The Rust foundation is making "considerable progress" on a complete security audit of the Rust ecosystem, according to [1]the coding news site I Programmer , citing a [2]newly-released [3]report from the nonprofit Rust foundation:

> The foundation is investigating the development of a Public Key Infrastructure (PKI) model for the Rust language, including the design and implementation for a PKI CA and a resilient Quorum model for the project to implement, and the report says that language updates suggested by members of the Project were nearly ready for implementation.

>

> Following the XZ backdoor vulnerability, the Security Initiative has focused on supply chain security, including work on provenance-tracking, verifying that a given crate is actually associated with the repository it claims to be. The top 5,000 crates by download count have been checked and verified.

>

> Threat modeling has now been completed on the Crates ecosystem. Rust Infrastructure, crates.io and the Rust Project.

>

> Two open source security tools, Painter and Typomania, have been developed and released. Painter can be used to build a graph database of dependencies and invocations between all crates within the crates.io ecosystem, including the ability to obtain 'unsafe' statistics, better call graph pruning, and FFI boundary mapping. Typomania ports typogard to Rust, and can be used to detect potential typosquatting as a reusable library that can be adapted to any registry.

They've also tightened admin privileges for Rust's package registry, according to the article. And "In addition to the work on the Security Initiative, the Foundation has also been working on improving interoperability between Rust and C++, supported by a $1 million contribution from Google."

According to the Rust foundation's technology director, they've made "impressive technical strides and developed new strategies to reinforce the safety, security, and longevity of the Rust programming language." And the director says the new report "paints a clear picture of the impact of our technical projects like the Security Initiative, Safety-Critical Rust Consortium, infrastructure and crates.io support, Interop Initiative, and much more."



[1] https://www.i-programmer.info/news/149-security/17466-rust-foundation-report-on-recent-initiatives.html

[2] https://foundation.rust-lang.org/news/latest-rust-foundation-report-details-technical-accomplishments/

[3] https://foundation.rust-lang.org/static/publications/technology-report-2024.pdf

More details on [1]that report about NASA from [2]the Washington Post :

> NASA is 66 years old and feeling its age. Brilliant engineers are retiring. Others have fled to higher-paying jobs in the private space industry. The buildings are old, their maintenance deferred. The [3]Apollo era , with its huge taxpayer investment, is a distant memory. The agency now pursues complex missions on inadequate budgets. This may be an unsustainable path for NASA, one that imperils long-term success. That is the conclusion of a [4]sweeping report , titled "NASA at a Crossroads," written by a committee of aerospace experts and published Tuesday by the National Academies of Sciences, Engineering and Medicine. The report suggests that NASA prioritizes near-term missions and fails to think strategically. In other words, the space agency isn't sufficiently focused on the future.

>

> NASA's intense focus on current missions is understandable, considering the unforgiving nature of space operations, but "one tends to neglect the probably less glamorous thing that will determine the success in the future," the report's lead author, Norman Augustine, a retired Lockheed Martin chief executive, said Tuesday. He said one solution for NASA's problems is more funding from Congress. But that may be hard to come by, in which case, he said, the agency needs to consider canceling or delaying costly missions to invest in more mundane but strategically important institutional needs, such as technology development and workforce training. Augustine said he is concerned that NASA could lose in-house expertise if it relies too heavily on the [5]private industry for newly emerging technologies. "It will have trouble hiring innovative, creative engineers. Innovative, creative engineers don't want to have a job that consists of overseeing other people's work," he said...

>

> The report is hardly a blistering screed. The tone is parental. It praises the agency — with a budget of about $25 billion — for its triumphs while urging more prudent decision-making and long-term strategizing.

>

> NASA pursues spectacular missions. It has sent swarms of robotic probes across the solar system and even into interstellar space. Astronauts have continuously been in orbit for more than two decades. The most ambitious program, [6]Artemis , aims to put astronauts back on the moon in a few short years. And long-term, NASA hopes to put astronauts on Mars. But a truism in the industry is that space is hard. The new report contends that NASA has a mismatch between its ambitions and its budget, and needs to pay attention to fundamentals such as fixing its aging infrastructure and retaining in-house talent. NASA's overall physical infrastructure is already well beyond its design life, and this fraction continues to grow," the report states.

NASA Administrator Bill Nelson said the report "aligns with our current efforts to ensure we have the infrastructure, workforce, and technology that NASA needs for the decades ahead," according to the article.

Nelson added that the agency "will continue to work diligently to address the committee's recommendations."



[1] https://science.slashdot.org/story/24/09/13/2213233/eminent-officials-say-nasa-facilities-some-of-the-worst-theyve-ever-seen

[2] https://www.msn.com/en-us/news/us/underfunded-aging-nasa-may-be-on-unsustainable-path-report-warns/ar-AA1qkxf4

[3] https://www.washingtonpost.com/graphics/2019/national/amp-stories/experience-the-historic-apollo-11-mission/

[4] https://nap.nationalacademies.org/read/27519/chapter/1

[5] https://www.washingtonpost.com/sf/national/2013/11/23/which-way-to-space/

[6] https://www.washingtonpost.com/technology/interactive/2023/nasa-moon-artemis-launch/

An anonymous reader [1]shared this report from DecClass :

> A report from developer-focused analyst Redmonk finds "there does not seem to be a clear link between moving from an open source to proprietary license and increasing the company's value."

