Peder

Commonwealth Fusion has published five peer-reviewed papers laying out the physics case for ARC, its planned 400 MW fusion power plant, which would follow the company's smaller SPARC tokamak now under construction. The papers suggest ARC could produce more energy than it consumes using high-temperature superconducting magnets, molten-salt heat extraction, and 15-minute fusion pulses. Ars Technica reports: ARC will be a tokamak that hosts fusion between hydrogen's two heavier isotopes, deuterium and tritium. This reaction results in a helium nucleus and releases a neutron and radiation. The helium transfers heat to the plasma, maintaining the conditions needed for fusion, but it is otherwise a waste product, referred to as "ash" in the fusion context. The neutron and radiation, however, are put to use. Part of that use is simply imparting energy into a blanket of molten salt that surrounds the fusion chamber. That energy, in the form of heat, will be used to drive a turbine that produces the electricity. The molten salt includes lithium ions; when one lithium isotope absorbs a neutron, it decays into more helium, plus tritium that can be used as fuel for the reactor. There are isotopes present that will also release additional neutrons, allowing this process to generate sufficient fuel. Overall, the present design of ARC is expected to produce about 1.13 GW of fusion power, with 500 MW of that extracted as electricity. Some of that (100 MW) will be needed to power the plant's operations, leaving 400 MW to be sent to the grid. The rest of the energy is either kept in the tokamak to maintain the fusion reactions or lost due to inefficiencies in the heat and energy transfer of the system. There's a lot of uncertainty about these numbers; the 1.13 GW is just the center of a range of potential values running from 900 MW to 1.3 GW, so the 400 MW output may need to be adjusted up or down accordingly. Some of that 400 MW comes during periods where fusion is not occurring. The nuclear reactions will occur within 15-minute-long periods that will be interspersed with one minute resets. The resets are meant to be kept short enough that nothing has much of a chance to cool down before it gets heated up again -- thermal inertia will let it continue generating power. That will be one of the key differentiators with SPARC, which doesn't have the heat extraction needed to maintain stable fusion for these long time periods, and so can't maintain the near constant temperatures needed for reliable power generation. It's inevitable that parts of the device will be exposed to radiation and perhaps fusion plasma. The inner walls of the reactor will be shielded by tungsten, which will limit erosion by the conditions. Meanwhile, the vacuum vessel is designed to be replaced every one to two years. The papers note that this flexibility will allow them to make some design changes even after ARC is built. To enable this, the whole tokamak is meant to split in half for maintenance.

Read more of this story at Slashdot.

It’s just a ruling from a lower court, but it sets the stage for how European courts are going to deal with the question of who is liable for whatever slop “AI” generates.

The Regional Court of Munich hit Google with a temporary injunction barring the company from spreading false claims about two Munich-based publishers through its AI-generated search overviews (case no. 26 O 869/26). The court classified Google as a direct infringer because the “AI overview” is its own content, not just a list of search results.

Google’s AI overviews had falsely tied two publishing companies to scams, subscription traps, and shady business practices for certain search queries. According to the court, the AI mixed up information about other, genuinely sketchy companies with the plaintiffs and drew connections that didn’t appear in any of the linked sources. The publishers sent Google a cease-and-desist letter, but Google didn’t respond appropriately.

↫ Matthias Bastian at The Decoder

Google tried to argue it doesn’t carry any responsibility or liability for whatever slop its “AI” generate, but the German court does not agree. According to the court, “AI” overviews are not the same as regular search results, because they rewrite findings and just make shit up, thereby making claims that are nowhere to be found in any search results (or in reality in general). Furthermore, the court states that Google develops the “AI”, it runs it, it offers it to users, and Google alone controls its output, and as such, Google is liable for whatever their “AI” produces.

Google also tried to argue that users know not to trust anything an “AI” produces, which is hilarious considering how hard Google is pushing these tools, but the courts state that the ability of users to do further research does not absolve Google of liability. In addition, the court made it very clear that free speech protections absolutely do not apply, because the “AI” expressions are coming from an algorithm, not a person, and are above all an expression of Google’s business activities”.

In other words, if an “AI” tool generates false accusations and misleading statements, the creator of said “AI” is liable. With this ruling in hand, countless other people have a stronger case to make whenever Google or any other company tries to absolve itself from liability from slop just because a pachinko machine generated it.

Excellent news, and the only fair outcome.

