Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

The shambling corpse of Steve Jobs lumbers forth, heeding not the end of October! How will you drive him away?

  • Flash running on an Android phone, in denial of his will
  • Zune, or another horror from darkest Redmond
  • Newton, HyperCard, or some other despised interim Apple product
  • BeOS, the abomination from across the sea
  • Macintosh II with expansion slots, in violation of his ancient decree
  • Tow his car for parking in a handicap space without a permit
  • Oncology textbook—without rounded corners
  • Some of us are still in mourning, you insensitive clod!

[ Results | Polls ]
Comments:23 | Votes:55

posted by janrinok on Friday September 13, @10:22PM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

CTIA, the trade organization representing the US wireless industry, said the additional 26 trillion MBs used last year is a 36 percent increase over 2022 and is the largest single-year increase in wireless data ever. It is also enough data for every household in the country to watch the first season of House of the Dragon daily for an entire year.

By 2029, Ericsson predicts that Americans' data usage could increases by more than three times the current rate.

The continued proliferation of 5G networks is helping to drive growth as well. The CTIA said that by the end of 2023, nearly 40 percent of all wireless connections – including smartphones, IoT devices, and wearables – were 5G and that more than 330 million Americans were covered by at least one 5G network. The total number of wireless connections reached 558 million, or more than 1.6 connections for each American.

The trend is only expected to increase in the coming years as network operators pump even more money into the system. The industry collectively invested $30 billion in 2023 to improve their networks, pushing the total US wireless industry spend to more than $700 billion to date ($190 billion of which has come since 2018). A total of 432,469 cell sites were in operation across the country at the end of 2023, an increase of 24 percent since 2018.

Wireless data is also more affordable now than it ever has been. The cost per MB has dropped 50 percent since 2020 and 97 percent versus a decade ago, down to just $.002 per MB.


Original Submission

posted by janrinok on Friday September 13, @05:35PM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

Azure Linux is Microsoft's take on the open source operating system. It is primarily used for internal purposes, but could it become (yet another) distribution option?

Directions on Microsoft analyst Mary Jo Foley suggests the distribution, tuned to be lightweight and secure, has the potential to reach a wider audience.

Because, let's face it, if there's one thing the Linux world needs, it's another distribution for administrators to consider.

Azure Linux was known as CBL-Mariner before it was rebranded, and thank your lucky stars that happened in 2023. Lately, it would probably end up being called Copilot for Linux or something similar.

Downloadable from GitHub, Azure Linux can be found running as a container host operating system for the Azure Kubernetes Service (AKS) and supports both x86 and Arm.

The latter point is significant. There is currently no publicly supported version of Windows Server that runs on Arm, despite Microsoft hyping Arm technology via its Copilot+ PCs and datacenter operators increasingly favoring the hardware's lower power-sipping tendencies. While porting and supporting all of Windows Server's functions to the Linux platform would be a stretch, there is the potential for Microsoft to compete in the Linux enterprise server space.

Foley noted that the world probably doesn't need another Linux distribution. However, the end of support for CentOS has opened up a window of opportunity – even for Microsoft.

"More customer compute in Azure is running Linux on Azure than Windows Server on Azure," according to Foley. Thus, it is hard to think that Microsoft would not like to be part of that besides hosting the workloads.

And then there is Amazon Linux 2, a Linux operating system from Microsoft's arch-cloud rival AWS, which is provided free of additional charge and described as a "security-focused, stable, and high-performance execution environment to develop and run cloud applications." AWS also provides ongoing security and maintenance updates.

If only Microsoft had something similar.

Microsoft's social-media-for-suits platform LinkedIn recently moved from CentOS to Azure Linux. The experience was doubtless a challenge, but, as we noted then: "This can only be good for Azure Linux, and indeed, for Azure in general."

Does the future of Azure Linux lie somewhere other than a relatively obscure way to host containers on AKS? Foley asked Microsoft and was told: "Azure Linux for VM or bare metal use is not available as a commercially supported offering today. Support is limited to AKS as the host OS."

