Slashdot

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Slashdot: News for nerds, stuff that matters!



North Korean Internet Downed By Suspected Cyber Attacks (reuters.com)

(Wednesday January 26, 2022 @05:50PM (BeauHD) from the network-outages dept.)

An anonymous reader quotes a report from Reuters:

> North Korea's internet appears to have been hit by a second wave of outages in as many weeks, [1]possibly caused by a distributed denial-of-service (DDoS) attack , researchers said on Wednesday. The latest incident took place for about six hours on Wednesday morning local time, and came a day after North Korea conducted its fifth missile test this month.

>

> Junade Ali, a cybersecurity researcher in Britain who monitors a range of different North Korean web and email servers, said that at the height of the apparent attack, all traffic to and from North Korea was taken down. "When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country," he told Reuters. Hours later, servers that handle email were accessible, but some individual web servers of institutions such as the Air Koryo airline, North Korea's ministry of foreign affairs, and Naenara, which is the official portal for the North Korean government, continued to experience stress and downtime.

"It's common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently," said Ali. "It isn't common to see their entire internet dropped offline."

During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet, Ali said. "This indicates to me that this is the result of some form of network stress rather than something like a power cut."



[1] https://www.reuters.com/world/asia-pacific/nkorean-internet-downed-by-suspected-cyber-attacks-researchers-2022-01-26/



The Rise of the Crypto Mayors

(Wednesday January 26, 2022 @05:50PM (msmash) from the how-about-that dept.)

This new political breed accepts paychecks in Bitcoin. The mayors also want to use buzzy new tech like NFTs to [1]raise money for public projects . From a report:

> The ballooning popularity of Bitcoin and other digital currencies has given rise to a strange new political breed: the crypto mayor. Eric Adams, New York's new mayor, accepted his first paycheck in Bitcoin and another cryptocurrency, Ether. Francis Suarez, Miami's mayor, headlines crypto conferences. Now even mayors of smaller towns are trying to incorporate crypto into municipal government, courting start-ups and experimenting with buzzy new technologies like nonfungible tokens, or NFTs, to raise money for public projects. Their growing ranks reflect the increasing mainstream acceptance of digital currencies, which are highly volatile and have fallen in value in recent days. The mayors' embrace of crypto is also a recognition that its underlying blockchain technology -- essentially a distributed ledger system -- may create new revenue streams for cities and reshape some basic functions of local government.

>

> "Mayors rationally want to attract high-income citizens who pay their taxes and impose few costs on the municipality," said Joseph Grundfest, a business professor at Stanford. "Crypto geeks fit this bill perfectly." But as with many ambitious crypto projects, it's unclear whether these local initiatives will ultimately amount to much. So far, most are either largely symbolic or largely theoretical. And the mayors' aims are partly political: Crypto boosterism has a useful bipartisan appeal, garnering popularity among both antigovernment conservatives and socially liberal tech moguls. "You can do these things because you want to be associated with dudes with AR-15s, or you want to be associated with Meta," said Finn Brunton, a technology studies professor at the University of California, Davis, who wrote a 2019 book about the history of crypto. "A lot of it is hype and hot air."



[1] https://www.nytimes.com/2022/01/25/business/crypto-mayors.html



Doctors Find 'Antibody Signature' for Patients Most at Risk of Developing Long Covid (theguardian.com)

(Wednesday January 26, 2022 @05:50PM (msmash) from the moving-forward dept.)

Doctors have [1]discovered an "antibody signature" that can help identify patients most at risk of developing long Covid, a condition where debilitating symptoms of the disease can persist for many months. From a report:

> Researchers at University hospital Zurich analysed blood from Covid patients and found that low levels of certain antibodies were more common in those who developed long Covid than in patients who swiftly recovered. When combined with the patient's age, details of their Covid symptoms and whether or not they had asthma, the antibody signature allowed doctors to predict whether people had a moderate, high or very high risk of developing long-term illness. "Overall, we think that our findings and identification of an immunoglobulin signature will help early identification of patients that are at increased risk of developing long Covid, which in turn will facilitate research, understanding and ultimately targeted treatments for long Covid," said Onur Boyman, a professor of immunology who led the research. The team studied 175 people who tested positive for Covid and 40 healthy volunteers who acted as a control group. To see how their symptoms changed over time, doctors followed 134 of the Covid patients for up to a year after their initial infection. When Covid strikes, IgM antibodies ramp up rapidly, while IgG antibodies rise later and provide longer-term protection. Blood tests on the participants showed that those who developed long Covid -- also known as post-acute Covid-19 syndrome (Pacs) -- tended to have low levels of IgM and the antibody IgG3.



