Nous vous en parlions fin août : parmi les différents petits soucis de jeunesse des AMD Ryzen 9000 en AM5, il a été noté des latences anormalement élevées entre les différents cœurs des processeurs lorsque ceux-ci n'appartiennent pas au même CCD. Cela n'impacte donc pas les Ryzen 5 9600X et Ryzen 7...

On Tuesday Ivanti issued a "high severity vulnerability" announcement for version 4.6 of its Cloud Service Appliance (or CSA). "Successful exploitation could lead to unauthorized access to the device running the CSA." And Friday that announcement got an update: Ivanti "has confirmed exploitation of this vulnerability in the wild." While Ivanti released a security update, they warned that "with the end-of-life status this is the last fix that Ivanti will backport for this version. Customers must upgrade to Ivanti CSA 5.0 for continued support." This prompted a response from CISA (the Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security). The noted that Ivanti is urging customers to upgrade to version 5.0, as "Ivanti no longer supports CSA 4.6 (end-of-life)." But in addition, CISA "ordered all federal civilian agencies to remove CSA 4.6. from service or upgrade to the 5.0. by October 4," reports the Record: Ivanti said users will know they are impacted by exploitation of the bug by looking to see if there are modified or newly added administrative users. They also urged customers to check security alerts if they have certain security tools involved. The issue arose one day after another Ivanti bug caused alarm among defenders. The company pledged a security overhaul in April after a cascade of headline-grabbing nation-state attacks broke through the systems of government agencies in the U.S. and Europe using vulnerabilities in Ivanti products.

Read more of this story at Slashdot.

En soi, parler de DDR5-9600 n'est pas une première puisque certaines marques comme LEXAR par exemple présentaient déjà une telle barrette sur son stand lors du Computex, début juin 2024. Ces très hautes fréquences de fonctionnement sont permises par l'utilisation de la CUDIMM et de son CKD, une puce...

An EFF article calls out a "brazen attempt to privatize" a wireless frequency band (900 MHz) which America's FCC's left " as a commons for all... for use by amateur radio operators, unlicensed consumer devices, and industrial, scientific, and medical equipment." The spectrum has also become "a hotbed for new technologies and community-driven projects. Millions of consumer devices also rely on the range, including baby monitors, cordless phones, IoT devices, garage door openers." But NextNav would rather claim these frequencies, fence them off, and lease them out to mobile service providers. This is just another land-grab by a corporate rent-seeker dressed up as innovation. EFF and hundreds of others have called on the FCC to decisively reject this proposal and protect the open spectrum as a commons that serves all. NextNav [which sells a geolocation service] wants the FCC to reconfigure the 902-928 MHz band to grant them exclusive rights to the majority of the spectrum... This proposal would not only give NextNav their own lane, but expanded operating region, increased broadcasting power, and more leeway for radio interference emanating from their portions of the band. All of this points to more power for NextNav at everyone else's expense. This land-grab is purportedly to implement a Positioning, Navigation and Timing (PNT) network to serve as a US-specific backup of the Global Positioning System(GPS). This plan raises red flags off the bat. Dropping the "global" from GPS makes it far less useful for any alleged national security purposes, especially as it is likely susceptible to the same jamming and spoofing attacks as GPS. NextNav itself admits there is also little commercial demand for PNT. GPS works, is free, and is widely supported by manufacturers. If Nextnav has a grand plan to implement a new and improved standard, it was left out of their FCC proposal. What NextNav did include however is its intent to resell their exclusive bandwidth access to mobile 5G networks. This isn't about national security or innovation; it's about a rent-seeker monopolizing access to a public resource. If NextNav truly believes in their GPS backup vision, they should look to parts of the spectrum already allocated for 5G. The open sections of the 900 MHz spectrum are vital for technologies that foster experimentation and grassroots innovation. Amateur radio operators, developers of new IoT devices, and small-scale operators rely on this band. One such project is Meshtastic, a decentralized communication tool that allows users to send messages across a network without a central server. This new approach to networking offers resilient communication that can endure emergencies where current networks fail. This is the type of innovation that actually addresses crises raised by Nextnav, and it's happening in the part of the spectrum allocated for unlicensed devices while empowering communities instead of a powerful intermediary. Yet, this proposal threatens to crush such grassroots projects, leaving them without a commons in which they can grow and improve. This isn't just about a set of frequencies. We need an ecosystem which fosters grassroots collaboration, experimentation, and knowledge building. Not only do these commons empower communities, they avoid a technology monoculture unable to adapt to new threats and changing needs as technology progresses. Invention belongs to the public, not just to those with the deepest pockets. The FCC should ensure it remains that way. NextNav's proposal is a direct threat to innovation, public safety, and community empowerment. While FCC comments on the proposal have closed, replies remain open to the public until September 20th. The FCC must reject this corporate land-grab and uphold the integrity of the 900 MHz band as a commons.

Read more of this story at Slashdot.

