Pour les vidéos cette semaine, nous vous avons proposé de découvrir le nouveau montage de Charly, avec une machine en 5800X3D et RTX 4070. Nous avons aussi testé en vidéo une webcam 4K par Logitech, avec la Brio MX. […]

Lire la suite

Jonathan O'Callaghan reports via Scientific American: Despite more than a century of efforts to show otherwise, it seems Albert Einstein can still do no wrong. Or at least that's the case for his special theory of relativity, which predicts that time ticks slower for objects moving at extremely high speeds. Called time dilation, this effect grows in intensity the closer to the speed of light that something travels, but it is strangely subjective: a passenger on an accelerating starship would experience time passing normally, but external observers would see the starship moving ever slower as its speed approached that of light. As counterintuitive as this effect may be, it has been checked and confirmed in the motions of everything from Earth-orbiting satellites far-distant galaxies. Now a group of scientists have taken such tests one step further by observing more than 1,500 supernovae across the universe to reveal time dilation's effects on a staggering cosmic scale. The researchers' findings, once again, reach an all-too-familiar conclusion. "Einstein is right one more time," says Geraint Lewis of the University of Sydney, a co-author of the study. In the paper, posted earlier this month on the preprint server arXiv.org, Ryan White of the University of Queensland in Australia and his colleagues used data from the Dark Energy Survey (DES) to investigate time dilation. For the past decade, researchers involved with DES had used the Victor M. Blanco Telescope at the Cerro Tololo Inter-American Observatory in Chile to study particular exploding stars called Type 1a supernovae across billions of years of cosmic history. [...] Type 1a supernovae are keystone cosmic explosions caused when a white dwarf -- the slowly cooling corpse of a midsized star -- siphons so much material from a companion that it ignites a thermonuclear reaction and explodes. This explosion occurs once the growing white dwarf reaches about 1.44 times the mass of our sun, a threshold known as the Chandrasekhar limit. This physical baseline imbues all Type 1a supernovae with a fairly consistent brightness, making them useful cosmic beacons for gauging intergalactic distances. "They should all be essentially the same kind of event no matter where you look in the universe," White says. "They all come from exploding white dwarf stars, which happens at almost exactly the same mass no matter where they are." The steadfastness of these supernovae across the entire observable universe is what makes them potent probes of time dilation -- nothing else, in principle, should so radically and precisely slow their apparent progression in lockstep with ever-greater distances. Using the dataset of 1,504 supernovae from DES, White's paper shows with astonishing accuracy that this correlation holds true out to a redshift of 1.2, a time when the universe was about five billion years old. "This is the most precise measurement" of cosmological time dilation yet, White says, up to seven times more precise than previous measurements of cosmological time dilation that used fewer supernovae. [...] This particular supernova-focused facet of the Dark Energy Survey has concluded, so until a new dataset is taken, White's measurement of cosmological time dilation is unlikely to be beaten. "It's a pretty definitive measurement," says [Tamara Davis of the University of Queensland, a co-author of the paper]. "You don't really need to do any better." Jonathan O'Callaghan is an award-winning freelance journalist covering astronomy, astrophysics, commercial spaceflight and space exploration.

Read more of this story at Slashdot.

Justine Calma writes via The Verge: A group of young plaintiffs reached a historic climate settlement with the state of Hawaii and Hawaii Department of Transportation in a deal that will push the state to clean up tailpipe pollution. The 13 youth plaintiffs filed suit in 2022 when they were all between the ages of 9 and 18. In the suit, Navahine F. v. Hawaii Department of Transportation (HDOT), they alleged that the state and HDOT had violated their right to "a clean and healthful environment," which is enshrined in Hawaii's constitution. The settlement (PDF), reached on Thursday, affirms that right and commits the DOT to creating a plan to reach zero greenhouse gas emissions from transportation by 2045. To hit that goal, the state will have to dedicate at least $40 million to building out its EV charging network by the end of the decade and complete new pedestrian, bicycle, and transit networks over the next five years. The settlement also creates a new unit within HDOT tasked with coordinating CO2 emission reductions and a volunteer youth council to advise HDOT. This is the first settlement agreement in which "government defendants have decided to resolve a constitutional climate case in partnership with youth plaintiffs," according to nonprofit legal groups Our Children's Trust and Earthjustice, which represent the plaintiffs. Back in 2018, Hawaii committed to reaching net-zero carbon dioxide emissions by 2045 -- in line with what climate research determined was necessary to meet the Paris climate accord goal of stopping global warming. But the state wasn't doing enough to reach that goal, the plaintiffs alleged. Transportation makes up the biggest chunk of the state's greenhouse gas pollution. Justine Calma is a senior science reporter covering energy and the environment with more than a decade of experience. She is also the host of Hell or High Water: When Disaster Hits Home, a podcast from Vox Media and Audible Originals.