The Super Mario Galaxy Movie "is officially the year's highest-grossing film to date with $629 million at the global box office," reports Variety — and it will likely earn over $1 billion. Project Hail Mary now becomes the year's second highest-grossing movie, with four-week ticket sales over $510, notes The Hollywood Reporter: The two films have helped propel year-to-date revenue to $2.113 billion — the best showing for the first part of the year since before the pandemic in 2019 ($2.619 billion), according to Comscore. And revenue is running 25% ahead of the same corridor last year. Some context from ScreenRant: Even though The Super Mario Galaxy Movie reviews were largely negative, earning it a disappointing 43% score from critics on Rotten Tomatoes, audiences gave it a far superior score of 89% from audiences, making it Verified Hot on the platform's Popcornmeter. This indicates that the movie should continue to climb up the global box office chart thanks to strong word of mouth, even as it trails consistently behind the original 2023 movie in terms of commercial performance. Canadian astronaut Jeremy Hansen called Project Hail Mary "an inspirational example.. We all thought that movie was really uplifting and inspiring." Before the Artemis astronauts launched their mission, Space.com points out "they were treated to a viewing of Amazon MGM Studios' Project Hail Maryto bolster their spirits ahead of their monumental 10-day lunar voyage. " Marking the occasion and providing encouraging words to the three American astronauts and one Canadian astronaut, Ryan Gosling recorded a brief encouraging video for the moon-bound foursome. Today NPR took a spoiler-filled look at the science in the film, asking: Would it be possible for humans to travel to a place as far away as the Tau Ceti star system? It's not possible right now, says Lisa Carnell, division director for NASA'S Biological and Physical Sciences Division. "I don't think we are fully prepared to send humans to Mars, let alone light years away," she says. Given the leaps in technology that humanity has made in just the past century, however, she didn't want to rule it out.... "I believe it's possible [one day]"... The hypothetical study of how humans and extraterrestrials might communicate is a real scientific field, called xenolinguistics, that includes researchers from linguistics, animal communication, and anthropology. Martin Hilpert, a professor of linguistics at the University of Neuchâtel in Switzerland, says the film "gets a lot of things right" for how such an encounter might occur, though it also employs a lot of "happy coincidences" too.

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: An international team of scientists has done something chemistry has never seen before. IBM, working alongside researchers from the University of Manchester, Oxford University, ETH Zurich, EPFL, and the University of Regensburg, has created and characterized a molecule whose electrons travel through its structure in a corkscrew-like pattern, fundamentally altering its chemical behavior. The findings were published today in Science. The molecule, known as C13Cl2, is the first experimental observation of what scientists call a half-Mobius electronic topology in a single molecule. To the researchers' knowledge, nothing like it has ever been synthesized, observed, or even formally predicted. And proving why it behaves the way it does required something equally extraordinary -- a quantum computer. The whole thing started at IBM, where the molecule was assembled atom by atom from a custom precursor synthesized at Oxford. Working under ultra-high vacuum at near-absolute-zero temperatures, researchers used precisely calibrated voltage pulses to remove individual atoms one at a time. The result is an electronic structure that undergoes a 90-degree twist with each circuit through the molecule, requiring four complete loops to return to its starting phase. That is a topological property that has no counterpart anywhere in chemistry's existing record. What makes it even more interesting to folks who follow materials science is that this topology can be switched. The molecule can move reversibly between clockwise-twisted, counterclockwise-twisted, and untwisted states. That means electronic topology is not just a curiosity to be stumbled upon in nature -- it can be deliberately engineered. That is a big deal. The quantum computing angle here is not just a supporting role. Electrons within C13Cl2 interact in deeply entangled ways, each influencing the others simultaneously. Modeling that requires tracking every possible configuration of those interactions at once -- something that causes computational demands to grow exponentially and can quickly overwhelm classical machines. A decade ago, researchers could exactly model 16 electrons classically. Today that number has crept to 18. Using IBM's quantum computer, the team was able to explore 32 electrons. Quantum computers can represent these systems directly rather than approximate them, because they operate according to the same quantum mechanical laws that govern electrons in molecules. In this case, that capability helped reveal helical molecular orbitals for electron attachment -- a fingerprint of the half-Mobius topology -- and exposed the mechanism behind the unusual structure: a helical pseudo-Jahn-Teller effect.

Read more of this story at Slashdot.

In 2023 Slashdot covered a battery-swapping startup that promised to give EVs a full charge in about the same time it takes to fill a tank of gas. They just filed for bankruptcy, reports Inc: Ample was founded in 2014 with a goal of "solving slow charging times and infrastructure incompatibility" for commercial EV fleets such as those in logistics, ride-hailing, and delivery, the filing states. To-date, Ample has raised more than $330 million across five rounds of funding to finance research and development and deployment. Rather than tackling fast charging, its strategy involved developing "fully autonomous modular battery swapping," capable of delivering a fully charged battery in just five minutes. The technology requires purpose-built "Ample stations" that look a little like carwashes. A car is guided into the bay and elevated on a platform. A robot then identifies the location of a car's battery module, removes it, and replaces it with a charged module, Canary Media reported. The company also boasts partnerships with Uber, Mitsubishi, and Stellantis, and notes it has deployed its technology — or is pursuing deployment — in San Francisco, Madrid and Tokyo. Even so, it ran up against funding issues. In its filing, Ample attributed its bankruptcy to macroeconomic and industry headwinds, such as "severe supply chain disruptions," "contraction in both public and private investment in renewable energy" and the "reduction, delay, or redirection of government incentives intended to accelerate EV adoption." The filing notes that regulatory and permitting delays slowed its launch in international markets, after which access to capital foiled its scaling efforts. The company eliminated all but two full-time, non-executive employees after formerly employing about 200... Electrek noted that Ample is the second battery swapping startup to go bankrupt after California-based Better Place in collapsed in 2013 amid financial issues related to how capital intensive it was to build infrastructure, Reuters reported. And Tesla briefly pursued the concept, building a station in California, before ditching the idea altogether. Ample "claimed to have designed autonomous battery swapping stations that would be rapidly deployable, cheap to build, and could adapt to any EV design with a modular battery which would be easy for manufacturers to use," notes Electrek's article: Where this bankruptcy leaves Ample's technology is unclear. Another company could snap it up and try to do something with it, if they find that the technology is real and useful. Ample had gotten investments and partnerships with Shell, Mitsubishi and Stellantis, for example, so the company wasn't alone in touting its tech. Or, it could just disappear, as other EV battery swapping plans have before... That's not to say that nobody has been successful at at implementing battery swap, though. NIO seems to be successful with its battery swapping tech in China, though the company did miss its 2025 scaling goals by a longshot. But as of yet, this is the only notable example of a successful battery swap initiative, and it was done by an automaker itself, rather than a startup claiming to work for every automaker. Electrek's writer is "just not bullish on battery swapping as a solution in general. Currently, the fastest-charging vehicles can charge from 10-80% in about 18 minutes. While that's longer than 5 minutes, it's not really a terrible amount of time to spend during most stops." Plus, if cars come and go in 5 minutes instead of 18 minutes, "then you're going to have more than triple the throughput at peak utilization." And Ample's prices would be about the same as normal EV quick-charging prices...