Flappy Bird's original creator hasn't posted anything on social media since 2017. Until today. "This morning, the game's creator Dong Nguyen posted a characteristically terse comment stating that he has nothing to do with the revival," report TechCrunch, "and that he 'did not sell anything.' He added, 'I also don't support crypto'... The post makes it clear that Nguyen is not involved with the new project, and that he doesn't seem particularly happy about it." As for Nguyen's reference to crypto, while the foundation's current PR materials don't mention anything crypto-related, Varun Biniwale did some digging around hidden pages on the Flappy Bird Foundation website and found a reference to Flappy Bird flying "higher than ever on Solana as it soars into Web 3.0," though it's not clear whether that refers to upcoming features or abandoned plans. More from Fortune: Exactly what is going to happen with this zombified version of Flappy Bird is unclear, but digging through data and files has revealed things like different birds, loot boxes, and the idea that this is some sort of crypto play by the company involved. From a page on their website about the new Flappy Bird... "[D]evelopers and creators can build, play and earn from the legendary Flappy Bird IP." Fortune concludes "it's crypto, it's NFTs and everyone is so annoyed by this almost every tweet of the resurrected Twitter account has even been 'Community Noted' revealing its crypto ties and snapping up of Nguyen's trademark." PC Gamer adds that the Foundation acquired the Flappy Bird trademark from Gametech Holdings LLC. "And here there's a slight whiff of skullduggery." Dong Nguyen originally applied for the trademark in 2014, alongside a little drawing of the logo. This application then seemed to sit in limbo for many years, eventually being opposed by a Delaware-based company called Gametech. As this was going on, the U.S. patent office granted a trademark registration for Flappy Bird in 2018 (four years after the game was removed from sale) to another Delaware company called Mobile Media Matters. While I can't be exact on the link between Mobile Media Matters and Gametech, both companies' legal filings give the same Delaware address. Subsequent to this there's been a legal disagreement between Gametech and Dong Nguyen, except Nguyen doesn't seem to have bothered representing himself or standing up for the trademark, which has ultimately led to it being classed as abandoned (a decade after he filed for it) and acquired by Gametech... The Flappy Bird Foundation does have one ready-made comeback. As well as the rights to Flappy Bird it has acquired the rights to Piou Piou vs. Cactus, a mobile title that was the primary inspiration behind Flappy Bird, and employs the game's creator who goes by the handle, ahem, of Kek. "Today is a milestone not just in gaming but for me personally," says Kek. "It's so cool to see how influential Piou Piou has been for developers and hundreds of millions of gamers over the years. It's incredible to work alongside such a dedicated team of fans and creators who are truly passionate about changing the industry narrative and together bringing the original Flappy Bird back to life...." Way back in 2014, Kek said he'd contacted Nguyen about the resemblance, "and he told me he doesn't think he knew about my game when he made Flappy Bird. The games are very similar. And even if I did not invent the gameplay concept, the graphics are very close, and, of course, the concept." The games are undeniably similar, but there are differences, and obviously the most important one is that, for whatever reason, Piou Piou didn't do much while Flappy Bird went stratospheric with a similar idea three years later. Needless to say, the announcement and press release of the Flappy Bird Foundation does not mention Dong Nguyen once.

Read more of this story at Slashdot.

For 30 days, 17,000 AT&T workers in nine different states from the CWA union went on strike. As it began one North Carolina newspaper noted some AT&T customers "report prolonged internet outages." Last week an Emory University economist told NPR that "If it wasn't disruptive or it didn't have any kind of negative element towards customers, then AT&T, I suspect, wouldn't feel any kind of pressure to negotiate." The 30-day strike was "the longest telecommunications strike in the region's history," according to the union — announcing today that they'd now negotiated "strong tentative contract agreements" and that workers would report to work for their scheduled shifts tomorrow. The new contract in the Southeast covers 17,000 workers technicians, customer service representatives and others who install, maintain and support AT&T's residential and business wireline telecommunications network in Alabama, Florida, Georgia, Kentucky, Louisiana, Mississippi, North Carolina, South Carolina and Tennessee. Wages and health care costs were key issues at the bargaining table, and the five-year agreement includes across the board wage increases of 19.33%, with additional 3% increases for Wire Technicians and Utility Operations. The health care agreement holds health care premiums steady in the first year and lowers them in the second and third years, with modest monthly increases in the final two years. The statement adds that "CWA members and retirees from every region and sector of our union mobilized in support of our bargaining teams, including by distributing flyers with information about the strike at AT&T Wireless stores." CWA District 3 Vice President Richard Honeycutt added "We know that our customers have faced hardship during the strike as well. We are happy to be getting back to work keeping our communities safe and connected." There's also a separate four-year agreement covering 8,500 AT&T West workers in California and Nevada. "Union members will meet to review the tentative agreements, before holding ratification votes in each region." AT&T's chief operating officer said the Southeast agreement will "support our competitive position in the broadband industry where we can grow and win against our mostly non-union competitors."