Note the word "today" in that response.

Microsoft is unlikely to make much money directly from Azure Linux going wide. However, it would be a useful driver to the company's Azure cloud platform and soothe concerns over support and maintenance.

However, for many administrators, an attitude of "Anything but Microsoft" persists, certainly since Steve Ballmer's decades-old bonkers "Linux is a cancer" comment. Persuading these same admins that Microsoft can be a trustworthy Linux partner is a challenge that should not be underestimated. ®


Original Submission

posted by hubie on Friday September 13, @12:47PM   Printer-friendly
from the lawyer-up dept.

https://arstechnica.com/tech-policy/2024/09/elon-musks-x-wins-appeal-to-block-california-content-moderation-law/

Elon Musk's X has won its appeal on free speech grounds to block AB 587, a California law requiring social media companies to submit annual reports publicly explaining their controversial content moderation decisions.

In his opinion, Ninth Circuit court of appeals judge Milan Smith reversed a district court's ruling that he said improperly rejected Musk's First Amendment argument. Smith was seemingly baffled to find that the "district court performed, essentially, no analysis on this question."
[...]
X accused California of trying to spark backlash with a supposed "transparency measure" that forces "companies like X Corp. to engage in speech against their will" by threatening "draconian financial penalties" if companies don't "remove, demonetize, or deprioritize constitutionally protected speech that the state deems undesirable or harmful."

Smith said that the appeals court accounted for these alleged effects in its analysis, but "whether State officials intended these effects plays no role in our analysis of the merits" of X's case.

That's likely because the appeals court agreed that X was likely to prevail in its First Amendment claims, finding that AB 587 compels noncommercial speech that requires strict scrutiny. The law also is not narrowly tailored enough "to serve the State's purported goal of requiring social media companies to be transparent about their policies and practices." As Smith wrote, if the law is just a transparency measure, "the relevant question here is: transparency into what?"
[...]
If AB 587 only required companies to disclose "whether it was moderating certain categories of speech without having to define those categories in a public report," that might work.
[...]
Instead, AB 587's provisions require "every covered social media company to reveal its policy opinion about contentious issues, such as what constitutes hate speech or misinformation and whether to moderate such expression," Smith wrote.

"Even a pure 'transparency' measure, if it compels non-commercial speech, is subject to strict scrutiny," Smith wrote, concluding that X would likely suffer irreparable harm if key parts of the law weren't blocked.
[...]
Smith ordered the case to be remanded to the district court "with instructions to enter a preliminary injunction consistent with the opinion." The district court will also have to determine if unconstitutional parts of the law "are severable from the remainder of AB 587 and, if so, which, if any, of the remaining challenged provisions should also be enjoined."

This is the outcome that the state had asked for if the appeals court sided with X, giving California a fighting chance to preserve some parts of the law. But if the district court decides to strike the entire content moderation report section from the law, AB 587 would be properly gutted—basically only requiring social media companies to post their terms of service on a government website. That's the only part of the law that X did not fight to enjoin on appeal.


Original Submission

posted by hubie on Friday September 13, @08:03AM   Printer-friendly
from the alt.chrome.north.korea dept.

On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain:

Our ongoing analysis and observed infrastructure lead us to attribute this activity with medium confidence to Citrine Sleet. We note that while the FudModule rootkit deployed has also been attributed to Diamond Sleet, another North Korean threat actor, Microsoft previously identified shared infrastructure and tools between Diamond Sleet and Citrine Sleet, and our analysis indicates this might be shared use of the FudModule malware between these threat actors.

CVE-2024-7971 is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine, impacting versions of Chromium prior to 128.0.6613.84. Exploiting the vulnerability could allow threat actors to gain RCE in the sandboxed Chromium renderer process. Google released a fix for the vulnerability on August 21, 2024, and users should ensure they are using the latest version of Chromium.

Who is Citrine Sleet?