Read more of this story at Slashdot.

Change Healthcare has confirmed a February ransomware attack on its systems, which brought widespread disruption to the U.S. healthcare system for weeks and resulted in the theft of medical records affecting a "substantial proportion of people in America." TechCrunch: In a statement Thursday, Change Healthcare said it has begun the process of notifying affected individuals whose information was stolen during the cyberattack. The health tech giant, owned by U.S. insurance conglomerate UnitedHealth Group, processes patient insurance and billing for thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector. As such, the company has access to massive amounts of health information on about a third of all Americans.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Fortune: Ellen Bagley was delighted when she made her first sale on a popular second-hand clothing app, but just a few minutes later, the thrill turned to shock as the 20-year-old from Linkoping in Sweden discovered she'd been robbed. Everything seemed normal when Bagley received a direct message on the platform, which asked her to verify personal details to complete the deal. She clicked the link, which fired up BankID -- the ubiquitous digital authorization system used by nearly all Swedish adults.After receiving a couple of error messages, she started thinking something was wrong, but it was already too late. Over 10,000 Swedish kronor ($1,000) had been siphoned from her account and the thieves disappeared into the digital shadows. "The fraudsters are so skilled at making things look legitimate," said Bagley, who was born after BankID was created. "It's not easy" to identify scams. Although financial crime has garnered fewer headlines than a surge in gang-related gun violence, it's become a growing risk for the country. Beyond its borders, Sweden is an important test case on fighting cashless crime because it's gone further on ditching paper money than almost any other country in Europe. Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021. Law-enforcement agencies estimate that the size of Sweden's criminal economy could amount to as high as 2.5% of the country's gross domestic product. To counter the digital crime spree, Swedish authorities have put pressure on banks to tighten security measures and make it harder on tech-savvy criminals, but it's a delicate balancing act. Going too far could slow down the economy, while doing too little erodes trust and damages legitimate businesses in the process.Using complex webs of fake companies and forging documents to gain access to Sweden's welfare system, sophisticated fraudsters have made Sweden a "Silicon Valley for criminal entrepreneurship," said Daniel Larson, a senior economic crime prosecutor. While the shock of armed violence has grabbed public attention -- the nation's gun-homicide rate tripled between 2012 and 2022 -- economic crime underlies gang activity and needs to be tackled as aggressively, he added. "That has been a strategic mistake," Larson said. "This profit-generating crime is what's fueling organized crime and, in some cases, leads to these conflicts." Sweden's switch to electronic cash started after a surge of armed robberies in the 1990s, and by 2022, only 8% of Swedes said they had used cash for their latest purchase, according to a central bank survey. Along with neighboring Norway, Sweden has Europe's lowest number of ATMs per capita, according to the IMF. The prevalence of BankID play a role in Sweden's vulnerability. The system works like an online signature. If used, it's considered a done deal and the transaction gets executed immediately. It was designed by Sweden's banks to make electronic payments even quicker and easier than handing over a stack of bills. Since it's original rollout in 2001, it's become part of the everyday Swedish life. On average, the service -- which requires a six-digit code, a fingerprint or a face scan for authentication -- is used more than twice a day by every adult Swede and is involved in everything from filing tax returns to paying for bus tickets.Originally intended as a product by banks for their customers, its use exploded in 2005 after Sweden's tax agency adopted the technology as an identification for tax returns, giving it the government's official seal of approval. The launch of BankID on mobile phones in 2010 increased usage even further, along with public perception that associated cash with criminality.The country's central bank has acknowledged that some of those connotations may have gone too far. "We have to be very clear that there are still honest people using cash," Riksbank Governor Erik Thedeen told Bloomberg.

Read more of this story at Slashdot.

OpenAI CTO Mira Murati isn't worried about how AI could hurt some creative jobs, suggesting during a talk that some jobs were maybe always a bit replaceable anyway. From a report: "I think it's really going to be a collaborative tool, especially in the creative spaces," Murati told Darmouth University Trustee Jeffrey Blackburn during a conversation about AI hosted at the university's engineering department. "Some creative jobs maybe will go away, but maybe they shouldn't have been there in the first place," the CTO said of AI's role in the workplace. "I really believe that using it as a tool for education, [and] creativity, will expand our intelligence."

