Linux fréttir

FDA says yes to the tests

AI software capable of mapping tumor tissue more accurately to help surgeons treat and shrink prostate cancer using a laser-powered needle will soon be tested in real patients during clinical trials.…

Tl;DR - the news isn't good

Black Hat In Brief Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak.…

joshuark shares a report from Computerworld: Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability. [...] The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems. DogWalk affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022. The vulnerability was first reported in January 2020 but at the time, Microsoft said it didn't consider the exploit to be a security issue. This is the second time in recent months that Microsoft has been forced to change its position on a known exploit, having initially rejected reports that another Windows MSDT zero-day, known as Follina, posed a security threat. A patch for that exploit was released in June's Patch Tuesday update.

Read more of this story at Slashdot.

Don't have the budget or customer base for Graviton-class silicon? Intel thinks it can help

In a quest to deliver better application performance and greater efficiency, many software and hardware vendors are turning to custom silicon to achieve their goals.…

"A 17-year-old [named Robert Sansone] created a prototype of a novel synchronous reluctance motor that has greater rotational force -- or torque -- and efficiency than existing ones," writes Slashdot reader hesdeadjim99 from a report via Smithsonian Magazine. "The prototype was made from 3-D printed plastic, copper wires and a steel rotor and tested using a variety of meters to measure power and a laser tachometer to determine the motor's rotational speed. His work earned him first prize, and $75,000 in winnings, at this year's Regeneron International Science and Engineering Fair (ISEF), the largest international high school STEM competition." From the report: The less sustainable permanent magnet motors use materials such as neodymium, samarium and dysprosium, which are in high demand because they're used in many different products, including headphones and earbuds, explains Heath Hofmann, a professor of electrical and computer engineering at the University of Michigan. Hofmann has worked extensively on electric vehicles, including consulting with Tesla to develop the control algorithms for its propulsion drive. [...] Synchronous reluctance motors don't use magnets. Instead, a steel rotor with air gaps cut into it aligns itself with the rotating magnetic field. Reluctance, or the magnetism of a material, is key to this process. As the rotor spins along with the rotating magnetic field, torque is produced. More torque is produced when the saliency ratio, or difference in magnetism between materials (in this case, the steel and the non-magnetic air gaps), is greater. Instead of using air gaps, Sansone thought he could incorporate another magnetic field into a motor. This would increase this saliency ratio and, in turn, produce more torque. His design has other components, but he can't disclose any more details because he hopes to patent the technology in the future. [...] It took several prototypes before he could test his design. [...] Sansone tested his motor for torque and efficiency, and then reconfigured it to run as a more traditional synchronous reluctance motor for comparison. He found that his novel design exhibited 39 percent greater torque and 31 percent greater efficiency at 300 revolutions per minute (RPM). At 750 RPM, it performed at 37 percent greater efficiency. He couldn't test his prototype at higher revolutions per minute because the plastic pieces would overheat -- a lesson he learned the hard way when one of the prototypes melted on his desk, he tells Top of the Class, a podcast produced by Crimson Education. In comparison, Tesla's Model S motor can reach up to 18,000 RPM, explained the company's principal motor designer Konstantinos Laskaris in a 2016 interview with Christian Ruoff of the electric vehicles magazine Charged. Sansone validated his results in a second experiment, in which he "isolated the theoretical principle under which the novel design creates magnetic saliency," per his project presentation. Essentially, this experiment eliminated all other variables, and confirmed that the improvements in torque and efficiency were correlated with the greater saliency ratio of his design. [...] Sansone is now working on calculations and 3-D modeling for version 16 of his motor, which he plans to build out of sturdier materials so he can test it at higher revolutions per minute. If his motor continues to perform with high speed and efficiency, he says he'll move forward with the patenting process.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The New York Times: Polio has been detected in New York City wastewater, suggesting that the virus that causes the disease is probably circulating in the city, the health authorities said on Friday. The announcement came three weeks after a man in Rockland County, N.Y., north of the city, was diagnosed with polio thatleft him with paralysis. Health officials fear that the detection of polio in New York City's wastewater could precede other cases of paralytic polio. The spread of the virus poses a risk to unvaccinated people, but a three-dose course of the vaccine provides at least 99 percent protection. Most adults in the United Stateswere vaccinated against polio as children. In New York City, the overall rate of polio vaccination among children 5 and under is 86 percent. Still, insome city ZIP codes, fewer thantwo-thirds of children in that group have received a full regimen, a figure that worries health officials. (The citywide vaccination rate dipped amid the pandemic, as visits to pediatricians were postponed.) Although many people who become infected with polio do not develop symptoms, about 4 percent will get viral meningitis and about 1 in 200 will become paralyzed, according to the health authorities. Parents of children who have not yet been fully vaccinated should see that they are immediately, officials said. "While the polio virus had previously been detected in wastewater samples in Rockland and neighboring Orange Counties, the announcement on Friday was the first sign it had been found in New York City," adds the report. "The city's health department did not provide details about where exactly in the five boroughs polio had been found in the wastewater, nor did officials provide dates for when the virus was detected or say how many samples had tested positive." Further reading: Vaccine-Derived Polio Is On the Rise

