISS YouTube channel -- at the time the audio was accidentally broadcast -- now shows an error message saying the feed has been interrupted.Read more of this story at Slashdot.
A new study by astrophysicist Richard Lieu suggests that gravity can exist without mass, proposing thin, shell-like layers of 'topological defects' as an alternative to dark matter for explaining the gravitational binding of galaxies. This theory posits that these defects create a gravitational force without detectable mass, potentially eliminating the need for dark matter in current cosmological models. Clare Watson reports via ScienceAlert: Lieu started out trying to find another solution to the Einstein field equations, which relate the curvature of space-time to the presence of matter within it. As Einstein described in his 1915 theory of general relativity, space-time warps around bundles of matter and streams of radiation in the Universe, depending on their energy and momentum. That energy is, of course, related to mass in Einstein's famous equation: E=mc2. So an object's mass is linked to its energy, which bends space-time -- and this curvature of space-time is what Einstein described as gravity, a notch more sophisticated than Newton's 17th-century approximation of gravity as a force between two objects with mass. In other words, gravity seems inextricably linked to mass. Not so, posits Lieu. In his workings, Lieu set about solving a simplified version of the Einstein field equations that allows for a finite gravitation force in the absence of any detectable mass. He says his efforts were "driven by my frustration with the status quo, namely the notion of dark matter's existence despite the lack of any direct evidence for a whole century." Lieu's solution consists of shell-shaped topological defects that might occur in very compact regions of space with a very high density of matter. These sets of concentric shells contain a thin layer of positive mass tucked inside an outer layer of negative mass. The two masses cancel each other out, so the total mass of the two layers is exactly zero. But when a star lies on this shell, it experiences a large gravitational force dragging it towards the center of the shell. "The contention of my paper is that at least the shells it posits are massless," Lieu says. If those contentious suggestions bear any weight, "there is then no need to perpetuate this seemingly endless search for dark matter," Lieu adds. The next question, then, is how to possibly confirm or refute the shells Lieu has proposed through observations. "The increasing frequency of sightings of ring and shell-like formation of galaxies in the Universe lends evidence to the type of source being proposed here," Lieu writes in his paper. Although he admits that his proposed solution is "highly suggestive" and cannot alone discredit the dark matter hypothesis. "It could be an interesting mathematical exercise at best," Lieu concludes. "But it is the first [mathematical] proof that gravity can exist without mass." The study has been published in Monthly Notices of the Royal Astronomical Society.Read more of this story at Slashdot.
New submitter wgoodman writes: A Boeing 737 Max 8 jet experienced a rare but potentially serious problem recently known as a Dutch roll before landing safely. The Federal Aviation Administration is investigating the cause of the incident during a Southwest Airlines flight last month. Less than an hour after taking off from Phoenix on May 25th, the plane experienced an uncontrolled side-to-side yawing motion known as a Dutch roll while cruising at 32,000 feet. The pilots of Southwest flight 746 were able to regain control and the plane landed safely in Oakland, according to a preliminary report from the FAA. [...] The Boeing 737 Max 8 jet involved in the Dutch roll incident is less than two years old. According to the FAA, a post-flight inspection revealed damage to a backup power control unit, known as a PCU. That system controls rudder movements on the plane's tail. The plane remained in Oakland until June 6th, when it flew to Everett, Wash., where one of Southwest's maintenance vendors is based. Boeing has been working to rebuild the trust of federal regulators and the flying public since a pair of Boeing 737 Max 8 jets crashed in 2018 and 2019, killing 346 people. Earlier versions of the 737 were involved in several accidents and crashes during the 1990s that were ultimately blamed on problems with the tail rudder.Read more of this story at Slashdot.