The threat actor that Microsoft tracks as Citrine Sleet is based in North Korea and primarily targets financial institutions, particularly organizations and individuals managing cryptocurrency, for financial gain. As part of its social engineering tactics, Citrine Sleet has conducted extensive reconnaissance of the cryptocurrency industry and individuals associated with it. The threat actor creates fake websites masquerading as legitimate cryptocurrency trading platforms and uses them to distribute fake job applications or lure targets into downloading a weaponized cryptocurrency wallet or trading application based on legitimate applications. Citrine Sleet most commonly infects targets with the unique trojan malware it developed, AppleJeus, which collects information necessary to seize control of the targets' cryptocurrency assets. The FudModule rootkit described in this blog has now been tied to Citrine Sleet as shared tooling with Diamond Sleet.

The article goes on to explain the exploit and FudModule rootkit, and ends with a long list of recommendations.

Originally spotted on Schneier on Security.

Previously: North Korean Hackers Unleashed Chrome 0-Day Exploit on Hundreds of US Targets


Original Submission

posted by hubie on Friday September 13, @03:15AM   Printer-friendly

SpaceX founder has said humans will be able to go to Mars in just four years:

The 53-year-old businessman made his predictions on a series of social media posts this weekend. He said the next "Earth-Mars transfer window" opens in two years, which is when the first Starships to the "Red Planet" will launch. Musk said the Starships will be uncrewed at first "to test the reliability of landing intact on Mars."

But if everything goes well and the landings are successful, just two years later the first crewed flights to Mars will start departing from our planet. Musk said once the first crewed flights depart, their rate will "grow exponentially", adding that his company has the goal of "building a self-sustaining city in about 20 years."

[...] "Being multiplanetary will vastly increase the probable lifespan of consciousness, as we will no longer have all our eggs, literally and metabolically, on one planet." Many people were excited by Musk's latest claims as one wrote: "This is huge!!" Another added: "What a time to be alive!" One more commented: "The mission to make life multi-planetary really begins."

Founded in 2002, Musk's SpaceX became the first private company to develop a liquid-propellant rocket to reach orbit and the first to send a spacecraft and astronauts to the International Space Station. A year earlier, he had announced the development of Mars Oasis - a project bidding to land a greenhouse and grow plants on Mars.

The stainless-steel Starship is made up of a first-stage booster called Super Heavy and a 165-foot-tall upper-stage spacecraft known as Starship. The spacecraft is designed to be "a fully reusable transportation system designed to carry both crew and cargo to Earth orbit, the Moon, Mars and beyond."


Original Submission

posted by janrinok on Thursday September 12, @10:23PM   Printer-friendly

Leaked Disney+ financials may shed light on recent price hike:

A leak of data from Disney points to the Disney+ streaming service making about $2.4 billion in revenue in its fiscal quarter ending on March 30. Disney doesn't normally share how much revenue its individual streaming services generate, making this figure particularly interesting.

In August, Disney confirmed that it was investigating the leak of "over a terabyte of data from one of the communication systems" it uses. In a report this week, The Wall Street Journal (WSJ) said it looked over files leaked by a hacking group called Nullbulge that include "a range of financial and strategy information," apparent login credentials for parts of Disney's cloud infrastructure, and more. The leak includes over "44 million messages from Disney's Slack workplace communications tool, upward of 18,800 spreadsheets, and at least 13,000 PDFs," WSJ said.

"We decline to comment on unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor's illegal activity," a Disney spokesperson told WSJ.

According to WSJ, financial information came via "documents shared by staffers that detail company operations," adding, "It isn't official data of the sort Disney discloses to Wall Street and might not reflect final financial performance for a given period." That means we should take these figures with a grain of salt.

"Internal spreadsheets suggest that Disney+ generated more than $2.4 billion in revenue in the March quarter," WSJ reported, referencing Disney's fiscal Q2 2024. "It underscores how significant a revenue contributor Hulu is, particularly as Disney seeks to buy out Comcast's stake in that streaming service, and as the two sides spar over its value."