Read more of this story at Slashdot.

An anonymous reader quotes a report from GamesIndustry.biz: Japanese game makers are struggling to locate affordable commercial fonts after one of the country's leading font licensing services raised the cost of its annual plan from around $380 to $20,500 (USD). As reported by Gamemakers and GameSpark and translated by Automaton, Fontworks LETS discontinued its game license plan at the end of November. The expensive replacement plan -- offered through Fontwork's parent company, Monotype -- doesn't even provide local pricing for Japanese developers, and comes with a 25,000 user-cap, which is likely not workable for Japan's bigger studios. The problem is further compounded by the difficulties and complexities of securing fonts that can accurately transcribe Kanji and Katakana characters. UI/UX designer Yamanaka stressed that this would be particularly problematic for live service games; even if studios moved quickly and switched to fonts available through an alternate licensee, they will have to re-test, re-validate, and re-QA check content already live and in active use. The crisis could even eventually force some Japanese studios to rebrand entirely if their corporate identity is tied to a commercial font they can no longer afford to license.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: Denmark's government on Friday announced an agreement to ban access to social media for anyone under 15, ratcheting up pressure on Big Tech platforms as concerns grow that kids are getting too swept up in a digitized world of harmful content and commercial interests. The move would give some parents -- after a specific assessment -- the right to let their children access social media from age 13. It wasn't immediately clear how such a ban would be enforced: Many tech platforms already restrict pre-teens from signing up. Officials and experts say such restrictions don't always work. Such a measure would be among the most sweeping steps yet by a European Union government to limit use of social media among teens and younger children, which has drawn concerns in many parts of an increasingly online world. "We've given the tech giants so many chances to stand up and to do something about what is happening on their platforms. They haven't done it," said Caroline Stage, Denmark's minister for digital affairs. "So now we will take over the steering wheel and make sure that our children's futures are safe." "I can assure you that Denmark will hurry, but we won't do it too quickly because we need to make sure that the regulation is right and that there is no loopholes for the tech giants to go through," Stage said.

Read more of this story at Slashdot.

"Eleven days ago, the nonprofit entity that develops the protocol, Signal Messenger LLC, published a 5,900-word write-up describing its latest updates that bring Signal a significant step toward being fully quantum-resistant," writes Ars Technica: The mechanism that has made this constant key evolution possible over the past decade is what protocol developers call a "double ratchet." Just as a traditional ratchet allows a gear to rotate in one direction but not in the other, the Signal ratchets allow messaging parties to create new keys based on a combination of preceding and newly agreed-upon secrets. The ratchets work in a single direction, the sending and receiving of future messages. Even if an adversary compromises a newly created secret, messages encrypted using older secrets can't be decrypted... [Signal developers describe a "ping-pong" behavior as parties take turns replacing ratchet key pairs one at a time.] Even though the ping-ponging keys are vulnerable to future quantum attacks, they are broadly believed to be secure against today's attacks from classical computers. The Signal Protocol developers didn't want to remove them or the battle-tested code that produces them. That led to their decision to add quantum resistance by adding a third ratchet. This one uses a quantum-safe Key-Encapsulation Mechanism (KEM) to produce new secrets much like the Diffie-Hellman ratchet did before, ensuring quantum-safe, post-compromise security... The technical challenges were anything but easy. Elliptic curve keys generated in the X25519 implementation are about 32 bytes long, small enough to be added to each message without creating a burden on already constrained bandwidths or computing resources. A ML-KEM 768 key, by contrast, is 1,000 bytes. Additionally, Signal's design requires sending both an encryption key and a ciphertext, making the total size 2,272 bytes... To manage the asynchrony challenges, the developers turned to "erasure codes," a method of breaking up larger data into smaller pieces such that the original can be reconstructed using any sufficiently sized subset of chunks... The Signal engineers have given this third ratchet the formal name: Sparse Post Quantum Ratchet, or SPQR for short. The third ratchet was designed in collaboration with PQShield, AIST, and New York University. The developers presented the erasure-code-based chunking and the high-level Triple Ratchet design at the Eurocrypt 2025 conference. Outside researchers are applauding the work. "If the normal encrypted messages we use are cats, then post-quantum ciphertexts are elephants," Matt Green, a cryptography expert at Johns Hopkins University, wrote in an interview. "So the problem here is to sneak an elephant through a tunnel designed for cats. And that's an amazing engineering achievement. But it also makes me wish we didn't have to deal with elephants." Thanks to long-time Slashdot reader mspohr for sharing the article.