[1] https://www.theguardian.com/society/2022/jan/25/doctors-find-antibody-signature-long-covid



Researchers Build AI That Builds AI (quantamagazine.org)

(Wednesday January 26, 2022 @05:50PM (msmash) from the AIception dept.)

By using hypernetworks, researchers can now preemptively fine-tune artificial neural networks, [1]saving some of the time and expense of training . From a report:

> Artificial intelligence is largely a numbers game. When deep neural networks, a form of AI that learns to discern patterns in data, began surpassing traditional algorithms 10 years ago, it was because we finally had enough data and processing power to make full use of them. Today's neural networks are even hungrier for data and power. Training them requires carefully tuning the values of millions or even billions of parameters that characterize these networks, representing the strengths of the connections between artificial neurons. The goal is to find nearly ideal values for them, a process known as optimization, but training the networks to reach this point isn't easy. "Training could take days, weeks or even months," said Petar Velickovic, a staff research scientist at DeepMind in London. That may soon change.

>

> Boris Knyazev of the University of Guelph in Ontario and his colleagues have designed and trained a "hypernetwork" -- a kind of overlord of other neural networks -- that could speed up the training process. Given a new, untrained deep neural network designed for some task, the hypernetwork predicts the parameters for the new network in fractions of a second, and in theory could make training unnecessary. Because the hypernetwork learns the extremely complex patterns in the designs of deep neural networks, the work may also have deeper theoretical implications. For now, the hypernetwork performs surprisingly well in certain settings, but there's still room for it to grow -- which is only natural given the magnitude of the problem. If they can solve it, "this will be pretty impactful across the board for machine learning," said Velickovic.



[1] https://www.quantamagazine.org/researchers-build-ai-that-builds-ai-20220125/



ID CEO Backtracks on Claims Company Doesn't Use Powerful Facial Recognition Tech

(Wednesday January 26, 2022 @05:50PM (msmash) from the ID-CEO-Backtracks-on-Claims-Company-Doesn't-Use-Powerful-Facial-Recognition-Tech dept.)

Identity verification company ID.me uses a type of powerful facial recognition that [1]searches for individuals within mass databases of photos , CEO Blake Hall explained in a LinkedIn post on Wednesday. From a report:

> The post follows a news release from the company last week stating directly that: "Our 1:1 face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use 1:many facial recognition, which is more complex and problematic." Hall's post on Wednesday confirms that ID.me does indeed use 1:many technology. Privacy advocates say that both versions of facial recognition pose a threat to consumers. In addition to numerous studies demonstrating the technology is less effective on non-White skin tones, amassing biometric data can prove a huge security risk.

>

> "Governments and companies are amassing these databases of your personal biometric information, which unlike databases, of credit cards, cannot be replaced," explained Caitlin Seeley-George, campaign director at nonprofit Fight for the Future. "And these are databases that are highly targeted by hackers and information that can absolutely be used in ways that are harmful to people." In the Wednesday LinkedIn post Hall said that 1:many verification is used "once during enrollment" and "is not tied to identity verification. It does not block legitimate users from verifying their identity, nor is it used for any other purpose other than to prevent identity theft," he writes.



[1] https://www.cyberscoop.com/id-me-ceo-backtracks-on-claims-company-doesnt-use-powerful-facial-recognition-tech/



Verizon's TracFone Customers Complain of Attackers Stealing Their Phone Numbers (wsj.com)

(Wednesday January 26, 2022 @05:50PM (msmash) from the security-woes dept.)

Attackers have commandeered thousands of TracFone customers' phone numbers in recent weeks, forcing new owner Verizon Communications to improve safeguards less than two months after it took over the prepaid wireless provider. From a report:

> TracFone offers prepaid wireless service under several brands, including Straight Talk, Total Wireless and its namesake brand. Some customers of Straight Talk said they found their phone lines [1]suddenly disconnected around the December holidays . "We were recently made aware of bad actors gaining access to a limited number of customer accounts and, in some cases, fraudulently transferring, or porting out, mobile telephone numbers to other carriers," TracFone said in a notice posted on its website this month. In some cases, customers said they discovered their lines had been moved without their permission to Metro, a unit of T-Mobile US. A T-Mobile spokeswoman said the company investigated and found "no fraud or data breach of any sort" on its side. The company added that such unauthorized transfers "are unfortunately an industrywide issue."