In an unprecedented move, Microsoft has announced that its big Copilot+ PC initiative that was unveiled last month will launch without its headlining "Windows Recall" AI feature next week on June 18. From a report: The feature, which captures snapshots of your screen every few seconds, was revealed to store sensitive user data in an unencrypted state, raising serious concerns among security researchers and experts. Last week, Microsoft addressed these concerns by announcing that it would make changes to Windows Recall to ensure the feature handles data securely on device. At that time, the company insisted that Windows Recall would launch alongside Copilot+ PCs on June 18, with an update being made available at launch to address the concerns with Windows Recall. Now, Microsoft is saying Windows Recall will launch at a later date, beyond the general availability of Copilot+ PCs. This means these new devices will be missing their headlining AI feature at launch, as Windows Recall is now delayed indefinitely. The company says Windows Recall will be added in a future Windows update, but has not given a timeframe for when this will be. Further reading:'Microsoft Has Lost Trust With Its Users and Windows Recall is the Straw That Broke the Camel's Back' Windows 11's New Recall Feature Has Been Cracked To Run On Unsupported Hardware Is the New 'Recall' Feature in Windows a Security and Privacy Nightmare? Mozilla Says It's Concerned About Windows Recall.Read more of this story at Slashdot.
According to a new survey from the Pew Research Center, TikTok is the second most popular source of news for Americans after X, "though most TikTok users don't primarily think of the shortform video app as a news source," notes The Verge. The survey looked at how Facebook, Instagram, TikTok and X play a role in Americans' news diets. From the report: Among TikTok users, only 15 percent say keeping up with the news is a major reason they use the app. Still, 35 percent of those surveyed said they wouldn't have seen the news they get on TikTok elsewhere. And unlike other apps, the news users see on TikTok is just as likely to come from influencers or celebrities as it is from journalists -- and it's far more likely to come from total strangers. (Meanwhile, most Facebook and Instagram users say the news that pops up on their feeds is posted by friends, relatives, or other people they know; on X, users are more likely to see news posted by media outlets or reporters.)Read more of this story at Slashdot.
Steven Vaughan-Nichols reports via ZDNet: While Linux and open-source software (OSS) are no longer constantly under intellectual property (IP) attacks, the Open Invention Network (OIN) patent consortium still stands guard over its patents. Now, OIN, the largest patent non-aggression community, has expanded its protection once again by updating its Linux System definition. Covering more than just Linux, the Linux System definition also protects adjacent open-source technologies. In the past, protection was expanded to Android, Kubernetes, and OpenStack. The OIN accomplishes this by providing a shared defensive patent pool of over 3 million patents from over 3,900 community members. OIN members include Amazon, Google, Microsoft, and essentially all Linux-based companies. This latest update extends OIN's existing patent risk mitigation efforts to cloud-native computing and enterprise software. In the cloud computing realm, OIN has added patent coverage for projects such as Istio, Falco, Argo, Grafana, and Spire. For enterprise computing, packages such as Apache Atlas and Apache Solr -- used for data management and search at scale, respectively -- are now protected. The update also enhances patent protection for the Internet of Things (IoT), networking, and automotive technologies. OpenThread and packages such as agl-compositor and kukusa.val have been added to the Linux System definition. In the embedded systems space, OIN has supplemented its coverage of technologies like OpenEmbedded by adding the OpenAMP and Matter, the home IoT standard. OIN has included open hardware development tools such as Edalize, cocotb, Amaranth, and Migen, building upon its existing coverage of hardware design tools like Verilator and FuseSoc. Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." [...] Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul. The OIN practices patent non-aggression in core Linux and adjacent open-source technologies by cross-licensing their Linux System patents to one another on a royalty-free basis. When OIN signees are attacked because of their patents, the OIN can spring into action.Read more of this story at Slashdot.
Richard Speed reports via The Register: Privacy campaigner noyb has filed a GDPR complaint regarding Google's Privacy Sandbox, alleging that turning on a "Privacy Feature" in the Chrome browser resulted in unwanted tracking by the US megacorp. The Privacy Sandbox API was introduced in 2023 as part of Google's grand plan to eliminate third-party tracking cookies. Rather than relying on those cookies, website developers can call the API to display ads matched to a user's interests. In the announcement, Google's VP of the Privacy Sandbox initiative called it "a significant step on the path towards a fundamentally more private web." However, according to noyb, the problem is that although Privacy Sandbox is advertised as an improvement over third-party tracking, that tracking doesn't go away. Instead, it is done within the browser by Google itself. To comply with the rules, Google needs informed consent from users, which is where issues start. Noyb wrote today: "Google's internal browser tracking was introduced to users via a pop-up that said 'turn on ad privacy feature' after opening the Chrome browser. In the European Union, users are given the choice to either 'Turn it on' or to say 'No thanks,' so to refuse consent." Users would be forgiven for thinking that 'turn on ad privacy feature' would protect them from tracking. However, what it actually does is turn on first-party tracking. Max Schrems, honorary chairman of noyb, claimed: "Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google's first-party ad tracking. "Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite." Noyb noted that Google had argued "choosing to click on 'Turn it on' would indeed be considered consent to tracking under Article 6(1)(a) of the GDPR."Read more of this story at Slashdot.