Read more of this story at Slashdot.

Version 9.3 of NetBSD is here, able to run on very low-end systems and with that authentic early-1990s experience. The Register reports: Version 9.3 comes some 15 months after NetBSD 9.2 and boasts new and updated drivers, improved hardware support, including for some recent AMD and Intel processors, and better handling of suspend and resume. The next sentence in the release announcement, though, might give some readers pause: "Support for wsfb-based X11 servers on the Commodore Amiga." This is your clue that we are in a rather different territory from run-of-the-mill PC operating systems here. A notable improvement in NetBSD 9.3 is being able to run a graphical desktop on an Amiga. This is a 2022 operating system that can run on late-1980s hardware, and there are not many of those around. NetBSD supports eight "tier I" architectures: 32-bit and 64-bit x86 and Arm, plus MIPS, PowerPC, Sun UltraSPARC, and the Xen hypervisor. Alongside those, there are no less than 49 "tier II" supported architectures, which are not as complete and not everything works -- although almost all of them are on version 9.3 except for the version for original Acorn computers with 32-bit Arm CPUs, which is still only on NetBSD 8.1. There's also a "tier III" for ports which are on "life support" so there may be a risk Archimedes support could drop to that. This is an OS that can run on 680x0 hardware, DEC VAX minicomputers and workstations, and Sun 2, 3, and 32-bit SPARC boxes. In other words, it reaches back as far as some 1970s hardware. Let this govern your expectations. For instance, in VirtualBox, if you tell it you want to create a NetBSD guest, it disables SMP support.

Read more of this story at Slashdot.

China's first fully autonomous, commercial robotaxi rides -- with no safety drivers -- are about to open for public passengers in Wuhan and Chongqing, marking an inflection point for one of the key technological revolutions of the 21st century. New Atlas reports: The two newly-issued permits allow Baidu to charge for driverless rides within a 13-sq-km (5-sq-mi) area in Wuhan, between 9 am and 5 pm, and within a larger 30-sq-km (11.6-sq-mi) zone in Chonqing's Yongchuan district between 9.30 am and 5.30 pm -- so while they're currently set to avoid peak hours, they'll be mixing it up with plenty of daytime traffic. Each zone will run five 5th-generation Apollo cars, with remote drivers ready to assume control if the vehicles get themselves into any sticky situations. Home base will be watching closely through the cars' camera systems, particularly in these early days. Baidu's Apollo Go is already the world's biggest robotaxi company, with operations already live in all tier-one Chinese cities using the same 5th-gen car, with backup drivers on board. The company recently revealed its 6th-gen design, its first ground-up fully autonomous car for mass production. The Apollo RT6 will cost just RMB 250,000 (US$37,000) to manufacture, says Baidu, and its optional, removable steering wheel and generous, configurable cabin space will make it one of the first proper mobility pod-type services when it hits the streets commercially in 2023.

Read more of this story at Slashdot.