>

> Verizon, which acquired TracFone in late November in a $6.25 billion deal, said it had added security protections to the recently acquired services to prevent such fraudulent transfers. For instance, the prepaid operators will now send customers a text message notification when a transfer request is made. A Verizon spokeswoman said the attack appeared to affect about 6,000 TracFone customers, a fraction of Verizon's roughly 24 million prepaid lines. "We have no reason to think that this was caused by anybody on the inside," the spokeswoman said. "You've got the bad actors out there constantly trying to find points of weakness," Matt Ellis, Verizon's finance chief, said Tuesday in an interview. "We've addressed that weakness."



[1] https://www.wsj.com/articles/tracfone-customers-complain-of-unwanted-phone-number-swaps-11643205624



Microsoft Teams Surpasses 270 Million Monthly Active Users (geekwire.com)

(Wednesday January 26, 2022 @05:50PM (msmash) from the closer-look dept.)

Microsoft's Teams communications and collaboration platform [1]topped 270 million monthly active users in the December quarter, continuing to add users but at a much slower pace than in the initial months of the pandemic. From a report:

> Satya Nadella, the Microsoft CEO, revealed the latest number Tuesday afternoon in conjunction with the company's quarterly earnings. The number represents an increase of 20 million monthly active users from the 250 million that Microsoft reported six months ago, in July 2021. Prior to that, the company used the metric of daily active users, so the numbers aren't directly comparable, but they do show how the growth has slowed. Monthly numbers are more forgiving because users don't need to use the product as frequently to move the needle. In daily active users, Teams jumped from 75 million in April 2020 to 115 million in October 2020 to 145 million in April 2021.



[1] https://www.geekwire.com/2022/microsoft-teams-surpasses-270m-monthly-active-users-as-growth-slows-from-early-days-of-pandemic/



White House Attempts To Strengthen Federal Cybersecurity After Major Hacks (cnn.com)

(Wednesday January 26, 2022 @05:50PM (msmash) from the moving-forward dept.)

The White House plans to release an ambitious strategy Wednesday to make federal agencies [1]tighten their cybersecurity controls after a series of high-profile hacks against government and private infrastructure in the last two years, according to a copy shared with CNN. From a report:

> It's one of the biggest efforts yet by the Biden administration to secure the computer networks that the government relies on to do business. Under the strategy, federal employees will need to sign on to agency networks using multiple layers of security and agencies will have to do a better job of protecting their internal network traffic from hackers. The strategy gives agencies until the end of the 2024 fiscal year to meet these benchmarks and others. The overhaul was inspired in part by a 2020 spying campaign by alleged Russian hackers that infiltrated several US agencies and went undetected for months, leaving US officials frustrated at their blind spots. The hackers tampered with software made by federal contractor SolarWinds, among other tools, to sneak onto the unclassified networks of the Departments of Justice, Homeland Security and others.



[1] https://edition.cnn.com/2022/01/26/politics/white-house-cybersecurity-strategy/



Cybercriminals Laundered $8.6 Billion Worth of Cryptocurrency in 2021 (therecord.media)

(Wednesday January 26, 2022 @05:50PM (msmash) from the closer-look dept.)

Cybercriminal gangs laundered an [1]estimated $8.6 billion worth of cryptocurrency last year, in 2021, a 30% rise from the previous year, according to a Chainalysis report published today. From a report:

> The company said it arrived at the number by tracking transactions linked to cybercriminal activity across different cryptocurrency blockchains. This included tracking addresses linked to activity such as darknet market sales, online scams, cryptocurrency platform hacks, and ransomware attacks. "Overall, cybercriminals have laundered over $33 billion worth of cryptocurrency since 2017, with most of the total over time moving to centralized exchanges. For comparison, the UN Office of Drugs and Crime estimates that between $800 billion and $2 trillion of fiat currency is laundered each year -- as much as 5% of global GDP," Chainalysis said. In most cases, cybercrime groups sent funds to centralized cryptocurrency exchanges, from where they converted the stolen funds into real-world fiat currency. Almost 47% of all stolen cryptocurrency was laundered through traditional exchanges, Chainalysis said.



[1] https://therecord.media/cybercriminals-laundered-8-6-billion-worth-of-cryptocurrency-in-2021/



Intel Wins Historic Court Fight Over EU Antitrust Fine (bloomberg.com)

(Wednesday January 26, 2022 @05:50PM (msmash) from the how-about-that dept.)

