IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Monday, 27 March

03:06

OpenMandriva ROME 23.03 Released With Linux 6.2 + KDE Plasma 5.27 Desktop Phoronix

OpenMandriva ROME 23.03 has been released as the "rolling release" flavor of this Linux distribution whose roots trace back to the beautiful days of Mandrake Linux...

02:40

Linux Will Stop Randomizing Per-CPU Entry Area When KASLR Is Not Active Phoronix

With the Linux 6.2 release kernel developers addressed "a tasty target for attackers" after it was realized that the per-CPU entry data was not being randomized, even in the presence of Kernel Address Space Layout Randomization (KASLR). The per-CPU entry area randomization has been present since Linux 6.3 but then was realized it's being activated even if KASLR was disabled, so now that is changing to avoid possible confusion...

02:22

Eye drop recall: Florida woman sues company after eye removed Lifeboat News: The Blog

A Florida woman is suing an eye drop manufacture claiming that its product which has been linked to a deadly bacteria outbreak made her legally blind.

Sixty-eight-year-old Clara Elvira Oliva is taking legal action against Global Pharma Healthcare after suffering such a severe infection from using its EzriCare Artificial Tears that she had to have her eye removed, according to court documents.

Olivas right eye was removed and replaced with a plastic implant in September 2022 to control a severe antibiotic resistant infection, according to the lawsuit filed earlier this month in Federal court in Miami, Florida.

Read more

02:22

More than 10 different brands of eye drops recalled Lifeboat News: The Blog

The eye drops were contaminated with an antibiotic-resistant form of Pseudomonas aeruginosa, an aggressive bacterium, according to the CDC.

Read more

02:22

SpaceX may have to deorbit some of its new Starlink V2 Mini satellites Lifeboat News: The Blog

SpaceX / Twitter.

The SpaceX CEO explained that some satellites would likely have to be deorbited to burn up in Earths atmosphere.

Read more

02:22

80% of workers will be exposed to AI. These jobs will be most affected Lifeboat News: The Blog

Researchers at OpenAI have worked out the potential exposure to AI different occupations face and its impact is widespread.

Read more

02:00

Gallium Nitride and Silicon Carbide Fight for Green Tech Domination IEEE Spectrum



Can advanced semiconductors cut emissions of greenhouse gases enough to make a difference in the struggle to halt climate change? The answer is a resounding yes. Such a change is actually well underway.

Starting around 2001, the compound semiconductor gallium nitride fomented a revolution in lighting that has been, by some measures, the fastest technology shift in human history. In just two decades, the share of the global lighting market held by gallium-nitride-based light-emitting diodes has gone from zero to more than 50 percent, according to a study by the International Energy Agency. The research firm Mordor Intelligence recently predicted that, worldwide, LED lighting will be responsible for cutting the electricity used for lighting by 30 to 40 percent over the next seven years. Globally, lighting accounts for about 20 percent of electricity use and 6 percent of carbon dioxide emissions, according to the United Nations Environment Program.

Each wafer contains hundreds of state-of-the-art power transistorsPeter Adams

This revolution is nowhere near done. Indeed, it is about to jump to a higher level. The very semiconductor technology that has transformed the lighting industry, gallium nitride (GaN), is also part of a revolution in power electronics that is now gathering steam. It is one of two semiconductorsthe other being silicon carbide (SiC)that have begun displacing silicon-based electronics in enormous and vital categories of power electronics.

GaN and SiC devices perform better and are more efficient than the silicon components they are replacing. There are countless billions of these devices all over the world, and many of them operate for hours every day, so the energy savings are going to be substantial. The rise of GaN and SiC power electronics will ultimately have a greater positive impact on the planets climate...

01:40

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397 Security Affairs

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8).

Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397.

The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

A remote, unauthenticated attacker can exploit the flaw to access a users Net-NTLMv2 hash by sending a specially crafted e-mail to an affected system.

An attacker who successfully exploited this vulnerability could access a users Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user. reads the advisory published by Microsoft. The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.

The vulnerability was reported by the CERT-UA and the Microsoft Incident Response, Microsoft Threat Intelligence (MSTI), suggesting that it has been exploited by a nation-state actor.

Microsoft addressed the flaw as part of its Patch Tuesday updates for March 2023.

The guidance published by Microsoft includes details about the attacks using the vulnerability. The following diagram shows attackers gaining initial access using a Net-NTLMv2 Relay attack, then maintaining persistence via modifying mailbox folder permissions, and performing lateral movement by sending additional malicious messages.

...

01:27

01:03

Mathematicians Have Finally Discovered an Elusive Einstein Tile SoylentNews

upstart writes:

A 13-sided shape called 'the hat' forms a pattern that never repeats:

A 13-sided shape known as "the hat" has mathematicians tipping their caps.

It's the first true example of an "einstein," a single shape that forms a special tiling of a plane: Like bathroom floor tile, it can cover an entire surface with no gaps or overlaps but only with a pattern that never repeats.

"Everybody is astonished and is delighted, both," says mathematician Marjorie Senechal of Smith College in Northampton, Mass., who was not involved with the discovery. Mathematicians had been searching for such a shape for half a century. "It wasn't even clear that such a thing could exist," Senechal says.

Although the name "einstein" conjures up the iconic physicist, it comes from the German ein Stein, meaning "one stone," referring to the single tile. The einstein sits in a weird purgatory between order and disorder. Though the tiles fit neatly together and can cover an infinite plane, they are aperiodic, meaning they can't form a pattern that repeats.

With a periodic pattern, it's possible to shift the tiles over and have them match up perfectly with their previous arrangement. An infinite checkerboard, for example, looks just the same if you slide the rows over by two. While it's possible to arrange other single tiles in patterns that are not periodic, the hat is special because there's no way it can create a periodic pattern.

Read more of this story at SoylentNews.

01:00

Loudmouth DJI Drones Tell Everyone Where You Are Hackaday

Screenshot of the SDR software in action, with decoded data in a terminal, and a map that shows the location received from the decoded data

Back when commercial quadcopters started appearing in the news on the regular, public safety was a talking point. How, for example, do we keep them away from airports? Well, large drone companies didnt want the negative PR, so some voluntarily added geofencing and tracking mechanisms to their own drones.

When it comes to DJI, one such mechanism is DroneID: a beacon on the drone itself, sending out a trove of data, including its operators GPS location. DJI also, of course, sells the Aeroscope device that receives and decodes DroneID data, declared to be for government use. As it often is with privacy-compromising technology, turns out its been a bigger compromise than we expected.

Questions started popping up last year, as off-the-shelf quadcopters (including those made by DJI) started to play a part in the Russo-Ukrainian War. It didnt take long for Ukrainian forces to notice that launching a DJI drone led to its operators being swiftly attacked, and intel was that Russia got some Aeroscopes from Syria. DJIs r...

00:58

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails HackRead | Latest Cybersecurity and Hacking News Site

By Deeba Ahmed

The backdoors used in this campaign are never-before-seen malware strains called CommonMagic and PowerMagic.

This is a post from HackRead.com Read the original post: New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

00:37

00:23

The Impending Collapse of the French Economy Lifeboat News: The Blog

Pensions behave as government mandated ponzi schemes. New contributors are needed to pay for past contributors. But what if there are less and less new contributors and contributions? And what if past generations live longer and longer lives?

Limited time: get 5 free stocks when you sign up to moomoo and deposit $100 and 15 free stocks when you deposit $1,000. Use link https://j.moomoo.com/00iPZo.

France is facing massive protests in response to its recently announced pension reform. While France is the only country facing massive protests for now, almost all developed countries will likely be forced to conduct similar pension reforms in the future as they face rapidly aging populations.

0:00 1:50 Intro.
1:51 5:03 French pension system.
5:04 7:15 The Ponzi scheme.
7:16 9:42 Pension crisis.
9:43 11:20 Demographic time bomb.
11:21 A warning to us all.

Email us: Wallstreetmillennial@gmail.com.

Support us on Patreon: https://www.patreon.com/WallStreetMillennial?fan_landing=true.

Check out our new podcast on Spotify: https://open.spotify.com/show/4UZL13dUPYW1s4XtvHcEwt?si=08579cc0424d4999&nd=1

All materials in these videos are used for educational purposes and fall within the guidelines of fair use. No copyright infringement intended. If you are or represent the copyright owner of materials used in this video and have a problem with the use of said material, please send me an email, wallstreetmillennial.com, and we can sort it out.

Read more

00:23

Metas New ChatGPT-Like AI Is Fluent in the Language of Proteinsand Has Already Modeled 700 Million of Them Lifeboat News: The Blog

Meta seems to already have good AI tools.

Metas ESMFold AI is a large language model like OpenAIs ChatGPT. But instead of spitting out text, it generates protein sequences.

Read more

00:22

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Sunday, 26 March

22:23

Civil Space Lifeboat News: The Blog

Johns Hopkins APLs Civil Space Mission Area makes critical contributions to NASA and international missions to meet the challenges of space science, engineering, and exploration.

Since the dawn of the Space Age, APL has pushed the frontiers of space science, engineering and exploration. We captured the first picture of Earth from space, invented navigation by satellite, dispatched spacecraft across the solar system from our Sun to Pluto and beyond, and successfully conducted the worlds first full-scale planetary defense test mission.

We continue to shape the future by providing our nation with innovative and low-cost solutions to its space challenges. Our work includes conducting research and space exploration; development and application of space science, engineering, and technology; and production of one-of-a-kind spacecraft, instruments, and subsystems.

Read more

22:22

Pyrroloquinoline quinone disodium salt improves brain function in both younger and older adults Lifeboat News: The Blog

Brain function is important for a good quality of life. Pyrroloquinoline quinone disodium salt (PQQ) has been proven to improve brain function and cognition in older adults (above 45 years). In this double-blind, placebo-controlled study, we investigated the effects of PQQ on cognitive function in adults aged between 20 and 65 years. PQQ (20 mg per day) was administered for 12 weeks to the participants. After 12 weeks, the participants showed improvements in composite memory and verbal memory. A further age-stratified analysis was performed. In younger adults (aged 2040 years), PQQ improved cognitive function (cognitive flexibility, processing speed, and execution speed) after 8 weeks. Only older adults (aged 4165 years) showed improvements in complex and verbal memory after 12 weeks. In the logistic regression analysis that included the results of all cognitive tests, the changes due to PQQ intake were observed at 8 and 12 weeks in the young and old groups, respectively.

Read more

22:10

Linux 6.4 Preparing DRM Deadline Hints To Help Influence GPU Frequency/Performance Phoronix

Rob Clark on Saturday sent out a pull request adding the DMA-BUF/DMA-FENCE deadline awareness code to the Direct Rendering Manager (DRM) subsystem with the upcoming Linux 6.4 cycle...

22:00

Classic 1960s Flip Clock Gets NTP Makeover Hackaday

A 1960s Copal flip clock

Many of the clocks we feature here on Hackaday are entirely built from scratch, or perhaps reuse an unusual display type. But sometimes, an old clock is just perfect as it is, and only needs a bit of an upgrade to help it fit into the modern world. One such example is the lovely 1960s Copal flip clock (in German, Google Translate link) that [Wolfgang Jung] has been working with he managed to bring it squarely into the 21st century without changing its appearance one bit.

Like most flip clocks from the 60s and 70s, the Copal clock uses a small synchronous AC motor to advance the digits. Because this motor runs in step with the mains frequency, it also acts as the clocks timing reference. However the original motor had died, and a direct replacement was impossible to find. So [Wolfgang] decided to replace it with a modern stepper motor. He designed a small PCB that fit the original housing, on which he placed a Trinamic TMC2225 stepper motor driver, a Wemos D1 Mini and a small 5 V power supply.

...

21:54

LLVM 17 Lands Initial Support For RISC-V Vector Crypto Extension ISA Phoronix

Merged this weekend to the LLVM 17 development code-base is initial support for RISC-V's vector crypto extension ISA...

21:45

Major Publishers Mull Legal Action Against Pirate Ebook Platform TorrentFreak

fenlitaTheres something special about professionally produced textbooks. From the information inside to the tactile feel of the paper, textbooks can be items of beauty.

Unfortunately, reality rains on the parade more than just a little. Textbooks are bulky, woefully underpowered for mass research purposes, and then suddenly out date for any number of reasons. After factoring in the extraordinary expense, its no surprise that some turn to sites like the recently resurrected Z-Library.

Check Out The Bargains, Beware of the Scams

A student posting on Reddits /r/college earlier this year posed questions about digital textbooks. As a distance learner, digital copies made sense since they dont have to be physically returned.

After spotting a website offering every textbook the student needed for just $20 each, a question needed to be answered: Is Fenlita.com really legit?

fenlita computer

As suggested by some of the responses, sites selling new textbooks for $20 should always be viewed with caution. Several people claiming to have used Fenlita say they pretty much got what they expected a pirated copy of a textbook in PDF format, in some cases delivered via a Dropbox link.