An anonymous reader quotes a report from TechCrunch: Amazon says that it will commit up to $230 million to startups building generative AI-powered applications. The investment, roughly $80 million of which will fund Amazon's second AWS Generative AI Accelerator program, aims to position AWS as an attractive cloud infrastructure choice for startups developing generative AI models to power their products, apps and services. Much of the new tranche -- including the entire portion set aside for the accelerator program -- comes in the form of compute credits for AWS infrastructure, meaning that it can't be transferred to other cloud service providers like Google Cloud and Microsoft Azure. To sweeten the pot, Amazon is pledging that startups in this year's Generative AI Accelerator cohort will gain access to experts and tech from Nvidia, the program's presenting partner. They will also be invited to join the Nvidia Inception program, which provides companies opportunities to connect with potential investors and additional consulting resources. The Generative AI Accelerator program has also grown substantially. Last year's cohort, which had 21 startups, received only up to $300,000 in AWS compute credits, amounting to around a combined $6.3 million investment. "With this new effort, we will help startups launch and scale world-class businesses, providing the building blocks they need to unleash new AI applications that will impact all facets of how the world learns, connects, and does business," Matt Wood, VP of AI products at AWS, said in a statement. Further reading: How Amazon Blew Alexa's Shot To Dominate AIRead more of this story at Slashdot.
The Ukraine cyber police, supported by information from the Dutch police, arrested a 28-year-old Russian man in Kyiv for aiding Conti and LockBit ransomware operations by making their malware undetectable and conducting at least one attack himself. He was arrested on April 18, 2024, as part of a global law enforcement operation known as "Operation Endgame," which took down various botnets and their main operators. "As the Conti ransomware group used some of those botnets for initial access on breached endpoints, evidence led investigators to the Russian hacker," reports BleepingComputer. From the report: The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD (fully undetectable) to evade detection by the popular antivirus products. The police found that the man was selling his crypting services to both the Conti and LockBit cybercrime syndicates, helping them significantly increase their chances of success on breached networks. The Dutch police confirmed at least one case of the arrested individual orchestrating a ransomware attack in 2021, using a Conti payload, so he also operated as an affiliate for maximum profit. "As part of the pre-trial investigation, police, together with patrol officers of the special unit "TacTeam" of the TOR DPP battalion, conducted a search in Kyiv," reads the Ukraine police announcement. "Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region." [...] The suspect has already been charged with Part 5 of Article 361 of the Criminal Code of Ukraine (Unauthorized interference in the work of information, electronic communication, information and communication systems, electronic communication networks) and faces up to 15 years imprisonment.Read more of this story at Slashdot.
During its earnings call on Monday, Oracle CEO Safra Catz told analysts that it is shutting down its ads business. "In Q4, we decided to exit the advertising business, which had declined to about $300 million in revenue in fiscal year '24," said Catz, according to an earnings transcript. Adweek's Catherine Perloff reports: In August 2022, Business Insider reported that Oracle Advertising made $2 billion in revenue. At the time, revenue was only growing by 2% a year and many employees had been laid off as part of a reorganization in 2022, Business Insider reported. Oracle spent billions on entering the advertising business, acquiring nearly a dozen ad technology companies for over a decade. Notable acquisitions include data firms DataLogix, bought in 2014 for $1.2 billion, and brand safety platform Moat, purchased in 2017 for a reported $850 million. "Oracle's bet on the advertising industry was undermined when Meta [...] shut down its data to third parties including Oracle in 2018, following the Cambridge Analytica scandal," notes Adweek. Europe's GDPR further restricted Oracle's advertising business, leading the company to shut down its 'AddThis' publisher audience tool in 2019, which relied on third-party data.Read more of this story at Slashdot.