>

> Senior analyst Rachel Stevens studied the question of whether the companies that changed from open source to proprietary licenses have since reported better financial positions. In particular, she looked at [2]MongoDB , which changed from AGPL (GNU Affero General Public License) to its SSPL (Server Side Public License) in 2018; [3]Elastic Co , which changed from Apache 2 to SSPL or Elastic License in early 2021; [4]HashiCorp , which changed from MPL (Mozilla Public License 2.0) a year ago, and Confluent, which checked from Apache 2 to its own Confluent Community License in 2018.

>

> [5]The report is too recent to take account of Elastic's [6]reversion to AGPL ; and the financial impact of that is of course yet to be known, though it is perhaps unlikely that the switch back would have been made if the company considered it detrimental to its finances. Rather, Elastic's latest licensing change reinforces the view that proprietary licenses are not necessarily more profitable... All the companies studied increased their revenue after their license change, Stevens said, but added that the rate of change was similar to that before the change...

>

> MongoDB [7]stated in 2018 that "once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community." Six years later, it remains the case that the large cloud vendors are highly profitable, but that these companies who changed their license are not. In February this year, Bruce Perens, creator of the 1998 Open Source Definition, [8]described open source as "a great corporate welfare program" and not at all what he had intended...

>

> The new Redmonk report suggests that such license manoeuvres are neither fatal nor beneficial to the finances of the companies involved — though there are so many caveats that it is impossible to draw firm conclusions.

The report's final sentence concludes that "there does not seem to be a clear link between moving from an open source to proprietary license and increasing the company's value."



[1] https://devclass.com/2024/09/09/redmonk-no-clear-link-between-moving-from-open-source-to-a-proprietary-license-and-increasing-company-value/

[2] https://www.theregister.com/2018/10/16/mongodb_licensning_change/

[3] https://www.theregister.com/2021/01/18/elastics_doubling_down_on_open/

[4] https://www.theregister.com/2023/08/11/hashicorp_bsl_licence/

[5] https://redmonk.com/rstephens/2024/08/26/software-licensing-changes-and-their-impact-on-financial-outcomes/

[6] https://devclass.com/2024/09/02/elasticsearch-will-be-open-source-again-as-cto-declares-changed-landscape/

[7] https://www.theregister.com/2018/10/16/mongodb_licensning_change/

[8] https://devclass.com/2024/02/08/preserving-the-magic-of-free-new-types-of-licenses-will-not-solve-open-source-business-model-says-percona-founder/

Redmonk's latest programming language ranking (attempting to gauge "potential future adoption trends") has found [1]evidence of "a landscape resistant to change ."

> Outside of CSS moving down a spot and C++ moving up one, the Top 10 was unchanged. And even in the back half of the rankings, where languages tend to be less entrenched and movement is more common, only three languages moved at all... There are a few signs of languages following in TypeScript's footsteps and working their way up the path, both in the Top 20 and at the back end of the Top 100 as we'll discuss shortly, but they're the exception that proves the rule.

>

> It's possible that we'll see more fluid usage of languages, and increased usage of code assistants would theoretically make that much more likely, but at this point it's a fairly static status quo. With that, some results of note:

>

> - TypeScript (#6): technically TypeScript didn't move, as it was ranked sixth in our last run, but this is the first quarter in which is has been the sole occupant of that spot. CSS, in this case, dropped one place to seven leaving TypeScript just outside the Top 5. It will be interesting to see whether or not it has more momentum to expend or whether it's topped out for the time being.

>

> - Kotlin (#14) / Scala (#14): both of these JVM-based languages jumped up a couple of spots — two spots in Scala's case and three for Kotlin. Scala's rise is notable because it had been on something of a downward trajectory from a one time high of 12th, and Kotlin's placement is a mild surprise because it had spent three consecutive runs not budging from 17, only to make the jump now. The tie here, meanwhile, is interesting because Scala's long history gives it an accretive advantage over Kotlin's more recent development, but in any case the combination is evidence of the continued staying power of the JVM.

>

> - Objective C (#17): speaking of downward trajectories and the 17th placement on this list, Objective C's slide that began in mid-2018 continued and left the language with its lowest placement in these rankings to date at #17. That's still an enormously impressive achievement, of course, and there are dozens of languages that would trade their usage for Objective C's, but the direction of travel seems clear.

>

> - Dart (#19) / Rust (#19): while once grouped with Kotlin as up and coming languages driven by differing incentives and trends, Dart and Rust have not been able to match the ascent of their counterpart with five straight quarters of no movement. That's not necessarily a negative; as with Objective C, these are still highly popular languages and communities, but it's worth questioning whether new momentum will arrive and from where, particularly because the communities are experiencing [2]some friction in growing their usage.

It's important to remember Redmonk's methodology. "We extract language rankings from GitHub and Stack Overflow, and combine them for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction. The idea is not to offer a statistically valid representation of current usage, but rather to correlate language discussion and usage in an effort to extract insights into potential future adoption trends."