Read more of this story at Slashdot.

The New York Times looks at "a third-generation family firm" in Paraguay "with 280 workers that packages hot sauce, soy beans...and seven kinds of salt for sale in Paraguayan supermarkets." Its mascot — on t-shirts, coffee cups, and "in heavy demand at Paraguayan weddings" — is a mouse named Mickey. 51-year-old Viviana Blasco — one of five siblings who run the business — told the Times that it all began back in 1935: Ms. Blasco's grandfather, Pascual, the son of Italian immigrants, saw an opportunity to spread some joy — and turn a profit. He opened a tiny shop selling fruit and homemade gelato. It was called Mickey... Pascual, she said, often vacationed in Buenos Aires — Argentina's cosmopolitan capital... "On one of his trips, he must have seen the famous mouse," Ms. Blasco said... A few years later, Pascual opened the Mickey Ice Cream Parlor, Café and Confectioners. By 1969, Mickey was selling rice, sugar and baking soda in packages now decorated with the eponymous mouse. "Mickey resonates with Paraguayans' sense of nostalgia, said Euge Aquino, a TV chef and social media influencer who uses its ingredients to make comfort food like pastel mandi'o (yuca and beef empanadas)... Mickey's popularity, she said, also has a lot to do with the mascot handing out candy outside the factory gates every Christmas: a tradition dating back to 1983." By now, a "peaceful coexistence" reigns between Mickey and its United States doppelgänger, said Elba Rosa Britez, 72, the smaller company's lawyer. This truce was hard-won. In 1991, Disney filed a trademark violation claim with Paraguay's Ministry of Business and Industry that was rejected. The company then filed a lawsuit, but in 1995 a trademark tribunal ruled in Mickey's favor. There, one judge agreed that Paraguayans could easily confuse the Disney Mickey and the Paraguayan Mickey. But Disney didn't reckon on a "legal loophole," Ms Britez explained. The Mickey trademark had been registered in Paraguay since at least 1956 — and Pascual's descendants had since renewed it — without protest from the multinational. In 1998, Paraguay's Supreme Court issued its final ruling. Through decades of uninterrupted use, Mickey had acquired the right to be Mickey. "I jumped for joy," Ms Britez said. Mickey's legal immunity in Paraguay, Ms. Blasco acknowledged, might not extend to selling its products abroad. "We've never tried." "Some lining up to meet the mascot said Mickey's David-vs-Goliath triumph against Disney filled them with national pride..."

Read more of this story at Slashdot.

"Even black holes have edge cases," writes Astronomy magazine contributing editor Steve Nadis, in an article in Quanta magazine (republished today by Wired): Black holes rotate in space. As matter falls into them, they start to spin faster; if that matter has charge, they also become electrically charged. In principle, a black hole can reach a point where it has as much charge or spin as it possibly can, given its mass. Such a black hole is called "extremal" — the extreme of the extremes. These black holes have some bizarre properties. In particular, the so-called surface gravity at the boundary, or event horizon, of such a black hole is zero. "It is a black hole whose surface doesn't attract things anymore," said Carsten Gundlach, a mathematical physicist at the University of Southampton. But if you were to nudge a particle slightly toward the black hole's center, it would be unable to escape. In 1973, the prominent physicists Stephen Hawking, James Bardeen and Brandon Carter asserted that extremal black holes can't exist in the real world — that there is simply no plausible way that they can form. Nevertheless, for the past 50 years, extremal black holes have served as useful models in theoretical physics. "They have nice symmetries that make it easier to calculate things," said Gaurav Khanna of the University of Rhode Island, and this allows physicists to test theories about the mysterious relationship between quantum mechanics and gravity. Now two mathematicians have proved Hawking and his colleagues wrong. The new work — contained in a pair of recent papers by Christoph Kehle of the Massachusetts Institute of Technology and Ryan Unger of Stanford University and the University of California, Berkeley — demonstrates that there is nothing in our known laws of physics to prevent the formation of an extremal black hole. Their mathematical proof is "beautiful, technically innovative and physically surprising," said Mihalis Dafermos, a mathematician at Princeton University (and Kehle's and Unger's doctoral adviser). It hints at a potentially richer and more varied universe in which "extremal black holes could be out there astrophysically," he added. That doesn't mean they are. "Just because a mathematical solution exists that has nice properties doesn't necessarily mean that nature will make use of it," Khanna said. "But if we somehow find one, that would really [make] us think about what we are missing." Such a discovery, he noted, has the potential to raise "some pretty radical kinds of questions." Before Kehle and Unger's proof, there was good reason to believe that extremal black holes couldn't exist. Hawking, Bardeen, and Carter believed there was no way an extremal black hole could form, according to the article, and "in 1986, a physicist named Werner Israel seemed to put the issue to rest." But the two mathematicians, studying the formation of electrically charged black holes, stumbled into a counterexample — and along the way "also constructed two other solutions to Einstein's equations of general relativity that involved different ways of adding charge to a black hole. Having disproved Bardeen, Carter and Hawking's hypothesis in three different contexts, the work should leave no doubt, Unger said... "This is a beautiful example of math giving back to physics," said Elena Giorgi, a mathematician at Columbia University.... In the meantime, a better understanding of extremal black holes can provide further insights into near-extremal black holes, which are thought to be plentiful in the universe. "Einstein didn't think that black holes could be real [because] they're just too weird," Khanna said. "But now we know the universe is teeming with black holes." For similar reasons, he added, "we shouldn't give up on extremal black holes. I just don't want to put limits on nature's creativity."

