news aggregator
Miljödata meltdown leaves 200 local authorities scrambling over 1.5 BTC
Sweden's municipal governments have been knocked offline after ransomware crooks hit IT supplier Miljödata, reportedly demanding the bargain-basement sum of $168,000.…
Microsoft blames incoming UK Online Safety Act, says you have until 2026
Microsoft has begun emailing users of its Xbox gaming platform with likely unwelcome news: users will need to verify their age if they want to keep access to the company's various social services, and it's blaming the UK Online Safety Act.…
An anonymous reader shares a report: German banks blocked PayPal payments totalling more than 10 billion euros ($11.7 billion) over fraud concerns, the Sueddeutsche Zeitung newspaper reported on Wednesday, without specifying its sources. The payments were halted on Monday after lenders flagged millions of suspicious direct debits from PayPal that appeared last week, the newspaper said. Asked to comment on the report, a PayPal spokesperson said a temporary service interruption had affected "certain transactions from our banking partners and potentially their customers", but that the issue had now been resolved.
Read more of this story at Slashdot.
US payments platform back in action, says it's informing affected customers
Shoppers and merchants in Germany found themselves dealing with billions of euros in frozen transactions this week, thanks to an apparent failure in PayPal's fraud-detection systems.…
Apology issued after names tied to redress scheme revealed in mass mailing
A London law firm leaked the details of nearly 200 people who requested to receive updates about the redress scheme set up for victims of abuse at the hands of the Church of England (CoE).…
Labor group says new technologies could increase inequality if we're not careful
AI-Pocalypse Over half of the British public are worried about the impact of AI on their jobs, according to employment unions, which want the UK government to adopt a "worker first" strategy rather than simply allowing corporations to ditch employees for algorithms.…
A U.S.-China research team has developed the world's first one-step process to convert mixed plastic waste into gasoline and hydrochloric acid with up to 95-99% efficiency, all at room temperature and ambient pressure. InterestingEngineering reports: As the authors put it, "The method supports a circular economy by converting diverse plastic waste into valuable products in a single step." To carry out the conversion, the team combines plastic waste with light isoalkanes, hydrocarbon byproducts available from refinery processes. According to the paper, the process yields "gasoline range" hydrocarbons, mainly molecules with six to 12 carbons, which are the primary component of gasoline. The recovered hydrochloric acid can be safely neutralized and reused as a raw material, potentially displacing several high-temperature, energy-intensive production routes described in the paper. "We present here a strategy for upgrading discarded PVC into chlorine-free fuel range hydrocarbons and [hydrochloric acid] in a single-stage process," the researchers said. Reported conversion efficiencies underscore the potential for real-world use. At 86 degrees Fahrenheit (30 degrees Celsius), the process reached 95 percent conversion for soft PVC pipes and 99 percent for rigid PVC pipes and PVC wires.
In tests that mixed PVC materials with polyolefin waste, the method achieved a 96 percent solid conversion efficiency at 80 degrees Celsius (176 degrees Fahrenheit). The team describes the approach as applicable beyond laboratory-clean samples. "The process is suitable for handling real-world mixed and contaminated PVC and polyolefin waste streams," the paper states. SCMP points to an ECNU social media post citing the study, which characterized the achievement as a first, efficiently converting difficult-to-degrade mixed plastic waste into premium petrol at ambient temperature and pressure in a single step.
Read more of this story at Slashdot.