Intel won a historic victory in its court fight over a record [1]1.06 billion-euro ($1.2 billion) competition fine , in a landmark ruling that upends one of the European Union's most important antitrust cases. From a report:

> The EU General Court ruled on Wednesday that regulators made key errors in a landmark 2009 decision over allegedly illegal rebates that the U.S. chip giant gave to PC makers to squeeze out rival Advanced Micro Devices (AMD). While the surprise ruling can be appealed one more time, it's a stinging defeat for the European Commission, which hasn't lost a big antitrust case in court for more than 20 years. The Luxembourg-based EU court said the commission provided an "incomplete" analysis when it fined Intel, criticizing it for failing to provide sufficient evidence to back up its findings of anti-competitive risks.



[1] https://www.bloomberg.com/news/articles/2022-01-26/intel-wins-eu-court-bid-to-annul-1-2-billion-antitrust-fine



Windows 11 is Getting Android Apps, Taskbar Improvements, and More Next Month (theverge.com)

(Wednesday January 26, 2022 @05:50PM (msmash) from the up-next dept.)

Microsoft is planning to launch a public preview of its Android apps for Windows 11 [1]next month , alongside some taskbar improvements and redesigned Notepad and Media Player apps. Windows chief Panos Panay outlined the upcoming changes to Windows 11 in a blog post today, and they appear to be part of Windows 11's first big update. From a report:

> The taskbar improvements include a mute and unmute feature and likely the ability to show a clock on secondary monitors. Both were missing at the launch of Windows 11, but Microsoft is still working on improving the taskbar further to bring back missing functionality like drag and drop. The upcoming Windows 11 next month will also include the weather widget returning to the taskbar, something Microsoft started testing last month. Microsoft is also redesigning its Notepad and Media Player apps, and both include dark modes and design tweaks that more closely match Windows 11.

>

> The big new addition will be Android apps on Windows 11, though. Panay says this will be a "public preview," indicating that the feature will still be in beta when it's widely available next month. Microsoft first started testing Android apps on Windows 11 with testers in October, and the feature allows you to install a limited number of apps from Amazon's Appstore. There are a variety of workarounds to get Google Play Store running on Windows 11, but Microsoft isn't officially supporting this. Panay also shared a variety of stats about how important Windows has become over the past couple of years. Windows 10 and Windows 11 now run on 1.4 billion devices each month, and the PC market has experienced strong growth throughout the pandemic.



[1] https://www.theverge.com/2022/1/26/22902477/microsoft-windows-11-update-android-apps-preview-taskbar-notepad-media-player



Microsoft's Product Chief Sees PC Revival as Durable (axios.com)

(Wednesday January 26, 2022 @05:50PM (msmash) from the how-about-that dept.)

After years of stagnation, the PC industry has seen its best growth in a decade as people buy new laptops and desktops. But while some pandemic-fueled changes may prove temporary, Microsoft product chief Panos Panay [1]sees the industry's return to growth as durable . From a report:

> "This pandemic has been a forcing function," Panay said in an exclusive interview on Tuesday, following the release of Microsoft's quarterly earnings report. The PC market got a boost as life moved online, but the question for the industry now is whether and how it can keep the momentum going. Before the pandemic, many households focused their tech spending on buying bigger TVs and upgrading their cell phones every couple of years, while trying to keep their PCs as long as possible. During COVID-19, the PC has taken on new life as a tool for remote work, distance learning and staying in touch with friends and family in a world where travel has been greatly curtailed. That drove the global shipments of laptops and desktops for the last quarter to surpass 90 million for the second year in a row, and sales for the year reached a level not seen since 2012. Microsoft reported 25% growth in the revenue it gets from having Windows installed on new PCs.



[1] https://www.axios.com/microsofts-product-chief-pc-revival-durable-panos-panay-39403346-dcb8-4e19-bc38-58a5d9d85c35.html



New DeadBolt Ransomware Targets QNAP Devices, Asks 50 BTC For Master Key (bleepingcomputer.com)

(Wednesday January 26, 2022 @05:50PM (BeauHD) from the pay-up-or-else dept.)

[1]ryanw shares a report from BleepingComputer:

> A new DeadBolt ransomware group is [2]encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software . The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device's login page is hijacked to display a screen stating, "WARNING: Your files have been locked by DeadBolt." This screen informs the victim that they should pay 0.03 bitcoins (approximately $1,100) to an enclosed Bitcoin address unique to each victim.

>

> After payment is made, the threat actors claim they will make a follow-up transaction to the same address that includes the decryption key. This decryption key can then be entered into the screen to decrypt the device's files. At this time, there is no confirmation that paying a ransom will result in receiving a decryption key or that users will be able to decrypt files. The DeadBolt ransomware gang is offering the full details of the alleged zero-day vulnerability if QNAP pays them 5 Bitcoins worth $184,000. They are also willing to sell QNAP the master decryption key that can decrypt the files for all affected victims and the zero-day info for 50 bitcoins, or approximately $1.85 million.