Read more of this story at Slashdot.

Last October Slashdot reported on René Rebe's discovery of a random illegal instruction speculation bug on AMD Ryzen 7000-series and Epyc Zen 4 CPUs — which Rebe discussed on his YouTube channel. But this week's YouTube episode had a different ending, reports Tom's Hardware... Two days ago, tech streamer and host of Code Therapy René Rebe was streaming one of many T2 Linux (his own custom distribution) development sessions from his office in Germany when he abruptly had to remove his microphone and walk off camera due to the arrival of police officers. The officers subsequently cuffed him and took him to the station for an hour of questioning, a span of time during which the stream continued to run until he made it back... [T]he police seemingly have no idea who did it and acted based on a tip sent with an email. Finding the perpetrators could take a while, and options will be fairly limited if they don't also live in Germany. Rebe has been contributing to Linux "since as early as 1998," according to the article, "and started his own T2 SD3 Embedded Linux distribution in 2004, as well." (And he's also a contributor to many other major open source projects.) The article points out that Linux and other communities "are compelled by little-to-no profit motive, so in essence, René has been providing unpaid software development for the greater good for the past two decades."

Read more of this story at Slashdot.

In 2015 Amazon purchased chip designer Annapurna Labs, remembers IEEE Spectrum, "and proceeded to design CPUs, AI accelerators, servers, and data centers as a vertically-integrated operation." The article argues that while AMD, Nvidia, and other big-name processor companies may also want to control the full stack (purchasing server, software, and interconnect companies) — Amazon Web Services "got there ahead of most of the competition." (IEEE Spectrum interviews Ali Saidi, technical lead for the AWS Graviton series of CPUs, and Rami Sinno, director of engineering at Annapurna Labs, on "the advantage of vertically-integrated design — and Amazon-scale...") Sinno: I was working at Arm, and I was looking for the next adventure, looking at where the industry is heading and what I want my legacy to be. I looked at two things: One is vertically integrated companies, because this is where most of the innovation is — the interesting stuff is happening when you control the full hardware and software stack and deliver directly to customers. And the second thing is, I realized that machine learning, AI in general, is going to be very, very big. I didn't know exactly which direction it was going to take, but I knew that there is something that is going to be generational, and I wanted to be part of that. I already had that experience prior when I was part of the group that was building the chips that go into the Blackberries; that was a fundamental shift in the industry. That feeling was incredible, to be part of something so big, so fundamental. And I thought, "Okay, I have another chance to be part of something fundamental." [...] At the end of the day, our responsibility is to deliver complete servers in the data center directly for our customers. And if you think from that perspective, you'll be able to optimize and innovate across the full stack. It might not be at the transistor level or at the substrate level or at the board level. It could be something completely different. It could be purely software. And having that knowledge, having that visibility, will allow the engineers to be significantly more productive and delivery to the customer significantly faster. We're not going to bang our head against the wall to optimize the transistor where three lines of code downstream will solve these problems, right...? We've had very good luck with recent college grads. Recent college grads, especially the past couple of years, have been absolutely phenomenal. I'm very, very pleased with the way that the education system is graduating the engineers and the computer scientists that are interested in the type of jobs that we have for them. It's an interesting glimpse into the unique world of designing chips at Amazon. Graviton technical lead Saidi: I've been here about seven and a half years. When I joined AWS, I joined a secret project at the time. I was told: "We're going to build some Arm servers. Tell no one... "In chip design, there are many different competing optimization points. You have all of these conflicting requirements, you have cost, you have scheduling, you've got power consumption, you've got size, what DRAM technologies are available and when you're going to intersect them... It ends up being this fun, multifaceted optimization problem to figure out what's the best thing that you can build in a timeframe. And you need to get it right."

Read more of this story at Slashdot.