An anonymous reader quotes a report from Singapore's CNA news channel: Kandula Nagaraju, 39, was sentenced to two years and eight months' jail on Monday (Jun 10) for one charge of unauthorized access to computer material. Another charge was taken into consideration for sentencing. His contract with NCS was terminated in October 2022 due to poor work performance and his official last date of employment was Nov 16, 2022. According to court documents, Kandula felt "confused and upset" when he was fired as he felt he had performed well and "made good contributions" to NCS during his employment. After leaving NCS, he did not have another job in Singapore and returned to India. Between November 2021 and October 2022, Kandula was part of a 20-member team managing the quality assurance (QA) computer system at NCS. NCS is a company that offers information communication and technology services. The system that Kandula's former team was managing was used to test new software and programs before launch. In a statement to CNA on Wednesday, NCS said it was a "standalone test system." It consisted of about 180 virtual servers, and no sensitive information was stored on them. After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorized access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023. In February that year, Kandula returned to Singapore after finding a new job. He rented a room with a former NCS colleague and used his Wi-Fi network to access NCS' system once on Feb 23, 2023. During the unauthorized access in those two months, he wrote some computer scripts to test if they could be used on the system to delete the servers. In March 2023, he accessed NCS' QA system 13 times. On Mar 18 and 19, he ran a programmed script to delete 180 virtual servers in the system. His script was written such that it would delete the servers one at a time. The following day, the NCS team realized the system was inaccessible and tried to troubleshoot, but to no avail. They discovered that the servers had been deleted. [...] As a result of his actions, NCS suffered a loss of $679,493.Read more of this story at Slashdot.
Speaking of Microsoft, the House Homeland Security committee is grilling Microsoft President Brad Smith Thursday about the software giant's plans to improve its security after a series of devastating hacks reached into federal officials' email accounts, challenging the company's fitness as a dominant government contractor. Washington Post adds:The questioning followed a withering report on one of those breaches, where the federal Cyber Safety Review Board found the event was made possible by a "cascade of avoidable errors" and a security culture "that requires an overhaul." In that hack, suspected agents of China's Ministry of State Security last year created digital keys using a tool that allowed them to pose as any existing Microsoft customer. Using the tool, they impersonated 22 organizations, including the U.S. Departments of State and Commerce, and rifled through Commerce Secretary Gina Raimondo's email among others. The event triggered the sharpest criticism in decades of the stalwart federal vendor, and has prompted rival companies and some authorities to push for less government reliance on its technology. Two senators wrote to the Pentagon last month, asking why the agency plans to improve nonclassified Defense Department tech security with more expensive Microsoft licenses instead of with alternative vendors. "Cybersecurity should be a core attribute of software, not a premium feature that companies upsell to deep-pocketed government and corporate customers," Sens. Eric Schmitt (R-Mo.) and Ron Wyden (D-Ore.) wrote. "Through its buying power, DOD's strategies and standards have the power to shape corporate strategies that result in more resilient cybersecurity services."Any serious shift in executive branch spending would take years, but Department of Homeland Security leaders say plans are in motion to add security guarantees and requirements to more government purchases -- an idea touted in the Cyber Safety Review Board's Microsoft report.Read more of this story at Slashdot.
The sun fired off a volley of radiation-riddled outbursts in May. When they slammed into Earth's magnetic bubble, the world was treated to iridescent displays of the northern and southern lights. But our planet wasn't the only one in the solar firing line. From a report: A few days after Earth's light show, another series of eruptions screamed out of the sun. This time, on May 20, Mars was blitzed by a beast of a storm. Observed from Mars, "this was the strongest solar energetic particle event we've seen to date," said Shannon Curry, the principal investigator of NASA's Mars Atmosphere and Volatile Evolution orbiter, or MAVEN, at the University of Colorado, Boulder. When the barrage arrived, it set off an aurora that enveloped Mars from pole to pole in a shimmering glow. If they were standing on the Martian surface, "astronauts could see these auroras," Dr. Curry said. Based on scientific knowledge of atmospheric chemistry, she and other scientists say, observers on Mars would have seen a jade-green light show, although no color cameras picked it up on the surface. But it's very fortunate that no astronauts were there. Mars's thin atmosphere and the absence of a global magnetic shield meant that its surface, as registered by NASA's Curiosity rover, was showered by a radiation dose equivalent to 30 chest X-rays -- not a lethal dose, but certainly not pleasant to the human constitution.Read more of this story at Slashdot.