UK starts early warning system combing through stuff that folks flush away
The UK Health Security Agency is looking to set up an early warning system ahead of future pandemics, launching a £1.3 million (around $1.75 million) program to identify "cutting-edge technologies" which could turn people's pee and poop into valuable data on the spread of viruses.…
Idit Levine on going from startup to a billion-dollar valuation
Interview "I feel that a founder always needs to be a little bit stupidly optimistic." Solo.io CEO Idit Levine has been on an interesting journey in cloud computing since starting the networking and API management company in 2017.…
13 governments sound the alarm about ongoing unpleasantness
China's Salt Typhoon cyberspies continue their years-long hacking campaign targeting critical industries around the world, according to a joint security alert from cyber and law enforcement agencies across 13 countries.…
Japan has launched its first entirely homegrown quantum computer, built with domestic superconducting qubits and components, and running on the country's own open-source software toolchain, OQTOPUS. "The system is now ready to take on workloads from its base at the University of Osaka's Center for Quantum Information and Quantum Biology (QIQB)," reports LiveScience. From the report: The system uses a quantum chip with superconducting qubits -- quantum bits derived from metals that exhibit zero electrical resistance when cooled to temperatures close to absolute zero (minus 459.67 degrees Fahrenheit, or minus 273.15 degrees Celsius). The quantum processing unit (QPU) was developed at the Japanese research institute RIKEN. Other components that make up the "chandelier" -- the main body of the quantum computer -- include the chip package, delivered by Seiken, the magnetic shield, infrared filters, bandpass filters, a low-noise amplifier and various cables.
These are all housed in a dilution refrigerator (a specialized cryogenic device that cools the quantum computing components) to allow for those extremely low temperatures. It also comes alongside a pulse tube refrigerator (which again cools various components in use), controllers and a low-noise power source. OQTOPUS, meanwhile, is a collection of open-source tools that include everything required to run quantum programs. It includes the core engine and cloud module, as well as graphical user interface (GUI) elements, and is designed to be built on top of a QPU and quantum control hardware.
Read more of this story at Slashdot.
Stolen painting still mising, sadly
Police in Argentina reportedly raided a home in a coastal town on Monday after someone spotted a real estate ad that included images of art the Nazis looted in the Second World War.…
An anonymous reader quotes a report from TechCrunch: SpaceX has long marketed Starship as a fully and rapidly reusable rocket that's designed to deliver thousands of pounds of cargo to Mars and make life multiplanetary. But reusability at scale means a space vehicle that can tolerate mishaps and faults, so that a single failure doesn't spell a mission-ending catastrophe. The 10th test flight on Tuesday evening demonstrated SpaceX's focus on fault tolerance. In a post-flight update, SpaceX said the test stressed "the limits of vehicle capabilities." Understanding these edges will be critical for the company's plans to eventually use Starship to launch Starlink satellites, commercial payloads, and eventually astronauts.
When the massive Starship rocket lifted off on its 10th test flight Tuesday evening, SpaceX did more than achieve new milestones. It purposefully introduced several faults to test the heat shield, propulsion redundancy, and the relighting of its Raptor engine. The heat shield is among the toughest engineering challenges facing SpaceX. As Elon Musk acknowledged on X in May 2024, a reusable orbital return heat shield is the "biggest remaining problem" to 100% rocket reusability. The belly of the upper stage, also called Starship, is covered in thousands of hexagonal ceramic and metallic tiles, which make up the heat shield. Flight 10 was all about learning how much damage the ship can accept and survive when it goes through atmospheric heating. During the tenth test, engineers intentionally removed tiles from some sections of the ship, and experimented with a new type of actively cooled tile, to gather real-world data and refine designs. [...]
Propulsion redundancy was also put to the test. The Super Heavy booster's landing burn configuration appeared to be a rehearsal for engine failure. Engineers intentionally disabled one of the three center Raptor engines during the final phase of the burn and used a backup engine in its place. That was a successful rehearsal for an engine-out event. Finally, SpaceX reported the in-space relight of a Raptor engine, described on the launch broadcast as the second time SpaceX has pulled this off. Reliable engine restarts will be necessary for deep-space missions, propellant transfers, and possibly some payload deployment missions. [...] The next step is translating Flight 10 data into future hardware upgrades to move closer to routine operations and days when, as Musk envisioned, "Starship launches more than 24 times in 24 hours."
Read more of this story at Slashdot.
If regulators heed the lessons of Fukushima, testing will have to jump Godzilla-sized hurdles
Japan’s Nuclear Regulation Authority has requested extra funds to experiment with AI-powered nuclear plant inspectors.…
samleecole shares a report from 404 Media: An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it. Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company's servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.