"It is with great relief that I welcome you home!" SpaceX COO Gwynne Shotwell posted on X. "This mission was even more extraordinary than I anticipated." "SpaceX's Polaris Dawn crew is home," reports CNN, "capping off a five-day mission to orbit — which included the world's first commercial spacewalk — by splashing down in the Gulf of Mexico." The Crew Dragon capsule carrying four astronauts landed off the coast of Dry Tortugas, Florida, at 3:37 a.m. ET Sunday. The Polaris Dawn mission made history as it reached a higher altitude than any human has traveled in five decades. [870 miles (1,400 kilometers) — beating the 853-mile record set in 1966 by NASA's Gemini 11 mission.] A spacewalk conducted early Thursday morning also marked the first time such an endeavor has been completed by a privately funded and operated mis.sion. But returning to Earth is among the most dangerous stretches of any space mission. To safely reach home, the Crew Dragon capsule carried out what's called a "de-orbit burn," orienting itself as it prepared to slice through the thickest part of Earth's atmosphere. The spacecraft then reached extremely hot temperatures — up to 3,500 degrees Fahrenheit (1,900 degrees Celsius) — because of the pressure and friction caused by hitting the air while still traveling around 17,000 miles per hour (27,000 kilometers per hour). The crew, however, should have remained at comfortable temperatures, protected by the Crew Dragon's heat shield, which is located on the bottom of the 13-foot-wide (4-meter-wide) capsule. Dragging against the air began to slow the vehicle down before the Crew Dragon deployed parachutes that further decelerated its descent. Having hit the ocean, the spacecraft briefly bobbed around in the water until rescue crews waiting nearby hauled it out of the ocean and onto a special boat, referred to as the "Dragon's nest." Final safety checks took place there before the crew disembarked from the capsule and began the journey back to dry land. You can watch video of the splashdown on YouTube. While in space, the crew performed 40 science experiments and research, according to the article. "Gillis, a trained violinist, also brought her instrument along for the mission and delivered a rendition of 'Rey's Theme' from "Star Wars: The Force Awakens." (Slashdot reader SuperKendall points out that the "Rey's Theme" rendition "was not just the astronaut playing violin in space, but was in conjunction with young adult orchestras around the world.") SpaceX's COO said the performance "made me tear up. Thank you all for taking this journey."

Read more of this story at Slashdot.

An anonymous reader shared this report from DecClass: A report from developer-focused analyst Redmonk finds "there does not seem to be a clear link between moving from an open source to proprietary license and increasing the company's value." Senior analyst Rachel Stevens studied the question of whether the companies that changed from open source to proprietary licenses have since reported better financial positions. In particular, she looked at MongoDB, which changed from AGPL (GNU Affero General Public License) to its SSPL (Server Side Public License) in 2018; Elastic Co, which changed from Apache 2 to SSPL or Elastic License in early 2021; HashiCorp, which changed from MPL (Mozilla Public License 2.0) a year ago, and Confluent, which checked from Apache 2 to its own Confluent Community License in 2018. The report is too recent to take account of Elastic's reversion to AGPL; and the financial impact of that is of course yet to be known, though it is perhaps unlikely that the switch back would have been made if the company considered it detrimental to its finances. Rather, Elastic's latest licensing change reinforces the view that proprietary licenses are not necessarily more profitable... All the companies studied increased their revenue after their license change, Stevens said, but added that the rate of change was similar to that before the change... MongoDB stated in 2018 that "once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community." Six years later, it remains the case that the large cloud vendors are highly profitable, but that these companies who changed their license are not. In February this year, Bruce Perens, creator of the 1998 Open Source Definition, described open source as "a great corporate welfare program" and not at all what he had intended... The new Redmonk report suggests that such license manoeuvres are neither fatal nor beneficial to the finances of the companies involved — though there are so many caveats that it is impossible to draw firm conclusions. The report's final sentence concludes that "there does not seem to be a clear link between moving from an open source to proprietary license and increasing the company's value."

Read more of this story at Slashdot.

In 1980 a 23-year-old woman was shot multiple times by an unknown assailant in a small county in central Kansas. 44 years later, the county sheriff made a Facebook post... Over the years, dozens of law enforcement officers looked at the case to no avail. In mid-2022 I was approached by Detective Sgt. Adam Hales to reopen the case using new techniques and technology that were now available at the time of the murder. In all honesty, it was with some degree of skepticism that I authorized the expenditure of manpower and resources... Many of the witnesses as well as law enforcement officers that were originally involved in the case had died and interviews were not possible. A statement from the Kansas attorney general's office says the police investigation culminated with an interview with Steven Hanks, a neighbor of the woman, who admitted to the killing. Hanks (who is now 70 years old) was arrested and charged with murder and second-degree, according to the county sheriff's Facebook post: On a personal note, I was 18 years old and a senior in high school when this homicide occurred. I remember it well. By 1982 I had started with the Sheriff's Office as a reserve deputy and have been associated with the Barton County Sheriff's Office ever since. I worked for the four Sheriff's that preceded me and this homicide has haunted all of us. It bothers me that many of the people who were so affected by this tragic crime have since passed away prior to bringing the suspect to justice. I consider myself fortunate that I had the resources and the diligent personnel to close this case. The Facebook post ends with a 1980 photo of 23-year-old Mary Robin Walter — who besides being a nursing school student was also a wife and mother — next to a booking photo of 70-year-old Steven Hanks. Hanks has been sentenced to up to 25 years in prison

Read more of this story at Slashdot.