Facebook announced on Thursday it will begin testing end-to-end encryption as the default option for some users of its Messenger app on Android and iOS. The Guardian reports: Facebook messenger users currently have to opt in to make their messages end-to-end encrypted (E2E), a mechanism that theoretically allows only the sender and recipient of a message to access its content. Facebook spokesperson Alex Dziedzan said on Thursday that E2E encryption is a complex feature to implement and that the test is limited to a couple of hundred users for now so that the company can ensure the system is working properly. Dziedzan also said the move was "not a response to any law enforcement requests." Meta, Facebook's parent company, said it had planned to roll out the test for months. The company had previously announced plans to make E2E encryption the default in 2022 but pushed the date back to 2023. "The only way for companies like Facebook to meaningfully protect people is for them to ensure that they do not have access to user data or communications when a law enforcement agency comes knocking," Evan Greer, the director of the digital rights group Fight for the Future, said. "Expanding end-to-end encryption by default is a part of that, but companies like Facebook also need to stop collecting and retaining so much intimate information about us in the first place."

Read more of this story at Slashdot.

Six years on web devs finally settle on sensor privacy defenses

Six years after web security and privacy concerns surfaced about ambient light sensors in mobile phones and notebooks, browser boffins have finally implemented defenses.…

An anonymous reader quotes a report from Ars Technica: For some people, the term "Ring Nation" might evoke a warrantless surveillance dystopia overseen by an omnipotent megacorp. To Amazon-owned MGM, Ring Nation is a clip show hosted by comedian Wanda Sykes, featuring dancing delivery people and adorable pets. Deadline reports that the show, due to debut on September 26, is "the latest example of corporate synergy at Amazon." Amazon owns household video security brand Ring, Hollywood studio MGM, and Big Fish, the producer of Ring Nation. Viral videos captured by doorbell cameras have been hot for a while now. You can catch them on late-night talk shows, the r/CaughtOnRing subreddit, and on millions of TikTok users' For You page. Amazon's media properties, perhaps sensing an opportunity to capitalize and soften Ring's image, are sallying forth with an officially branded offering. Ring Nation will feature "neighbors saving neighbors, marriage proposals, military reunions and silly animals," Deadline writes. But Ring Nation might be aiming even higher, according to Ring founder Jamie Siminoff -- to something approaching a salve for our deeply divided nation. "Bringing the new community together is core to our mission at Ring, and Ring Nation gives friends and family a fun new way to enjoy time with one another," Siminoff told Deadline. "We're so excited to have Wanda Sykes join Ring Nation to share people's memorable moments with viewers." "Ring sharing its owners' moments with other viewers has been a contentious issue," notes Ars. Amazon's Ring can share footage with police during emergencies without consent and without warrants. The service has also reportedly partnered with hundreds of law enforcement agencies across the country to increase Ring installations and ease police access to footage.

Read more of this story at Slashdot.

Earlier this week, Samsung unveiled their new Z Fold 4 and Z Flip 4 -- two of the most refined and polished foldable smartphones on the market. However, what Samsung hasn't done (or any other phone manufacturer for that matter) "is make the case for why you'd actually want a foldable phone," writes David Pierce via The Verge. "And until it can explain why it's worth all the extra cost and tradeoffs, I'm having a hard time figuring out why you'd be willing to give up the phone you know and love to get one." From the report: What Samsung needs to do with the Galaxy Fold (and the rest of the industry will eventually need to do with their own foldables) is convince people that it's worth buying a phone that's more expensive, more fragile, and takes up more room in your pocket. Right now, the worst thing about foldables is that they force you to make significant sacrifices on the most important device you own: your smartphone. The new Fold 4 is a little shorter, about an ounce heavier, and about twice as thick as the Galaxy S22 Ultra. It's also $600 more expensive. The Ultra has a bigger battery, better camera specs, and a 6.8-inch screen that supports an S Pen. The Fold 4, when opened, is noticeably larger, but the candy bar phones still get plenty big. And Fold makes a lot of sacrifices for some more real estate. It's not even clear to me that Samsung knows why you should make all of those sacrifices. On its website, one of the first selling points the company offers is that you can prop up the screen on a table by opening it halfway for watching or taking videos hands-free. Here in reality, we call that a kickstand, and this is an awfully expensive one. In this mode, you're also only using half the screen, which sort of defeats the whole purpose. So far, multitasking seems to be the foldable's one actual advantage. Open up your Galaxy Fold, and you can run two apps side by side or even three or four on the screen at once! This, I agree, is a delightful thing. Being able to use my browser and my notes app side by side or see my calendar and my email together is much better than constantly swiping between two full-screen apps. And seeing two pages at a time in the Kindle app is the best. And you know what? Big screens are just good -- good for games, good for reading, good for watching Netflix. But these aren't just arguments for foldables; they're arguments for tablets. And so far, the arguments for Android tablets don't seem to be convincing many users. While Android has gotten better as a large-screen operating system, and the Fold 4's software being based on Android 12L is a good sign, too many apps that are "optimized" for foldables are actually just sticking a giant sidebar onto one side, which doesn't accomplish much. Others just streeeetch everything to fit the larger screen. Don't even get me started on how the vast majority of apps deal with Microsoft's approach of two separate screens attached with a hinge. Samsung has done an admirable job of wrangling all of Android's weirdness onto the Fold's screen, and in general, it's not that the Fold doesn't work; it's that there's nothing about the Fold that is dramatically better than the phone or tablet you might already be carrying around. And shoving them into a single device actually makes them both a little worse.