App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use. [...] "I don't feel like going down a legal rabbit hole, so for now it's just about spreading awareness that this is possible, and that there's another example of egregious behavior from a company like this [...] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to."
Read more of this story at Slashdot.
Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations
OpenAI's ChatGPT appears to be more likely to refuse to respond to questions posed by fans of the Los Angeles Chargers football team than to followers of other teams.…
China would be a $50 billion a year market for Nvidia if Uncle Sam would let us sell competitive products, says Jensen Huang
Nvidia's top brass urged Washington to approve the sale of Blackwell accelerators to China during the GPU giant's Q2 earnings call on Wednesday.…
Nevada has been crippled by a cyberattack that began on August 24, taking down state websites, intermittently disabling phone lines, and forcing offices like the DMV to close. The Register reports: The Office of Governor Joseph Lombardo announced the attack via social media on Monday, saying that a "network security incident" took hold in the early hours of August 24. Official state websites remain unavailable, and Lombardo's office warned that phone lines will be intermittently down, although emergency services lines remain operational. State offices are also closed until further notice, including Department of Motor Vehicles (DMV) buildings. The state said any missed appointments will be honored on a walk-in basis.
"The Office of the Governor and Governor's Technology Office (GTO) are working continuously with state, local, tribal, and federal partners to restore services safely," the announcement read. "GTO is using temporary routing and operational workarounds to maintain public access where it is feasible. Additionally, GTO is validating systems before returning them to normal operation and sharing updates as needed." Local media outlets are reporting that, further to the original announcement, state offices will remain closed on Tuesday after officials previously expected them to reopen. The state's new cybersecurity office says there is currently no evidence to suggest that any Nevadans' personal information was compromised during the attack.
Read more of this story at Slashdot.
Virtzilla also helping banks to sink and re-float software-defined infrastructure to stop stealthy malware
VMware has tweaked its software licensing so submarines can keep their computers running when they’re beneath the waves.…
A widely used Node.js utility called fast-glob, relied on by thousands of projectsâ"including over 30 U.S. Department of Defense systems -- is maintained solely by a Russian developer linked to Yandex. While there's no evidence of malicious activity, cybersecurity experts warn that the lack of oversight in such critical open-source projects leaves them vulnerable to potential exploitation by state-backed actors. The Register reports: US cybersecurity firm Hunted Labs reported the revelations on Wednesday. The utility in question is fast-glob, which is used to find files and folders that match specific patterns. Its maintainer goes by the handle "mrmlnc", and the Github profile associated with that handle identifies its owner as a Yandex developer named Denis Malinochkin living in a suburb of Moscow. A website associated with that handle also identifies its owner as the same person, as Hunted Labs pointed out.
Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor. According to Hunted Labs, fast-glob is downloaded more than 79 million times a week and is currently used by more than 5,000 public projects in addition to the DoD systems and Node.js container images that include it. That's not to mention private projects that might use it, meaning that the actual number of at-risk projects could be far greater.
While fast-glob has no known CVEs, the utility has deep access to systems that use it, potentially giving Russia a number of attack vectors to exploit. Fast-glob could attack filesystems directly to expose and steal info, launch a DoS or glob-injection attack, include a kill switch to stop downstream software from functioning properly, or inject additional malware, a list Hunted Labs said is hardly exhaustive. [...] Hunted Labs cofounder Haden Smith told The Register that the ties are cause for concern. "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it." [...]
Hunted Labs said that the simplest solution for the thousands of projects using fast-glob would be for Malinochkin to add additional maintainers and enhance project oversight, as the only other alternative would be for anyone using it to find a suitable replacement. "Open source software doesn't need a CVE to be dangerous," Hunted Labs said of the matter. "It only needs access, obscurity, and complacency," something we've noted before is an ongoing problem for open source projects. This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does," Hunted Labs concluded.
Read more of this story at Slashdot.
Pages
|