[1] https://slashdot.org/~ryanw

[2] https://www.bleepingcomputer.com/news/security/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key/



Meta's Ill-Fated Cryptocurrency May Be Close To Dissolving

(Wednesday January 26, 2022 @05:50PM (BeauHD) from the not-looking-good dept.)

Diem, Meta's ill-fated cryptocurrency previously known as Libra, [1]may never actually materialize . According to [2]Bloomberg , the Diem Association is reportedly "weighing a sale of its assets as a way to return capital to its investor members." Engadget reports:

> It's unclear what assets the Diem Association owns, but the report notes the group is talking to bankers about selling its intellectual property and finding "a new home for the engineers that developed the technology." If a sale were to happen, it would seem to be the final nail in the coffin for Diem, the cryptocurrency project that Mark Zuckerberg has championed. Plans to get the stablecoin off the ground have stalled for years amid regulatory pushback and lawmaker concerns. After first launching as Libra, several high-profile partners pulled out in 2019.

>

> Last fall, Facebook started a [3]small pilot of Novi , the cryptocurrency wallet formerly known as Calibra. But the fact that Novi was forced to launch without support for Diem -- it used a different stablecoin called the Pax Dollar -- was a sign that Diem's future remained uncertain. Longtime Facebook exec David Marcus, who oversaw the social network's crypto plans, said at the time that Facebook remained committed to Diem. "I do want to be clear that our support for Diem hasn't changed and we intend to launch Novi with Diem once it receives regulatory approval and goes live," he wrote. Marcus [4]announced a month later that he was leaving Facebook.



[1] https://www.engadget.com/diem-association-may-dissolve-report-014955703.html

[2] https://www.bloomberg.com/news/articles/2022-01-25/zuckerberg-s-stablecoin-ambitions-unravel-with-diem-sale-talks?sref=10lNAhZ9

[3] https://tech.slashdot.org/story/21/10/19/1356230/facebooks-novi-set-to-launch-pilot-with-paxoss-stablecoin-as-uncertainty-hangs-over-diem

[4] https://tech.slashdot.org/story/21/11/30/1753219/facebooks-david-marcus-creator-of-embattled-diem-project-to-leave-company



Tonga Shock Wave Created Tsunamis In Two Different Oceans (science.org)

(Wednesday January 26, 2022 @05:50PM (BeauHD) from the two-in-one dept.)

[1]sciencehabit shares a report from Science.org:

> When Hunga Tonga-Hunga Ha'apai, a mostly submerged volcanic cauldron in the South Pacific Ocean, exploded on January 15, it [2]unleashed a blast perhaps as powerful as the world's biggest nuclear bomb, and drove tsunami waves that crashed into Pacific shorelines. But 3 hours or so before their arrival in Japan, researchers detected the waves of another small tsunami. Even stranger, tiny tsunami waves just 10 centimeters high were detected around the same time in the Caribbean Sea, which is in an entirely different ocean basin. What was going on?

>

> Researchers say there is only one reasonable explanation: The explosion's staggeringly powerful shock wave, screaming around the world close to the speed of sound, [3]drove tsunamis of its own in both the Pacific and Atlantic oceans . It's the first time a volcanic shock wave has been seen creating its own tsunamis, says Greg Dusek, a physical oceanographer at the National Oceanic and Atmospheric Administration who documented the phenomenon using a combination of tide and pressure gauges around the world. But, "It's almost certainly happened in the past," says Mark Boslough, a physicist at the University of New Mexico, Albuquerque. The discovery suggests the shock waves generated by explosive eruptions in Earth's history, and by other violent cataclysms, like the airbursts of comets or asteroids colliding with the planet's atmosphere, may have also created transoceanic tsunamis, perhaps with considerably bigger waves.



[1] https://slashdot.org/~sciencehabit

[2] https://news.slashdot.org/story/22/01/19/0212214/nasa-scientists-estimate-tonga-blast-at-10-megatons

[3] https://www.science.org/content/article/tonga-shock-wave-created-tsunamis-two-different-oceans



Major Linux PolicyKit Security Vulnerability Uncovered: Pwnkit (zdnet.com)

(Wednesday January 26, 2022 @11:43AM (BeauHD) from the time-to-patch-your-machines dept.)