Read more of this story at Slashdot.

iFixit's teardown of Apple's iPhone Air reveals a device dominated by its battery, which occupies approximately two-thirds of the internal space while critical components including the logic board cluster at the top. The battery matches the component used in Apple's iPhone Air MagSafe battery pack and can be swapped between devices. The top-heavy component layout addresses the bendgate vulnerability that damaged logic boards in previous thin iPhone models when pressure was applied to the device's middle section. Despite the iPhone Air's thinner profile, iFixit awarded it a 7 out of 10 repairability score, citing reduced component layering that provides more direct access to the USB-C connector, battery, and other serviceable parts compared to standard iPhone models. The dual-entry system further contributes to the device's serviceability.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Like the rest of its Big Tech cadre, Google has spent lavishly on developing generative AI models. Google's AI can clean up your text messages and summarize the web, but the company is constantly looking to prove that its generative AI has true intelligence. The International Collegiate Programming Contest (ICPC) helps make the point. Google says Gemini 2.5 participated in the 2025 ICPC World Finals, turning in a gold medal performance. According to Google this marks "a significant step on our path toward artificial general intelligence." Every year, thousands of college-level coders participate in the ICPC event, facing a dozen deviously complex coding and algorithmic puzzles over five grueling hours. This is the largest and longest-running competition of its type. To compete in the ICPC, Google connected Gemini 2.5 Deep Think to a remote online environment approved by the ICPC. The human competitors were given a head start of 10 minutes before Gemini began "thinking." According to Google, it did not create a freshly trained model for the ICPC like it did for the similar International Mathematical Olympiad (IMO) earlier this year. The Gemini 2.5 AI that participated in the ICPC is the same general model that we see in other Gemini applications. However, it was "enhanced" to churn through thinking tokens for the five-hour duration of the competition in search of solutions. At the end of the time limit, Gemini managed to get correct answers for 10 of the 12 problems, which earned it a gold medal. Only four of 139 human teams managed the same feat. "The ICPC has always been about setting the highest standards in problem-solving," said ICPC director Bill Poucher. "Gemini successfully joining this arena, and achieving gold-level results, marks a key moment in defining the AI tools and academic standards needed for the next generation." Gemini's solutions are available on GitHub.

Read more of this story at Slashdot.

From a Space.com article: Athena, the second lunar lander from Houston company Intuitive Machines, tipped over during its touchdown on March 6, ending up on its side within a small crater near the moon's south pole. This orientation prevented the lander's solar panels from capturing enough sunlight, and Intuitive Machines declared Athena dead on March 7. (The company's first moon lander, named Odysseus, also tipped over during its historic February 2024 touchdown but was able to operate for longer on the lunar surface.) Athena beamed home a few shots of its surroundings before giving up the ghost. And we now have views of the lander and its crater grave from on high, courtesy of NASA's sharp-eyed Lunar Reconnaissance Orbiter (LRO). On March 7, LRO captured a gorgeous oblique photo of Athena and its landing site -- the Mons Mouton region, about 100 miles (160 kilometers) from the lunar south pole. Then, three days later, the probe snapped another pic, which provided a closer look at Athena on the shadowed floor of a 65-foot-wide (20 meters) crater.

Read more of this story at Slashdot.

In 2022 Google released a tool to easily scan for vulnerabilities in dependencies named OSV-Scanner. "Together with the open source community, we've continued to build this tool, adding remediation features," according to Google's security blog, "as well as expanding ecosystem support to 11 programming languages and 20 package manager formats... Users looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities..." Thursday they also announced an extensible library for "software composition analysis" scanning (as well as file-system scanning) named OSV-SCALIBR (Open Source Vulnerability — Software Composition Analysis LIBRary). The new library "combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as: Software composition analysis for installed packages, standalone binaries, as well as source code OSes package scanning on Linux (COS, Debian, Ubuntu, RHEL, and much more), Windows, and Mac Artifact and lockfile scanning in major language ecosystems (Go, Java, Javascript, Python, Ruby, and much more) Vulnerability scanning tools such as weak credential detectors for Linux, Windows, and Mac Software Bill of Materials (SBOM) generation in SPDX and CycloneDX, the two most popular document formats Optimization for on-host scanning of resource constrained environments where performance and low resource consumption is critical "OSV-SCALIBR is now the primary software composition analysis engine used within Google for live hosts, code repos, and containers. It's been used and tested extensively across many different products and internal tools to help generate SBOMs, find vulnerabilities, and help protect our users' data at Google scale. We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface."

Read more of this story at Slashdot.

An anonymous reader shares a report: Companies have been discussing migrating off of VMware since Broadcom's takeover a year ago led to higher costs and other controversial changes. Now we have an inside look at one of the larger customers that recently made the move. According to a report from The Register today, Beeks Group, a cloud operator headquartered in the United Kingdom, has moved most of its 20,000-plus virtual machines (VMs) off VMware and to OpenNebula, an open source cloud and edge computing platform. Beeks Group sells virtual private servers and bare metal servers to financial service providers. It still has some VMware VMs, but "the majority" of its machines are currently on OpenNebula, The Register reported. Beeks' head of production management, Matthew Cretney, said that one of the reasons for Beeks migration was a VMware bill for "10 times the sum it previously paid for software licenses," per The Register. According to Beeks, OpenNebula has enabled the company to dedicate more of its 3,000 bare metal server fleet to client loads instead of to VM management, as it had to with VMware. With OpenNebula purportedly requiring less management overhead, Beeks is reporting a 200 percent increase in VM efficiency since it now has more VMs on each server.