cusco writes: Indian space startup Agnikul used a 3-D printer from German company EOS to print an engine out of inconel, a high-performance nickel-chromium alloy, in one solid piece over the course of roughly 72 hours. While other companies like Relativity Space and Rocket Lab are using 3-D printers extensively, Agnikul's engine is unique in being printed in one go, rather than as multiple components that need to be stitched together. This approach significantly speeds up manufacturing time. The single-engine technology demonstration rocket produced 6 kilonewtons of thrust and reached an altitude of 6.5 kilometers before splashing down into the ocean. The launch vehicle used was about 6 meters tall with a single engine, making it roughly equivalent to the second stage of the company's planned commercial product, Agnibaan. Agnibaan will be a two-stage rocket, 18 meters tall, featuring eight engines in total, and capable of carrying a 300-kilogram payload to an altitude of around 700 km. The company believes that their 3D printing approach opens the door to providing low-cost, "on-demand" launch services to operators of small satellites. IEEE Spectrum adds: Assembling the rest of the rocket and integrating the engine took roughly two weeks. The company says that opens the door to providing low-cost, "on-demand" launch services to operators of small satellites, which otherwise need to wait for a ride share on a bigger rocket. The big challenge now will be going from a single engine to a cluster of seven on Agnibaan's first stage, says cofounder and CEO Srinath Ravichandran. This raises all kinds of challenges, from balancing thrust across the engines at lift-off to managing engine plume interactions when the engines gimbal to alter the trajectory. "But these are problems that people have figured out," he says. "We believe that we should just be able to fine-tune it for our mission and go." The company is currently building facilities to carry out ground tests of engine clusters, says Ravichandran, and is targeting its first orbital launch for this time next year.Read more of this story at Slashdot.
Turkish authorities have arrested a student for cheating during a university entrance exam by using a makeshift device linked to AI software to answer questions. From a report: The student was spotted behaving in a suspicious way during the exam at the weekend and was detained by police, before being formally arrested and sent to jail pending trial. Another person, who was helping the student, was also detained.Read more of this story at Slashdot.
Assisted driving systems and robot taxis are becoming more popular in China with government help, as cities designate large areas for testing on public roads. From a report: The world's largest experiment in driverless cars is underway on the busy streets of Wuhan, a city in central China with 11 million people, 4.5 million cars, eight-lane expressways and towering bridges over the muddy waters of the Yangtze River. A fleet of 500 taxis navigated by computers, often with no safety drivers in them for backup, buzz around. The company that operates them, the tech giant Baidu, said last month that it would add a further 1,000 of the so-called robot taxis in Wuhan. Across China, 16 or more cities have allowed companies to test driverless vehicles on public roads, and at least 19 Chinese automakers and their suppliers are competing to establish global leadership in the field. No other country is moving as aggressively. The government is providing the companies significant help. In addition to cities designating on-road testing areas for robot taxis, censors are limiting online discussion of safety incidents and crashes to restrain public fears about the nascent technology. Surveys by J.D. Power, an automotive consulting firm, found that Chinese drivers are more willing than Americans to trust computers to guide their cars. "I think there's no need to worry too much about safety -- it must have passed safety approval," said Zhang Ming, the owner of a small grocery store near Wuhan's Qingchuan Pavilion, where many Baidu robot taxis stop. Another reason for China's lead in the development of driverless cars is its strict and ever-tightening control of data. Chinese companies set up crucial research facilities in the United States and Europe and sent the results back home. But any research in China is not allowed to leave the country. As a result, it's difficult for foreign carmakers to use what they learn in China for cars they sell in other countries.Read more of this story at Slashdot.
Amazon unveiled a new generative AI-powered version of its Alexa voice assistant at a packed event in September 2023, demonstrating how the digital assistant could engage in more natural conversation. However, nearly a year later, the updated Alexa has yet to be widely released, with former employees citing technical challenges and organizational dysfunction as key hurdles, Fortune reported Thursday. The magazine reports that the Alexa large language model lacks the necessary data and computing power to compete with rivals like OpenAI. Additionally, Amazon has prioritized AI development for its cloud computing unit, AWS, over Alexa, the report said. Despite a $4 billion investment in AI startup Anthropic, privacy concerns and internal politics have prevented Alexa's teams from fully leveraging Anthropic's technology.Read more of this story at Slashdot.
Slashdot