An anonymous reader quotes a report from ZDNet:

> [S]ecurity company Qualys has [1]uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, [2]CVE-2021-4034 . [3]Polkit , formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution. This vulnerability is easy to exploit. And, with it, any ordinary user can gain full root privileges on a vulnerable computer by exploiting this vulnerability in its default configuration. As Qualsys wrote in its brief description of the problem: "This vulnerability is an attacker's dream come true." Why is it so bad? Let us count the ways:

>

> - Pkexec is installed by default on all major Linux distributions.

> - Qualsys has exploited Ubuntu, Debian, Fedora, and CentOS in their tests, and they're sure other distributions are also exploitable.

> - Pkexec has been vulnerable since its creation in May 2009 (commit c8c3d83, "Add a pkexec(1) command").

> - An unprivileged local user can exploit this vulnerability to get full root privileges.

> - Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way.

> - And, last but not least, it's exploitable even if the polkit daemon itself is not running.

>

> Red Hat rates the PwnKit as having a Common Vulnerability Scoring System (CVSS) [4]score of 7.8 . This is high. [...] This vulnerability, which has been hiding in plain sight for 12+ years, is a problem with how pkexec reads environmental variables. The short version, according to Qualsys, is: "If our PATH is "PATH=name=.", and if the directory "name=." exists and contains an executable file named "value", then a pointer to the string "name=./value" is written out-of-bounds to envp[0]." While Qualsys won't be releasing a demonstration exploit, the company is sure it won't take long for exploits to be available. Frankly, it's not that hard to create a PwnKit attack.

It's recommended that you obtain and apply a patch ASAP to protect yourself from this vulnerability.

"If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation," adds ZDNet. "For example, this root-powered shell command will stop attacks: # chmod 0755 /usr/bin/pkexec."



[1] https://www.zdnet.com/article/major-linux-policykit-security-vulnerability-uncovered-pwnkit/

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034

[3] https://wiki.archlinux.org/title/Polkit

[4] https://access.redhat.com/security/cve/CVE-2021-4034



Kombucha Cultures Make Excellent Sustainable Water Filters, Study Finds (arstechnica.com)

(Wednesday January 26, 2022 @11:43AM (BeauHD) from the natural-and-effective dept.)

Long-time Slashdot reader [1]shoor shares a report from Ars Technica:

> The refreshing kombucha tea that's all the rage these days among certain global demographics [2]might also hold the key to affordable, environmentally sustainable living membranes for water filtration , according to [3]a recent paper published in the American Chemical Society journal ACS ES&T Water. Experiments by researchers at Montana Technological University (MTU) and Arizona State University (ASU) showed that membranes grown from kombucha cultures were better at preventing the formation of biofilms -- a significant challenge in water filtration -- than current commercial membranes.

>

> Co-author Katherine Zodrow, an environmental engineer at MTU, led an earlier 2020 study demonstrating the feasibility of making sustainable living filtration membranes (LFMs) out of a bacterial cellulose network and the native microorganisms of a kombucha SCOBY (symbiotic culture of bacteria and yeast) culture. Zodrow and her new collaborators made their membranes for this latest round of experiments the same way: by placing a SCOBY in a growth solution of sugar, black tea, and distilled white vinegar dissolved in deionized water. The researchers then placed the mixture in a temperature-controlled room for 10-12 days until a thick membrane formed on the mixture's surface. The grown membranes were stored in deionized water and used in experiments within eight days. The 20 liters of raw water samples for the experiments were taken from the three drinking water treatment plants in Butte, Montana: Basin Creek Reservoir, Moulton Reservoir, and Big Hole River. The water samples were then pretreated in accordance with standard practices at each plant.

>

> Both the LFMs and polymer-based filters, the researchers discovered, became clogged over time, causing them to flow and filter more slowly. The LFMs used in the experiments, however, showed between 19 and 40 percent better performance than their commercial counterparts on that score. The SCOBY-based LFMs were also more resistant to befouling. While biofilms eventually formed, fewer microorganisms were found in those films. Zodrow et al. sequenced the DNA of any bacteria and fungi in the SCOBY-based membrane and found that 97 percent of the bacteria present belonged to the genus Acetobacter. This is not surprising, since it's also the dominant bacteria in kombucha, but it may explain why the LFMs performed so well with regard to biofilms. As the name implies, a defining characteristic of this genus is the ability to oxidize organic carbon sources like sucrose, glucose, and ethanol into acetic acid, which is known for its antimicrobial properties. Acetobacter has also been shown to reduce or even remove biofilms, in keeping with the results of Zodrow et al.'s experiments.