Read more of this story at Slashdot.

Filipe Esposito reports via 9to5Mac: When Apple introduced AirPods in 2016, the company also unveiled a new, easy and intuitive way to pair wireless accessories to iPhone and iPad. Rather than having to go to Bluetooth settings and press buttons, the system identifies the accessory nearby and prompts the user to pair it. With iOS 18, this quick pairing process will be available for the first time to accessory makers. Called AccessorySetupKit, the new API gives third-party accessories the same setup experience as Apple accessories such as AirPods and AirTag. As soon as the iPhone or iPad running iOS 18 with the right app detects a compatible accessory, it will show the user a popup to confirm pairing with that device. With just a tap, the system will automatically handle all the Bluetooth or Wi-Fi connectivity required by the accessory. This also means that users will no longer have to manually give Bluetooth and Wi-Fi permissions individually to that accessory's app. If the accessory requires a more complex pairing process, such as confirming a PIN code, the iOS 18 API can also ask the user for this information without the need to open an app. Once the accessory has been paired, more information about it can be found in a new Accessories menu within the Privacy settings.

Read more of this story at Slashdot.

In a bog post on Friday, OpenAI announced it has acquired Rockset, an enterprise analytics startup, to "power our retrieval infrastructure across products." The Verge reports: This acquisition is OpenAI's first where the company will integrate both a company's technology and its team, a spokesperson tells Bloomberg. The two companies didn't share the terms of the acquisition. Rockset has raised $105 million in funding to date. "Rockset's infrastructure empowers companies to transform their data into actionable intelligence," OpenAI COO Brad Lightcap says in a statement. "We're excited to bring these benefits to our customers by integrating Rockset's foundation into OpenAI products." "Rockset will become part of OpenAI and power the retrieval infrastructure backing OpenAI's product suite," Rockset CEO Venkat Venkataramani says in a Rockset blog post. "We'll be helping OpenAI solve the hard database problems that AI apps face at massive scale." Venkataramani says that current Rockset customers won't experience "immediate change" and that the company will gradually transition them off the platform. "Some" members of Rockset's team will move over to OpenAI, Bloomberg says.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put up for sale the alleged stolen data from TEG, claiming to have information of 30 million users, including the full name, gender, date of birth, username, hashed passwords, and email addresses. In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customers' data, "which is stored in a cloud-based platform, hosted by a reputable, global third party supplier." The company said that "no Ticketek customer account has been compromised," thanks to the encryption methods used to store their passwords. TEG conceded, however, that "customer names, dates of birth and email addresses may have been impacted" -- data that would line up with that advertised on the hacking forum. The hacker included a sample of the alleged stolen data in their post. TechCrunch confirmed that at least some of the data published on the forum appears legitimate by attempting to sign up for new accounts using the published email addresses. In a number of cases, Ticketek's website gave an error, suggesting the email addresses are already in use. There's evidence that the company's "cloud-based platform" provider is Snowflake, "which has been at the center of a recent series of data thefts affecting several of its customers, including Ticketmaster, Santander Bank, and others," notes TechCrunch. "A now-deleted post on Snowflake's website from January 2023 was titled: 'TEG Personalizes Live Entertainment Experiences with Snowflake.' In 2022, consulting company Altis published a case study (PDF) detailing how the company, working with TEG, 'built a modern data platform for ingesting streaming data into Snowflake.'"

Read more of this story at Slashdot.

British startup Stability AI has appointed Prem Akkaraju as its new CEO. The 51-year-old Akkaraju, former CEO of visual effects company Weta Digital, "is part of a group of investors including former Facebook President Sean Parker that has stepped in to save Stability with a cash infusion that could result in a lower valuation for the firm," reports the Information (paywalled). "The new funding will likely shrink the stakes of some existing investors, who have collectively contributed more than $100 million." In March, Stability AI founder and CEO Emad Mostaque stepped down from the role to pursue decentralized AI. "In a series of posts on X, Mostaque opined that one can't beat 'centralized AI' with more 'centralized AI,' referring to the ownership structure of top AI startups such as OpenAI and Anthropic," reported TechCrunch at the time. The move followed a report in April that claimed the company ran out of cash to pay its bills for its rented cloud GPUs. Last year, the company raised millions at a $1 billion valuation.

Read more of this story at Slashdot.