It was one year ago that "an odd seismic signal appeared at scientific stations around the globe," reports the Washington Post. "A day passed, and the slow tremor still reverberated. When it continued for a third day, scientists worldwide began assembling..." Some initially thought the seismic instruments recording the signal were broken, but that was quickly nixed. Maybe it was a new volcano emerging before their eyes, others said. One jokingly ruled out an alien party. As theories were checked off, the scientists dubbed the signal an "Unidentified Seismic Object," or USO... Nine days later, the vibrations greatly dissipated. But the mystery of the USO lasted much longer. A year later, the puzzle has been solved, according to a study published in the journal Science on Thursday. It took about 70 people from 15 different countries and more than 8,000 exchanged messages (long enough for a 900-page detective novel) to crack the case. The short answer: A mega-tsunami created waves that sloshed back and forth in a fjord in Greenland, creating vibrations that traveled around the world. Extra heat from global warming "thinned a glacier in eastern Greenland over time so much that it could no longer support the mountain rock above it," according to the article. A mile-long avalanche "plunged into the Dickson Fjord, triggering a 650-foot-high tsunami — one of the highest seen in recent history." Like the rhythmic waves in a bathtub, "the mega-tsunami wave traveled back and forth in the inlet," which "radiated seismic waves globally, shaking the planet for nine days before it petered out." In August a German research team had studied the megatsunami, concluding that climate change was speeding the melt of Greenland's glaciers and increasing the chance of landslide-driven megatsunamis. The article reports that an author of that study said when comparing it to this one, "The methods chosen by the teams are different, but the results agree well."

Read more of this story at Slashdot.

"For 75 years Cosm built planetariums," reports a Texas news station, "and then a few years ago realized this technology could take you from the night sky to anywhere under the sun." So now Los Angeles and Dallas have massive 9,600-square-foot, 8K-resolution screens that one reviewer for SFGate calls "an absolute game-changer" for sports fans. "At its best, Cosm's floor-to-ceiling screen gives anyone with a seat the opportunity to embrace a face full of on-the-field action at such high quality that it can be staggering, almost overwhelming at times — so just be sure to hold on tight, to the handrails and to your wallets." There's also a bar with a 150-foot band of screens and a rooftop area with mounted TV, but they're "not why anyone has come," SFGate points out. Even the Dome has three distinct floors, though it's the second floor "where full visual immersion happens." The action feels so close, I can almost smell it, and all the focus is pulled to the center of the giant screen. Patrons truly do feel at the absolute heart of the action, with better seats than perhaps they could even pay for at Manchester's Old Trafford stadium. From a sports-viewing standpoint, I can't imagine it gets much better than this... Over the course of just a few minutes, the viewing angle flips from corner looks to right up against the goalkeeper's net, and then it widens out to dead center to catch crisp passes. Some angles put me right in the stands, cheering along with the loyalists at a stadium half a world away... To be clear, the premium ticket costs are good for recouping Cosm's substantial investment in this gorgeous technological product, which has been in the works for years. The price tag is also likely to be little issue for any Los Angeles fan with money to spend, but the cost really does lay bare the growing division between the haves and have-nots in American sports society... If you paid $20 for a general admission entry that mostly just grants access to the fringes of the action, well ... good luck getting the most out of the Dome... The edges of the massive screen are stretched to comic effect, making the fisheye perspective more disorienting than fun. At the center of the room, it feels like you're absolutely in the meat of the action; at the fringes, you're left to pick at a few digital bones... [F]or the rest of us, the normal sports fans who like to sway with strangers during the seventh-inning stretch, the ones who want to be able to take their kids to a game without feeling quite so financially wrung out, Cosm is yet another troubling sign of big, expensive things to come. Being a fan of a sports franchise in 2024 is an increasingly costly proposition. Watching your favorite NFL team now requires cable access, as well as multiple streaming services like Amazon Prime... There is no question that Cosm is a unique experience and that it will absolutely have a hand in transforming the modern digital sports-watching landscape, especially for those who want a digital re-creation of the best seat in the house over the camaraderie of a shared, in-person sports experience. The place will be able to charge incredible sums for the Super Bowl or World Series games, and — when at its best, with a prime seat in the middle of the action — the cost will be justifiable for many. But for the folks at the financial fringes, the ones with the most spirit and often the least to spend, Cosm undoubtedly feels like a widening of the economic chasm that is pulling fans and their favorite teams further apart. Besides sports events, Cosm's Dome also offers other immersive experiences like Circque du Soleil's "O" and Planetary Collective's "Orbital". Another Cosm location is planned for Phoenix in 2025.

Read more of this story at Slashdot.