Having said that, here's the current top ten in Redmonk's ranking:

JavaScript

Python

Java

PHP

C#

TypeScript

CSS

C++

Ruby

C

Their announcement also notes that at the other end of the list, the programming language Bicep "jumped eight spots to #78 and Zig 10 to #87. That progress pales next to Ballerina, however, which jumped from #80 to #61 this quarter. The general purpose language from WS02, thus, is added to the list of potential up and comers we're keeping an eye on."



[1] https://redmonk.com/sogrady/2024/09/12/language-rankings-6-24/

[2] https://arstechnica.com/gadgets/2024/09/rust-in-linux-lead-retires-rather-than-deal-with-more-nontechnical-nonsense/

It was one year ago that " [1]an odd seismic signal appeared at scientific stations around the globe," reports the Washington Post. "A day passed, and the slow tremor still reverberated. When it continued for a third day, scientists worldwide began assembling..."

> Some initially thought the seismic instruments recording the signal were broken, but that was quickly nixed. Maybe it was a new volcano emerging before their eyes, others said. One jokingly ruled out an alien party. As theories were checked off, the scientists dubbed the signal an "Unidentified Seismic Object," or USO... Nine days later, the vibrations greatly dissipated. But the mystery of the USO lasted much longer.

>

> A year later, the puzzle has been solved, according to a study published in the journal Science on Thursday. It took about 70 people from 15 different countries and more than 8,000 exchanged messages (long enough for a 900-page detective novel) to crack the case. The short answer: A mega-tsunami created waves that sloshed back and forth in a fjord in Greenland, creating vibrations that traveled around the world.

Extra heat from global warming "thinned a glacier in eastern Greenland over time so much that it could no longer support the mountain rock above it," according to the article. A mile-long avalanche "plunged into the Dickson Fjord, triggering a 650-foot-high tsunami — one of the highest seen in recent history." Like the rhythmic waves in a bathtub, "the mega-tsunami wave traveled back and forth in the inlet," which "radiated seismic waves globally, shaking the planet for nine days before it petered out."

In August a German research team had studied the megatsunami, concluding that [2]climate change was speeding the melt of Greenland's glaciers and increasing the chance of landslide-driven megatsunamis. The article reports that an author of that study said when comparing it to this one, "The methods chosen by the teams are different, but the results agree well."



[1] https://www.msn.com/en-us/weather/topstories/a-rumble-echoed-around-the-world-for-nine-days-here-s-what-caused-it/ar-AA1qtjKn

[2] https://news.slashdot.org/story/24/08/23/2337203/megatsunami-risk-on-the-rise-as-glacial-melt-drives-landslides

The Washingon Post reports that a regulatory dispute in Ohio may help answer a big question about America's power grid: [1]who will pay for the huge upgrades needed to meet soaring energy demand "from the data centers powering the modern internet and artificial intelligence revolution?"

> Google, Amazon, Microsoft and Meta are fighting a proposal by an Ohio power company to significantly increase the upfront energy costs they'll pay for their data centers, a move the companies dubbed "unfair" and "discriminatory" in documents filed with Ohio's Public Utility Commission last month. American Electric Power Ohio said in filings that the tariff increase was needed to prevent new infrastructure costs from being passed on to other customers such as households and businesses if the tech industry should fail to follow through on its ambitious, energy-intensive plans. The case could set a national precedent that helps determine whether and how other states force tech firms to be accountable for the costs of their growing energy consumption... The energy demands of data centers have created similar concerns in other hot spots such as Northern Virginia, Atlanta and Maricopa County, Arizona, leaving experts concerned that the [2]U.S. power grid may not be capable of dealing with the combined needs of the green energy transition and the computing boom that [3]artificial intelligence companies say is coming ...

>

> Energy customers must sometimes make a monthly payment to a utility that is a percentage of the maximum amount of electricity they predict that they could need. In Ohio, data center companies had agreed to pay 60 percent of the projected amount. But in May, the power company proposed a new, 10-year fee structure raising the charges to 90 percent of the expected load, even if they don't end up using that much. The major tech companies — all of whom are increasing spending on data center infrastructure to compete in AI — strenuously opposed the proposed contract in documents filed last month... According to testimony from AEP Ohio Vice President Lisa Kelso, there are 50 pending requests from data center customers seeking electric service at more than 90 sites, a potential 30,000 megawatts of additional load — enough to power more than 20 million households. That additional demand would more than triple the utility's previous peak load in 2023, she said. Between 2020 and 2024, the data center energy load in central Ohio increased sixfold, from 100 to 600 megawatts, her testimony reads. By 2030, that amount will reach 5,000 megawatts, according to the utility's signed agreements, she testified...