Read more of this story at Slashdot.

There goes the weekend...

A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week.…

Once the modchip plans are live, you can, too

Black Hat A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip.…

One of the most popular media player software and streaming media server VLC media player, developed by VideoLAN project, is no longer working in India. India Today reports: As per a report by MediaNama, VLC Media Player has been blocked in India nearly 2 months ago. Neither the company nor the Indian government has revealed any details about the ban. Some reports suggest that VLC Media Player has been blocked in the country because the platform was China-backed hacking group Cicada was using it for cyber attacks. Just a few months ago, security experts discovered that Cicada was using VLC Media Player to deploy a malicious malware loader as part of a long-running cyber attack campaign. Since it was a soft ban, neither the company, nor the Indian government officially announced the banning of the media platform. Some users on Twitter are still discovering the restrictions of the platform. One of the Twitter users by the name Gagandeep Sapra tweeted a screenshot of the VLC website that shows âoethe website has been blocked as per order Ministry of Electronics and Information Technology under IT Act, 2000." Currently, the VLC Media Player website and download link are blocked in the country. In simple words, this means that no one in the country can access the platform for any work. This is seemingly the case for users who have the software installed on their device. It is said that VLC Media Player is blocked on all major ISPs including ACTFibernet, Jio, Vodafone-idea and others.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Lawsuits from disgruntled investors are beginning to stack up after crypto prices plummeted over the past few months, leaving them with steep losses. Billionaire Mark Cuban is the latest celebrity on the receiving end of investor ire. A group of Voyager Digital customers filed a class-action suit in Florida federal court against Cuban, as well as the basketball team he owns, the Dallas Mavericks, alleging their promotion of the crypto platform resulted in more than 3.5 million investors losing $5 billion collectively. Voyager Digital's CEO, Stephen Ehrlich, was also named as a defendant in the suit. Voyager, a New Jersey-based crypto firm, filed for Chapter 11 bankruptcy in July following a crash in crypto prices that instigated a liquidity crunch on the platform. The firm is one of many that got burned after loaning money, in Voyager's case worth ~$600 million, to hedge fund Three Arrows Capital (3AC). 3AC declared bankruptcy in the wake of the Terra collapse, triggering a domino effect throughout the crypto markets when the hedge fund defaulted on more than $3.5 billion worth of obligations to its lenders. The plaintiffs in the suit against Cuban described Voyager as "an unregulated and unsustainable fraud, similar to other Ponzi schemes." They claim in the complaint that Cuban and Ehrlich personally reached out to investors both individually and through a partnership with the Dallas Mavericks, to encourage them to invest with the platform. The lawsuit also specifically calls out Voyager's Earn Program Accounts (EPAs), claiming they are unregistered securities. The Mavericks launched their exclusive, five-year partnership with Voyager in October 2021, giving fans cash rewards for making trades on the platform. The announcement said the cryptocurrencies were "an attractive investment for novice investors who might only have $100 to start." According to the lawsuit filed today, Cuban also promoted the company "as a Voyager customer himself, in a ploy to dupe investors into believing that Voyager was a safe platform." Although the partnership with the Mavericks was disclosed, the lawsuit alleges that Cuban did not disclose the compensation he personally received to promote Voyager. "During the runup in crypto prices, many web3 companies, apparently including Voyager, pretended that existing laws and regulations did not apply to crypto," said Shane Seppinni, founder of law firm Seppinni LLP, who was worked on various crypto and "meme stock" lawsuits. "Even smart people like Mark Cuban got caught up in the hype. But now that crypto prices have crashed it's plain to see that centuries-old legal theories like fraud, breach of fiduciary duty, and civil conspiracy are as applicable to crypto as they are elsewhere."