Other reviews and reports suggest more serious problems for potential buyers.

One reported purchase consisted of a file that took about an hour to download and then turned out to be 400 pages of screenshots. Given the low price, that mightve been tolerable; if the textbook in its original form hadnt run to 650 pages.

Reports of multiple charges to credit cards and items appearing in baskets multiple times werent supported by proof but are still a concern. A report from a buyer, who complained that a download link went to an apparently seized website, hardly inspires confidence.

Publishers Target Fenlita.com

Given the above, its interesting...

21:33

Libinput 1.23 Brings New "Custom" Pointer Acceleration Profile, Better Razer Support Phoronix

Jos Expsito announced the release this weekend of libinput 1.23, the input handling library used these days across the Linux desktop for both X.Org/X11 and Wayland based environments. With libinput 1.23 comes a few notable new features...

21:08

KDE This Week Unveiled The XWaylandVideoBridge, Landed More Crash Fixes Phoronix

KDE developers remain quite busy working on Plasma 6.0 development along with preparing fixes for further Plasma 5.27 LTS point releases...

20:23

Facebook accounts hijacked Lifeboat News: The Blog

Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.

The extension is a copy of the legitimate popular add-on for Chrome named ChatGPT for Google that offers ChatGPT integration on search that attempts to steal Facebook session cookies.

The publisher of the extension uploaded it to the Chrome Web Store on February 14, 2023, but only started promoting it using Google Search advertisements on March 14, 2023. Since then, it has had an average of a thousand installations per day.

Read more

20:18

Non-Disparagement Clauses Are Retroactively Voided, NLRBs Top Cop Clarifies SoylentNews

canopic jug writes:

The National Labor Relations Board has clarified that non-disparagement clauses attached to severance packages are null and void. Companies will not be able to stifle criticism by ex-employees through clauses asking them to waive their inherent rights.

The general counsel of the National Labor Relations Board issued a clarifying memo on Wednesday regarding the "scope" of a February ruling by the federal agency's board that said employers cannot include blanket non-disparagement clauses in their severance packages, nor demand laid-off employees keep secret the terms of their exit agreements.

Such provisions have become increasingly common in recent years, muzzling employees and otherwise stopping them from speaking up about working conditions by dangling a few weeks or months of pay in front of them at the exact moment they are losing their job.

This is a follow up to last month's statment and could prove significant for some employers with a high rate of turn over and decades of in-house dirt. *cough*m$*cough*

Original Submission

Read more of this story at SoylentNews.

19:30

Week in review: Manage the risk of ChatGPT use, know the danger of failed Okta logins Help Net Security

Heres an overview of some of last weeks most interesting news, articles, interviews and videos: These 15 European startups are set to take the cybersecurity world by storm Google has announced the startups chosen for its Cybersecurity Startups Growth Academy. The 15 selected startups are from eight countries and were chosen from over 120 applicants. Threat actors are experimenting with QR codes Hackers are diversifying attack methods, including a surge in QR code phishing campaigns, More

The post Week in review: Manage the risk of ChatGPT use, know the danger of failed Okta logins appeared first on Help Net Security.

19:00

Is Your USB-C Dock Out To Hack You? Hackaday

Showing the dock PCB with a Pi Zero attached and wired up onto it

In todays installment of Betteridges law enforcement, heres an evil USB-C dock proof-of-concept by [Lachlan Davidson] from [Aura Division]. Weve seen malicious USB devices aplenty, from cables and chargers to flash drives and even suspicious USB fans. But a dock, however, is new. The gist is simple you take a stock dock, find a Pi Zero W and wire it up to a USB 2.0 port tapped somewhere inside the dock. Finding a Pi Zero is unquestionably the hardest part in this endeavor on the software side, everything is ready for you, just flash an SD card with a pre-cooked malicious image and go!

On the surface level, this might seem like a cookie-cutter malicious USB attack. However, theres a non-technical element to it; USB-C docks are becoming more and more popular, and with the unique level of convenience they provide, the plug it in temptation is much higher than with other devices. For instance, in shared workspaces, having a USB-C cable with charging and sometimes even a second monitor is becoming a norm. If you use USB-C...

17:07

17:05

Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority Security Affairs

Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyber attack with the help of the FBI and US CISA.

The Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyberattack that last week hit the agency. The agency quickly activated the incident response procedure after the attack.

The attack was disclosed on March 19, and threat actors had access to customer and employee information. The agency is going to notify impacted customers and employees via breach notification letters.

The agency pointed out that operations at the critical infrastructure managed by the agency in Puerto Rico were not impacted.

It should be noted that once the incident was detected and from the first moment we have been working with the relevant authorities, the FBI and CISA [Cybersecurity and Infrastructure Security Agency], specifically, said Nannette Martnez, executive director of the Puerto Rico Aqueduct and Sewer Authoritys (PRASA) office of innovation and technology.

At this time, the agency has yet to reveal the name of the group behind the attack, but the Vice Society ransomware gang added the authority to the list of victims on its Tor leak site. The ransomware gang leaked the passports, drivers licenses and other documents of the impacted individuals.

...

16:06

Links 26/03/2023: More TikTok Bans Techrights

  • GNU/Linux

    • Desktop/Laptop

    • Server

      • Container Journal Docker, Inc. Celebrates 10th Anniversary With Alliances

        Docker, Inc. celebrated the 10th anniversary of the namesake artifact used widely for building cloud-native applications by announcing alliances with Ambassador Labs to improve the developer experience and Hugging Face to make it simpler to launch and deploy machine learning applications on a cloud service using DockerFile. In addition, Docker,

    • Audiocasts/Shows

      • Jupiter Broadcasting The Podman Perspective | Self-Hosted 93

        Alex goes all in on Rootless Podman, Chris is saving his Nextcloud install from disaster, and a special guest joins us. Special Guest: Alex Ellis.

      • Linux in the Ham Shack LHS Episode #501: FreeDV Deep Dive 2

        Hello and welcome to the 501st episode of Linux in the Ham Shack. In this episode, we talk with Mooneer Salem, K6AQ, primary developer on the FreeDV team.

      • The TLLTS Podcast The L...

16:00

Recreating one of Historys Best Known Spy Gadgets Hackaday

[Machining and Microwaves] got an interesting request. The BBC asked him to duplicate the Great Seal Bug the device the Russians used to listen covertly to the US ambassador for seven years in 1945. Turns out theyre filming a documentary on the legendary surveillance device and wanted to demonstrate how it worked.

The strange thing about the bug is that it wasnt directly powered. It was actually a resonant cavity that only worked when it was irradiated with an external RF energy. Most of the video is background about the bug, with quite a few details revealed. We particularly liked the story of using a software defined radio (SDR) to actually make the bug work.

As you might expect, things didnt go smoothly. Did they ever get results on camera? Watch the video, and you can find out. This is just the first of six videos he plans to make on the topic, and we cant wait for future videos that cover the machining and more technical details.

Weve examined the Theremin bug before. Theres a definite cat-and-mouse dynamic between creating bugging devices and detecting them.

...

15:36

Earth is Running Out of Places for Stargazers' Dark Deeds SoylentNews

upstart writes:

A 'new deal for the night' needed:

Increasing levels of light pollution means Earth's surface has almost no practical locations for astronomical observatories, a group of astronomers said on Monday.

Artificial light emitted from buildings, streetlights, and reflected from satellite constellations are making the night sky brighter for earth-bound skywatchers. The Milky Way was visible to pretty much everyone less than 100 years ago, but is now drowned out by human-made light to most, according to the International Dark Sky Association.

[...] "Today, due to the rise of light pollution, there are almost no more remote places available on Earth that simultaneously meet all the characteristics needed to install an observatory (namely, the absence of light pollution, a high number of clear nights, and good seeing)," a team of astronomers said in Nature Astronomy.

The authors urged astronomers, companies, politicians, and lawmakers around the world to work together to reach a global agreement to limit artificial light. Light pollution should be treated in the same way that other types of pollutants, like greenhouse gases, they argued. Governments around the world should and can tackle light pollution in the same ways they address climate change: with international treaties and goals to restrict levels of other pollutants.

[...] "As it is not too late to stop this, we as scientists and first as citizens should act to stop this attack, from above with satellites and from below with [artificial light at night], on the natural night and on the intangible cultural heritage of humankind's starry skies," they concluded.

"Now is the time to consider the prohibition of mega-constellations and to promote a significant reduction in [artificial light at night] and the consequent light pollution. Our world definitely needs a 'new deal' for the night."

Journal Reference:
Falchi, F., Bar, S., Cinzano, P. et al. A call for scientists to halt the spoiling of the night sky with artificial light and satellites [open]. Nat Astron 7, 237239 (2023). https://doi.org/10.1038/s41550-022-01864-z

Original Submission

Read more of this story at SoylentNews.

13:00

Single Flex PCB Folds into a Four-Wheel Rover, Complete with Motors Hackaday

Youve got to hand it to [Carl Bugeja] he comes up with some of the most interesting electromechanical designs weve seen. His latest project is right up there, too: a single PCB that folds up into a four-wheel motorized rover.

The key to [Carl]s design lies with his PCB brushless motors, which he has been refining since we first spotted them back in 2018. The idea is to use traces on the PCB for the stator coils to drive a 3D printed rotor containing tiny magnets. They work surprisingly well, even if they dont generate a huge amount of torque. [Carl]s flexible PCB design, which incorporates metal stiffeners, is a bit like an unfolded cardboard box, with two pairs of motor coils on each of the side panels. This leaves the other surfaces available for all the electronics, with includes a PIC, a driver chip, and a Hall sensor for each motor, an IMU and proximity sensor for navigation, and an ESP32 to run the show.

With machined aluminum rotors and TPU tires mounted to the folded-up chassis, it was off to the races, albeit slowly. The lack of torque from the motors and the light w...

10:48

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 SoylentNews

guest reader writes:

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023:

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA's Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

The STAR Labs team (@starlabs_sg) demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Synacktiv (@Synacktiv) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.

Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000).

Last but not least, Marcin Wizowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.

Throughout the Pwn2Own Vancouver 2023 contest, security researchers will target products in enterprise applications, enterprise communications, local escalation of privilege (EoP), server, virtualization, and automotive categories.

[...] After zero-day vulnerabilities are demoed and disclosed during Pwn2Own, vendors have 90 days to create and release security fixes for all reported flaws before Trend Micro's Zero Day Initiative publicly discloses them.

During last year's Vancouver Pwn2Own contest, security researchers earned $1,155,000 after hacking Windows 11 six times, Ubuntu Desktop four times, and successfully demonstrating three Microsoft Teams zero-days.

Previous:
Critical Zoom Vulnerability Triggers Remote Code Execution Without User Input
Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
...

10:42

Distribution Release: Slackel 7.6 "Openbox" DistroWatch.com: News

Slackel is a Linux distribution and live environment based on Slackware Linux and Salix OS. The project has published a new version, Slackel 7.6 "Openbox". The project's release announcement offers the following insights: "Slackel 7.6 "Openbox" has been released. It is more than a year since the....

10:00

Inside Digital Image Chips Hackaday

Have you ever thought how amazing it is that every bit of DRAM in your computer requires a teeny tiny capacitor? A 16 GB DRAM has 128 billion little capacitors, one for each bit. However, thats not the only densely-packed IC you probably use daily. The other one is the image sensor in your camera, which is probably in your phone. The ICs have a tremendous number of tiny silicon photosensors, and [Asianometry] explains how they work in the video you can see below.

The story starts way back in the 1800s when Hertz noticed that light could knock electrons out of their normal orbits. He couldnt explain exactly what was happening, especially since the light intensity didnt correlate to the energy of the electrons, only the number of them. It took Einstein to figure out what was going on, and early devices that used the principle were photomultiplier tubes, which are extremely sensitive. However, they were bulky, and an array of even dozens of them would be gigantic.

...

07:58

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Security Affairs

The U.K. National Crime Agency (NCA) revealed that it has set up a number of fake DDoS-for-hire sites to infiltrate the online criminal underground.

The UK National Crime Agency announced it has infiltrated the online criminal marketplace by setting up several sites purporting to offer DDoS-for-hire services.

DDoS-for-hire or booter services allows registered users to launch order DDoS attacks without specific knowledge.

While the NCA-run sites were up and running, they have been accessed by several thousand people, whose registration data were obtained by the investigators. The UK authorities will contact registered users that are based in the UK and warn them about engaging in cyber crime. Information relating users that are based overseas is being passed to international law enforcement.

All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks, reads the announcement. However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.

The activity is part of a coordinated international operation named Operation Power Off that is targeting DDoS-for-hire infrastructures worldwide.