>

> Meeting that demand will require AEP Ohio to build new transmission lines, an expensive and time-consuming process... Chief among the power company's concerns, according to the documents, is what will happen if it invests billions of dollars into new grid infrastructure only for the data centers to leave for greener pastures, or for the AI bubble to burst and the facilities to need much less power than initially projected. If the power company spends big on new infrastructure but the power demand it was built to serve doesn't materialize, other customers — including business and residential payers — will be stuck with the bill, the utility said... AEP Ohio's testimony in the case also questions whether data centers bring as much to local communities as factories or other high-energy-load businesses. Since 2019, non-data center businesses have created approximately 25 jobs for every megawatt of power requested, while data centers have created less than one job per megawatt, according to Kelso's testimony.

>

> The tech companies rejected this criticism, saying the number of jobs they create is not relevant to how much power they have a right to purchase, and highlighted their other contributions to local economies... Amazon said in filings that it pays fees as high as 75 percent of projected demand in some states but that Ohio's proposal to bill it 90 percent goes too far.

"Should the Ohio tariff be approved, Microsoft and Google both threatened in their testimony to leave Ohio." (Although at the same time, "pressure on the electric grid is mounting all over the country...")

And the article points out that on Thursday, "the White House announced measures intended to speed up data center construction for AI projects, including by accelerating permitting."



[1] https://www.msn.com/en-us/money/companies/tech-giants-fight-plan-to-make-them-pay-more-for-electric-grid-upgrades/ar-AA1qwNfv

[2] https://www.washingtonpost.com/business/2024/03/07/ai-data-centers-power/

[3] https://www.msn.com/en-us/money/technology/ai-is-exhausting-the-power-grid-tech-firms-are-seeking-a-miracle-solution/ar-BB1oDl5z

Ars Technica's Stephen Clark reports:

> A panel of independent experts reported this week that NASA [1]lacks funding to maintain most of its decades-old facilities , could lose its engineering prowess to the commercial space industry, and has a shortsighted roadmap for technology development. "NASA's problem is it always seems to have $3 billion more program than it has of funds," said Norm Augustine, chair of the National Academies panel chartered to examine the critical facilities, workforce, and technology needed to achieve NASA's long-term strategic goals and objectives. Augustine said a similar statement could sum up two previous high-level reviews of NASA's space programs that he chaired in 1990 and 2009. But the report released Tuesday put NASA's predicament in stark terms.

>

> "In NASA's case, the not-uncommon tendency in a constrained budget environment to prioritize initiating new missions as opposed to maintaining and upgrading existing support assets has produced an infrastructure that would not be viewed as acceptable under most industrial standards," the panel wrote in its report. "In fact, during its inspection tours, the committee saw some of the worst facilities many of its members have ever seen." All of NASA's centers have facilities the agency considers marginal, but Johnson Space Center in Houston has the facilities with the worst average score. Johnson oversees astronaut training and is home to NASA's Mission Control Center for the International Space Station and future Artemis lunar missions. The Jet Propulsion Laboratory in California, which develops and operates many of NASA's robotic interplanetary probes, and Stennis Space Center in Mississippi, used for rocket engine testing, are the only centers without a poor infrastructure score.

>

> These ratings cover things like buildings and utilities, not the specific test rigs or instruments inside them. "You can have a world-class microscope and materials lab, but if the building goes down, that microscope is useless to you," [Erik Weiser, NASA's director of facilities and real estate] told the National Academies panel in a meeting last year. The panel recommended that Congress direct NASA to establish an annually replenished revolving working capital fund to pay for maintenance and infrastructure upgrades. Other government agencies use similar funds for infrastructure support. "This is something that will require federal legislation," said Jill Dahlburg, a member of the National Academies panel and former superintendent of the space science division at the Naval Research Laboratory.



[1] https://arstechnica.com/space/2024/09/eminent-officials-say-nasa-facilities-some-of-the-worst-theyve-ever-seen/

Longtime Slashdot reader [1]davidwr writes:

> Winners of the [2]34th First Annual Ig Nobel Prizes included studies on hair swirling (natural, not from grade-school bathroom torture), mammals that breath through their anal orifices, and a study on pigeon-guided missiles. There were also prizes for the study of the swimming abilities of a formerly-living trout. "Honors" were also bestowed for research in coin-flipping (no, it's not 50/50), why cows spew milk, and drunken worms, among other topics. Prizes included $10,000,000,000 (in now-worthless Zimbabwe dollars) and items related to Murphy's Law.

>

> Media coverage includes [3]AP , [4]CNN , [5]Gizmodo , [6]Ars Technica , and by the time you read this, [7]probably [8]much [9]more .



[1] https://slashdot.org/~davidwr

[2] https://improbable.com/ig/archive/2024-ceremony/

[3] https://apnews.com/article/ig-nobels-nobel-prizes-annals-of-improbable-research-7944d7df68dee52f1c7879b31d03b510

[4] https://www.cnn.com/2024/09/13/science/ig-nobel-prize-ceremony-2024-intl-scli/index.html

[5] https://gizmodo.com/2024-ig-nobel-prizes-for-silly-science-include-pigeons-in-missiles-hair-whorls-and-dead-fish-that-swim-2000498301

[6] https://arstechnica.com/science/2024/09/meet-the-winners-of-the-2024-ig-nobel-prizes/

[7] https://www.theguardian.com/science/2024/sep/12/ig-nobel-prize-goes-to-team-who-found-mammals-can-breathe-through-anuses

[8] https://www.newscientist.com/article/2447781-ig-nobel-prizes-2024-the-unexpected-science-that-won-this-year/

[9] https://www.yahoo.com/news/backside-breathing-pigeon-bombers-studies-110102531.html

An anonymous reader quotes a report from CBC News:

> Stranded astronauts Butch Wilmore and Suni Williams said Friday it was hard to watch their Boeing capsule return to Earth without them. It was their [1]first public comments since last week's return of the Boeing Starliner capsule that took them to the International Space Station [2]in June . They remained behind after NASA determined the problem-plagued capsule posed too much risk for them to ride back in. "That's how it goes in this business," said Williams, adding that "you have to turn the page and look at the next opportunity."