The Ontario Science Center, a world-class science and cultural institution in Toronto, is shutting down immediately due to the risk that the building's roof could collapse, the province announced Friday. CBC News: The abrupt closure, which the province says could last years, comes after the government's controversial announcement in 2023 that the popular landmark and attraction would be moved to the Ontario Place site -- a move it says will save costs. "The actions taken today will protect the health and safety of visitors and staff," said Infrastructure Minister Kinga Surma in a news release. "We are making every effort to avoid disruption to the public and help the Ontario Science Centre continue delivering on its mandate." An engineering report this week by Rimkus Consulting Group showed each of the centre's three buildings contain roof panels in a "distressed, high-risk" condition, the Ministry of Infrastructure said in a news release. The panels require fixing by Oct. 31, 2024 to "avoid further stress due to potential snow load which could lead to roof panel failure," the release said. Fixing the roof will cost between $22 million and $40 million, the ministry said, requiring the centre be closed for up to two years. "These estimates are incomplete and subject to change," said the ministry, noting the costs make up only a "small portion" of the funding needed to keep the science centre open. The government says the centre needs $478 million to tackle its "failing infrastructure" and sustain programming.

Read more of this story at Slashdot.

TikTok revealed it offered the U.S. government a "kill switch" in 2022 to address data protection and national security concerns, allowing the government to shut down the platform if it violated certain rules. The disclosure was made as it began its legal fight against legislation that will require ByteDance to divest TikTok's U.S. assets or face a ban. The BBC reports: "This law is a radical departure from this country's tradition of championing an open Internet, and sets a dangerous precedent allowing the political branches to target a disfavored speech platform and force it to sell or be shut down," they argued in their legal submission. They also claimed the US government refused to engage in any serious settlement talks after 2022, and pointed to the "kill switch" offer as evidence of the lengths they had been prepared to go. TikTok says the mechanism would have allowed the government the "explicit authority to suspend the platform in the United States at the US government's sole discretion" if it did not follow certain rules. A draft "National Security Agreement", proposed by TikTok in August 2022, would have seen the company having to follow rules such as properly funding its data protection units and making sure that ByteDance did not have access to US users' data. The "kill switch" could have been triggered by the government if it broke this agreement, it claimed. In a letter - first reported by the Washington Post - addressed to the US Department of Justice, TikTok's lawyer alleges that the government "ceased any substantive negotiations" after the proposal of the new rules. The letter, dated 1 April 2024, says the US government ignored requests to meet for further negotiations. It also alleges the government did not respond to TikTok's invitation to "visit and inspect its Dedicated Transparency Center in Maryland." Further reading: TikTok Says US Ban Inevitable Without a Court Order Blocking Law

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The California Public Utilities Commission (CPUC) yesterday rejected AT&T's request to end its landline phone obligations. The state agency also urged AT&T to upgrade copper facilities to fiber instead of trying to shut down the outdated portions of its network. AT&T asked the state to eliminate its Carrier of Last Resort (COLR) obligation, which requires it to provide landline telephone service to any potential customer in its service territory. A CPUC administrative law judge recommended rejection of the application last month, and the commission voted to dismiss AT&T's application with prejudice on Thursday. "Our vote to dismiss AT&T's application made clear that we will protect customer access to basic telephone service... Our rules were designed to provide that assurance, and AT&T's application did not follow our rules," Commissioner John Reynolds said in a CPUC announcement. State rules require a replacement COLR in order to relieve AT&T of its duties, and AT&T argued that VoIP and mobile services could fill that gap. But residents "highlighted the unreliability of voice alternatives" at public hearings, the CPUC said. "Despite AT&T's contention that providers of voice alternatives to landline service -- such as VoIP or mobile wireless services -- can fill the gap, the CPUC found AT&T did not meet the requirements for COLR withdrawal," the agency said. "Specifically, AT&T failed to demonstrate the availability of replacement providers willing and able to serve as COLR, nor did AT&T prove that alternative providers met the COLR definition." The administrative law judge's proposed decision said AT&T falsely claimed that commission rules require it "to retain outdated copper-based landline facilities that are expensive to maintain." The agency stressed that its rules do not prevent AT&T from upgrading to fiber. "COLR rules are technology-neutral and do not distinguish between voice services offered... and do not prevent AT&T from retiring copper facilities or from investing in fiber or other facilities/technologies to improve its network," the agency said yesterday. AT&T California President Marc Blakeman said the company is lobbying to change the state law. "No customer will be left without voice and 911 services. We are focused on the legislation introduced in California, which includes important protections, safeguards, and outreach for consumers and does not impact our customers in rural locations. We are fully committed to keeping our customers connected while we work with state leaders on policies that create a thoughtful transition that brings modern communications to all Californians," Blakeman said. According to SFGATE, the legislation pushed by AT&T "would create a way for AT&T to remain as COLR in rural regions, which the company estimates as being about 100,000 customers, while being released from COLR obligations everywhere else."

Read more of this story at Slashdot.

Mike Blumenkrantz of Valve's open-source/Linux graphics driver team has submitted a merge request to "massively" improve the OpenGL glReadPixels performance within the common Mesa state tracker...

An anonymous reader shares a report: Microsoft launched its range of Copilot Plus PCs earlier this week, and they all come equipped with the new dedicated Copilot key on the keyboard. It's the first big change to Windows keyboards in 30 years, but all the key does now is launch a Progressive Web App (PWA) version of Copilot. The web app doesn't even integrate into Windows anymore like the previous Copilot experience did since last year, so you can't use Copilot to control Windows 11 settings or have it docked as a sidebar anymore. It's literally just a PWA. Microsoft has even removed the keyboard shortcut to Copilot on these new Copilot Plus PCs, so WINKEY + C does nothing.

Read more of this story at Slashdot.

Millions of mosquitoes are being released from helicopters in Hawaii in a last-ditch attempt to save rare birds slipping into extinction. From a report: The archipelago's endemic, brightly coloured honeycreeper birds are dying of malaria carried by mosquitoes first introduced by European and American ships in the 1800s. Having evolved with no immunity to the disease, the birds can die after just a single bite. Thirty-three species of honeycreeper have become extinct and many of the 17 that remain are highly endangered, with concerns some could be extinct within a year if no action is taken. Now conservationists are urgently trying to save them with an unusual strategy: releasing more mosquitoes. Every week a helicopter drops 250,000 male mosquitoes with a naturally occurring bacterium that acts as birth control on to the islands of the remote archipelago. Already, 10 million have been released. "The only thing that's more tragic is if [the birds] went extinct and we didn't try. You can't not try," said Chris Warren, the forest bird programme coordinator for Haleakala national park on the island of Maui. The population of one honeycreeper, the Kaua'i creeper, or 'akikiki, has dropped from 450 in 2018 to five in 2023, with just one single bird known to be left in the wild on Kaua'i island, according to the national park service.

Read more of this story at Slashdot.

Scam qui peut

La Scam vient d’annoncer être la cible d’une « cyberattaque de type ransomware ». Dans son communiqué, elle explique que cela s’est produit « malgré [ses] efforts soutenus en matière de prévention et de protection de [son] système d’information ».

Cela peut arriver, personne n’est à l’abri d’une cyberattaque plus ou moins sophistiquée, mais on peine un peu avec les « efforts » de la Scam.

Sur un de nos comptes, on utilise la procédure mot de passe oublié. Le site nous demande logiquement notre identifiant ou adresse email si nous sommes en cours d’adhésion. Jusque-là, tout va bien. Les choses se compliquent fortement lorsque l’on reçoit l’email intitulé « Vos identifiants » quelques secondes plus tard.

On y retrouve notre identifiant d’utilisateur (déjà précisé sur le site lors de la demande) et surtout notre mot de passe, en clair. Il ne s’agit pas d’un mot de passe provisoire, celui envoyé dans l’email est déjà utilisé depuis plus d’un an sur ce compte. De plus, une fois connecté, le site ne demande même pas d’en changer.

La Scam envoie donc dans un même message le mot de passe en clair et rappelle l’identifiant permettant de s’identifier. Si votre boîte email est compromise, c’est donc la catastrophe. Mais cela signifie aussi que, d’une manière ou d’une autre, la Scam peut accéder aux mots de passe des utilisateurs.

C’est pourtant une règle de base : « Les mots de passe ne doivent jamais être stockés en clair. Lorsque l’authentification a lieu sur un serveur distant, et dans les autres cas si cela est techniquement faisable, le mot de passe doit être transformé au moyen d’une fonction cryptographique non réversible et sûre, intégrant l’utilisation d’un sel ou d’une clé », rappelle la CNIL.

Même si le mot de passe est stocké chiffré dans les bases de données de la Scam (on l’espère fortement…), elle dispose d’un moyen de les déchiffrer. Dans tous les cas, la fonction de chiffrement (si elle existe) n’est pas irréversible.

À défaut de savoir ce qui aurait été la cause de la cyberattaque de la Scam, ses « efforts soutenus en matière de prévention et de protection » du système d’information prennent du plomb dans l’aile.