NCA fake DDoS-for-hire sites

In December, the U.S. Department of Justice (DoJ)...

07:00

How Much Programming Can ChatGPT Really Do? Hackaday

By now weve all seen articles where the entire copy has been written by ChatGPT. Its essentially a trope of its own at this point, so we will start out by assuring you that this article is being written by a human. AI tools do seem poised to be extremely disruptive to certain industries, though, but this doesnt necessarily have to be a bad thing as long as they continue to be viewed as tools, rather than direct replacements. ChatGPT can be used to assist in plenty of tasks, and can help augment processes like programming (rather than becoming the programmer itself), and this article shows a few examples of what it might be used for.

...

06:06

Benefits of Big City Life Only for the Elite SoylentNews

hubie writes:

Urban inequality in Europe and the United States is so severe that urban elites claim most of the benefits from the agglomeration effects that big cities provide, while large parts of urban populations get little to nothing:

In recent years, researchers from across disciplines have identified striking and seemingly universal relationships between the size of cities and their socioeconomic activity. Cities create more interconnectivity, wealth, and inventions per resident as they grow larger. However, what may be true for city populations on average, may not hold for the individual resident.

"The higher-than-expected economic outputs of larger cities critically depend on the extreme outcomes of the successful few. Ignoring this dependency, policy makers risk overestimating the stability of urban growth, particularly in the light of the high spatial mobility among urban elites and their movement to where the money is", says Marc Keuschnigg, associate professor at the Institute for Analytical Sociology at Linkping University and professor at the Institute of Sociology at Leipzig University.

[...] An individual's productivity depends on the local social environments in which they find themselves in. Because of the greater diversity in larger cities, skilled and specialized people are more likely to find others whose skills are complementary to their own. This allows for higher levels of productivity and greater learning opportunities in larger cities.

But, not everyone can access the productive social environments that larger cities provide. Different returns from context accumulate over time which gives rise to substantial inequality.

[...] Consequently, the initially successful individuals in the bigger cities increasingly distanced themselves from both the typical individual in their own city, creating inequality within the big cities, and the most successful individuals in smaller cities, creating inequality between cities.

Read more of this story at SoylentNews.

04:36

FreeBSD 13.2-RC4 Released With Fixed Suspend/Resume For Some Laptops Phoronix

FreeBSD 13.2-RC4 is now available with a few more fixes for this BSD operating system update. A FreeBSD 13.2-RC5 release is also inbound as an extra release candidate with one more bug fix, after which the stable release should happen...

04:31

04:09

Are ad-driven business models bad? Geeking with Greg

There's been a lot of discussion that ad-driven business models are inherently exploitative and anti-consumer. I think that's both wrong and not a helpful way to look at how to fix the problems in the tech industry.

I think the problem with ad-driven models is that it's easy and tempting for executives to use short-term metrics and incentives like clicks or engagement. It's the wrong metric and incentives for teams. But I think the problem is more ignorance, or willful ignorance, of that issue. In the short-term, for an ad-supported product, ad revenue and profitability does look like ad clicks. In the long-term, ad profitability looks like converting performing ads for advertisers over the lifetime of customers. Those are quite a bit different. With subscription-driven models, it's more obvious that your metrics should be long-term. With ad-driven models, long-term metrics are harder to maintain, and many execs don't realize they need to. If execs let teams optimize for clicks, they eventually find those clicks have long-term costs as customers start leaving, but unfortunately it's quite costly to reverse the damage once you're far down this path. In the long-term, I think you can improve the profitability of an ad-driven platform by making the content and ads work better for customers and advertisers (raising ad spend, increasing ad competition for the space, and reducing ad blindness) and by retaining customers longer (along with recruiting new customers). That looks a lot like the strategy for increasing the profitability of a subscription-driven platform. So I don't see much of a difference between ad-supported and subscription-supported business models other than the temptation for executives to inadvertently optimize for the wrong thing.

04:00

Gordon Moore, 1929 2023 Hackaday

The news emerged yesterday that Gordon Moore, semiconductor pioneer, one of the founders of both Fairchild Semiconductor and Intel, and the originator of the famous Moores Law, has died. His continuing influence over all aspects of the technology which makes our hardware world can not be underestimated, and his legacy will remain with us for many decades to come.

A member of the so-called Traitorous Eight who left Shockley Semiconductor in 1957 to form Fairchild Semiconductor, he and his cohort laid the seeds for what became Silicon Valley and the numerous companies, technologies, and products which have flowed from that. His name is probably most familiar to us through Moores Law, the rate of semiconductor development he first postulated in 1965 and revisited a decade later, that establishes a doubling of integrated circuit component density every two years. Its a law that has seemed near its end multiple...

03:42

03:34

Theo de Raadt at CanSecWest: Synthetic Memory Protections OpenBSD Journal

We recently reported that Theo de Raadt (derradt@) was scheduled to present at CanSecWest. That's now happened, and slides of Theo's presentation, Synthetic Memory Protections, can be found in the usual place. Video is available on the bird site.

02:44

Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days Security Affairs

On the third day of the Pwn2Own Vancouver 2023 hacking contest, the organization awarded $185,000 for 10 zero-day exploits.

Pwn2Own Vancouver 2023 is ended, contestants disclosed 27 unique zero-days and the organization awarded a total of $1,035,000 and a Tesla Model 3. The team Synacktiv (@Synacktiv) (Benoist-Vanderbeken, David Berard, Vincent Dehors, Tanguy Dubroca, Thomas Bouzerar, and Thomas Imbert) won the competition, they earned 53 points, $530,000, and a Tesla Model 3.

On the third day, contestants were awarded $185,000 after demonstrating 5 zero-day exploits targeting the Ubuntu Desktop, Windows 11, and the VMware Workstation software.

Pwn2Own Vancouver 2023

The day began with the hack of Ubuntu Desktop by Kyle Zeng from ASU SEFCOM, he used a double-free bug and earned $30,000 and 3 Master of Pwn points.

Thomas Imbert (@masthoon) from Synacktiv (@Synacktiv) used a UAF against Microsoft Windows 11. They earn $30,000 and 3 Master of Pwn points.

The researchers Mingi Cho of Theori used a UAF against Ubuntu Desktop, the team earned $30,000 and 3 Master of Pwn points.

The STAR Labs (@starlabs_sg) team used an uninitialized variable and UAF to hack the VMWare Workstation virtualization software. They earned $80,000 and 8 Master of Pwn points. The STAR Labs team also attempted to demonstrate an exploit against Microsoft Teams, but failed to do it within the time allotted.

Bien Pham (@bienpnn) from Qrious Security successfully targeted Ubuntu Desktop, but used a known exploit, for this reason, the attempt was c...

02:23

Flying taxi service coming to Chicago using eVTOL aircraft Lifeboat News: The Blog

In the latest sign of growing interest in the flying taxi sector, United Airlines and air mobility startup Archer Aviation have announced an upcoming service for hops between downtown Chicago and OHare International Airport.

The service will offer a sustainable, low-noise, and cost-competitive alternative to ground transportation for folks traveling to and from the airport, United and Archer said in a release.

Read more

02:23

The Personalized Stem Cells That Could One Day Treat Parkinsons and Heart Failure Lifeboat News: The Blog

Could an injection of lab-cultured brain cells, created from a persons own cells, reverse symptoms of Parkinsons disease? Thats an idea that Aspen Neuroscience Inc., a startup based in San Diego, plans to test in human trials later this year.

In patients with Parkinsons, neurons die and lose the ability to make the chemical dopamine, leading to erratic, uncontrollable movements. Aspen Neuroscience will test if the newly injected cells can mature into dopamine producers, stopping the debilitating symptoms of this incurable disease, says Damien McDevitt, the companys chief executive officer. Tests in animals have shown promise, the company says.

Read more

02:22

People And Machines Will Merge Sooner Or Later Lifeboat News: The Blog

The idea of the technological singularity was inspired by how ubiquitous and invasive AI is becoming. As they combine thought and machine, recent advanceme

Read more

01:20

Moderna CEO Brazenly Defends 400% COVID Shot Price Hike, Downplays NIH's Role SoylentNews

Freeman writes:

https://arstechnica.com/science/2023/03/moderna-ceo-says-us-govt-got-covid-shots-at-discount-ahead-of-400-price-hike/

In congressional testimony Wednesday, Moderna CEO Stphane Bancel unabashedly defended the company's plans to raise the US list price of its COVID-19 vaccines by more than 400 percentdespite creating the vaccine in partnership with the National Institutes of Health, receiving $1.7 billion in federal grant money for clinical development, and making roughly $36 billion from worldwide sales.

Bancel appeared this morning before the Senate's Health, Education, Labor, and Pensions committee, chaired by Sen. Bernie Sanders (I-Vt.), who has long railed at the pharmaceutical price gouging in the US and pushed for policy reforms. After thanking Bancel for agreeing to testify, Sanders didn't pull any punches. He accused Moderna of "profiteering" and sharing in the "unprecedented level of corporate greed" seen in the pharmaceutical industry generally.
[...]
Early doses were priced between $15 to $16, while the government paid a little over $26 for the updated booster shots. When federal supplies run out later this year and the vaccines move to the commercial market, Moderna will set the list price of its vaccine at $130.

"This vaccine would not exist without NIH's partnership and expertise, and the substantial investment of the taxpayers of this country," Sanders summarized. "And here is the thank you that the taxpayers of this country received from Moderna for that huge investment: They are thanking the taxpayers of the United States by proposing to quadruple the price of the COVID vaccine."

Read more of this story at SoylentNews.

01:00

A LEGO Camera You Just Might Own Yourself Hackaday

A camera makes for an interesting build for anyone, because its an extremely accessible technology that can be made from materials as simple as cardboard. More robust cameras often require significant work, but what if you could make a usable camera from LEGO? Its a project taken on by [Zung92], who hasnt simply made a working 35 mm camera from everyones favorite construction toy hes also managed to make it exude retro style. Best of all, you can vote for it on the LEGO Ideas website, and you might even get the chance to have one for yourself.

Frustratingly theres little in the way of in-depth technical detail on the Ideas website, but he does mention that it was a challenge to make it light proof. Even the lens is a LEGO part, and if diffraction-based photography isnt for you theres also a pinhole option. We look forward to seeing this camera progress, and we hope well see it advance to becoming a LEGO Ideas kit.

This is an extremely polished design, but surprisingly, its not our first LEGO camera.

Thanks [Michael] for the tip.

00:43

Internet Archive is Liable for Copyright Infringement, Court Rules TorrentFreak

internet archiveIn 2020, publishers Hachette, HarperCollins, John Wiley and Penguin Random House sued the Internet Archive (IA) for copyright infringement, equating its Open Library to a pirate site.

IAs library is operated by a non-profit organization that scans physical books and then lends the digital copies to patrons in an ebook format.

While digital book lending is not uncommon, libraries typically loan out DRM-protected files after acquiring a license from publishers. In this case, IA sent physical books it owned to a scanning facility and made its own copies.

Fair Use or Mass Copyright Infringement?

These digital copies were subsequently loaned out to patrons, with IA ensuring that only one person at a time could access a single digital copy of a single physical book.

IA previously sought summary judgment in its favor, arguing that a digital copy of a physical book transforms the original work, with lending limits and the absence of profit also supporting a finding of fair use.

In contrast, the publishers described IAs library as a rogue operation engaging in willful mass copyright infringement. Claiming direct damage to their bottom line, the publishers lawsuit aimed to put an end to the illegal lending program once and for all.

The publishers went on to request summary judgment and a declaration that this type of copying is a clear case of copyright infringement.

Opinion and Order

Earlier this week, the parties had the opportunity to back up their arguments during a New York Court hearing. District Court Judge John Koeltl questioned both sides on their summary judgment requests, before deliberating on his final decision.

After weighing the arguments. Judge Koeltl published his opinion and order yesterday. His order clearly sides with the publishers, whose request for summary judgment was granted. IAs fair use defense and summary judgment in its favor was denied.

...

Saturday, 25 March

23:50

Lenovo Flex 5G / Qualcomm SC8180x Support Being Worked On For Mainline Linux Phoronix

In addition to the mainline Linux kernel seeing recent support for the Arm-powered Lenovo ThinkPad X13s and Lenovo Yoga C630, among others, another Lenovo model working toward mainline kernel support is the Lenovo Flex 5G...

23:46

22:35

AI Researcher Goaded Chat GPT to Attempt to Jailbreak Itself and Access the Internet cryptogon.com

It wrote a Python script for Kosinski to run on his computer that would have passed data into the system via the API. Its all fun and games until someone loses an eye. Via: inews: Concerns have been raised about the extent of artificial intelligence GPT-4s power to take over computers after the AI chatbot []

22:22

Quantum Computers Vs Supercomputers Lifeboat News: The Blog

Supercomputers and quantum computers are potent tools for handling difficult calculations, problem-solving, and data analysis. Although they both have the potential to transform computing technology, their speeds and capacities differ greatly.