>

> Wilmore and Williams are now full-fledged station crew members, chipping in on routine maintenance and experiments. They, along with seven others on board, welcomed a Soyuz spacecraft carrying two Russians and an American earlier this week, temporarily raising the station population to 12, a near record. NASA astronauts Butch Wilmore and Suni Williams spoke to the press on Friday for the first time since their Boeing Starliner capsule returned to Earth without them. The two, who have been on the International Space Station since June 6, said they are taking the mission's unexpected extension into 2025 in stride -- even if it means they've had to change their voting plans. The transition to station life was "not that hard" since both had previous stints there, said Williams, who will soon take over as station commander. "This is my happy place. I love being up here in space," she said.

>

> The two Starliner test pilots -- both retired U.S. navy captains and longtime NASA astronauts — will stay at the orbiting laboratory until late February. They have to wait for a SpaceX capsule to bring them back. That spacecraft is due to launch later this month with a reduced crew of two, with two empty seats for Wilmore and Williams for the return leg. The duo said they appreciated all the prayers and well wishes from strangers back home. Wilmore said he will miss out on family milestones such as being around for his youngest daughter's final year of high school. The astronauts, who prepared for eight days in space, will now be up there for eight months, which could have a greater impact on the body. "It is a bit of a change from a sprint to a marathon," said Dr. Adam Sirek of the Canadian Society of Aerospace Medicine.



[1] https://www.cbc.ca/news/world/astronauts-boeing-space-1.7323046

[2] https://science.slashdot.org/story/24/06/06/2030223/boeing-starliner-docks-with-iss

23andMe has [1]agreed to pay $30 million to settle a lawsuit over a data breach that [2]exposed the personal information of 6.4 million customers in 2023. BleepingComputer reports:

> The [3]proposed class action settlement (PDF), filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval. "23andMe believes the settlement is fair, adequate, and reasonable," the company said in a memorandum [4]filed (PDF) Friday.

>

> 23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during annual training sessions.

"23andMe denies the claims and allegations set forth in the Complaint, denies that it failed to properly protect the Personal Information of its consumers and users, and further denies the viability of Settlement Class Representatives' claims for statutory damages," the company said in the filed preliminary settlement.

"23andMe denies any wrongdoing whatsoever, and this Agreement shall in no event be construed or deemed to be evidence of or an admission or concession on the part of 23andMe with respect to any claim of any fault or liability or wrongdoing or damage whatsoever."



[1] https://www.bleepingcomputer.com/news/security/23andme-to-pay-30-million-in-genetics-data-breach-settlement/

[2] https://it.slashdot.org/story/23/12/04/1911229/23andme-confirms-hackers-stole-ancestry-data-on-69-million-users

[3] https://storage.courtlistener.com/recap/gov.uscourts.cand.428003/gov.uscourts.cand.428003.103.2.pdf

[4] https://storage.courtlistener.com/recap/gov.uscourts.cand.428003/gov.uscourts.cand.428003.105.0.pdf

Gemini Live is [1]rolling out its Live Voice Mode for all Android users , allowing them to hold real-time, interactive voice conversations with Gemini. "Previously locked into conventional text-based input and responses, Gemini Live Voice Mode gives hands-free ways to explore ideas, brainstorm, and talk through topics in real-time," reports Tom's Guide. From the report:

> This new voice feature is integrated into the [2]Android Gemini app , so users need to update their app or download it from the Google Play Store if they haven't already done so. Once installed, users can turn on Live Voice Mode and start talking directly to Gemini. Do you want to get your thoughts sorted out or chat? It's fast and interactive, and no typing is required in this mode.

>

> Users can have voice conversations on virtually anything. Suppose one is stuck with a complex project and needs a fresh perspective or researching a new hobby or course of study and wants to flesh out the subject by talking it out with Gemini. It promises to offer rich insight and ideas through conversation so that one's productivity and creativity are enhanced in ways that, up until now, have been possible only with human dialogue. [...]

>

> The main advantage of Gemini Live Voice Mode is that it is interactive. A voice assistant would respond to a question you pose in voice, while with the live voice mode in Gemini, the dialogue sounds and feels more natural, with a tone that takes on that of the discussion and facilitates a back-and-forth interaction style. You can ask follow-up questions, clarify misunderstandings, or refine your ideas as you speak, making it more like a collaboration than a simple Q&A.



[1] https://www.tomsguide.com/ai/gemini-live-voice-mode-is-free-for-android-users-and-you-can-try-it-right-now

[2] https://play.google.com/store/apps/details?id=com.google.android.apps.bard&hl=en_US

The Biden administration is [1]proposing new rules to [2]limit the "de minimis" exemption , which some Chinese e-commerce companies like Shein and Temu use to ship low-cost goods under $800 to U.S. customers without tariffs. The changes would subject certain shipments to closer inspection and tariffs, aiming to protect American consumers and businesses by ensuring a level playing field against Chinese platforms that have exploited this loophole. The Verge reports:

> Under the proposed rules, the US will prevent companies from claiming the de minimis exemption if their goods are covered by Section 301, Section 232, and Section 201 tariffs, which apply to products from China, steel, and aluminum, as well as washing machines and solar panels. In addition to slapping these shipments with tariffs, the rule change would subject them to closer inspection by US Customs and Border Protection.

>

> The Biden administration said the proposal would help "protect consumers from goods that do not meet regulatory health and safety standards." Even though Shein is headquartered in Singapore, it's known for cheap fast fashion that's mainly manufactured in China. The China-based Temu sells clothes, household items, electronics, and a variety of other goods made in the country as well.



[1] https://www.whitehouse.gov/briefing-room/statements-releases/2024/09/13/fact-sheet-biden-harris-administration-announces-new-actions-to-protect-american-consumers-workers-and-businesses-by-cracking-down-on-de-minimis-shipments-with-unsafe-unfairly-traded-products/

[2] https://www.theverge.com/2024/9/13/24243653/us-biden-shein-import-rules-de-minimis-loop-hole

An anonymous reader quotes a report from Ars Technica:

> Researchers still don't know the cause of a recently discovered malware infection [1]affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web [2]reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

>

> Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections. "At the moment, the source of the TV boxes' backdoor infection remains unknown," Thursday's post stated. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access." The following device models infected by Vo1d are: [R4, TV BOX, KJ-SMART4KVIP].

>

> One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What's more, Doctor Web said it's not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models. Further, while only licensed device makers are permitted to modify Google's AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user.

"These off-brand devices discovered to be infected were not [3]Play Protect certified Android devices ," Google said in a statement. "If a device isn't Play Protect certified, Google doesn't have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety."

Users can confirm if their device runs Android TV OS via [4]this link and following the steps [5]here .



[1] https://arstechnica.com/security/2024/09/researchers-still-dont-know-how-1-3-million-android-streaming-boxes-were-backdoored/

[2] https://news.drweb.com/show/?i=14900&lng=en

[3] https://support.google.com/androidtv/thread/217840369/ensuring-your-android-tv-os-device-is-secure?hl=en

[4] https://www.android.com/tv/

[5] https://support.google.com/googleplay/answer/7165974

Former FTX CEO Sam Bankman-Fried's legal team has [1]filed an appeal challenging his conviction on seven felony counts and his [2]25-year prison sentence . They argue that he was not presumed innocent, that the jury received incomplete information about FTX user funds, and that the prosecution's narrative was biased. CoinTelegraph reports:

> In a Sept. 13 filing in the United States Court of Appeals for the Second Circuit, SBF's lawyers filed a 102-page brief claiming that the former FTX CEO was "never presumed innocent," subject to scrutiny that allegedly affected prosecutors, the presiding judge, and treatment by the media. Bankman-Fried's legal team announced in April -- a few weeks after a federal judge sentenced him to 25 years in prison -- that they intended to appeal. According to the appeal, SBF's lawyers alleged the jury was "only allowed to see half the picture" with FTX user funds, claiming prosecutors had "presented a false narrative" that the money was permanently lost and Bankman-Fried intentionally caused that loss. They also claimed that counsel for the FTX debtors worked with the US government in a way that was above and beyond "cooperation," providing information allegedly as an "arm of the prosecution."

>

> "From day one, the prevailing narrative -- initially spun by the lawyers who took over FTX, quickly adopted by their contacts at the US Attorney's Office -- was that Bankman-Fried had stolen billions of dollars of customer funds, driven FTX to insolvency, and caused billions in losses," said the appeal. "Now, nearly two years later, a very different picture is emerging -- one confirming FTX was never insolvent, and in fact had assets worth billions to repay its customers. But the jury at Bankman-Fried's trial never got to see that picture." The legal team requested the appellate court grant SBF a new trial with a different judge. It's unclear whether the Second Circuit could rule to affirm Bankman-Fried's conviction in the US District Court for the Southern District of New York or reverse the decision and set the groundwork for a new trial.



[1] https://cointelegraph.com/news/sam-bankman-fried-appeal-fraud-conviction-sentence

[2] https://yro.slashdot.org/story/24/03/28/1552210/sam-bankman-fried-sentenced-to-25-years-in-prison

iFixit has [1]created its own USB-C soldering iron and portable power station called [2]FixHub , "designed to allow all types of users to handle soldering work wherever they may be," reports MacRumors. From the report:

> The Portable Power Station serves as the command and power center for FixHub, including a 55-watt-hour battery to support over eight hours of continuous soldering on a single charge. The power supply delivers up to 100 watts to a pair of USB-C ports, allowing it to run two soldering irons simultaneously, and the fact that it's simply a USB-C power output device means you can also use it to power or recharge an array of devices like phones.

>

> The solidly built power station includes a handy display to show the status of your soldering iron, along with a convenient dial for adjusting the power being delivered to the iron, supporting temperatures up to 400C (750F). A flip-up bracket raises the front of the power station a bit to make the display easier to see while in use, while attachment points on the left and right side allow you to clip on the soldering iron's cap for convenient access as a stand. A USB-C port on the rear of the power station allows for up to 45 watts of input to recharge the station, and iFixit says it is safe to leave continuously connected to power so it's ready whenever you need it. [...]

>

> iFixit is of course known for more than just hardware, and it has hundreds of free soldering guides on its website, ranging from the basics of soldering to specific repair projects. It also wouldn't be an iFixit product without repairability being front of mind, so the FixHub system is designed to allow for easy repairs and iFixit will be releasing a number of guides to help users replace batteries, repair parts, and more. Supplementing the FixHub is an optional [3]Portable Soldering Toolkit , which provides an extensive set of tools and consumables to get you going on soldering projects.

The USB Smart Soldering Iron and Portable Soldering Station are priced at $79.95 and $249.95, respectively.



[1] https://www.ifixit.com/products/fixhub-power-series-portable-soldering-station

[2] https://www.ifixit.com/fixhub

[3] https://www.ifixit.com/products/fixhub-soldering-toolkit

An anonymous reader quotes a report from Wired:

> You can tell a lot about someone from their eyes. They can indicate how tired you are, the type of mood you're in, and potentially provide clues about health problems. But your eyes could also leak more secretive information: your passwords, PINs, and messages you type. Today, a group of six computer scientists are revealing a new attack against Apple's Vision Pro mixed reality headset where exposed eye-tracking data [1]allowed them to decipher what people entered on the device's virtual keyboard . The attack, dubbed [2]GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes. "Based on the direction of the eye movement, the hacker can determine which key the victim is now typing," says Hanqiu Wang, one of the leading researchers involved in the work. They identified the correct letters people typed in passwords 77 percent of the time within five guesses and 92 percent of the time in messages.

>

> To be clear, the researchers did not gain access to Apple's headset to see what they were viewing. Instead, they worked out what people were typing by remotely analyzing the eye movements of a virtual avatar created by the Vision Pro. This avatar can be used in Zoom calls, Teams, Slack, Reddit, Tinder, Twitter, Skype, and FaceTime. The researchers alerted Apple to the vulnerability in April, and the company issued a patch to stop the potential for data to leak at the end of July. It is the first attack to exploit people's "gaze" data in this way, the researchers say. The findings underline how people's biometric data -- information and measurements about your body -- can expose sensitive information and beused as part of the burgeoning surveillance industry.

>

> The GAZEploit attack consists of two parts, says Zhan, one of the lead researchers. First, the researchers created a way to identify when someone wearing the Vision Pro is typing by analyzing the 3D avatar they are sharing. For this, they trained a recurrent neural network, a type of deep learning model, with recordings of 30 people's avatars while they completed a variety of typing tasks. When someone is typing using the Vision Pro, their gaze fixates on the key they are likely to press, the researchers say, before quickly moving to the next key. "When we are typing our gaze will show some regular patterns," Zhan says. Wang says these patterns are more common during typing than if someone is browsing a website or watching a video while wearing the headset. "During tasks like gaze typing, the frequency of your eye blinking decreases because you are more focused," Wang says. In short: Looking at a QWERTY keyboard and moving between the letters is a pretty distinct behavior.

>

> The second part of the research, Zhan explains, uses geometric calculations to work out where someone has positioned the keyboard and the size they've made it. "The only requirement is that as long as we get enough gaze information that can accurately recover the keyboard, then all following keystrokes can be detected." Combining these two elements, they were able to predict the keys someone was likely to be typing. In a series of lab tests, they didn't have any knowledge of the victim's typing habits, speed, or know where the keyboard was placed. However, the researchers could predict the correct letters typed, in a maximum of five guesses, with 92.1 percent accuracy in messages, 77 percent of the time for passwords, 73 percent of the time for PINs, and 86.1 percent of occasions for emails, URLs, and webpages. (On the first guess, the letters would be right between 35 and 59 percent of the time, depending on what kind of information they were trying to work out.) Duplicate letters and typos add extra challenges.



[1] https://www.wired.com/story/apple-vision-pro-persona-eye-tracking-spy-typing/

[2] https://sites.google.com/view/Gazeploit/

Have you ever been in a high-stakes situation in which you needed to perform but completely bombed? You're not alone. Experiments in monkeys reveal that 'choking' under pressure is linked to [1]a drop in activity in the neurons that prepare for movement . Nature:

> "You see it across the board, you see it in sports, in all kinds of different sports and outside of sports as well." says Steven Chase, a neuroscientist at Carnegie Mellon University in Pittsburgh, Pennsylvania. Chase and his colleagues investigated what happens in the brain that causes performance to plummet, and [2]published their findings in Neuron on 12 September.