Read more of this story at Slashdot.

The US Federal Election Commission approved a Google plan to let campaign emails bypass Gmail spam filters. From a report: The FEC's advisory opinion adopted in a 4-1 vote said Gmail's pilot program is permissible under the Federal Election Campaign Act and FEC regulations "and would not result in the making of a prohibited in-kind contribution." The FEC said Google's approved plan is for "a pilot program to test new Gmail design features at no cost on a nonpartisan basis to authorized candidate committees, political party committees, and leadership PACs." On July 1, Google asked the FEC for the green light to implement the pilot after Republicans accused the company of giving Democrats an advantage in its algorithms. Republicans reportedly could have avoided some of their Gmail spam problems by using the proper email configuration. At a May 2022 meeting between Senate Republicans and Google's chief legal officer, "the most forceful rebuke" was said to come "from Sen. Marco Rubio (R-Fla.), who claimed that not a single email from one of his addresses was reaching inboxes," The Washington Post reported in late July. "The reason, it was later determined, was that a vendor had not enabled an authentication tool that keeps messages from being marked as spam, according to people briefed on the discussions."

Read more of this story at Slashdot.

Company insists it's doing so 'to honor people’s App Tracking Transparency (ATT) choices'

Meta's Instagram and Facebook apps on iOS devices have been injecting JavaScript code into third-party websites from their custom in-app browser, gaining access to data that would be unavailable were those pages loaded in a stand-alone, WebKit-based iOS browser.…

The Mount Sinai Health System began an effort this week to build a vast database of patient genetic information that can be studied by researchers -- and by a large pharmaceutical company. From a report: The goal is to search for treatments for illnesses ranging from schizophrenia to kidney disease, but the effort to gather genetic information for many patients, collected during routine blood draws, could also raise privacy concerns. The data will be rendered anonymous, and Mount Sinai said it had no intention of sharing it with anyone other than researchers. But consumer or genealogical databases full of genetic information, such as Ancestry.com and GEDmatch, have been used by detectives searching for genetic clues that might help them solve old crimes. Vast sets of genetic sequences can unlock new insights into many diseases and also pave the way for new treatments, researchers at Mount Sinai say. But the only way to compile those research databases is to first convince huge numbers of people to agree to have their genomes sequenced. Beyond chasing the next breakthrough drug, researchers hope the database, when paired with patient medical records, will provide new insights into how the interplay between genetic and socio-economic factors -- such as poverty or exposure to air pollution -- can affect people's health. The health system hopes to eventually amass a database of genetic sequences for 1 million patients, which would mean the inclusion of roughly one out of every 10 New York City residents. The effort began this week, a hospital spokeswoman, Karin Eskenazi, said.

Read more of this story at Slashdot.

From a report, shared by a reader: Through the winter mist of the hills of the Terai, in lowland Nepal, 18-year-old Hima Kusunda emerges from the school's boarding house, snug in a pink hooded sweatshirt. Hima is one of the last remaining Kusunda, a tiny indigenous group now scattered across central western Nepal. Their language, also called Kusunda, is unique: it is believed by linguists to be unrelated to any other language in the world. Scholars still aren't sure how it originated. And it has a variety of unusual elements, including lacking any standard way of negating a sentence, words for "yes" or "no", or any words for direction. According to the latest Nepali census data from 2011, there are 273 Kusunda remaining. But only one woman, 48-year-old Kamala Khatri, is known to be fluent.

Read more of this story at Slashdot.