"New malicious software packages tied to the North Korean Lazarus Group were observed posing as a Python coding skills test for developers seeking a new job at Capital One, but were tracked to GitHub projects with embedded malware," reports SC magazine: Researchers at ReversingLabs explained in a September 10 blog post that the scheme was a follow-on to the VMConnect campaign that they first identified in August 2023 in which developers were lured into downloading malicious code via fake job interviews. More details from The Hacker News These packages, for their part, have been published directly on public repositories like npm and PyPI, or hosted on GitHub repositories under their control. ReversingLabs said it identified malicious code embedded within modified versions of legitimate PyPI libraries such as pyperclip and pyrebase... It's implemented in the form of a Base64-encoded string that obscures a downloader function, which establishes contact with a command-and-control server in order to execute commands received as a response. In one instance of the coding assignment identified by the software supply chain firm, the threat actors sought to create a false sense of urgency by requiring job seekers to build a Python project shared in the form of a ZIP file within five minutes and find and fix a coding flaw in the next 15 minutes. This makes it "more likely that he or she would execute the package without performing any type of security or even source code review first," Zanki said, adding "that ensures the malicious actors behind this campaign that the embedded malware would be executed on the developer's system." Tom's Hardware reports that "The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS. This is a good time to refer to PEP 668 which enforces virtual environments for non-system wide Python installs." More from The Hacker News Some of the aforementioned tests claimed to be a technical interview for financial institutions like Capital One and Rookery Capital Limited, underscoring how the threat actors are impersonating legitimate companies in the sector to pull off the operation. It's currently not clear how widespread these campaigns are, although prospective targets are scouted and contacted using LinkedIn, as recently also highlighted by Google-owned Mandiant.

Read more of this story at Slashdot.

Google's describes their new Gemini-powered foldable phone as "an epic display of Google AI" (also calling it "unfoldgettable"). The Android Authority blog says the phone is "impressive," "incredibly thin" — and, at $1,800, expensive. But long-time Slashdot reader mprindle notes some complaints from the YouTube channel JerryRigEverything ("known for in-depth testing of phones and other devices".) The blog 9to5Google summarizes some of the video's findings: - When exposed to dirt and sand, we hear the hinge start grinding since there's no dust protection... - A closed bend test reveals no problems for the Pixel 9 Pro Fold, but the issues arise when it's open and bent from the back. Despite the left/right back panels meeting and covering the spine of the hinge, "there doesn't appear to be a whole lot of resistance." "Not sure why Google thought it was a good idea to put an antenna line right here at the weakest point in an already thin frame," the video notes (arguing it's "like putting an exhaust port in the Death Star...") But they also tell their 8.8 million subscribers that "One cool thing that Google has done is that they've made every single part of this metal frame from recycled aluminum." And "Out of the box, I'm already a huge fan of how it looks," the video begins. "It feels amazing, and folds completely shut and appears like the hardware has finally caught up to the folding form factor to where it looks just natural." One thing to note... "Moving to the inner display, I start to get the vibe that when Google says 'super durable', they mean 'regular durable', since the inner display is made from the same soft flexible plastic that we've seen on every folding phone so far, which scratches at level two. Even fingernails can leave very permanent marks on the center screen. This is absolutely normal for a folding phone, though, and really not too big of a deal if you take care it, making sure there are no bits of dust or dirt in the screen when you close it will go a long way to keeping things pristine, since there's not a lot of room between the two halves." iFixit makes an interesting observation: "Over half of the phone's internal area is occupied by the lithium polymer battery cells!" (They've also created another teardown video available on YouTube.) "There's no denying that the inner screens are delicate and prone to damage," according to an accompanying iFixit blog post, "and the mechanical nature of the hinge mechanism provides additional avenues for dust and liquid ingress that may eventually become a problem." But it also applauds "the less obvious repairability wins, from repair guides and a detailed Bill of Materials to spare parts that are available without malicious restrictions... [T]he Pixel team has gone to great lengths to support your right to repair the device you paid for and own" — and from Day One. There's really only a single criticism I'd direct at the Pixel 9 Fold from my own disassembly experience: the battery removal tabs. These tabs simply do not work, with or without the application of heat. They are flimsy and break often, require a second pair of hands to secure the device, and they fail to cut through adhesive reliably. Whether they should even try to cut through adhesive is debatable. Stretch release adhesive might age and break over time but at least they give you a chance at removing the adhesive. Pull tabs don't even work when the adhesive is brand new, they literally have no redeeming qualities when compared to other battery release mechanisms. Even the more robust pull tabs Samsung uses in its phones work better than this, though they aren't necessarily the easiest to use either. As for the device itself, it prompted one of my colleagues — an iPhone user since forever — to say "this is nice, I'd switch to Android for this"... Setting aside the downsides of owning a foldable smartphone, I am excited to see Google and the Pixel team devoting so much time and energy towards improving the overall repairability of the device. The effort is seen and appreciated by device owners and as a technician, I look forward to seeing how manufacturers will continue to innovate for repairability. Slashdot reader mprindle reminds us that when it comes to waterproofing, the JerryRigEverything video "noted that the footnotes say the device is rated IP68 yet the Sim tray is rated at IPx8."