Supercomputers quickly process massive volumes of data to provide a single result using a conventional computing strategy with numerous processors. These computers are the most powerful in terms of raw computing speed, but they can only do one task at a time, and Moores Law places a cap on how much data they can process (the principle that computer processor speeds double every two years).

Quantum computers, on the other hand, utilize laws of quantum mechanics to process information in ways that regular computers cannot, resulting in vastly higher processing speeds. They can manage several activities at once and take on challenging issues that would take supercomputer months to resolve. Yet, because of their great sensitivity to temperature fluctuations and need for isolation from outside influences, quantum computers require more upkeep than their conventional equivalents.

Read more

22:17

Microsoft's CBL-Mariner Linux Distribution Continues Cultivating More Packages Phoronix

Microsoft's in-house Linux distribution that they make public, CBL-Mariner, began with a very niche focus while over time has continued adding additional packages as it is worked into becoming a more robust Linux platform...

22:03

In Memoriam: Gordon Moore, 1929 - 2023 SoylentNews

upstart writes:

In Memoriam: Gordon Moore, 1929 - 2023:

With great sadness, the Gordon and Betty Moore Foundation announces the passing of our founder, Gordon Moore.

With his characteristic humility and word economy, Gordon Moore once wrote "my career as an entrepreneur happened quite by accident." A brilliant scientist, business leader and philanthropist, Gordon co-founded and led two pioneering technology enterprises, Fairchild Semiconductor and Intel, and, with his wife, Betty, created one of the largest private grantmaking foundations in the U.S., the Gordon and Betty Moore Foundation.

He may argue that his career as an entrepreneur happened by accident, but his world-changing contributions did not. Never one to trumpet his own accomplishments, Gordon wasn't able to dissuade others from celebrating his wide and long-reaching legacy: the revolutionary technologies and breakthroughs, a long and generous history of philanthropy, and the very culture of experimentation, invention and relentless progress that now defines Silicon Valley.

It took decades for Gordon to be able to speak with a straight face of his eponymous "Moore's Law," the prophetic 1965 observation that became a cornerstone principle of innovation and driving force for the exponential pace of technological progress in the modern world. Gordon later observed that he had looked it up and was pleasantly surprised to find more references on the internet to "Moore's Law" than to "Murphy's Law."

Dubbed a "quiet revolutionary" by his biographers, Gordon always worked in the absence of any pretense or desire for recognition, driven instead by an exceptional curiosity, generosity and unassuming commitment to hard work.

Gordon was always a visionary. Even at the start of his career, he keenly recognized the impact that the technologies he was developing would have on the world. And at an industry event in 1979, he told an Intel audience: "We are bringing about the next great revolution in the history of mankind the transition to the electronic age." (Moore's Law, Thackray, Brock and Jones).

Although Gordon was reluctant to spotlight his own contributions, his biographers have been less reticent about attribution. Gordon is simply, they argue, "the most important thinker and doer in the story of silicon electronics."

Original Submission

Read more of this story at SoylentNews.

22:00

Clever Mechanism Powers This All-Mechanical Filament Respooler Hackaday

No matter how far down the 3D printing rabbit hole we descend, chances are pretty good that most of us wont ever need to move filament from one spool to another. But even so, youve got to respect this purely mechanical filament respooler design, and you may want to build one for yourself just because.

We were tipped off to [Miklos Kiszely]s respooler via the very enthusiastic video below from [Bryan Vines] at the BV3D YouTube channel. He explains the need for transferring filament to another spool as stemming from the switch by some filament manufacturers to cardboard spools for environmental reasons. Sadly, these spools tend to shed fibrous debris that can clog mechanisms; transferring filament to a plastic spool can help mitigate that problem.

The engineering that [Miklos] put into his respooler design is pretty amazing. Bearings excepted, the whole thing is 3D printed. A transmission made of herringbone gears powers both the take-up spool and the filament guide, which moves the incoming filament across the width of the spool for even layers. The mechanism to do this is fascinating, consisting of a sector gear with r...

21:53

MidnightBSD 3.0 Available With Many Software Updates & Fixes Phoronix

MidnightBSD as the desktop-focused OS forked from FreeBSD and relying on the Xfce desktop environment by default is out with its big MidnightBSD 3.0 update...

21:25

AMD Sends Out Patches For Enabling New Graphics IP Blocks (NBIO 7.9, GMC 9.4.3) Phoronix

AMD on Friday sent out new patches for enabling some new graphics IP "blocks" as part of their block-by-block enablement strategy they've been using to introduce new GPU support to their Linux graphics stack by focusing on smaller patch series with versioned parts of the GPU rather than big monolithic patch series with colorful fishy codenames...

21:00

Casinos Not On Gamestop Experiment: Good Or Bad? h+ Media

Casinos Not On Gamestop Experiment: Good Or Bad?

Below are the principle markets that punters can find on an LA Lakers online sportsbook. Now, eSport sites must purchase licenses of operation and in addition go the extra mile to cushion the personal information of their users from the unhealthy guys on the internet. Well, if you have ever placed bets on sports similar to football, tennis, horse racing, and golf, then you have already got a touch about how eSports betting works. In reality, betting on eSports is very a lot much like playing on common sports activities.

The process may be carried out on the net site and within the official app. After that, an e mail might be despatched to your mail confirming the profitable creation of an account. Remember to activate your account by clicking on the hyperlink on this letter.

You may wager at MELbet with confidence, understanding that your money is protected and that the video games are not manipulated. Even first-time bettors will have the ability to join up in a matter of minutes after finishing the form. There are a couple of steps to take, but dont let that overwhelm you. In any event, if there are problems joining up, gamers may contact the customer service team for assistance. Players must deposit no a lot less than 2150 INR, full their profile, and wager the entire deposit amount on an occasion with odds of a minimum of 1.50 to qualify for the free guess.

The company supplies lots of 1xBet promo code 2023 that will impress even demandable purchasers. Comparing with the rivals, 1xBet promo can boast its trustworthiness and alluring bonuses. Unfortunately, this is not attainable this bonus code is reserved for brand spanking new prospects who have not yet opened an account at the website. As the code is hooked up to the 1xbet Welcome Bonus, its offered only to new clients of the site and is obtainable only as quickly as per customer . Bonus code, you presumably can be positive to get one of the best welcome bonus on offer at 1xbet dont miss out on this! To answer the question what is 1xBet and discover more details about this bookmaker, read our evaluate.

This bookmaker has a simple, glossy, and one of the friendliest web site designs out there. When navigating MelBets web site, rest assured of discovering everything that you really want quite fast. MelBets heat yellow and black colors are really easy on the eyes.

The Melbet app in Bangladesh helps well-liked deposit methods Perfect Money, Bkash, Sticpay, Astropay, Skrill, and Neteller. At Bet India, we solely advocate the best betting sites in India that meet these requirements so you dont should spend hours researching. Additionally, MLB gamblers can choose from numerous betting options, including participant futures, membership futures, moneylines, and props. Like many other sports activities, in cricket, you can guess not solely on the ultimate winner but add...

20:58

Water Pumps & Valves, Fans & Motors On-line Auckland Nz h+ Media

Water Pumps & Valves, Fans & Motors On-line Auckland Nz

Depending on a bookmaker to money out from, you may find that it permits you to cash out partially or fully. Partial money out is just going to return a share of what you initially invested. Then again, if you are fortunate, you might get all the money back for free with the full cash-out choice. Generally, if you see that youre going to lose the wager, that is when you must choose to cash out to scale back your losses.

If theres an space where MelBet actually units the bar, then it has to be its large vary of sports activities offerings . Are you a big online sports activities betting fan based mostly in New Zealand? If the reply is sure, then sports betting is an ideal method of boosting your bankroll when taking half in at MelBet.

Sir i have given all my paperwork however the safety group not replying since 9days..its been horrible and disappointing.as i cant withdraw with out documents verification If you wish to gamble on a protected and dependable platform, try Captain Cooks. This platform is licensed by eCOGRA and holds licenses from the UK playing fee. In this case, there are 2 bets which were mixed collectively, and the bets are Both Team to Score and Match Result.

Just as easily Melbet app free obtain on their devices. Melbet betting agency offers its users the popular on line casino card game poker. This is a good alternative not solely to study the mechanics of betting on Melbet, however moreover to get some additional winnings. The minimal deposit required to activate the bonus is Rs. seventy five.

This will allow gamblers to conduct transactions without friction and with flexibility. The casinos youll be able to choose from with $5 minimum deposit are quite many. With the luck on your facet and a budget of $5 you may have a chance to build up a bankroll to stay within the game for some time. You could make bigger bets and the potential winnings get higher. Believe it or not, soccer followers have updates about every little thing, the gamers, groups, coaches, managers, and contests. These folks even create on-line fan golf equipment which occur to be the source of all types of useful data for betting.

This one can get rid of the prospect of a draw in the soccer contest. Naturally, bettors should wager on the staff which will win- an underdog or a favorite. This sort of guess is helpful when you dont need the sport to complete with a tie. In the Totals guess, you are principally wagering on the upper or decrease score of the group in a contest. Your task is to predict and bet whether or not the staff will score over or underneath the number the sportsbook has decided.

There are greater than 100 slot games that shoppers can choose within the slots part. These are organized on the location based on the slots developed. This website screams enjoyable and friendly to entice prospects to keep on p...

20:57

New No Deposit Free Spins Australia Stebbings Automotive, Restoration And Fabrication h+ Media

New No Deposit Free Spins Australia Stebbings Automotive, Restoration And Fabrication

When utilizing this characteristic, you can expect instantaneous response with a polite and professional representative. Everything on the cellular website resembles what youll find when using the app. If either you choose to bet from the cellular website or using the app, you should not have any cause to fret since they are each fast. This makes them one of the best choices for all your betting wants while on the transfer, or when you arent using a computer.

For extra information or assist, use the links to your right. In India, sports betting apps are shortly choosing the tempo and becoming punters first choice to guess on their favorite sports activities and games. There are not any restrictions or central laws that forestall Indian punters from utilizing betting apps in the region.

Many 5 greenback deposit casinos NZ use this banking method as it is a very safe means of depositing money. This platform additionally has a $ 5 minimum deposit cellular on line casino compatible with Android, iPhone, Blackberry, and tablets. The platform has a great payout rate of ninety five.73%, giving you an excellent probability to make a good return out of your bankroll. Being multilingual is considered one of the most resourceful options of this platform. This platform supports English, German, Italian, French, and Spanish. If you are not swept off your feet, then the banking flexibility could just do that.

It means that as soon as you log in and earlier than you make a deposit, you get numerous free spins to check out the games. But understand that these bonuses come with playthrough requirements. With a great Montreal casino on-line real wins are possible and your cash can stretch a lot additional, and this Sunpura Casino overview of the reside vendor video games will prove it. Other than getting Blackjack from the bounce, but ultimately it has made the game practically unimaginable to beat for anybody not outfitted and proficient with their very own HUDs. The most important factor is that you know how to say 1xbet promo codes and purchase a quantity of bonuses sooner or later.

You must redeem the bonus inside 30 days of registration. Otherwise, the bonus and all winnings made from the bonus will be revoked. Casinobonusesfinder.co.nz must evaluation the security of your connection earlier than continuing. Bet and get place a bet and get a free wager of a special value to the actual money stake, usually as twice your preliminary stake. Bookmakers present their registration provides in some ways but one can find it simple as she or he indicators up to claim the designated bonus.

However, there are different excellent 1xBet offers you should try. Even so, offers from different bookies such as the Betsafe new buyer supply are worthy of your consideration. You will solely receive the bonus after creating an account, verifying...

20:55

22 Underdogs Ideas Underdog, Inspirational People, History h+ Media

22 Underdogs Ideas Underdog, Inspirational People, History

Operators similar to DraftKings can still supply promos of this nature, although only via their own websites. Check genuine buyer evaluations and scores from unbiased platforms. However, essentially the most famous buyer assistance choice is the reside chat device, which bettors can find at the bottom proper of the MELbet website. Youll uncover a chatbox with the name of the support personnel and the choice to rate them depending on your experience. NetEnt, Microgaming, Red Tiger Gaming, and Betsoft are among the many sport suppliers.

It shall be very inconvenient for bettors in the event that they cant attain out to the customer support staff through telephone, e-mail, or live chat. Even if a web site has essentially the most informative Frequently Asked Questions part, it wont be succesful of remedy any real-time downside the customers are having. William Hill often has enhanced odds at no cost on most of its sports activities matches. Having mentioned that, you should seek out the most effective promotions offered on different platforms and attempt to assert those that are more rewarding. There is no point in staying loyal to 1 bookie when other bookies are presenting higher deals and promos.