The publication noted that the $2.4 billion figure represents "about 43 percent"—42.5 percent to be more precise—of the direct-to-consumer (DTC) revenue that Disney reported that quarter, which totaled $5,642,000,000 [PDF]. In its Q2 report, Disney put Disney+, Hulu, and Disney+ Hotstar under its DTC umbrella. DTC revenue in Q2 represented a 13 percent increase compared to the same quarter in the prior fiscal year.

Further, subscriber counts for Disney+ and Hulu increased year over year in Q2. The leaks didn't specify how much revenue Disney's streaming businesses made in Q3, but Disney reported that DTC revenue increased to $5.8 billion [PDF].

Right before announcing its Q3 numbers, though, Disney announced price hikes across Disney+, Hulu, and ESPN+ by as much as 25 percent. As we wrote at the time, the price hike seemed like an attempt to push people toward bundle packages offering a combination of Disney+, Hulu, and/or ESPN+ (bundles are supposed to make subscriber churn less likely). Disney CFO Hugh Johnston tried convincing us that Disney's streaming catalog meant that it had "earned" the streaming price hikes.

But the recently leaked numbers shed a little more light on the situation.


Original Submission

posted by janrinok on Thursday September 12, @05:41PM   Printer-friendly

https://blog.cloudflare.com/pingora-saving-compute-1-percent-at-a-time/

Cloudflare's global network handles a lot of HTTP requests – over 60 million per second on average. That in and of itself is not news, but it is the starting point to an adventure that started a few months ago and ends with the announcement of a new open-source Rust crate that we are using to reduce our CPU utilization, enabling our CDN to handle even more of the world's ever-increasing Web traffic.

Motivation

Let's start at the beginning. You may recall a few months ago we released Pingora (the heart of our Rust-based proxy services) as an open-source project on GitHub. I work on the team that maintains the Pingora framework, as well as Cloudflare's production services built upon it. One of those services is responsible for the final step in transmitting users' (non-cached) requests to their true destination. Internally, we call the request's destination server its "origin", so our service has the (unimaginative) name of "pingora-origin".

One of the many responsibilities of pingora-origin is to ensure that when a request leaves our infrastructure, it has been cleaned to remove the internal information we use to route, measure, and optimize traffic for our customers. This has to be done for every request that leaves Cloudflare, and as I mentioned above, it's a lot of requests. At the time of writing, the rate of requests leaving pingora-origin (globally) is 35 million requests per second.


Original Submission

posted by janrinok on Thursday September 12, @12:55PM   Printer-friendly
from the dun-dun-duuun! dept.

https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/

It's not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to land. But that's exactly what happened recently to Benjamin Harris.

Harris, the CEO and founder of security firm watchTowr, did all of this by registering the domain dotmobilregistry.net. The domain was once the official home of the authoritative WHOIS server for .mobi
[...]
Harris noticed that the previous dotmobiregistry.net owners had allowed the domain to expire. He then scooped it up and set up his own .mobi WHOIS server there.

To Harris's surprise, his server received queries from slightly more than 76,000 unique IP addresses within a few hours of setting it up. Over five days, it received roughly 2.5 million queries from about 135,000 unique systems. The entities behind the systems querying his deprecated domain included a who's who of Internet heavyweights comprising domain registrars, providers of online security tools, governments from the US and around the world, universities, and certificate authorities, the entities that issue browser-trusted TLS certificates that make HTTPS work.

"watchTowr's research has demonstrated that trust placed in this process by governments and authorities worldwide should be considered misplaced at this stage, in [our] opinion," Harris wrote in a post documenting his research.
[...]
WHOIS has played a key role in Internet governance since its earliest days, back when it was still called the ARPANET. Elizabeth Feinler, an information scientist working for the Augmentation Research Center, became the principal investigator for NIC, short for the Network Information Center project, in 1974. Under Feinler's watch, NIC developed the top-level domain naming system and the official host table and published the ARPANET Directory, which acted as a directory of phone numbers and email addresses of all network users. Eventually, the directory evolved into the WHOIS system, a query-based server that provided a comprehensive list of all Internet host names and the entities that had registered them.