>

> Choking under pressure is not unique to humans. In the same way that a tennis player might miss a match-winning shot, monkeys can also underperform in high-reward situations. The team set up a computer task in which rhesus monkeys received a reward after quickly and accurately moving a cursor over a target. Each trial gave the monkeys cues as to whether the reward would be small, medium-sized, large or 'jackpot'. Jackpot rewards were rare and unusually big, creating a high-stakes, high-reward situation. Using a tiny, electrode-covered chip implanted into the monkeys' brains, the team watched how neuronal activity changed between reward scenarios. The chip was situated on the motor cortex, an area of the frontal lobe that controls movement.

>

> The researchers found that, in jackpot scenarios, the activity of neurons associated with motor preparation decreased. Motor preparation is the brain's way of making calculations about how to complete a movement -- similar to lining up an arrow on a target before unleashing it. The drop in motor preparation meant that the monkey's brains were underprepared, and so they underperformed. The results "help us understand how reward-outcome-mediated behaviour is not linear," says Bita Moghaddam, a behavioural neuroscientist at Oregon Health & Science University in Portland. To a certain extent, "you just don't perform better as the reward increases," Moghaddam says. It would also be interesting to see how other brain regions respond in jackpot-reward situations, she adds, because multiple regions could be involved.



[1] https://www.nature.com/articles/d41586-024-02956-8

[2] https://linkinghub.elsevier.com/retrieve/pii/S0896627324006081

Dell and HP executives have [1]acknowledged a delay in the anticipated commercial PC refresh cycle . Michael Dell, speaking at the Citi 2024 Global TMT conference, stated that the refresh cycle "has been delayed for sure." The Register adds:

> Without offering any reasons for postponement -- and not being pressed for one by the analyst interviewing him -- the billionaire reckoned the size of the refresh is "going to be even bigger" because of it. "So first of all we have a certain date with Windows 10 end-of-life and we're almost within a one year window of that, and as you get in that one-year window, the enterprise IT people start screwing around and saying, 'Oh, we better do something about this'," said Dell.

>

> Enrique Lores, CEO at rival PC maker HP, who spoke at the Goldman Sachs Communacopia + Technology conference this week, agreed enterprises are also about to invest in new lines. "First of all there is a large and aging installed base on PCs. Many of these PCs were bought during COVID and now we are four [or] five years after they were bought and they will have to be replaced. "We also see an opportunity driven by the Windows 11 refresh that is only starting now... this is what is behind some of the strength that we see on the commercial side. Microsoft⦠will start discontinuing their support for the previous versions, and this always ties the replacement and upgrade," he said, adding "this is going to be driving demand in the coming quarters."



[1] https://www.theregister.com/2024/09/13/win_11_refreshes_delayed_pc_makers/

OpenAI's latest models have "meaningfully" increased the risk that AI [1]will be misused to create biological weapons [ [2]non-paywalled link ] , the company has acknowledged. From a report:

> The San Francisco-based company announced its new models, known as o1, on Thursday, touting their new abilities to reason, solve hard maths problems and answer scientific research questions. OpenAI's system card, a tool to explain how the AI operates, said the new models had a "medium risk" for issues related to chemical, biological, radiological and nuclear (CBRN) weapons -- the highest risk that OpenAI has ever given for its models. The company said it meant that the technology has "meaningfully improved" the ability of experts to create bioweapons. AI software with more advanced capabilities, such as the ability to perform step-by-step reasoning, pose an increased risk of misuse in the hands of bad actors, according to experts.

>



[1] https://www.ft.com/content/37ba7236-2a64-4807-b1e1-7e21ee7d0914

[2] https://www.msn.com/en-us/news/technology/openai-o1-model-warning-issued-by-scientist-particularly-dangerous/ar-AA1qvMpm

Japan is overhauling how its ubiquitous 24-hour mini-police stations are operated nationwide as more crime fighting moves from the streets to the web. From a report:

> Called koban in Japanese, officers at these small police boxes handle a variety of tasks from responding to crime and patrolling neighborhoods to handling lost items. There are also chuzaisho outposts where police officers live full-time. The National Police Agency will update operational rules on Friday to [1]allow some outposts to shut down at night if necessary . It will also allow greater flexibility on the use of mobile or temporary outposts, depending on local needs and staffing considerations.

>

> Prefectural police will decide on changes involving specific outposts. Japan's koban system dates back to 1874 and is believed to have started operating around the clock in the 1880s. There were 6,215 kobans and 5,923 live-in outposts across Japan as of April. They have inspired countries like Singapore and Brazil to set up similar outposts focused on community policing. The change comes amid shifting crime patterns. Roughly 700,000 crime cases were reported in 2023, down more than 70% from the post-World War II peak in 2002. Street crime, like purse-snatching and car break-ins, were down around 80% to 240,000 cases. Instead, online and phone-based crimes, like impersonation scams and romance scams, are on the rise.



[1] https://asia.nikkei.com/Spotlight/Society/Crime/Japan-rethinks-24-7-police-boxes-with-rise-of-cybercrime