Read phrases and situations before doing anything, as you need to keep away from any pointless confusion attributable to poor information and understanding of the system. Reading this complete guide helps getting began, understanding the fundamentals and receiving basic pointers. Points not earned on sale gadgets, donations or reward playing cards.

As lengthy as you are signed as a lot as one of the best football betting app and have funds in your account, you can simply click on the wager you need. Claim any free bets obtainable, enter the quantity you want to gamble, and then place the bet. In fact, the extra credible the sports betting platform is, the larger the range of its markets. When you would possibly be searching for odds, you will definitely notice the differences between one of the best and the typical bookies.

For more info or assist, use the links to your proper. In India, sports betting apps are quickly picking the pace and changing into punters first choice to bet on their favourite sports and games. There are no restrictions or central legal guidelines that prevent Indian punters from utilizing betting apps in the region.

This section is entirely dedicated to video games, with out mentioning which our Melbet consider may be faraway from being accomplished. In this section, yow will uncover card video games much like poker and 21, slots, Wheel of Fortune in several variants, roulette, and one other electronic video video games. The left-hand aspect has a list of sports, the middle has crucial betting markets, and the highest half has the wager kind with a wide selection of adverts. Melbet India rewards you if you contribute...

20:35

Habitual Daily Intake of a Sweet and Fatty Snack Modulates Reward Processing in Humans SoylentNews

guest reader writes:

Why we can't keep our hands off chocolate bars and co.:

Chocolate bars, crisps and fries - why can't we just ignore them in the supermarket? Researchers at the Max Planck Institute for Metabolism Research in Cologne, in collaboration with Yale University, have now shown that foods with a high fat and sugar content change our brain: If we regularly eat even small amounts of them, the brain learns to consume precisely these foods in the future.

[...] To test this hypothesis, the researchers gave one group of volunteers a small pudding containing a lot of fat and sugar per day for eight weeks in addition to their normal diet. The other group received a pudding that contained the same number of calories but less fat. The volunteer's brain activity was measured before and during the eight weeks.

The brain's response to high-fat and high-sugar foods was greatly increased in the group that ate the high-sugar and high-fat pudding after eight weeks. This particularly activated the dopaminergic system, the region in the brain responsible for motivation and reward. "Our measurements of brain activity showed that the brain rewires itself through the consumption of chips and co. It subconsciously learns to prefer rewarding food. Through these changes in the brain, we will unconsciously always prefer the foods that contain a lot of fat and sugar," explains Marc Tittgemeyer, who led the study.

Journal paper highlights:
- Daily consumption of a high-fat/high-sugar snack alters reward circuits in humans
- Preference for low-fat food decreases while brain response to milkshake increases
- Neural computations that support adaptive associative learning are also enhanced
- Effects are observed despite no change in body weight or metabolic health

Journal Reference:
Sharmili Edwin Thanarajah, Alexandra G. DiFeliceantonio, Kerstin Albus, et al., Habitual daily intake of a sweet and fatty snack modulates reward processing in humans [open], Cell Metabolism, 2023, ISSN 1550-4131, https://doi.org/10.1016/j.cmet.2023.02.015

Original Submission

Read more of this story at SoylentNews.

19:52

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals The Hacker News

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to

19:48

19:19

Profitable India Betting On-line On Reputed Website 1xbet h+ Media

Profitable India Betting On-line On Reputed Website 1xbet

This process must be done by visiting the 1xBet main website. 1xBet has made certain that an revolutionary set of options can be found for these who wish to guess on the various video games. The first of the progressive selections would involve cryptocurrency funds, as the likes of bitcoin are supported. For those who wish to use the normal means of creating funds, the channels out there are Skrill, NETELLER, EcoPayz, Qiwi, and more.

We will inform you tips on how to deal with this problem, however first its worth mentioning that your iOS version must be no less than iOS 9.three to use the app properly. Click the Android button if you are an Android system user. Congratulations, you at the second are a full-fledged 1xBet person, all you should keep in mind your username and password. If there is a problem with this, the site automatically remembers your information and you dont have to continually take into consideration login and password. We also review one of the best sites for Indian punters to play at. Moreover, the bonus doesnt work if youre using cryptocurrencies, however thats the identical old story for many bonuses right here.

Plus, you possibly can easily make deposits and withdrawals utilizing in style strategies like Paytm, Google Pay, and UPI. Thats why weve named 7Cric as our Online Casino of the Month. At 7Cric, were devoted to making positive that our site is the go-to alternative for Indian players.

So, when you determine on becoming a member of the bookmaker and taking half in on the 1xBet web site, you need to do a couple of simple actions. They embody creating an account, logging in, choosing a sports activities match for betting or a on line casino recreation for playing, and begin having fun with the method. As for other entertainment, the positioning presents profitable slots online free on line casino from famed 1xBetbookmaker. The main advantage right here is that you can play in demo mode without using your individual funds. The alternative the best bookmaker is a assure that sports activities bets will bring you really good earnings.

This software is based on dynamic programming and is extensively considered one of the best algorithms for cricket match predictions. Choose your most well-liked fee possibility and input the amount of cash you wish to guess with . Choosing a betting website shouldnt be one thing you do without correct analysis. There are lots of of online sportsbooks out there, and we want that we are in a position to say that each one of them are good.

The 1xbet cellular utility is user-friendly, making it straightforward for Indian customers to navigate and place bets. The app is out there on both iOS and Android devices, and it presents a seamless expertise, making it simple for customers to search out their most popular sports activities and occasions....

19:17

Is 1xbet Banned In India Up To Date In 2023 March h+ Media

Is 1xbet Banned In India Up To Date In 2023 March

The 1xbet mobile application is user-friendly, making it simple for Indian users to navigate and place bets. The app is available on each iOS and Android devices, and it provides a seamless expertise, making it simple for users to search out their preferred sports activities and occasions. 1xBet India additionally provides its customers a range of stay betting and streaming choices.

The sports activities menu comes in the type of a side-scrolling listing that is displayed on the high of the betting menu, so it could all the time be accessed. In our opinion, this isnt essentially the most user-friendly approach to navigate a sports activities betting menu. 1xBet has a stay casino section that provides a broad range of game kinds. These games might be performed with a stay supplier to provide a true casino experience, and Indian gamers prefer games with Hindi-speaking stay dealers. 1xBet features a variety of deposit and withdrawal methods which are generally utilized by customers from India.

To do that, click on its icon in the principle menu of your cellular device. Also within the software, everlasting and occasion promos are available. For example, you can win a car in the Grand Slam promotion or free bets in the Big Bash!

In truth, we counted 133 different ways to deposit money into your account. Importantly, the live betting opportunities never cease, with markets out there around the clock. Match stats are posted live so youll find a way to observe the action, whereas some events are even streamed reside. The intensive alternative offered by 1XBet India additionally extends to their live betting where theres a bumper number of markets. When it involves offering nice odds, 1XBet is amongst the finest. There is always a worry that an unfamiliar betting website wont be 100% respectable, and some bad critiques can add to this sense.

1x Bet is a extremely good gambling website in India with amazing sports activities betting and online casino sections. Indian players can declare many casinos, and sports bonuses like the first deposit bonus of 20,000 and as much as 100 percent promo matches, TV Bet Accumulators and rather more. The primary function of 1x guess service is stay betting with sports activities occasions going down in real-time.

1xbet line safer bets that allow you to think twice before making a prediction. This part includes events which are nearly to begin. They start at totally different times, however at all times sooner or later, i.e. in a few minutes, hours or days. To start inserting bets at 1xbet you need to create your account, full the verification process and make your first deposit. A free app that can make your betting life easier definitely deserves your consideration. Im glad that apps of such a cool stage are already out there here.

The model provides a chance to bet on a number of cricke...

19:16

1xbet Promo Code India 2023 Vip Bonus h+ Media

1xbet Promo Code India 2023 Vip Bonus

In this Sportscafe review, well go through the completely different options and functionalities that 1xBet provides to Indian prospects. Our record of prime on line casino video games in India, play on line casino video games demo in enjoyable mode and each time you are prepared, play for real money. The MIB sends letters to particular person gamers as and when a violation is dropped at its notice. Offshore on-line betting platforms Fairplay, PariMatch, Betway, Wolf 777, and 1xBet have been advertising on TV and digital platforms via surrogate information websites. Sometimes, punters prefer certain forms of bets over others when putting wagers in on-line bookmakers. If theres data out there on wagering trends for the match were reviewing, well let you know what the public thinks.

1xBet India operates with a license issued by the Government of Curacao and is thus authorized in India. Indian legislation doesnt prohibit betting or gambling in India. However, gamers should seek the guidance of their native legal guidelines and rules before using 1xBet India services. 1xBet India also offers its customers a number of bonus programs, together with welcome bonuses, loyalty factors, free bets, and more. If you like to guess on cricket and also take pleasure in wagering on other sports, few bookmakers will give the selection that you can see on 1XBet.

The only drawback is the attack, where there are not any main world football celebrities. However, the star midfielders more than compensates for this. On the positioning at the bottom of the web page there is an option to alter one or one other kind 1xbet betting odds.

You wont find the chances of two.00 on one bookie and four.00 on one other. Instead, the distinction might be zero.1 or zero.2 in most cases. Still, if the percentages are higher at a given betting website, we are going to ensure to deliver your consideration to it in our online betting tips. After fulfilling the basic requirements of the bookmakers workplace, the player will want to make a deposit. Remember that the upper the deposit amount, the larger the reward.

Keep in thoughts that only people who have reached the age of 18 years can register at such betting corporations. In addition, a choice of two completely different bonuses shall be obtainable to you directly within the registration type, nonetheless, you can even choose them later. You may read the detailed directions on how to enroll on the 1xBet website below.

Second, to that is the tremendous quantity of fee options and the wide range of events and activities on which you can guess. Although essentially the most accountable approach to gamble at 1xbet India is not to gamble there at all, the site does offer basic self-exclusion options. Unfortunately, the on line casino has allegedly used these self-exclusion options to set off a pressured cease for some players acco...

19:14

1xbet Evaluation For Indian Users h+ Media

1xbet Evaluation For Indian Users

There is a lot going for this model and customers are unlikely to make the mistake of going with 1xBet registration when attempting to guess on cricket matches. Launched in 2007, 1xBet is an online on line casino thats operated by the corporate Exinvest Limited based in Cyprus. Theyre one of many greatest betting sites youll be able to encounter in India, with an nearly overwhelming array of betting choices and on line casino video games. 1xbet app download could be easily done via their official page.

This is a welcome bonus offer from 1xbet, designed for on line casino entertainment. You can get up to 1,500 + 150 Free Spins on the most effective casino slots after your first deposit at 1xBet. To get it, you must agree to receive the bonus within the Account Settings tab. 1xBet India additionally offers phone assist to its clients.

1xBet India also presents gamers the choice to sign off with a single click. Players can deposit 1xBet India by deciding on their most popular payment technique, entering the quantity they wish to deposit, and clicking on the Deposit button. 1xBet India accepts deposits in a number of currencies, including Indian Rupees , US Dollars , and more.

1x Bet is a really good gambling website in India with wonderful sports activities betting and online on line casino sections. Indian gamers can claim many casinos, and sports activities bonuses like the first deposit bonus of 20,000 and as a lot as one hundred pc promo matches, TV Bet Accumulators and far more. The primary characteristic of 1x guess service is live betting with sports events going down in real-time.

By the best way, our research reveals that reside streaming is of good high quality and obtainable to all users free of charge. 1xbet is completely different in that cricket betting could be carried out in euros, dollars, Indian rupees, and other currencies. The Curacao-licensed firm can provide a extensive range in deciding on outcomes on high matches, as nicely as betting on the athletes stats. The common margin in each pre-match and in-play is 6-7%.

The app also has the identical functions because the desktop version, so you wont be losing out on anything. Bet India is not a betting site and we do not settle for fee from players in any form. Bet India doesnt endorse or promote unlawful gambling practices. Basically, each Friday any 1xBet person can receive a bonus of EUR . The bonus is counted as 100 percent of this quantity, however not more than one hundred EUR. This money have to be used on sports activities playing, and you cant obtain more than one.

However, not all betting websites settle for all of these methods, and a few may have completely different deposit and withdrawal limits than others. The Indian Premier League is the top-tier Twenty20 cricket league in India and some of the renowned cricket leagues on the planet. Since Crictips...

19:00

Digitizing Sound On An Unmodified Sinclair ZX81 Hackaday

Whatever the first computer you used to manipulate digital audio was, the chances are it came with dedicated sound hardware that could play, and probably record, digitized audio. Perhaps it might have been a Commodore Amiga, or maybe a PC with a Sound Blaster. If you happen to be [NICKMANN] though, you can lay claim to the honor of doing so on a machine with no such hardware, because he managed it on an unmodified Sinclair ZX81.