Despite its antiquated look and feel, WHOIS today remains an essential resource with tremendous consequences.
[...]
Harris populated his WHOIS database with junk data that corresponded to all real .mobi addresses. Administrative email addresses, and most other fields led to the watchtowr.com domain. For humor, he also added ASCII art.
[...]
The humor aside, the rogue WHOIS server gave him powers he never should have had. One of the greatest was the ability to dictate the email address certificate authority GlobalSign used to determine if a party applying for a TLS certificate was the rightful owner of the domain name the certificate would apply to. Like the vast majority of its competitors, GlobalSign uses an automated process. An application for example.com, for instance, will prompt the certificate authority to send an email to the administrative email address listed in the authoritative WHOIS for that domain. If the party on the other end clicks a link, the certificate is automatically approved.

When Harris generated a certificate signing request for microsoft.mobi, he promptly received an email from GlobalSign. The email gave him the option of receiving a verification link at whois@watchtowr.com. For ethical reasons, he stopped the experiment at this point.
[...]
"The purchase of a $20 domain that allowed the passive inference of .gov/.mil communications and the subversion of the Certificate Authority verification system should be a clear demonstration that the integrity of the trust and security processes we as Internet users rely on is, and continues to be, extremely fragile," Harris wrote in an online interview. "The systems and security we all take for granted is, in many places, truly held together in ways that would not pass approval in 2024."


Original Submission

posted by hubie on Thursday September 12, @08:14AM   Printer-friendly

A wider global trend that will see V2X technology become the standard in most vehicles:

The future connected vehicle does not just use a standard smartphone cellular connection but also takes advantage of dedicated V2X safety communication channels. V2X, which stands for Vehicle-to-Everything, uses either Wi-Fi or cellular-based technology to facilitate communication with other vehicles and traffic infrastructure. If regulation or safety standards mandate this technology, then V2X is set to become the "digital seatbelt" of the future, promising to reduce accidents, improve congestion, and reduce emissions globally by allowing vehicle safety systems to talk to each other and to city traffic infrastructure, even in the pouring rain, dense fog, or busy carparks.

The two most popular technologies for V2X, DSRC [Dedicated short-range communications], and C-V2X [Cellular-Vehicle-to-Everything], both require different hardware. DSRC is based on Wi-Fi protocols, and C-V2X is based on 4G or 5G protocols. Currently, there are approximately 1 million V2X-connected vehicles on the road globally, with those mainly concentrated in Europe and China. About half the market is using DSRC-based technology, and the other half of the market is using C-V2X technology, with most of these vehicles being available in China.

IDTechEx is forecasting a significant market shift towards C-V2X technology, with over 90% of the market forecasted to be using 5G-based C-V2X technology by 2034. The biggest contribution to this shift is regulation — the two largest vehicle markets in the world, the US and China, both have governmental organizations actively pushing for C-V2X adoption and have formally abandoned DSRC technology.

[...] If a technology is included in a New Car Assessment Program (NCAP), OEMs aiming to achieve a high safety rating must include it in order to pass certain tests. China has announced V2X inclusion in the CNCAP from 2024 onwards, which is set to result in significant growth for the technology in China. Many manufacturers target a 5-star score in NCAPs, as NCAP scores can significantly impact sales.

[...] One area where V2X could make the largest impact is for autonomous vehicles (AVs). The number and sophistication of sensors in an autonomous vehicle are vast and increase with the level of autonomy. AVs like those in Phoenix or San Francisco currently depend on LiDAR [light detection and ranging], radar, and cameras for the majority of their perception. Each sensor fulfills important functions and ensures robust and safe operation, but these vehicle sensor systems are limited by line-of-sight. Using either DSRC or C-V2X, autonomous vehicles can transmit information at a dedicated frequency (~5.9GHz), with V2X acting as an extra sensor that works in all weather conditions and can go through walls and obstacles, effectively solving the line-of-sight problem. The main feasible method for achieving this is to use V2X to broadcast the location-related information of each car. A connected vehicle receiving the information can calculate the possibility of collision with the other vehicle using onboard compute. If the risk is high, the driver (or passenger of an autonomous vehicle) will be immediately warned, and the system will adjust accordingly to avoid a collision safely and effectively.


Original Submission

posted by hubie on Thursday September 12, @03:28AM   Printer-friendly
from the Advertising-Ruins-Everything dept.

https://therecord.media/ford-patent-application-in-vehicle-listening-advertising

Ford Motor Company is seeking a patent for technology that would allow it to tailor in-car advertising by listening to conversations among vehicle occupants, as well as by analyzing a car's historical location and other data, according to a patent application published late last month.

"In one example, the controller may monitor user dialogue to detect when individuals are in a conversation," the patent application says. "The conversations can be parsed for keywords or phrases that may indicate where the occupants are traveling to."

The tech — labeled as "in-vehicle advertisement presentation" — will determine where a car is located, how fast it is traveling, what type of road it is driving on and whether it is in traffic. It also will predict routes, speeds and destinations to customize ads to drivers, the application said.

The system could pull data from "audio signals within the vehicle and/or historical user data, selecting a number of the advertisements to present to the user during the trip," the patent application said.


Original Submission

posted by janrinok on Wednesday September 11, @10:44PM   Printer-friendly

Is accidentally stumbling across the unknown a key part of science?:

The three princes of Sarandib—an ancient Persian name for Sri Lanka—get exiled by their father the king. They are good boys, but he wants them to experience the wider world and its peoples and be tested by them before they take over the kingdom. They meet a cameleer who has lost his camel and tell him they've seen it—though they have not—and prove it by describing three noteworthy characteristics of the animal: it is blind in one eye, it has a tooth missing, and it has a lame leg.

After some hijinks the camel is found, and the princes are correct. How could they have known? They used their keen observational skills to notice unusual things, and their wit to interpret those observations to reveal a truth that was not immediately apparent.

It is a very old tale, sometimes involving an elephant or a horse instead of a camel. But this is the version written by Amir Khusrau in Delhi in 1301 in his poem The Eight Tales of Paradise, and this is the version that one Christopher the Armenian clumsily translated into the Venetian novel The Three Princes of Serendip, published in 1557; a publication that, in a roundabout way, brought the word "serendipity" into the English language.

In no version of the story do the princes accidentally stumble across something important they were not looking for, or find something they were looking for but in a roundabout, unanticipated manner, or make a valuable discovery based on a false belief or misapprehension. Chance, luck, and accidents, happy or otherwise, play no role in their tale. Rather, the trio use their astute observations as fodder for their abductive reasoning. Their main talent is their ability to spot surprising, unexpected things and use their observations to formulate hypotheses and conjectures that then allow them to deduce the existence of something they've never before seen.

This is how Telmo Pievani, the first Italian chair of Philosophy of Biological Sciences at the University of Padua, eventually comes to define serendipity in his new book, Serendipity: the Unexpected in Science. It's hardly a mind-bending or world-altering read, but it is a cute and engaging one, especially when his many stories of discovery veer into ruminations on the nature of inquiry and of science itself.

He starts with the above-mentioned romp through global literature, culminating in the joint coining and misunderstanding of the term as we know it today: in 1754, after reading the popular English translation entitled The Travels and Adventures of Three Princes of Serendip, the intellectual Horace Walpole described "Serendipity, a very expressive word," as "discoveries, by accidents and sagacity, of things which they were not in quest of."

Pievani knows a lot, but like a lot, about the history of science, and he puts it on display here. He quickly debunks all of the instances of alleged serendipity that are always trotted out: Fleming the microbiologist had been studying antibiotics and searching for a commercially viable one for years before his moldy plate led him to penicillin. Yes, Röntgen discovered X-rays by a fluke, but it was only because of the training he received in his studies of cathode rays that he recognized he was observing a new form of radiation. Plenty of people over the course of history splashed some volume of water out of the baths they were climbing into and watched apples fall, but only Archimedes—who had recently been tasked by his king to figure out if his crown was made entirely of gold—and Newton—polymathic inventor of calculus—leapt from these (probably apocryphal) mundane occurrences to their famous discoveries of density and gravity, respectively.

After dispensing with these tired old saws, Pievani then suggests some cases of potentially real—or strong, as he deems it—serendipity. George de Mestral's inventing velcro after noticing burrs stuck to his pants while hiking in the Alps; he certainly wasn't searching for anything, and he parlayed his observation into a useful technology. DuPont chemists' developing nylon, Teflon, and Post-it notes while playing with polymers for assorted other purposes. Columbus "discovering" the Americas (for the fourth time) since he thought the Earth was about a third smaller than Eratosthenes of Cyrene had correctly calculated it to be almost two thousand years earlier, forgotten "due to memory loss and Eurocentric prejudices."


Original Submission

posted by janrinok on Wednesday September 11, @05:59PM   Printer-friendly
from the greed-is-good dept.

The European Court of Justice has ruled that Apple has gotten an unfair tax advantage by the Irish tax authorities over the period 1991 to 2014.

During this period, Apple only paid taxes in the European Union through 2 subsidiaries in Ireland, Apple Sales International and Apple Operations Europe. Both companies were granted exemption tax rules by the Irish government in 1991 and 2007. As a result of the allocation method endorsed in these tax rulings, Apple only paid an effective corporate tax rate that declined from 1% in 2003 to 0.005% in 2014 on the profits of Apple Sales International.

This selective tax treatment of Apple in Ireland is illegal under EU state aid rules, because it gives Apple a significant advantage over other businesses that are subject to the normal national taxation rules, according to the European Commission.

After a long legal battle, the European Court of Justice has now ruled that this viewpoint of the Commission is correct, and Apple needs to pay illegal tax benefits worth €13 billion, plus rent, to the Irish authorities.

There is no appeal possible to this decision.


Original Submission

posted by hubie on Wednesday September 11, @01:14PM   Printer-friendly
from the fantasy-turned-into-reality dept.

https://arstechnica.com/culture/2024/09/ukrainian-drones-now-spray-2500-c-thermite-streams-right-into-russian-trenches/

Wars of necessity spawn weapons innovation as each side tries to counter the other's tactics and punch through defenses. For instance—as the Russian invasion of Ukraine has made drone warfare real, both sides have developed ways to bring down drones more easily. One recent Ukrainian innovation has been building counter-drone ramming drones that literally knock Russian drones from the sky.

In the case of the trench warfare that currently dominates the Russian invasion of eastern Ukraine, the Ukrainians have another new tactic: dragon's fire. Delivered by drone.
[...]
This drone type is allegedly called "Dragon" and is said to feature thermite, a mixture of metal powder (usually aluminum) and metal oxide (in this case, said to be iron). When a thermite mixture is ignited, it undergoes a redox reaction that releases an enormous amount of heat energy and can burn anywhere.
[...]
Update, Sept. 5: WarTranslated, an X account that posts translations into English from Russian-speaking Telegram channels, has just posted a Russian writer's thoughts about the new drones. The Dragon drones' "effectiveness now looks much higher than in the initial videos," the writer says, adding that they are "capable of burning out vegetation (grass, bushes, trees with foliage) in a short period of time. This will open up the enemy's view of camouflaged positions, which will deprive the defending units of property and ammunition, and the assault groups concentrated for the attack of the element of surprise."


Original Submission

posted by hubie on Wednesday September 11, @08:25AM   Printer-friendly
from the c0rrecth0rsebatterystap1e dept.

Optical Character Recognition converts passwords shown in images to machine-readable text:

Researchers have discovered more than 280 malicious apps for Android that use optical character recognition to steal cryptocurrency wallet credentials from infected devices.

The apps masquerade as official ones from banks, government services, TV streaming services, and utilities. In fact, they scour infected phones for text messages, contacts, and all stored images and surreptitiously send them to remote servers controlled by the app developers. The apps are available from malicious sites and are distributed in phishing messages sent to targets. There's no indication that any of the apps were available through Google Play.

The most notable thing about the newly discovered malware campaign is that the threat actors behind it are employing optical character recognition software in an attempt to extract cryptocurrency wallet credentials that are shown in images stored on infected devices. Many wallets allow users to protect their wallets with a series of random words. The mnemonic credentials are easier for most people to remember than the jumble of characters that appear in the private key. Words are also easier for humans to recognize in images.

[...] Optical character recognition is the process of converting images of typed, handwritten, or printed text into machine-encoded text. OCR has existed for years and has grown increasingly common to transform characters captured in images into characters that can be read and manipulated by software.

[...] People who are concerned they may have installed one of the malicious apps should check the McAfee post for a list of associated websites and cryptographic hashes.

The malware has received multiple updates over time. Whereas it once used HTTP to communicate with control servers, it now connects through WebSockets, a mechanism that's harder for security software to parse. WebSockets have the added benefit of being a more versatile channel.

Developers have also updated the apps to better obfuscate their malicious functionality. Obfuscation methods include encoding the strings inside the code so they're not easily read by humans, the addition of irrelevant code, and the renaming of functions and variables, all of which confuse analysts and make detection harder. While the malware is mostly restricted to South Korea, it has recently begun to spread within the UK.

"This development is significant as it shows that the threat actors are expanding their focus both demographically and geographically," Ryu wrote. "The move into the UK points to a deliberate attempt by the attackers to broaden their operations, likely aiming at new user groups with localized versions of the malware."


Original Submission

posted by hubie on Wednesday September 11, @03:40AM   Printer-friendly
from the again? dept.

A multinational automaker prepared to lay off more than 2,000 American workers in August after benefiting handsomely from the Biden administration's subsidies for electric-vehicle production:

Stellantis, the parent company to famous brands like Ram and Jeep, has been awarded hundreds of millions in grants from the federal government to promote its EV manufacturing. But the Biden administration's largesse has not prevented the company from laying off American workers.

In July, the Department of Energy awarded Stellantis subsidiary Chrysler a $334.8 million grant to convert a shuttered Illinois plant into a facility for building EVs and another $250 million grant to make a ...(aaaand, paywall)

The AP ran a story a few weeks ago foreshadowing this action:

The statement comes as the company faces increased capital spending to make the transition from gasoline vehicles to electric autos. It also has reported declining U.S. sales in the first quarter, and it has higher costs due to a new contract agreement reached last year with the United Auto Workers union. Stellantis has about 43,000 factory workers.

[...] Stellantis CEO Carlos Tavares has said his company has to work on cutting costs globally in order to keep electric vehicles affordable for the middle class. Electric vehicles, he has said, cost about 40% more than those powered by gasoline. Without cost reductions, EVs will be too expensive for the middle class, shrinking the market and driving costs up more, Tavares has said.

I've been working on cars for most of my life and my observation is Chrysler/Ram are the worst vehicles on the road. I also own two Jeeps that are 50+ years old, however Chrysler has ruined the Jeep name by what I assume is cutting corners to save money because they're poorly designed and flimsy. Interesting the powers that be at Stellantis don't seem to be concerned about these issues.

Previously: Chrysler to Go All-Electric by 2028, Starting with the Airflow in 2025

Related:
    • General Motors Lays Off Hundreds Of US Workers
    • Tesla Lays Off 'More Than 10%' of its Global Workforce


Original Submission