[1] https://slashdot.org/~shoor

[2] https://arstechnica.com/science/2022/01/kombucha-cultures-make-excellent-sustainable-water-filters-study-finds/

[3] https://pubs.acs.org/doi/10.1021/acsestwater.1c00169



Quantum Computers Are a Million Times Too Small To Hack Bitcoin (newscientist.com)

(Wednesday January 26, 2022 @11:43AM (BeauHD) from the harvest-now-decrypt-later dept.)

[1]MattSparkes shares a report from New Scientist:

> Quantum computers would need to become around one million times larger than they are today [2]in order to break the SHA-256 algorithm that secures bitcoin , which would put the cryptocurrency at risk from hackers. Breaking this impenetrable code is essentially impossible for ordinary computers, but quantum computers, which can exploit the properties of quantum physics to speed up some calculations, could theoretically crack it open.

>

> [Mark Webber at the University of Sussex, UK, and his colleagues] calculated that breaking bitcoin's encryption in this 10 minute window would require a quantum computer with 1.9 billion qubits, while cracking it in an hour would require a machine with 317 million qubits. Even allowing for a whole day, this figure only drops to 13 million qubits. This is reassuring news for bitcoin owners because current machines have only a tiny fraction of this -- IBM's record-breaking superconducting quantum computer has only 127 qubits, so devices would need to become a million times larger to threaten the cryptocurrency, something Webber says is unlikely to happen for a decade.

The study has been [3]published in the journal AVS Quantum Science .



[1] https://slashdot.org/~MattSparkes

[2] https://www.newscientist.com/article/2305646-quantum-computers-are-a-million-times-too-small-to-hack-bitcoin/

[3] https://aip.scitation.org/doi/10.1116/5.0073075



IMF Urges El Salvador To Remove Bitcoin As Legal Tender (cnbc.com)

(Wednesday January 26, 2022 @11:43AM (BeauHD) from the cease-and-desist dept.)

The International Monetary Fund is [1]pushing El Salvador to ditch bitcoin as legal tender , according to [2]a statement released on Tuesday. CNBC reports:

> IMF directors "stressed that there are large risks associated with the use of bitcoin on financial stability, financial integrity, and consumer protection, as well as the associated fiscal contingent liabilities." The report, which was published after bilateral talks with El Salvador, went on to "urge" authorities to narrow the scope of its bitcoin law by removing bitcoin's status as legal money. In Sept. 2021, the Central American nation became the world's first country to adopt the cryptocurrency as legal tender, alongside the U.S. dollar.

>

> The IMF report went on to say that some directors had expressed concern over the risks associated with issuing bitcoin-backed bonds, referring to the president's plan to raise $1 billion via a "Bitcoin Bond" in partnership with Blockstream, a digital assets infrastructure company. Part of El Salvador's nationwide move into bitcoin also involved launching a national virtual wallet called Chivo that which offers no-fee transactions and allows for quick cross-border payments. For a country where 70% of citizens do not have access to traditional financial services, Chivo is meant to offer a convenient onramp for those who have never been a part of the banking system.

>

> IMF directors agreed that the Chivo e-wallet could facilitate digital means of payment, thereby helping to "boost financial inclusion," though they emphasized the need for "strict regulation and oversight." Many Salvadorans have reported cases of identity theft, in which hackers use their national ID number to open a Chivo Wallet, in order to claim the free $30 worth of bitcoin offered by the government as an incentive to open a digital wallet. For months, the IMF has bemoaned Bukele's bitcoin experiment. [...] El Salvador has also been trying since early 2021 to secure a $1.3 billion loan from the IMF -- an effort which [3]appears to have soured over this bitcoin row. The country will need to figure out some other backstop to shore up its finances. The IMF predicts that under current policies, public debt will rise to 96% of GDP by 20216, putting the country on "an unsustainable path."



[1] https://www.cnbc.com/2022/01/25/drop-bitcoin-as-legal-tender-imf-urges-el-salvador.html

[2] https://www.imf.org/en/News/Articles/2022/01/25/pr2213-el-salvador-imf-executive-board-concludes-2021-article-iv-consultation

[3] https://www.bloomberg.com/news/articles/2022-01-25/imf-board-urges-el-salvador-to-ditch-bitcoin-as-legal-tender?sref=ctSjKj2N



'Google Is Forcing Me To Dump a Perfectly Good Phone' (vice.com)

(Wednesday January 26, 2022 @11:43AM (BeauHD) from the planned-obsolescence dept.)