For those of you unfamiliar with the ZX, it embodied Clive Sinclairs usual blend of inflated promises on minimal hardware and came with the very minimum required to generate a black-and-white TV picture from a Zilog Z80 microprocessor. All it had in the way of built-in expansion was a cassette interface, 1-bit read and write ports exposed as 3.5 mm jacks on its side. Its these that in an impressive feat of hackery he managed to use as a 1-bit sampler with some Z80 assembler code, capturing a few seconds of exceptionally low quality audio in an 81 with the plug-in 16k RAM upgrade.

From 2023 of course, its about as awful as audio sampling gets, but in 1980s terms its pulling off an almost impossible feat that when we tried it with a 1-bit PC speaker a few years later, we didnt succeed at. Were impressed....

18:25

Alzheimers first signs may appear in your eyes, study finds Lifeboat News: The Blog

Finding early signs of dementia in the back of the eye may be a way to catch the disease early and start preventive treatment, a study says.

Read more

18:25

Today, we lost a visionary Lifeboat News: The Blog

Gordon Moore, thank you for everything.

Read more

18:25

Highest-Order Electromagnetic Transition Observed Lifeboat News: The Blog

Observations deliver evidence of an exotic sixth-order electromagnetic transition in the gamma-ray emission of an iron isotope, a finding that could provide new ways to test nuclear models.

Read more

18:25

Beaming in a Spin Texture Lifeboat News: The Blog

Researchers use an optical vortex beam to create a stable pattern of electron spins in a thin layer of semiconductor material.

Spin-based electronic, or spintronic, devices can benefit from techniques that coax electron spins into static spatial patterns called spin textures. A new experiment demonstrates that an optical vortexa light beam that carries orbital angular momentumcan generate a stable spin texture in a semiconductor [1]. The research team showed that the vortex generates a pattern of stripes that has potential uses in processing spin information. Previous experiments have optically stimulated these striped textures, but the optical vortex has a structure that approximately overlaps with the stripe pattern, allowing faster spin-texture formation.

The spins of unbound electrons in a material can be aligned by a magnetic field or by polarized light. But as these electrons moveeither through diffusion or through conductiontheir spins will begin to rotate in response to so-called spin-orbit interactions within the material. The direction and rate of these rotations for any given electron depend on the path that it takes. Thus, two nearby electrons that start out aligned will become misaligned as they move along different paths, even if they arrive at the same destination. So maintaining an electronic spin texture seems like a doomed enterprise.

Read more

18:25

Astronomers discover helium-burning white dwarf Lifeboat News: The Blog

A white dwarf star can explode as a supernova when its mass exceeds the limit of about 1.4 solar masses. A team led by the Max Planck Institute for Extraterrestrial Physics (MPE) in Garching and involving the University of Bonn has now found a binary star system in which matter flows onto the white dwarf from its companion.

The system was found due to bright, so-called super-soft X-rays, which originate in the nuclear fusion of the overflowed gas near the surface of the white dwarf. The unusual thing about this source is that it is and not hydrogen that overflows and burns. The measured luminosity suggests that the mass of the white dwarf is growing more slowly than previously thought possible, which may help to understand the number of supernovae caused by exploding . The results have been published in the journal Nature.

Exploding white dwarfs are not only considered the main source of iron in the universe, they are also an important tool for cosmology. As so-called Type Ia supernovae (SN Ia), they all become roughly equally bright, allowing astrophysics a precise determination of the distance of their host galaxies.

Read more

18:24

Digital restoration of historical documents Lifeboat News: The Blog

One of the best ways to learn about any historical period is by conversing with the people who lived through it. Speaking with people from the distant past is very one-sided, as they are typically dead and have stopped listening long ago. However, they speak volumes if you have the patience to listen, or rather, read what they say in letters, diaries and primitive post-it notes with no sticky back sides.

An international group of computer scientists from Italy, the U.K. and Pakistan have teamed up to resurrect the dead from writings that have been degraded by time by developing a computer-assisted method to virtually return documents to a more legible and decipherable condition. In their research paper, Restoration and content analysis of ancient manuscripts via color space based segmentation, published in the journal PLOS ONE, the team details their digital restoration techniques method and experimental results.

We get a sense of ancient civilizations from their writings, both trivial and profound. The Sumerian cuneiform writing on reveals 4,000-year-old merchant transactions, geometric calculations, and poetry detailing the fall of a great city. Had they been written on paper and not in clay we would likely not have them today.

Read more

18:01

18:00

The world's toughest animal could one day help save your life Terra Forming Terra



It is a seriously complex critter, yet it also does the impossible. Just where can we extend all this? we certainly can start here.

Just how do they rehydrate?  Yet They do.

Now imagine us doing just this in order to travel far into space..

The world's toughest animal could one day help save your life

By Bronwyn Thompson

March 20, 2023

https://newatlas.com/biology/toughest-animal-save-life/?

Water bear, moss piglet, scientific marvel: the tiny tardigrade

Theyve been fired from a gas gun to test their candidacy for panspermia, are believed to have survived the Beresheet lunar probe's crash-landing on the Moon, can live without water, withstand radiation, survive being frozen and are expected to be one of the...

Russias Economy Is Booming Despite or Because of Sanctions? Terra Forming Terra



To start with, Russia is internally able to be self sufficient.  This means zero external leverage.  Thus sanctions simply kick started supply replacement.


This always creates a boom as it did in Japan and Germany back in the day.

The skills are all there as well and it is easy to do.

Russias Economy Is Booming Despite or Because of Sanctions?  "Russian economic sovereignty has increased." President Putin

Global Research, March 20, 2023

https://www.globalresearch.ca/russia-economy-booming-despite-because-sanctions/5812628

It is true, western sanctions have failed miserably in destroying Russias economy. To the contrary, Russias economy has been booming since 2022 and keeps doing well, also projected into the future. Why?

We have exponentially increased our economic sovereignty, President Putin commented at a recent meeting with aircraft factory employees in Ulan-Ude, Buryatia. The autonomous Republic of Buryatia is in the south of Eastern Siberia, along the border with Mongolia.

Its territory takes up two thirds of the water area of Lake Baikal (see map below). This just as an idea of the enormous landmass, called Russia, and what lays above and beneath her.




Economic sovereignty, is one of the main reasons for Russias economic growth during the time of the worst sanctions any country has ever undergone by the west led, of course, by the US and its puppet Europe. The latter has followed the sanction circus, even though it is self-destructive for Europe. This, indeed, is well known to those who have been put into the position of leading or rather destroying Europe as an economic force.

...

The Language of Four: The Meaning of Tetragrammaton Terra Forming Terra

 



So much of all this represents past efforts to create a natural foundation for all our knowledge.  Not a bad endeavor.

The act of creation must be binary or otherwise it falls apart.  Then the additional creation of TIME makes it a natural tetra creation.  Such a creation looks most like a tetrahedron with four axis and four surfaces as well.

It is no trick to add letters and create mapped words as part of your efforts.  Or embed the I ching symbol as part of a circle then extended into three dimensions for the SPACE TIME pendulum.

It all needs to be taught this way.


The Language of Four: The Meaning of Tetragrammaton


March 22nd, 2023

By Ethan Indigo Smith

https://wakeup-world.com/2023/03/22/the-language-of-four-the-meaning-of-tetragrammaton/?

Tetragrammaton is the Greek word for the Hebrew four letter word for God, YHWH. The exact pronunciation of YHWH is unknown, in part because of the lack of vowels in Heb...

Neutral Neutron Pairs Terra Forming Terra




I have slowly come to grasp just what science has been missing because normal matter is so dominating.  Yet provided the neutral neutron pair is a reality, then the whole galaxy is full of this stuff, and better yet we literally breath it as well.

understand though that hydrogen is equally undetectable except by indirect means.  It even penetrates matter as we know it.  For that reason our proposed neutral neutron pair has a free ride past everything we can do.  Accidental hits will be seen as just that and of no import.

From our knowledge of Cloud Cosmology we do have some things we can aassert:

1      The NNP does react along a number of axis allowing one NNP to be attached to another NNP.  This is not what i describe as a hard lock but quite weak but still real and allows ordered conglomerates.  These are in fact describable as proto Elements and Isotopes that can potentially decay into the expected elements on the basis of multiple NNP decay.  They can just as easily be torn apart as well.  I am not so sure that decay is taking place out in space as well as in the sun.

2      Gravitational pull is far less than for elements.  The spacing is too large between NNPs.  however it is not zero.  Packed elements should squeeze out the majority of NNP content.  This gives us the surface nature of all planets and also the Sun.  This can then be a shell.

3      Understand that Cloud cosmology projects three types of neutral matter.  I use the word neutral only because the word is convenient and allows us then to identify axis as separate.  Neutral assumes mathematical continuity which is not real.  We are now just understanding how important the NNP is in the evolution of our third level phys...

17:29

The Corporate Media is Not Reporting Large-Scale Microsoft Layoffs (Too Busy With Chaffbot Puff Pieces), Leaks Required to Prove That More Layoffs Are Happening Techrights

New screenshot from thelayoff.com:

Layoffs in March at Microsoft

New article (behind paywall, posted just before the weekend, hence limited audience):

Leaked Microsoft documents show layoffs coming to Charlie Bell's security organization on Monday

Summary: Just as we noted days ago, there are yet more Microsoft layoffs, but the mainstream media gets bribed to go gaga over vapourware and chaffbots (making chaff like Bill Gates Says pieces) instead of reporting actual news about Microsoft

17:16

Police Needs to Intervene in the Sirius Open Source Scandal schestowitz.com

Summary: Sirius Open Source is collapsing, but that does not mean that it can dodge accountability for crimes (e.g. money that it silently stole from its staff since at least 12 years ago)

A SCREENSHOT of the PDF from Standard Life was shared here (with sensible redaction) a few days ago. Things are belatedly progressing.

This post has taken a long time to prepare as we need to separate gossip/speculation from verified facts. Standard Life also claims to be pursuing the facts (since the 7th of March). As per their own update: Dear Dr Schestowitz, I have attached our acknowledgement to your complaint. [...] If youve any questions, or problems accessing your acknowledgement, please email me at [redacted] and Ill do all I can to help you.

Theyve basically been looking into how on Earth the company (Sirius) was claiming to be paying into Standard Life accounts that dont even exist!

The simplest explanation is, Sirius engaged in embezzlement. The management was contacted several times, being kindly offered the opportunity to explain what actually happened. Each and every time the response was schtum. For reasons we detailed here before, litigation seems imminent. Class action lawsuit is also likely, though the company is in hiding. Staff that actively oversaw and participated in the embezzlement is criminally liable, even if leaving the company later. Theyve been made aware of this (fraud, theft, forgery/embezzlement among the possible charges). Failing that, or in addition to that, pension providers can be sued. Well explain the legal grounds some other day.

What does this have to do with Techrights? Sirius is describing itself as Britains most respected and best established Open Source business.

If this is what the most respected and best established boils down to, then theres serious trouble. Sirius is a major liability and a stain. This isnt the company I joined more than 12 years ago. You need to lie to keep your job or take one for the team or do something unethical/illegal to keep your salary is the hallmark or symptom of criminal management, which needs to be prosecuted, not served (except served papers). I confronted the management many times before leaving (for over a year!) and nothing improved. They kept paying the salary, but behaviour only worsened over time, so I reached out to a friend.

Suffice to say, you need not be particularly charismatic to persuade workers whom you pay to also...

17:13

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers The Hacker News

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. "External

16:51

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident The Hacker News

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company to

16:48

16:00

A Jenkins Demo Stand For Modern Times Hackaday

Picture of the miniJen structure on a presentation desk

Once youre working on large-scale software projects, automation is a lifesaver, and Jenkins is a strong player in open-source automation be it software builds, automated testing or deploying onto your servers. Naturally, its historically been developed with x86 infrastructure in mind, and lets be fair, x86 is getting old. [poddingue], a hacker and a Jenkins contributor, demonstrates that Jenkins keeps up with the times, with a hardware demo stand called miniJen, that has Jenkins run on three non-x86 architectures arm8v (aarch64), armv7l and RISC-V.

Theres four SBCs of different architectures involved in this, three acting as Jenkins agents executing tasks, and one acting as a controller, all powered with a big desktop PSU from Pine64. The controllers got a bit beefier CPU for a reason at FOSDEM, weve...

15:49

Ford Will Lose $3 Billion on Electric Vehicles in 2023, It Says SoylentNews

Freeman writes:

https://arstechnica.com/cars/2023/03/ford-will-lose-3-billion-on-electric-vehicles-in-2023-it-says/

There's no doubt that Ford is embracing electrification. It was first to market with an electric pickup truck for the US market, and a darn good one at that. It has a solid midsize electric crossover that's becoming more and more common on the road, even if it does still upset the occasional Mustangophile. And there's an electric Transit van for the trades. But its electric vehicle division will lose $3 billion this year as it continues to build new factories and buy raw materials.