Read more of this story at Slashdot.

Raspberry Pi has announced the Pico 2 W, a wireless version of its Pico 2 microcontroller board built for hobbyists and industrial applications. From a report: At $7, it's a relatively inexpensive way to control electronic devices like smart home gadgets and robots. With the new version, users will be able to securely link to remote sources to send and receive data, either via Bluetooth 5.2 or Wi-Fi 802.11n. As with the Pico 2, the wireless variant is built around the RP2350 microcontroller built in-house by Raspberry Pi. it offers more speed and memory than the original RP2040 chip, along with a security model built around Arm's TrustZone for Cortex-M. Users can program it using C, C++ and MicroPython, and choose between Arm Cortex-M33 or RISC-V cores.

Read more of this story at Slashdot.

How does Linux move from an awake machine to a hibernating one? How does it then manage to restore all state? These questions led me to read way too much C in trying to figure out how this particular hardware/software boundary is navigated.

↫ Jacob Adams

So this is a lot deeper of a dive than I expected, and it blows my mind just how complex sleep, hibernating, and waking a computer really is. Instinctively you know this, but seeing it spelled out like this really drives that point home – and this only covers going into hibernation. It also highlights how hard it must be for the developers involved to keep this working at all, especially on the wide variety of machines and hardware combinations Linux runs on.

It wasn’t too log ago that pretty much the only platform where sleeping and waking worked reliably was Mac OS X with its controlled, small hardware selection, so it’s kind of remarkable this works at all on Linux now. I haven’t had to worry about sleeping and waking with Linux for quite a while now, and it’s one of those things that “just works” so I never have to think about it. This definitely wasn’t always the case, though, and on both Linux and Windows I would just turn the whole feature off since it rarely worked reliably, especially on desktops.

I’m sure it still breaks for people, but for me, it’s been rock solid, and reading through the linked article, I’m even more amazed about this than I already was.

A new Gallup survey released Tuesday found cost and work conflicts are the top reasons Americans choose to discontinue their higher education. From a report: In the poll, 87 percent said cost was a "very" or "moderately" important reason for pursuing further institutional study, while 81 percent pointed to work conflicts. The other two leading reasons were the time it takes to complete a degree at 73 percent and lack of remote options at 70 percent. Cost tops the list among all demographic groups, including across racial and ethnic lines. "For many of these Americans, their time enrolled in these courses represents significant opportunity costs and financial investment. Given that they lack a degree or credential to show for their time enrolled, they are often worse off than if they never enrolled to begin with," Gallup said. Colleges prices have been surging for decades, with some estimating a 180 percent increase between 1980 and 2020. The cost of Ivy League schools is nearing $90,000 a year, and the average student debt held in the U.S. sits around $30,000. "Today, approximately 41.9 million Americans have some college experience but no degree or credential. The percentage of Americans who have taken some college courses, but who have stopped out and not completed their degree or credential, has increased significantly over the past five years," Gallup found.

Read more of this story at Slashdot.

An anonymous reader shared this report from BleepingComputer: Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. Spectre V2 is a new variant of the original Spectre attack discovered by a team of researchers at the VUSec group from VU Amsterdam. The researchers also released a tool that uses symbolic execution to identify exploitable code segments within the Linux kernel to help with mitigation. The new finding underscores the challenges in balancing performance optimization with security, which makes addressing fundamental CPU flaws complicated even six years after the discovery of the original Spectre.... As the CERT Coordination Center (CERT/CC) disclosed yesterday, the new flaw, tracked as CVE-2024-2201, allows unauthenticated attackers to read arbitrary memory data by leveraging speculative execution, bypassing present security mechanisms designed to isolate privilege levels. "An unauthenticated attacker can exploit this vulnerability to leak privileged memory from the CPU by speculatively jumping to a chosen gadget," reads the CERT/CC announcement. "Current research shows that existing mitigation techniques of disabling privileged eBPF and enabling (Fine)IBT are insufficient in stopping BHI exploitation against the kernel/hypervisor." "For a complete list of impacted Intel processors to the various speculative execution side-channel flaws, check this page updated by the vendor."

Read more of this story at Slashdot.