Read more of this story at Slashdot.

Police in Italy "smashed" a videogame trafficking ring, reports the BBC. They seized fake vintage Nintendo, Sega and Atari consoles that didn't meet strict safety standards, as well as counterfeit games — including Mario Bros., Street Fighter and Star Wars — that together were worth almost €50m ($55.5m) Around 12,000 consoles holding over 47 million pirated video games were seized by police, Alessandro Langella, head of the economic crime unit for Turin's financial police, told the AFP news agency... They were "all from China" and were imported to be sold in specialised shops or online, Mr Langella said... The seized games have been destroyed. Nine Italian nationals have been arrested and charged with trading in counterfeited goods. If found guilty, they face up to eight years in prison.

Read more of this story at Slashdot.

More details on that report about NASA from the Washington Post: NASA is 66 years old and feeling its age. Brilliant engineers are retiring. Others have fled to higher-paying jobs in the private space industry. The buildings are old, their maintenance deferred. The Apollo era, with its huge taxpayer investment, is a distant memory. The agency now pursues complex missions on inadequate budgets. This may be an unsustainable path for NASA, one that imperils long-term success. That is the conclusion of a sweeping report, titled "NASA at a Crossroads," written by a committee of aerospace experts and published Tuesday by the National Academies of Sciences, Engineering and Medicine. The report suggests that NASA prioritizes near-term missions and fails to think strategically. In other words, the space agency isn't sufficiently focused on the future. NASA's intense focus on current missions is understandable, considering the unforgiving nature of space operations, but "one tends to neglect the probably less glamorous thing that will determine the success in the future," the report's lead author, Norman Augustine, a retired Lockheed Martin chief executive, said Tuesday. He said one solution for NASA's problems is more funding from Congress. But that may be hard to come by, in which case, he said, the agency needs to consider canceling or delaying costly missions to invest in more mundane but strategically important institutional needs, such as technology development and workforce training. Augustine said he is concerned that NASA could lose in-house expertise if it relies too heavily on the private industry for newly emerging technologies. "It will have trouble hiring innovative, creative engineers. Innovative, creative engineers don't want to have a job that consists of overseeing other people's work," he said... The report is hardly a blistering screed. The tone is parental. It praises the agency — with a budget of about $25 billion — for its triumphs while urging more prudent decision-making and long-term strategizing. NASA pursues spectacular missions. It has sent swarms of robotic probes across the solar system and even into interstellar space. Astronauts have continuously been in orbit for more than two decades. The most ambitious program, Artemis, aims to put astronauts back on the moon in a few short years. And long-term, NASA hopes to put astronauts on Mars. But a truism in the industry is that space is hard. The new report contends that NASA has a mismatch between its ambitions and its budget, and needs to pay attention to fundamentals such as fixing its aging infrastructure and retaining in-house talent. NASA's overall physical infrastructure is already well beyond its design life, and this fraction continues to grow," the report states. NASA Administrator Bill Nelson said the report "aligns with our current efforts to ensure we have the infrastructure, workforce, and technology that NASA needs for the decades ahead," according to the article. Nelson added that the agency "will continue to work diligently to address the committee's recommendations."

Read more of this story at Slashdot.

The Rust foundation is making "considerable progress" on a complete security audit of the Rust ecosystem, according to the coding news site I Programmer, citing a newly-released report from the nonprofit Rust foundation: The foundation is investigating the development of a Public Key Infrastructure (PKI) model for the Rust language, including the design and implementation for a PKI CA and a resilient Quorum model for the project to implement, and the report says that language updates suggested by members of the Project were nearly ready for implementation. Following the XZ backdoor vulnerability, the Security Initiative has focused on supply chain security, including work on provenance-tracking, verifying that a given crate is actually associated with the repository it claims to be. The top 5,000 crates by download count have been checked and verified. Threat modeling has now been completed on the Crates ecosystem. Rust Infrastructure, crates.io and the Rust Project. Two open source security tools, Painter and Typomania, have been developed and released. Painter can be used to build a graph database of dependencies and invocations between all crates within the crates.io ecosystem, including the ability to obtain 'unsafe' statistics, better call graph pruning, and FFI boundary mapping. Typomania ports typogard to Rust, and can be used to detect potential typosquatting as a reusable library that can be adapted to any registry. They've also tightened admin privileges for Rust's package registry, according to the article. And "In addition to the work on the Security Initiative, the Foundation has also been working on improving interoperability between Rust and C++, supported by a $1 million contribution from Google." According to the Rust foundation's technology director, they've made "impressive technical strides and developed new strategies to reinforce the safety, security, and longevity of the Rust programming language." And the director says the new report "paints a clear picture of the impact of our technical projects like the Security Initiative, Safety-Critical Rust Consortium, infrastructure and crates.io support, Interop Initiative, and much more."

Read more of this story at Slashdot.