The news came in a peek into Ford's financials released this morning. As we reported last year, Ford has split its passenger vehicle operations into two divisions. Electric vehicles fall under Ford Model e, with internal combustion engine-powered Fords (including hybrids and plug-in hybrids) falling under Ford Blue. The move was in large part to placate investors and analysts, no doubt starry-eyed during a time when any EV-related stock was booming.

Related:
Tesla Exceeded Revenue Estimates in Q4 2021 by More than $1 Billion (20220127)
Tesla Burns More Cash, Fails to Meet Production Targets (20171102)
Ford Investing $4.5 Billion to Bring Electrification to 40% of Its Vehicles by 2020 (20151214)

Original Submission

Read more of this story at SoylentNews.

14:00

Opti9 launches Observr ransomware detection and managed services for Veeam Help Net Security

Opti9 Technologies has launched Observr Software-as-a-Service (SaaS) ransomware detection and standalone managed services two new standalone service offerings that cater to organizations leveraging Veeam Software. As the complexity of organizations IT continues to evolve, technical leaders are increasingly looking to shift ownership to 3rd party experts for critical layers of their stack. This is especially true for components such as backups and disaster recovery, which must provide resilience despite constant changes such as the More

The post Opti9 launches Observr ransomware detection and managed services for Veeam appeared first on Help Net Security.

13:00

Glowscope Reduces Microscope Cost By Orders of Magnitude Hackaday

As smartphones become more ubiquitous in society, they are being used in plenty of ways not imaginable even ten or fifteen years ago. Using its sensors to gather LIDAR information, its GPS to get directions, its microphone to instantly translate languages, or even use its WiFi and cellular radios to establish a wireless hotspot are all things which would have taken specialized hardware not more than two decades ago. The latest disruption may be in microscopy, as this build demonstrates a microscope that would otherwise be hundreds of thousands of dollars.

The microscope is a specialized device known as a fluorescence microscope, which uses a light source to excite fluorescent molecules in a sample which can illuminate structures that would otherwise be invisible under a regular microscope. For this build, the light is provided by readily-available LED lighting as well as optical filters typically used in stage lighting, as well as a garden-variety smartphone. With these techniques a microscope can be produced for around $50 USD that has 10 m resolution.

While these fluorescence microsc...

11:15

McAfee and Mastercard expand partnership to improve security for small businesses Help Net Security

McAfee has expanded partnership with Mastercard to offer Mastercard Business cardholders automatic savings on online protection solutions from McAfee through Mastercard Easy Savings. According to the latest FBI Internet Crime Report, malicious cyber activity resulted in more than $10 billion in losses in 2022, with a large portion of this affecting small businesses. Small and medium-sized companies often rely on credit cards for daily financing. Providing Mastercard Business cardholders with savings on security technology solutions More

The post McAfee and Mastercard expand partnership to improve security for small businesses appeared first on Help Net Security.

11:03

Ethical AI art generation? Adobe Firefly may be the answer. SoylentNews

Freeman writes:

https://arstechnica.com/information-technology/2023/03/ethical-ai-art-generation-adobe-firefly-may-be-the-answer/

On Tuesday, Adobe unveiled Firefly, its new AI image synthesis generator. Unlike other AI art models such as Stable Diffusion and DALL-E, Adobe says its Firefly engine, which can generate new images from text descriptions, has been trained solely on legal and ethical sources, making its output clear for use by commercial artists. It will be integrated directly into Creative Cloud, but for now, it is only available as a beta.

Since the mainstream debut of image synthesis models last year, the field has been fraught with issues around ethics and copyright. For example, the AI art generator called Stable Diffusion gained its ability to generate images from text descriptions after researchers trained an AI model to analyze hundreds of millions of images scraped from the Internet. Many (probably most) of those images were copyrighted and obtained without the consent of their rights holders, which led to lawsuits and protests from artists.

Related:
Paper: Stable Diffusion "Memorizes" Some Images, Sparking Privacy Concerns
90% of Online Content Could be 'Generated by AI by 2025,' Expert Says
Getty Images Targets AI Firm For 'Copying' Photos
Adobe Stock Begins Selling AI-Generated Artwork
A Startup Wants to Democratize the Tech Behind DALL-E 2, Consequences be Damned
Adobe Creative Cloud Experience Makes It...

10:00

Dead Raspberry Pi Boards, PMICs, And New Hope Hackaday

A picture of the bottom of the Pi 4 PCB, showing the three points you need to use to tap into the Pi 4 I2C bus going to the PMIC

Since the Raspberry Pi 3B+ release, the Pi boards we all know and love gained one more weakpoint the PMIC chip, responsible for generating all the power rails a Pi needs. Specifically, the new PMIC was way more vulnerable to shorting 5V and 3.3V power rails together something thats trivial to do on a Raspberry Pi, and would leave you with a bricked board. Just replacing the PMIC chip, the MxL7704, wouldnt but now, on Raspberry Pi forums, [Nefarious19] has reportedly managed to replace it and revive their Pi.

First off, you get a replacement PMIC and reflow it and thats where, to our knowledge, people have stopped so far. The next step proposed by [Nefarious19] is writing proper values into the I2C registers of the PMIC. For that, youd want a currently-alive Pi useful as both I2C controller for writing the values in, and as a sourc...

09:57

09:28

CISA announced the Pre-Ransomware Notifications initiative Security Affairs

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs.

The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of early-stage ransomware attacks.

The principle behind the initiative is simple, ransomware actors initially gain access to the target organization, then they take some time before stealing or encrypting data. The time-lapse between initial access to a network and the encryption of the systems can last from hours to days.

Being able to notify the victims in this time window can help them to limit the damages caused by the ransomware attack.

This window gives us time to warn organizations that ransomware actors have gained initial access to their networks. reads the announcement made by the Us agency. These early warnings can enable victims to safely evict the ransomware actors from their networks before the actors have a chance to encrypt and hold critical data and systems at ransom. Early warning notifications can significantly reduce potential loss of data, impact on operations, financial ramifications, and other detrimental consequences of ransomware deployment.

The CISA Joint Cyber Defense Collaborative (JCDC) collects information about potential early-stage ransomware activity from multiple sources, including the research community, infrastructure providers, and cyber threat intelligence firms.

Then the field personnel across the country notify the victim organization and provide specific mitigation guidance. The agency will also provide notification to organizations outside of the United States through its international CERT partners.

Since the start of 2023, CISA notified over 60 entities across the energy, healthcare, water/wastewater, education, and other sectors about potential early-stage ransomware attacks. It was a success bacause many of the alerted organizations remediated the attack before encryption or exfiltration took place.

Continuing to enhance our collective cyber defense is contingent upon persistent collaboration and information sharing between partners across government and the private sector. concludes the announcement. To enable the broader cyber community to benefit from valuable threat intelligence, we urge organizations to report observed activity, including ransomware indicators of compromise and TTPs, to CISA or our federal law enforcement partners, including the FBI and the U.S. Secret Service....

08:42

Interop: One Protocol to Rule Them All? Light Blue Touchpaper

Everyones worried that the UK Online Safety Bill and the EU Child Sex Abuse Regulation will put an end to end-to-end encryption. But might a law already passed by the EU have the same effect?

The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandoras box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?

In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging, we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.

Interoperability will vastly increase the attack surface at every level in the stack from the cryptography up through usability to commercial incentives and the opportunities for government interference.

Twenty-five years ago, we warned that key escrow mechanisms would endanger cryptography by increasing complexity, even if the escrow keys themselves can be kept perfectly secure. Interoperability is complexity on steroids.

08:23

Metal-Detecting Drone Could Autonomously Find Landmines SoylentNews

upstart writes:

A drone with 5 degrees of freedom can safely detect buried objects from the air:

Metal detecting can be a fun hobby, or it can be a task to be completed in deadly earnestif the buried treasure you're searching for includes land mines and explosive remnants of war. This is an enormous, dangerous problem: Something like 12,000 square kilometers worldwide are essentially useless and uninhabitable because of the threat of buried explosives, and thousands and thousands of people are injured or killed every year.

[...] Because the majority of mines are triggered by pressure or direct proximity, it may seem that a drone would be the ideal way to detect them nonexplosively. However, unless you're only detecting over a perfectly flat surface (and perhaps not even then) your detector won't be positioned ideally most of the time, and you might miss something, which is not a viable option for mine detection.

But now a novel combination of a metal detector and a drone with 5 degrees of freedom is under development at the Autonomous Systems Lab at ETH Zurich. It may provide a viable solution to remote land-mine detection, by using careful sensing and localization along with some twisting motors to keep the detector reliably close to the ground.

Read more of this story at SoylentNews.

08:04

China-linked hackers target telecommunication providers in the Middle East Security Affairs

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023.

In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East.

According to the researchers, the activity is part of the Operation Soft Cell that was first reported in June 2019 by Cybereason.

At the time, researchers at Cybereason uncovered the long-running espionage campaign tracked as Operation Soft Cell. Threat actors were targeting telco providers. Tactics, techniques, and procedures, and the type of targets suggest the involvement of a nation-state actor likely linked to Chinese APT10.

Once compromised the networks of telecommunication companies, the attackers aimed at accessing mobile phone users call data records.

SentinelLabs linked the recent attacks to a China-linked cyberespionage group in the nexus of Gallium and APT41, but the exact grouping has yet to be determined.

The threat actors employed a new dropper mechanism which is evidence of an ongoing development effort by a highly-motivated threat actor.

In collaboration with QGroup GmbH, SentinelLabs recently observed initial threat activities targeting the telecommunication sector. We assess it is highly likely that these attacks were conducted by a Chinese cyberespionage actor related to the Operation Soft Cell campaign. reads the report published by SentinelLabs. The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy webshells used for command execution. Once a foothold is established, the attackers conduct a variety of reconnaissance, credential theft, lateral movement, and data exfiltration activities.

The threat actors used a custom credential theft malware, tracked as mim221, that implemented a series of Mimikatz modifications on closed-source tooling.

actively maintained credential theft malware that was enhanced by implementing new anti-detection features.

&#8220...

08:01

ChatGPT Bug Exposed Payment Details of Paid Users HackRead | Latest Cybersecurity and Hacking News Site

By Habiba Rashid

OpenAI has apologized and reached out to affected users about the potential data breach.

This is a post from HackRead.com Read the original post: ChatGPT Bug Exposed Payment Details of Paid Users

07:29

Cloudflare Disables Access to Pirated Content on its IPFS Gateway TorrentFreak

ipfs cloudflareThe InterPlanetary File System, more broadly known as IPFS, has been around for a few years now.

While the name may sound a little alien to the public at large, the peer-to-peer file storage network has a growing user base among the tech-savvy.

In short, IPFS is a decentralized network where users make files available to each other. A website using IPFS is served by a swarm of users in much the same way BitTorrent users share content with each other.

Completely Decentralized

The advantage of this system is that websites can become completely decentralized. If a website or other resource is hosted on IPFS, it remains accessible as long as the computer of one user who pinned it remains online.

The advantages of IPFS are clear. It allows archivists, content creators, researchers, and many others to distribute large volumes of data over the Internet. Its censorship resistant and not vulnerable to regular hosting outages.

IPFS is also a perfect match for pirate sites. Due to its decentralized nature, IPFS sites are virtually impossible to shut down. This aspect was already highlighted by Pirate Bay co-founder Peter Sunde back in 2016. More recently, IPFS was promoted by Z-Library after its domain names were seized.

Cloudflares IPFS Gateway

IPFS has also been embraced by many legal services. Most notably, Cloudflare gave it a boost by launching its own IPFS gateway, allowing the public to access IPFS resources without having to install specialized software.

Cloudflares IPFS gateway has been running for a few years now. Technically, the internet infrastructure company has no control over any of the content being made available, but that doesnt mean there are no complaints.

Apparently, some people or organizations have complained about the content that can be accessed through Cloudflares IPFS gateway.

While the accessed content is in no way controlled by Cloudflare, the San Francisco company takes these complaints rather seriously. The same also applies to the Ethereum gateway, which offers easy read-and-write access to the Ethereum network.

Cloudflare Disables IPFS Access

In its most recent...

07:00

Were the New Renewables IEEE Spectrum



The Big Picture features technology through the lens of photographers.

Every month, IEEE Spectrum selects the most stunning technology images recently captured by photographers around the world. We choose images that reflect an important advance, or a trend, or that are just mesmerizing to look at. We feature all images on our site, and one also appears on our monthly print edition.

Enjoy the latest images, and if you have suggestions, leave a comment below.