Under a new agreement between the U.S. and Japan, the first non-American on the Moon as part of the Artemis lunar exploration campaign will be a Japanese astronaut. SpaceNews reports: At an event in Washington, NASA Administrator Bill Nelson and Japanese Minister of Education, Culture, Sports, Science and Technology (MEXT) Masahito Moriyama signed an agreement regarding an additional Japanese contribution to Artemis, a pressurized lunar rover called Lunar Cruiser. NASA will deliver the rover to the moon, which the agencies said should take place ahead of the Artemis 7 mission scheduled for no earlier than 2031. NASA will also provide two seats on future Artemis lunar landing missions to astronauts from the Japanese space agency JAXA, the first agency other than NASA to secure spots on landing missions. The Japanese rover will support extended expeditions from Artemis landing sites that are beyond the range of the Lunar Terrain Vehicle that three American companies are developing for NASA under contracts announced April 3. The rover is designed to accommodate two astronauts for up to 30 days, with an overall lifetime of 10 years. The announcement, though, offered no details about when the Japanese astronauts would fly to the moon. "It depends," Nelson said at an April 10 briefing when asked about schedules, noting that the two countries "announced a shared goal for a Japanese national to land on the moon on a future NASA mission assuming benchmarks are achieved." "No mission has been currently assigned to a Japanese astronaut," added Lara Kearney, manager of NASA's extravehicular activity and human surface mobility program, at the briefing. The implementing agreement (PDF) said several factors will go into crew assignments, including progress on the pressurized rover, or PR: "The timing of the flight opportunities will be determined by NASA in line with existing flight manifesting and crew assignment processes and will take into account program progress and constraints, MEXT's request for the earliest possible assignment of the Japanese astronauts to lunar surface missions, and major PR milestones such as when the PR is first deployed on the lunar surface." The assumption among many in the industry, though, is that at least one of the astronauts will fly before the rover is delivered, and possibly as soon as the Artemis 4 mission, the second crewed landing, in the late 2020s.

Read more of this story at Slashdot.

CoinDesk: The Ethereum Foundation -- the Swiss non-profit organization at the heart of the Ethereum ecosystem -- is under investigation by an unnamed "state authority," according to the group's website's GitHub repository. The scope of the investigation and its focus was unknown at press time. According to the GitHub commit dated Feb. 26, 2024, "we have received a voluntary enquiry from a state authority that included a requirement for confidentiality." The investigation comes during a time of change for Ethereum's technology. Ethereum is the second-largest blockchain by market cap after Bitcoin, launching in 2015 following an initial coin offering for the chain's native ETH token. Earlier this month, the chain underwent a major technical upgrade, dubbed Dencun, designed to bring down transaction costs for users of Ethereum-based layer-2 platforms.

Read more of this story at Slashdot.

An anonymous reader shares a report: More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department. That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of "Operation Dying Ember," according to the FBI's director. It affected routers running Ubiquiti's EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to "conceal and otherwise enable a variety of crimes," the DOJ claims, including spearphishing and credential harvesting in the US and abroad. Unlike previous attacks by Fancy Bear -- that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers -- the Ubiquiti intrusion relied on a known malware, Moobot. Once infected by "Non-GRU cybercriminals," GRU agents installed "bespoke scripts and files" to connect and repurpose the devices, according to the DOJ. The DOJ also used the Moobot malware to copy and delete the botnet files and data, according to the DOJ, and then changed the routers' firewall rules to block remote management access. During the court-sanctioned intrusion, the DOJ "enabled temporary collection of non-content routing information" that would "expose GRU attempts to thwart the operation." This did not "impact the routers' normal functionality or collect legitimate user content information," the DOJ claims. "For the second time in two months, we've disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers," said Deputy Attorney General Lisa Monaco in a press release.

Read more of this story at Slashdot.

After missing its sales target in the last quarter, Sony says it plans to emphasize the PlayStation 5's profitability over unit sales as the console approaches its fourth birthday. "Looking ahead, PS5 will enter the latter stage of its life cycle," said Sony senior vice president Naomi Matsuoka. "As such, we will put more emphasis on the balance between profitability and sales. For this reason, we expect the annual sales pace of PS5 hardware will start falling from the next fiscal year." Sony also said it has no plans to release "any new major existing franchise titles" in its next fiscal year. The Verge reports: Sony now expects to sell 4 million fewer PS5 consoles in its 2023 fiscal year ending March 31st compared to previous projections, Bloomberg reports. The revision came as part of today's third-quarter earnings release which saw Sony lower the PS5 sales forecast from the 25 million consoles it expected to sell down to 21 million. While PS5 sales were up in Sony's third quarter, increasing to 8.2 million units from 6.3 million in the same quarter the previous year, Bloomberg notes that this was roughly a million units lower than it had previously projected. That's despite the release of the big first-party title Spider-Man 2, strong sales of third-party titles, and the launch of a new slimmer PS5 in November. In its third quarter, Sony's gaming revenue was up 16 percent versus the same period the previous year, sitting at 1.4 trillion yen (around $9.3 billion), but operating income was down 26 percent to 86.1 billion yen (around $572 million) due to promotions in the third quarter ending on December 31st.

Read more of this story at Slashdot.

For the third time in under a year, film studios are pressing Reddit to reveal users allegedly discussing piracy, despite two prior failed attempts. Studios including Voltage Holdings and Screen Media have filed fresh motions to compel Reddit to comply with a subpoena seeking IP addresses and logs of six Redditors, claiming the information is needed for copyright suits against internet provider Frontier Communications. The same federal judge previously denied the studios' bid to unmask Reddit users, citing First Amendment protections. However, the studios now argue IP addresses fall outside privacy rights. Reddit maintains the new subpoena fails to meet the bar for identifying anonymous online speakers.

Read more of this story at Slashdot.

Pope Francis has called for a legally binding international treaty to regulate AI, saying algorithms must not be allowed to replace human values and warning of a "technological dictatorship" threatening human existence. From a report: The pope made his call on Thursday in a message for the Roman Catholic Church's World Day of Peace, which is celebrated on Jan. 1. The title of the message, which is traditionally sent to world leaders and heads of institutions such as the United Nations, is "Artificial Intelligence and Peace." [...] "The global scale of artificial intelligence makes it clear that, alongside the responsibility of sovereign states to regulate its use internally, international organizations can play a decisive role in reaching multilateral agreements and coordinating their application and enforcement," Francis wrote in the message. "I urge the global community of nations to work together in order to adopt a binding international treaty that regulates the development and use of artificial intelligence in its many forms," the pope said.

Read more of this story at Slashdot.

Jay Powell has warned that inflation "remains too high," raising the prospect of further interest rate increases in the world's largest economy should price pressures persist. Financial Times: In a highly anticipated speech on Friday, the chair of the US Federal Reserve at times struck a hawkish tone, pointing to the central bank's readiness to maintain a "restrictive" policy to bring inflation down to its 2 per cent target. "Although inflation has moved down from its peak -- a welcome development -- it remains too high," Powell said at the Fed's annual economic symposium in Jackson Hole, Wyoming. "We are prepared to raise rates further if appropriate, and intend to hold policy at a restrictive level until we are confident that inflation is moving sustainably down toward our objective," he added. But he tempered that message with a pledge to proceed "carefully" as the Fed navigates the final stages of its campaign to stamp out the worst inflation shock in decades. Headline US inflation, according to the consumer price index, was 3.2 per cent for July, well down from its peak of 9.1 per cent, but above June's rate of 3 per cent. Powell said the Fed was now focused not only on the risk of tightening monetary policy too little and allowing inflation to become entrenched but also of raising rates too high. "Doing too much could also do unnecessary harm to the economy," he said.

Read more of this story at Slashdot.

Billionaire Tencent co-founder Pony Ma has penned a lengthy op-ed backing Chinese pledges to resuscitate the private sector, becoming the most prominent entrepreneur to endorse Beijing's promises to unshackle a giant swath of the economy. From a report: China's third-wealthiest person echoed many of the sentiments in an official policy document published Wednesday that called for the revival of private businesses, at a time the world's No. 2 economy is struggling to gain momentum. He was joined by Xiaomi co-founder Lei Jun, the smartphone mogul turned EV entrepreneur, who in a separate editorial likened the policies to a manifesto for quality growth and innovation. Ma, who rarely voices his opinions but has publicly supported important policies in the past, penned an article for state-owned CCTV in which he called private enterprise pivotal to the nation, and explicitly referenced Chinese President Xi Jinping's previous proclamations on the matter. He talked about the advent of AI and how the country needed to embrace next-generation technology. Ma's comments are notable given Tencent was among the corporations targeted by a sweeping crackdown on the private sector that began in 2020 with the scrapping of Ant Group's IPO. "We must once again embrace the opportunities presented by the coming industrial revolution," Ma wrote in his op-ed carried on CCTV's website. Using the policies as a guide, "we will look ahead with confidence and redouble our efforts."

Read more of this story at Slashdot.

Microsoft is expanding its suite of free security tools for customers, the software company said on Wednesday, following criticism that it was charging clients to protect themselves against Microsoft's mistakes. From a report: The move follows a high-level hack that allowed allegedly Chinese spies to steal emails from senior U.S. officials - and complaints from security specialists and lawmakers against paying for tools In a blog post published on Wednesday, Microsoft said the advanced features in Microsoft's auditing suite - which it calls Microsoft Purview - would be available to all customers "over the coming months." Although not enough to prevent hacks on their own, digital auditing tools are critical for helping organizations figure out whether intruders are in their network, how they got in and how to get them out.

Read more of this story at Slashdot.

A traditional PalmOS emulator requires a ROM: a binary object that contains the original PalmOS compiled and linked for the 68K architecture. When you run an application PRC in those emulators, everything is emulated down to the hardware layer, so the ROM thinks it is talking to an actual device. Therefore, as an emulator developer, your job is to provide an implementation of the CPU, memory, display, serial port, and so on, taking into accounting the low level differences between the myriad of devices that ran PalmOS back then. As long as your implementation of the physical layer is accurate, applications will generally run fine.

PumpkinOS also allows you to run binary 68K applications, but do not require a copyrighted PalmOS ROM. The short story is this: the developers of PalmOS devised a clever way to implement system calls (also used in other 68K systems, I think). They used a feature of the 68K CPU called trap. A trap is like a subroutine call, but instead of jumping to a different memory addresses depending on the system call, it jumps to a fixed address, passing an argument identifying the system call. PumpkinOS takes advantage of this fact and, whenever a trap is issued, it intercepts the execution flow, identifies the system call, extract the parameters and calls a native implementation inside PumpkinOS, bypassing a ROM altogether. It is very similar to the way PACE (Palm Application Compatibility Environment) was implemented when PalmOS 5 was introduced. If the 68K application plays by the rules and only calls the OS through system traps, never accessing hardware directly, it will also run fine on PumpkinOS. Now, if you want to know the long version of this story, keep reading.

Even more details about the inner-workings of PumpkinOS.

China said its giant Sky Eye telescope may have picked up signs of alien civilizations, according to a report by the state-backed Science and Technology Daily, which then appeared to have deleted the report and posts about the discovery. From a report: The narrow-band electromagnetic signals detected by Sky Eye -- the world's largest radio telescope -- differ from previous ones captured and the team is further investigating them, the report said, citing Zhang Tonjie, chief scientist of an extraterrestrial civilization search team co-founded by Beijing Normal University, the National Astronomical Observatory of the Chinese Academy of Sciences and the University of California, Berkeley. It isn't clear why the report was apparently removed from the website of the Science and Technology Daily, the official newspaper of China's science and technology ministry, though the news had already started trending on social network Weibo and was picked up by other media outlets, including state-run ones.

Read more of this story at Slashdot.

This summer the Free Software Foundation campaigns manager said that while they'll never stop aiming to be a "lighthouse" for others, "we recognize that a stance like ours can sometimes be a deterrent to people making important incremental improvements in their practices." So while they'll continue holding up the principled finish line, "Now, we're developing a clear set of steps to help support individuals in making the step-by-step improvements that they can." By supporting them in taking a step at a time, we're confident that we can help bring more people to a fully free setup than ever before. We're calling this campaign the "freedom ladder," and we need your support to help others begin climbing it. This week the Free Software Foundation's program manager explained that "Free software can only be a sustainable idea if we are continuously bringing new people into the free software community," and provided an update on their Freedom Ladder campaign: Since we recognized the need for community input at every step of the way, we started off the campaign by holding four interactive Internet Relay Chat (IRC) community meetings... In the community meetings, we once again confirmed that the "typical" free software user does not exist. It's not "one size fits all," and there are as many particular use cases as there are free software users. How do you create one single message for people that range from absolute beginners to lifelong programmers, and who span all walks of life? The answer is: you don't... As everyone's steps will be different, we need to meet people where they are. Our goal, and something important to keep in mind, is to explain the steps on the path forward in a way that allows one to step in from anywhere. We want to recognize the progress they've made so far, while still motivating them to strive towards full freedom... A clear result from our first conversations about the new campaign was the need for educational resources... We believe people's stories about the use cases of free software, much like the free software stories we collected for the thirtieth birthday of the FSF about how people got into free software, as well as on the difficulties that sometimes need to be overcome, will help us better represent and address the multitude of audiences we want to speak to. It will show that free software really is for everyone, and for everyone there is a step forward. The goal of the Freedom Ladder campaign is to deliver an ever-expanding journey towards free software. The ideal result would be a combination of resources, information, connections, and motivation for the future. This is a major undertaking and the campaigns team's main goal at present: delivering a framework we can accelerate building upon that will help people in their journey to freedom. We need to help people identify with other members of the community by delivering these stories, and letting them know that it's more than acceptable to move towards freedom gradually and incrementally... We're interested in both written statements and videos, and we would love to receive yours. You can add them to the Freedom Ladder pages in the wiki, or you can email campaigns@fsf.org with your ideas. In the meantime, we will work on the infrastructure to start building this initiative and be able to integrate any information and resources we need. But we need your help... Our work on the Freedom Ladder campaign so far has been inspiring; the community meetings were fun and everything in this post is a result of the interactive, open, and welcoming nature of those events.

Read more of this story at Slashdot.

Advocates will once again be granted a DMCA exception to make accessible versions of texts. They argue that it's far past time to make it permanent. From a report: It's a cliche of digital life that "information wants to be free." The internet was supposed to make the dream a reality, breaking down barriers and connecting anyone to any bit of data, anywhere. But 32 years after the invention of the World Wide Web, people with print disabilities -- the inability to read printed text due to blindness or other impairments -- are still waiting for the promise to be fulfilled. Advocates for the blind are fighting an endless battle to access ebooks that sighted people take for granted, working against copyright law that gives significant protections to corporate powers and publishers who don't cater to their needs. For the past year, they've once again undergone a lengthy petitioning process to earn a critical exemption to the 1998 Digital Millennium Copyright Act that provides legal cover for people to create accessible versions of ebooks. Baked into Section 1201 of the DMCA is a triennial process through which the Library of Congress considers exceptions to rules that are intended to protect copyright owners. Since 2002, groups advocating for the blind have put together lengthy documents asking for exemptions that allow copy protections on ebooks to be circumvented for the sake of accessibility. Every three years, they must repeat the process, like Sisyphus rolling his stone up the hill. On Wednesday, the US Copyright Office released a report recommending the Librarian of Congress once again grant the three-year exemption; it will do so in a final rule that takes effect on Thursday. The victory is tainted somewhat by the struggle it represents. Although the exemption protects people who circumvent digital copyright protections for the sake of accessibility -- by using third-party programs to lift text and save it in a different file format, for example -- that it's even necessary strikes many as a fundamental injustice. "As the mainstream has embraced ebooks, accessibility has gotten lost," says Mark Riccobono, president of the National Federation of the Blind. "It's an afterthought." Publishers have no obligation to make electronic versions of their books accessible to the blind through features like text-to-speech (TTS), which reads aloud onscreen text and is available on whichever device you're reading this article. More than a decade ago, publishers fought Amazon for enabling a TTS feature by default on its Kindle 2 ereader, arguing that it violated their copyright on audiobooks. Now, publishers enable or disable TTS on individual books themselves. Even as TTS has become more common, there's no guarantee that a blind person will be able to enjoy a given novel from Amazon's Kindle storefront, or a textbook or manual. That's why the exemption is so important -- and why advocates do the work over and over again to secure it from the Library of Congress. It's a time-consuming and expensive process that many would rather do away with.

Read more of this story at Slashdot.