An anonymous reader quotes a report from Motherboard, written by Aaron Gordon:

> Not quite three years ago, I bought a Pixel 3, Google's flagship phone at the time. It has been a good phone. I like that it's not too big. I dropped it a bunch, but it didn't break. And the battery life has not noticeably changed since the day I got it. I think of phones in much the same way I think of refrigerators or stoves. It's an appliance, something I need but feel no attachment to, and as long as it keeps fulfilling that need, I don't want to spend money replacing it for no real reason. The Pixel 3 fulfills my needs, so I don't want to spend $600 on the Pixel 6, which seems to be just another phone that does all the phone things.

>

> But I have to get rid of it because Google has stopped supporting all Pixel 3s. Despite being just three years old, [1]no Pixel 3 will ever receive another official security update . Installing security updates is the one basic thing everyone needs to do for their own digital security. If you don't even get them, then you're vulnerable to every security flaw discovered since your last patch. In response to an email asking Google why it stopped supporting the Pixel 3, a Googles spokesperson said, "We find that three years of security and OS updates still provides users with a great experience for their device."

>

> This has been a problem with Android for as long as Android has existed. In 2015, my colleague Lorenzo Franceschi-Bicchierai [2]wrote a farewell to Android because of its terrible software support and spotty upgrade rollouts. Android has long blamed this obvious issue on the fact that updates need to run through the cellphone company and phone manufacturer before being pushed to the user. At the time, Google didn't make any Android phones; the Nexus line was the closest thing, a partnership with other manufacturers like Motorola and HTC (I had one of those, too). But for the past six years, Google has made the Pixel line of phones. They are Google-made phones, meaning Google can't blame discontinuing security updates on other manufacturers, and yet, it announced that's exactly what it would do.

Gordon goes on to say that he's "switching to an iPhone for the first time," noting how the most recent version of iOS can be installed on phones going as far back as the iPhone 6s, which was released more than six years ago.

"Unless you routinely destroy your phone within two or three years, there's no justification from a sustainability perspective to keep using Android phones," he adds. "Of course, Apple is only good by comparison, as it also manufactures devices that are [3]difficult to repair with an artificially short shelf life. It just happens to have a longer shelf life than Google."



[1] https://www.vice.com/en/article/dypxpx/google-is-forcing-me-to-dump-a-perfectly-good-phone

[2] https://www.vice.com/en/article/bmje3w/goodbye-android

[3] https://apple.slashdot.org/story/21/11/05/2124214/the-iphone-13-screen-is-a-repair-nightmare-that-could-destroy-repair-shops-forever



Intel Alder Lake-H Mobile CPU Performance Impresses, Handily Bests Ryzen Mobile (hothardware.com)

(Wednesday January 26, 2022 @11:43AM (BeauHD) from the beastly-performance dept.)

[1]MojoKid writes:

> Intel lifted its performance embargo today on its new line of Alder Lake 12th Gen Core mobile processors for laptops. Reviews are hitting the web specifically with Intel's higher-end Alder Lake-H processor SKU. Alder Lake is intended to be a single, scalable CPU architecture, designed to address PC client platforms from ultra-mobile solutions down to 9 watts, up to high-performance 125 Watt+ desktop solutions. Alder Lake-H, the foundation of the Core i9-12900HK 14-core/20-thread chip in this review at HotHardware has a 45W power envelope, but it will boost to much higher levels when power and thermal headroom is available. Coupled with NVIDIA's new GeForce RTX 3080 Ti mobile GPU, the machine put up some of the [2]best gaming and content creation benchmark numbers ever recorded on a laptop .

>

> Alder Lake-H CPU derivatives will scale back to 8-core chips with a mix of Performance cores and Efficiency cores consistent with Intel's new hybrid architecture. Additional benchmarks and performance recorded on the new Alienware x17 R2 with an identical hardware config were equally as impressive. Intel 12th Gen-powered laptops are starting to become available in market now, with lower power Alder Lake-U SKUs for thin and light machines arriving later this year.



[1] https://slashdot.org/~MojoKid

[2] https://hothardware.com/reviews/core-i9-12900hk-msi-ge76-raider-review



More

What we need in this country, instead of Daylight Savings Time, which nobody
really understands anyway, is a new concept called Weekday Morning Time,
whereby at 7 a.m. every weekday we go into a space-launch-style "hold" for
two to three hours, during which it just remains 7 a.m. This way we could
all wake up via a civilized gradual process of stretching and belching and
scratching, and it would still be only 7 a.m. when we were ready to actually
emerge from bed.
-- Dave Barry, "$#$%#^%!^%&@%@!"