A metal box sits on a rooftop under cloudy skies

JUICE BOX

For many years, environmentalists have looked forward to the coming of net-zero-energy buildings. Much effort was devoted to making lighting, heating, and cooling more efficient so buildings consumed less energy. But the net-zero target would never have been reachable without innovations in renewable-energy generation that let structures generate power on-site. Now residential and commercial buildings can be outfitted with roofing tiles that double as solar panels, or with rooftop boxes like this low-profile unit that transforms gusts of wind into electric current. This WindBox turbine, installed on the roof of a building in Rouen, France, is 1.6 meters tall, and has a 4-square-meter footprint (leaving plenty of space for solar panels or tiles). The unit, which weighs130 kilograms, can generate up to 2,500 kilowatt-hours of electricity per year (enough to meet roughly one-quarter of the energy needs of a typical U.S. household).

Lou Benoist/AFP/Getty Images


Photo of men standing on a antenna looking up at it.

Nobel Horn Antenna Endangered

This is the giant horn antenna that was used in physics research that led to the discovery of background cosmic radiation, which provided support for the big bang theory. Two Bell Labs researchers who were painstakingly attempting to eli...

06:31

Garrett: We need better support for SSH host certificates LWN.net

Matthew Garrett looks at the recent disclosure of GitHub's private host key, how it probably came about, and what a better approach to key management might look like.

The main problem is that client tooling just doesn't handle this well. OpenSSH has no way to do TOFU for CAs, just the keys themselves. This means there's no way to do a git clone ssh://git@github.com/whatever and get a prompt asking you to trust Github's CA. Instead, you need to add a @cert-authority github.com (key) line to your known_hosts file by hand, and since approximately nobody's going to do that there's only marginal benefit in going to the effort to implement this infrastructure. The most important thing we can do to improve the security of the SSH ecosystem is to make it easier to use certificates, and that means improving the behaviour of the clients.

05:58

Re: TTY pushback vulnerabilities / TIOCSTI Open Source Security

Posted by Hanno Bck on Mar 24

Here's a proposed patch to restrict access to the dangerous
functionality. Waiting a few days for feedback here and will then try
to send it to the appropriate kernel lists.

------------------

Restrict access to TIOCLINUX selection functions

These functions can be used for privilege escalation when code is
executed with tools like su/sudo.

Signed-off-by: Hanno Bck <hanno () hboeck de>
---
drivers/tty/vt/vt.c | 6 ++++++
1 file...

05:36

City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day Security Affairs

Clop ransomware gang added the City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day.

Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in the Fortras GoAnywhere secure file transfer tool.

The gang is very active and recently it claimed to have breached tens of large organizations, including Rubrik, Onex, Axis, Bank, Rio Tinto, Hitachi Energy, and Virgin Group, as reported by the security expert Dominic Alvieri.

The news of the hack was also confirmed by BleepingComputer which reached a spokesperson for the City of Toronto. The City government launched an investigation into the incident to determine the extent of the security breach.

Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system. a City spokesperson told BleepingComputer.

In early February, the popular investigator Brian Krebs first revealed details about the zero-day on Mastodon and pointed out that Fortra has yet to share a public a...

05:33

Reverse-Engineering the Multiplication Algorithm in the Intel 8086 Processor SoylentNews

owl writes:

http://www.righto.com/2023/03/8086-multiplication-microcode.html

While programmers today take multiplication for granted, most microprocessors in the 1970s could only add and subtract multiplication required a slow and tedious loop implemented in assembly code. One of the nice features of the Intel 8086 processor (1978) was that it provided machine instructions for multiplication,2 able to multiply 8-bit or 16-bit numbers with a single instruction. Internally, the 8086 still performed a loop, but the loop was implemented in microcode: faster and transparent to the programmer. Even so, multiplication was a slow operation, about 24 to 30 times slower than addition.

In this blog post, I explain the multiplication process inside the 8086, analyze the microcode that it used, and discuss the hardware circuitry that helped it out.3 My analysis is based on reverse-engineering the 8086 from die photos. The die photo below shows the chip under a microscope. I've labeled the key functional blocks; the ones that are important to this post are darker. At the left, the ALU (Arithmetic/Logic Unit) performs the arithmetic operations at the heart of multiplication: addition and shifts. Multiplication also uses a few other hardware features: the X register, the F1 flag, and a loop counter.

Original Submission

Read more of this story at SoylentNews.

05:31

05:28

UKs NCA infiltrates cybercrime market with fake DDoS sites HackRead | Latest Cybersecurity and Hacking News Site

By Waqas

The National Crime Agency (NCA) has conducted a sting operation to infiltrate the cybercrime market with fake DDoS sites for Operation Power Off.

This is a post from HackRead.com Read the original post: UKs NCA infiltrates cybercrime market with fake DDoS sites

05:27

04:42

Britain: Food Inflation Hit Highest Rate Since 1977, Increased 18.2% in the Year to Februaury 2023 cryptogon.com

Via: Grocery Gazette: Food inflation hit its highest rate since 1977 last month, having risen to 18.2% in the year to Februaury 2023. The Office for National Statistics (ONS) saw this jump from 16.8% in January, with the increase driven by price movements such as the rise in cost of vegetables last month.

04:35

Banks Are Still Drawing on the Fed for $164 Billion of Emergency Cash cryptogon.com

Via: Bloomberg: Banks reduced their borrowings only slightly from two Federal Reserve backstop facilities in the most recent week, a sign that institutions are taking advantage of the central banks liquidity in the wake of turmoil.

04:28

Intel XeSS SDK 1.1 Released Phoronix

The Intel XeSS SDK 1.0 release happened last September while now has been succeeded by XeSS SDK 1.1. Though like the prior release, the XeSS SDK isn't fully open-source with just the bits around game integration being public...

04:12

We need better support for SSH host certificates Matthew Garrett

Github accidentally committed their SSH RSA private key to a repository, and now a bunch of people's infrastructure is broken because it needs to be updated to trust the new key. This is obviously bad, but what's frustrating is that there's no inherent need for it to be - almost all the technological components needed to both reduce the initial risk and to make the transition seamless already exist.

But first, let's talk about what actually happened here. You're probably used to the idea of TLS certificates from using browsers. Every website that supports TLS has an asymmetric pair of keys divided into a public key and a private key. When you contact the website, it gives you a certificate that contains the public key, and your browser then performs a series of cryptographic operations against it to (a) verify that the remote site possesses the private key (which prevents someone just copying the certificate to another system and pretending to be the legitimate site), and (b) generate an ephemeral encryption key that's used to actually encrypt the traffic between your browser and the site. But what stops an attacker from simply giving you a fake certificate that contains their public key? The certificate is itself signed by a certificate authority (CA), and your browser is configured to trust a preconfigured set of CAs. CAs will not give someone a signed certificate unless they prove they have legitimate ownership of the site in question, so (in theory) an attacker will never be able to obtain a fake certificate for a legitimate site.

This infrastructure is used for pretty much every protocol that can use TLS, including things like SMTP and IMAP. But SSH doesn't use TLS, and doesn't participate in any of this infrastructure. Instead, SSH tends to take a "Trust on First Use" (TOFU) model - the first time you ssh into a server, you receive a prompt asking you whether you trust its public key, and then you probably hit the "Yes" button and get on with your life. This works fine up until the point where the key changes, and SSH suddenly starts complaining that there's a mismatch and something awful could be happening (like someone intercepting your traffic and directing it to their own server with their own keys). Users are then supposed to verify whether this change is legitimate, and if so remove the old keys and add the new ones. This is tedious and risks users just saying "Yes" again, and if it happens too often an attacker can simply redirect target users to their own server and through sheer fatigue at dealing with this crap the user will probably trust the malicious server.

Why not certificates? OpenSSH actually does support certificates, but not in the way you might expect. There's a custom format that's significantly less compl...

03:47

Video Friday: Lunar Base IEEE Spectrum



Video Friday is your weekly selection of awesome robotics videos, collected by your friends at IEEE Spectrum robotics. We also post a weekly calendar of upcoming robotics events for the next few months. Please send us your events for inclusion.

Robotics Summit & Expo: 1011 May 2023, BOSTON
ICRA 2023: 29 May2 June 2023, LONDON
RoboCup 2023: 410 July 2023, BORDEAUX, FRANCE
RSS 2023: 1014 July 2023, DAEGU, SOUTH KOREA
IEEE RO-MAN 2023: 2831 August 2023, BUSAN, SOUTH KOREA
CLAWAR 2023: 24 October 2023, FLORIANOPOLIS, BRAZIL
Humanoids 2023: 1214 December 2023, AUSTIN, TEXAS

Enjoy todays videos!

GITAI conducted a demonstration of lunar base construction using two GITAI inchworm-type robotic arms and two GITAI Lunar Robotic Rovers in a simulated lunar environment and successfully completed all planned tasks. The GITAI robots have successfully passed various tests corresponding to Level 4 of NASAs Technology Readiness Levels (TRL) in a simulated lunar environment in the desert.

[ GITAI ]

Thanks, Sho!

This is 30 minutes of Agility Robotics Digit being productive at ProMat. The fact that it gets boring and repetitive to watch reinforces how much this process needs robots, and is also remarkable because bipedal robots can now be seen as just another tool.

...

03:01

How I created a Red Hat OpenShift cluster on tiny hardware Linux.com

Build an OpenShift cluster on a small, sub-$300 computer.

Read More at Enable Sysadmin

The post How I created a Red Hat OpenShift cluster on tiny hardware appeared first on Linux.com.

02:47

Latitude Hack Worsens With Services Taken Offline SoylentNews

An Anonymous Coward writes:

The situation for the Latitude hack has become worse with the owners forced to take the site offline.

The non-bank lender confirmed that Medicare numbers and "copies of passports or passport numbers" were included in the theft of personal information affecting approximately 333,000 customers and applicants.

[...] Latitude said of the stolen information, approximately 96 per cent was "copies of drivers' licences or driver licence numbers", "less than 4 per cent was copies of passports or passport numbers" and "less than 1 per cent was Medicare numbers".

"Because the attack remains active, we have taken our platforms offline and are unable to service our customers and merchant partners," the statement said.

[...] But frustrated customers have hit out at Latitude's handling of the hacking describing it as "pathetic" and "disgusting".

"How long will it take to find out if I am affected? If my details have been stolen I'd like to know now. Identity theft and/or financial ruin due to your lack of security and saving items such as my drivers licence is not okay," one woman wrote on social media.

"We need more information asap," one woman pleaded. "Do we need to change our licences, change our bank accounts? As this has been happening lots what have you done with your cyber security? As a ex Security officer this is a major huge breach and should not happen. Someone dropped the ball big time."

Previously it had only been confirmed that drivers' licences were taken.

Original Submission

Read more of this story at SoylentNews.

02:26

CVE-2022-47502: Apache OpenOffice: Macro URL arbitrary script execution Open Source Security

Posted by Marcus Lange on Mar 24

Severity: critical

Description:

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes
are defined for this purpose.

Links can be activated by clicks, or by automatic document events.

The execution of such links must be subject to user approval.

In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could
therefore...

02:24

CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path Open Source Security

Posted by Marcus Lange on Mar 24

Severity: moderate

Description:

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead
to run arbitrary Java code from the current directory.

Credit:

European Commission's Open Source Programme Office (sponsor)

References:

https://openoffice.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-38745

01:45

Critical flaw in WooCommerce Payments plugin allows site takeover Security Affairs

A patch for a critical vulnerability in the WooCommerce Payments plugin for WordPress has been released for over 500,000 websites.

On March 23, 2023, researchers from Wordfence observed that the WooCommerce Payments Fully Integrated Solution Built and Supported by

The WooCommerce Payments plugin is a fully integrated payment solution for the WooCommerce open source e-commerce platform, the plugin is developed by Automattic. WooCommerce Payments is installed on over 500,000 sites.

The researchers analyzed the patch and determined that the development team behind the plugin has removed a portion of code that could have allowed an unauthenticated attacker to impersonate an administrator and completely take over a WordPress website without any user interaction.

The vulnerability impacts plugin versions 4.8.0 through 5.6.1, it was first discovered by Michael Mazzolini from penetration testing firm GoldNetwork.

We developed a Proof of Concept and began writing and testing a firewall rule immediately. The rule was released the same day, on March 23, 2023 to Wordfence PremiumWordfence Care, and Wordfence Response customers. reads the advisory published by Wordfence.

Payments plugin, which is 5.6.2 as of this writing, immediately.

According to the analysis conducted by the WordPress security firm Sucuri, the vulnerability resides in a PHP file called class-platform-checkout-session.php.

Automattic is issuing automatic/forced updates of all WordPress websites using its plugin.

WooCommerce recommends admins of websites using the plugin to:

  1. Update woocommerce-payments to
  2. Change all administrator passwords...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog