N e w s - F e e d s

[ Reuters | Slashdot | BBC News ]
[ Image Archive ]

Slashdot

    - Vast Energy Use of Bitcoin Criticized
    The University of Cambridge Centre for Alternative Finance has calculated that Bitcoin's total energy consumption is somewhere between 40 and 445 terawatt hours (TWh) a year, with a central estimate of about 130 terawatt hours, reports the BBC: The UK's electricity consumption is a little over 300 TWh a year, while Argentina uses around the same amount of power as the CCAF's best guess for Bitcoin. And the electricity the Bitcoin miners use overwhelmingly comes from polluting sources. The CCAF team surveys the people who manage the Bitcoin network around the world on their energy use and found that about two-thirds of it is from fossil fuels.... We can track how much effort miners are making to create the currency. They are currently reckoned to be making 160 quintillion calculations every second — that's 160,000,000,000,000,000,000, in case you were wondering. And this vast computational effort is the cryptocurrency's Achilles heel, says Alex de Vries, the founder of the Digiconomist website and an expert on Bitcoin. All the millions of trillions of calculations it takes to keep the system running aren't really doing any useful work. "They're computations that serve no other purpose," says de Vries, "they're just immediately discarded again. Right now we're using a whole lot of energy to produce those calculations, but also the majority of that is sourced from fossil energy." The vast effort it requires also makes Bitcoin inherently difficult to scale, he argues. "If Bitcoin were to be adopted as a global reserve currency," he speculates, "the Bitcoin price will probably be in the millions, and those miners will have more money than the entire [U.S.] Federal budget to spend on electricity." "We'd have to double our global energy production," he says with a laugh. "For Bitcoin." Ken Rogoff, a professor of economics at Harvard and a former chief economist at the IMF, tells the BBC that Bitcoin exists almost solely as a vehicle for speculation, rather than as a stable store of value that can be easily exchanged. When asked if the Bitcoin bubble is about to burst, he answers, "That's my guess." Then pauses and adds, "But I really couldn't tell you when."

    Read more of this story at Slashdot.



    - Flaws In Zoom's Keybase App Kept Chat Images From Being Deleted
    chicksdaddy writes: The Security Ledger reports that a flaw in Zoom's Keybase secure chat application left copies of images contained in secure communications on Keybase users' computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. The flaw in the encrypted messaging application, CVE-2021-23827 does not expose Keybase users to remote compromise. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months. Sakura Samurai researchers Aubrey Cottle, Robert Willis, and Jackson Henry discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger. In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security "very seriously." "We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates," the spokesman said. In most cases, the failure to remove files from cache after they were deleted would count as a "low priority" security flaw. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote.

    Read more of this story at Slashdot.



    - Introducing Crowdsec: a Modernized, Collaborative Massively Multiplayer Firewall
    Slashdot reader b-dayyy writes: CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool. CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to 'immunize' them against this IP. The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users. It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades — they didn't just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure. The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.

    Read more of this story at Slashdot.



    - America Authorizes Johnson & Johnson's COVID-19 Vaccine For Emergency Use
    America's Food and Drug Administration just authorized Johnson & Johnson's COVID-19 vaccine for emergency use, according to CBS News. "The vaccine is the third to be approved for use in the United States, and the first that requires only one shot..." Among people who got the vaccine in clinical trials, there were no COVID-related deaths. Phase 3 clinical trials also showed protection against multiple emerging virus variants, including a more contagious strain that was first discovered in South Africa and has since been detected in the U.S. The vaccine can be stored at standard refrigerator temperatures for up to three months. More from the BBC: The company has agreed to provide the U.S. with 100 million doses by the end of June. The first doses could be available to the US public as early as next week. The U.K., EU and Canada have also ordered doses, and 500 million doses have also been ordered through the Covax scheme to supply poorer nations.

    Read more of this story at Slashdot.



    - How Facebook Silenced an Enemy of Turkey To Prevent a Hit To the Company's Business
    Long-time Slashdot reader schwit1 shares this report from ProPublica: As Turkey launched a military offensive against Kurdish minorities in neighboring Syria in early 2018, Facebook's top executives faced a political dilemma. Turkey was demanding the social media giant block Facebook posts from the People's Protection Units, a mostly Kurdish militia group the Turkish government had targeted. Should Facebook ignore the request, as it has done elsewhere, and risk losing access to tens of millions of users in Turkey? Or should it silence the group, known as the YPG, even if doing so added to the perception that the company too often bends to the wishes of authoritarian governments? It wasn't a particularly close call for the company's leadership, newly disclosed emails show. "I am fine with this," wrote Sheryl Sandberg, Facebook's No. 2 executive, in a one-sentence message to a team that reviewed the page. Three years later, YPG's photos and updates about the Turkish military's brutal attacks on the Kurdish minority in Syria still can't be viewed by Facebook users inside Turkey. The conversations, among other internal emails obtained by ProPublica, provide an unusually direct look into how tech giants like Facebook handle censorship requests made by governments that routinely limit what can be said publicly... Publicly, Facebook has underscored that it cherishes free speech: "We believe freedom of expression is a fundamental human right, and we work hard to protect and defend these values around the world," the company wrote in a blog post last month about a new Turkish law requiring that social media firms have a legal presence in the country. "More than half of the people in Turkey rely on Facebook to stay in touch with their friends and family, to express their opinions and grow their businesses." But behind the scenes in 2018, amid Turkey's military campaign, Facebook ultimately sided with the government's demands. Deliberations, the emails show, were centered on keeping the platform operational, not on human rights. "The page caused us a few PR fires in the past," one Facebook manager warned of the YPG material... "Facebook confirmed to ProPublica that it made the decision to restrict the page in Turkey following a legal order from the Turkish government — and after it became clear that failing to do so would have led to its services in the country being completely shut down."

    Read more of this story at Slashdot.



    - Apple's Powerful M1 MacBooks are Lowering The Resale Value of Older MacBooks
    "The impressive performance and battery life gains of the new M1 MacBooks have created a historic discontinuity in the normally placid resale market," reports ZDNet: Should you spend $800 for a one year old MacBook Air when for $200 more you could get a MacBook Air with several times the performance and 50 percent better battery life? That's a question savvy buyers are asking themselves. Not surprisingly, the most common answer seems to be "Nope...!" Unless buyers check out a site like Everymac they won't know what they're missing. The bottom-of-the-line M1 MacBook Air has a Geekbench 5 multiprocessor score that is almost 2.5x that of the early 2020, top-of-the-line quad-core I7. For 80 percent of the price. And most users won't need to spend the extra cash for the 16GB version since the memory management and page swapping is so efficient. The contrast is even more striking when comparing MacBook Pros. Not only is the 13" MacBook Pro faster on the Geekbench 5 single and multiprocessor benchmarks than the top-of-the-line 16" MacBook Pro Intel I9, it's less than half the price. And it isn't just a single benchmark. Search on "M1 MacBook Pro vs 16 MacBook Pro" on YouTube to see multiple videos testing real world workloads on both machines. The article also makes a prediction: "The best deals on Intel 'Books are yet to come, assuming Apple offers retailers price protection. "There seems to be a large inventory of Intel based MacBooks, and they have to clear them out before the end of 2021."

    Read more of this story at Slashdot.



    - Dropping Nearly 20%, Bitcoin Suffers Worst Weekly Drop in a Year
    "Bitcoin's rally this year has hit a speed bump, putting it on track for the worst weekly slide in almost a year amid wider losses in risk assets," reports Fortune: The largest cryptocurrency slumped as much as 20% this week, the most since March, and was holding at about $46,925 as of 10:22 a.m. in Hong Kong. The wider Bloomberg Galaxy Crypto Index, tracking Bitcoin, Ether and three other cryptocurrencies, is down 22% this week... Bitcoin's weakness in the face of market gyrations raises questions about its efficacy as a store of value and hedge against inflation, a key argument among proponents of its stunning fivefold rally over the past year. Detractors have maintained the digital asset's surge is a speculative bubble and it's destined for a repeat of the 2017 boom and bust. While Bitcoin is often touted as the new "digital gold," the yellow metal is winning out at the moment with spot gold holding at $1,768 per ounce, down less than 1% for the week.

    Read more of this story at Slashdot.



    - Can 'Ready' Crowdfund a Raspberry Pi Cyberdeck Enclosure for Cyberpunk Enthusiasts?
    There's 29 hours left in a Kickstarter campaign to fund "an open source, Linux-based, highly modular, customizable portable computer kit that accommodates anything from a Raspberry Pi to a Ryzen x86 4x4 single-board computer and more," writes READY!100: Reminiscent of 1980s executive portable computers, the READY! 100 is fully modern with 12 input output ports and 4 antenna ports. Perfect for hackers, ham radio operators, and audio/video folks, it can even be used with external graphics cards. Engadget hailed it as "a Raspberry Pi enclosure for cyberpunk enthusiasts." Thanks to their diminutive size and low-power consumption, single-board computers like the Raspberry Pi can come in all shapes and sizes. We've seen DIY enthusiasts like Guy Dupont put a $10 Raspberry Pi Zero W into the shell of a 2004 iPod Classic to create a device that can access Spotify. But few are as cool as this recent Kickstarter project we spotted from a Toronto-based company called Ready! Computer Corporation. The company's Ready! Model 100 is essentially a case for your single-board computer that includes a mechanical keyboard, stereo speakers, a touchscreen display and enough I/O ports to connect almost anything you need. The enclosure allows you to fit an SBC that's about the size of a 4x4 Intel NUC board. Oh, and you can carry it around with a guitar strap. Basically, it allows you to build the cyberdeck of your dreams.

    Read more of this story at Slashdot.



    - Brave Privacy Bug Exposed Tor Onion URLs To Your DNS Provider
    Brave Browser had a privacy issue that leaked the Tor onion URL addresses you visited to your locally configured DNS server, "exposing the dark web websites you visit...", writes Bleeping Computer. Long-time Slashdot reader AmiMoJo quotes their report: To access Tor onion URLs, Brave added a "Private Window with Tor" mode that acts as a proxy to the Tor network. When you attempt to connect to an onion URL, your request is proxied through volunteer-run Tor nodes who make the request for you and send back the returned HTML. Due to this proxy implementation, Brave's Tor mode does not directly provide the same level of privacy as using the Tor Browser. When using Brave's Tor mode, it should forward all requests to the Tor proxies and not send any information to any non-Tor Internet devices to increase privacy. However, a bug in Brave's "Private window with Tor" mode is causing the onion URL for any Tor address you visit to also be sent as a standard DNS query to your machine's configured DNS server. This bug was first reported in a Reddit post and later confirmed by James Kettle, the Director of Research at PortSwigger. BleepingComputer has also verified the claims by using Wireshark to view DNS traffic while using Brave's Tor mode. Brave has since released an update which fixes the bug.

    Read more of this story at Slashdot.



    - SolarWinds' Former CEO Blames Intern for 'solarwinds123' Password Leak
    "Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years," reports CNN. The password in question, "solarwinds123," was discovered in 2019 on the public internet by an independent security researcher who warned the company that the leak had exposed a SolarWinds file server... It is still unclear what role, if any, the leaked password may have played in enabling suspected Russian hackers to spy on multiple federal agencies and businesses in one of the most serious security breaches in U.S. history. Stolen credentials are one of three possible avenues of attack SolarWinds is investigating as it tries to uncover how it was first compromised by the hackers, who went on to hide malicious code in software updates that SolarWinds then pushed to some 18,000 customers, including numerous federal agencies. Other theories SolarWinds is exploring, said SolarWinds CEO Sudhakar Ramakrishna, include the brute-force guessing of company passwords, as well as the possibility the hackers could have entered via compromised third-party software. Confronted by Rep. Rashida Tlaib, former SolarWinds CEO Kevin Thompson said the password issue was "a mistake that an intern made... They violated our password policies and they posted that password on an internal, on their own private Github account," Thompson said. "As soon as it was identified and brought to the attention of my security team, they took that down...." Ramakrishna later testified that the password had been in use as early as 2017... That timeframe is considerably longer than what had been reported. The remarks were made at a hearing of a House security committee, where Representative Katie Porter also strongly criticized the company. "I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad! You and your company were supposed to be preventing the Russians from reading Defense Department emails!" CNN also reports that Microsoft (which is leading the forensic investigation into the breach) "later said there is no evidence that the Pentagon was actually affected by the Russian spying campaign."

    Read more of this story at Slashdot.



    - Is the Net Neutrality Debate a Pointless Distraction?
    "People may scream at me for saying this, but net neutrality is one of America's longest and now most pointless fights over technology." So argues the New York Times "On Tech" newsletter author Shira Ovide, calling the debate "a distraction for our elected leaders and corporations when there are more pressing issues." Ovide also shares their discussion with Times technology and regulatory policy reporter Cecila Kang: Kang: You can see the appeal of rules that make sure internet providers don't stall web traffic unless it's from their preferred business partners or their own streaming services. However, the debate feels much less urgent now that we're talking about threats of online disinformation about vaccine deployment and elections. The net neutrality debate focused on internet service providers as powerful gatekeepers of internet information. That term now seems better applied to Facebook, Google and Amazon.... Ovide: Internet providers, public interest groups, some tech companies and a bunch of our elected leaders have been screaming holy war about an issue for 13 years without a resolution. Can they reach a middle ground and we'll all move on? Kang: There probably isn't much of a middle ground. There are either net neutrality rules or there aren't. And the internet service providers see net neutrality as a slippery slope that leads to broader regulation of high-speed internet services or government-imposed limits on prices they can charge. They will fight any regulation. And that's true, too, of the lobbyists who are hired to argue against anything.

    Read more of this story at Slashdot.



    - The Perseverance Rover CPU Has Similar Specs To a Clamshell Ibook From 2001
    An anonymous reader writes: NASA's Perseverence rover, which is currently exploring Mars, has as it's CPU a BAE Systems RAD 750 running at a 200 Mhz and featuring 256 Megabytes of RAM with 2 Gigabytes of storage. This is a radiation hardened version of the PowerPC G3, with specs roughly equivalent to the Clamshell Ibook that Reese Witherspoon used in Legally Blond back in 2001. This follows a tradition of old tech on space rovers — the Sojourner rover which explored Mars in 1997 used an Intel 80C85 running at 2 Mhz, similar to what could have been found in the classic Radio Shack TRS-80 model 100 portable from 1983. In a comment on the original submission, long-time Slashdot reader Mal-2 argues "There's not as much distance between the actual capabilities of a CPU now and twenty years ago as there would be if you made the same comparison a decade ago." In the last 12 years or so, the CPUs have gotten more efficient and cooler-running (thus suitable for portable devices) to a much greater degree than they've actually gained new functionality. Retro computing is either going to stay stuck in the 1990s, or it's not going to be very interesting in the future.

    Read more of this story at Slashdot.



    - The Mars Perseverance Rover's Parachute Contained a Secret Message
    "The huge parachute used by NASA's Perseverance rover to land on Mars contained a secret message," reports the Associated Press — thanks to the rover's puzzle-loving systems engineer Ian Clark. "During a live stream discussing the landing, one Nasa commentator said: 'Sometimes we leave messages in our work for others to find. So we invite you all to give it a shot and show your work,'" reports the Guardian. One Reddit user actually deciphered the message using Python code. Long-time Slashdot reader rufey writes that "Decoded the slogan is 'Dare Mighty Things' — a line from President Theodore Roosevelt — which is a mantra at JPL and adorns many of the center's walls." The orange sections of the 70-foot (21-meter) parachute represented ones in binary code, while the yellow sections represented zeroes. (So the letter "A" becomes yellow-yellow-yellow-yellow-yellow-yellow-orange...) The Associated Press reports: Clark also included the GPS coordinates for the mission's headquarters at the Jet Propulsion Laboratory in Pasadena, California. Clark, a crossword hobbyist, came up with the idea two years ago. Engineers wanted an unusual pattern in the nylon fabric to know how the parachute was oriented during descent. Turning it into a secret message was "super fun," he said Tuesday. Only about six people knew about the encoded message before Thursday's landing, according to Clark. They waited until the parachute images came back before putting out a teaser during a televised news conference Monday... Another added touch not widely known until touchdown: Perseverance bears a plaque depicting all five of NASA's Mars rovers in increasing size over the years — similar to the family car decals seen on Earth. Deputy project manager Matt Wallace promises more so-called hidden Easter eggs... The official Twitter feed for the rover has already revealed that it's carrying another message hidden in a plaque with a logo of the sun — "Explore as One," written in Morse code. Some other interesting facts about the rover: NASA points out that Perseverance carried a special placard with 10,932,295 names, "stenciled by electron beam onto three fingernail-sized silicon chips." Space.com notes that it also carried a small aluminum plate honoring the healthcare workers of the world. NASA is encouraging children to code their own version of the helicopter using the visual programming language Scratch.

    Read more of this story at Slashdot.



    - Quantum Computer Solves Decades-Old Problem Three Million Times Faster Than a Classical Computer
    ZDNet reports: Scientists from quantum computing company D-Wave have demonstrated that, using a method called quantum annealing, they could simulate some materials up to three million times faster than it would take with corresponding classical methods. Together with researchers from Google, the scientists set out to measure the speed of simulation in one of D-Wave's quantum annealing processors, and found that performance increased with both simulation size and problem difficulty, to reach a million-fold speedup over what could be achieved with a classical CPU... The calculation that D-Wave and Google's teams tackled is a real-world problem; in fact, it has already been resolved by the 2016 winners of the Nobel Prize in Physics, Vadim Berezinskii, J. Michael Kosterlitz and David Thouless, who studied the behavior of so-called "exotic magnetism", which occurs in quantum magnetic systems.... Instead of proving quantum supremacy, which happens when a quantum computer runs a calculation that is impossible to resolve with classical means, D-Wave's latest research demonstrates that the company's quantum annealing processors can lead to a computational performance advantage... "What we see is a huge benefit in absolute terms," said Andrew King, director of performance research at D-Wave. "This simulation is a real problem that scientists have already attacked using the algorithms we compared against, marking a significant milestone and an important foundation for future development. This wouldn't have been possible today without D-Wave's lower noise processor." Equally as significant as the performance milestone, said D-Wave's team, is the fact that the quantum annealing processors were used to run a practical application, instead of a proof-of-concept or an engineered, synthetic problem with little real-world relevance. Until now, quantum methods have mostly been leveraged to prove that the technology has the potential to solve practical problems, and is yet to make tangible marks in the real world. Looking ahead to the future, long-time Slashdot reader schwit1 asks, "Is this is bad news for encryption that depends on brute-force calculations being prohibitively difficult?"

    Read more of this story at Slashdot.



    - Do Python Developers Want Static Typing?
    Results were announced this week for the fourth "official annual Python Developers Survey" of over 28,000 developers (in nearly 200 countries) conducted by the Python Software Foundation and JetBrains. 85% of the survey respondents use Python as their main programming language, InfoWorld reports: Python developers cite simplicity and ease of use as principal reasons for using the language, but they still want capabilities such as static typing and performance improvements, based on survey results released this week. Python's simple syntax, syntactic sugar, and ease of learning were the most-favored features, capturing 37% of respondents, who were asked which three features they liked the most... Which three features would Python developers most like to see added to the language? Static typing and strict type hinting proved to be the most-desired features, with 21% of respondents, closely followed by performance improvements, with 20%. Better concurrency and parallelism came in third, with 15% saying they were their most-desired capabilities. InfoWorld also describes some other interesting results: "JavaScript was the most popular language used in conjunction with Python, with about 42% of respondents using both together. 75% of web developers said they were using both Python and JavaScript." "Just 8% of Python developers performing data-related tasks do not use any additional languages while only 3% of web developers use only Python." "Use of Python 3 has grown from 75% in 2017 to 94% in 2020."

    Read more of this story at Slashdot.





Old Board