Slashdot

    0
    24
    RSS Source: https://slashdot.org/
    Default Action: directlink
    Default Link Follow: nofollow
    Default Link Target: newtab
    Default Link Color is defined : #006666
    Feed Title: Slashdot
    - BeauHD

    The U.S. Government Accountability Office on Friday denied protests from companies affiliated with Jeff Bezos that NASA wrongly awarded a lucrative astronaut lunar lander contract solely to Elon Musk's SpaceX. CNBC reports: "NASA did not violate procurement law or regulation when it decided to make only one award ... the evaluation of all three proposals was reasonable, and consistent with applicable procurement law, regulation, and the announcement's terms," GAO managing associate general counsel Kenneth Patton wrote in a statement. The GAO ruling backs the space agency's surprise announcement in April that NASA awarded SpaceX with a contract worth about $2.9 billion. SpaceX was competing with Blue Origin and Dynetics for what was expected to be two contracts, before NASA only awarded a single contract due to a lower-than-expected allocation for the program from Congress. NASA, in a statement, said that the GAO decision will allow the agency "to establish a timeline for the first crewed landing on the Moon in more than 50 years." "As soon as possible, NASA will provide an update on the way ahead for Artemis, the human landing system, and humanity's return to the Moon. We will continue to work with the Biden Administration and Congress to ensure funding for a robust and sustainable approach for the nation's return to the Moon in a collaborative effort with U.S. commercial partners," the U.S. space agency said. A Blue Origin spokesperson told CNBC that the company still believes "there were fundamental issues with NASA's decision, but the GAO wasn't able to address them due to their limited jurisdiction." "We'll continue to advocate for two immediate providers as we believe it is the right solution," Blue Origin said. "The Human Landing System program needs to have competition now instead of later -- that's the best solution for NASA and the best solution for our country." Read more of this story at Slashdot.

    - BeauHD

    An anonymous reader quotes a report from The Guardian: Virtual contact during the pandemic made many over-60s feel lonelier and more depressed than no contact at all, new research has found. Many older people stayed in touch with family and friends during lockdown using the phone, video calls, and other forms of virtual contact. Zoom choirs, online book clubs and virtual bedtime stories with grandchildren helped many stave off isolation. But the study, among the first to comparatively assess social interactions across households and mental wellbeing during the pandemic, found many older people experienced a greater increase in loneliness and long-term mental health disorders as a result of the switch to online socializing than those who spent the pandemic on their own. The problem [said Dr Yang Hu of Lancaster University, who co-wrote the report, published on Monday in Frontiers in Sociology] was that older people unfamiliar with technology found it stressful to learn how to use it. But even those who were familiar with technology often found the extensive use of the medium over lockdown so stressful that it was more damaging to their mental health than simply coping with isolation and loneliness. "Extensive exposure to digital means of communication can also cause burnout. The results are very consistent," said Hu, who collected data from 5,148 people aged 60 or over in the UK and 1,391 in the US -- both before and during the pandemic. "It's not only loneliness that was made worse by virtual contact, but general mental health: these people were more depressed, more isolated and felt more unhappy as a direct result of their use of virtual contact," he said. "We need to have disaster preparedness," he said. "We need to equip older people with the digital capacity to be able to use technology for the next time a disaster like this comes around." Hu added: "Policymakers and practitioners need to take measures to pre-empt and mitigate the potential unintended implications of household-centerd pandemic responses for mental wellbeing." Read more of this story at Slashdot.

    - BeauHD

    A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. The Hacker News reports: Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was distributed via the official Google Play Store and masqueraded as an app named "Protection Guard," attracting over 5,000 installations. Banking and crypto-wallet apps from entities located in Italy, Australia, and Spain were the primary targets. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News. "The actors chose to steer away from the common HTML overlay development we usually see in other Android banking Trojans: this approach usually requires a larger time and effort investment from the actors to create multiple overlays capable of tricking the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result." Vultur [...] takes advantage of accessibility permissions to capture keystrokes and leverages VNC's screen recording feature to stealthily log all activities on the phone, thus obviating the need to register a new device and making it difficult for banks to detect fraud. What's more, the malware employs ngrok, a cross-platform utility used to expose local servers behind NATs and firewalls to the public internet over secure tunnels, to provide remote access to the VNC server running locally on the phone. Additionally, it also establishes connections with a command-and-control (C2) server to receive commands over Firebase Cloud Messaging (FCM), the results of which, including extracted data and screen captures, are then transmitted back to the server. ThreatFabric's investigation also connected Vultur with another well-known piece of malicious software named Brunhilda, a dropper that utilizes the Play Store to distribute different kinds of malware in what's called a "dropper-as-a-service" (DaaS) operation, citing overlaps in the source code and C2 infrastructure used to facilitate attacks. These ties, the Amsterdam-based cybersecurity services company said, indicate Brunhilda to be a privately operating threat actor that has its own dropper and proprietary RAT Vultur. Read more of this story at Slashdot.

    - msmash

    Amazon delivery companies around the U.S. are instructing workers to bypass daily inspections intended to make sure vans are safe to drive. From a report: Amazon requires contracted delivery drivers to inspect their vehicles at the beginning and end of their shift as a safety precaution. But some drivers say they're pressured to ignore damage and complete the inspections as quickly as possible, so that delivery companies can avoid taking vans off the road. If delivery companies take a van off the road, they risk forfeiting valuable package routes and drivers may lose a shift. These inconsistent inspection practices undermine the company's public messaging around worker safety. They also highlight the tension that delivery partners face between ensuring drivers' safety and keeping up with Amazon's aggressive delivery quotas, which can stretch into hundreds of packages per day per driver. CNBC spoke to 10 current and former Amazon delivery drivers in Georgia, Ohio, Indiana, Illinois, Kentucky and Texas who discovered their vans had issues ranging from jammed doors and tires with little to no tread to busted backup cameras and broken mirrors. They say managers told them to ignore these problems and complete their deliveries as usual. Read more of this story at Slashdot.

    - BeauHD

    Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday. Ars Technica reports: In a post, researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe of devops software vendor JFrog said they recently found eight packages in PyPI that carried out a range of malicious activity. Based on searches on https://pepy.tech, a site that provides download stats for Python packages, the researchers estimate the malicious packages were downloaded about 30,000 times. [...] Different packages from Thursday's haul carried out different kinds of nefarious activities. Six of them had three payloads, one for harvesting authentication cookies for Discord accounts, a second for extracting any passwords or payment card data stored by browsers, and the third for gathering information about the infected PC, such as IP addresses, computer name, and user name. The remaining two packages had malware that tries to connect to an attacker-designated IP address on TCP port 9009, and to then execute whatever Python code is available from the socket. It's not now known what the IP address was or if there was malware hosted on it. Like most novice Python malware, the packages used only a simple obfuscation such as from Base64 encoders. Karas told me that the first six packages had the ability to infect the developer computer but couldn't taint the code developers wrote with malware. "For both the pytagora and pytagora2 packages, which allows code execution on the machine they were installed, this would be possible." he said in a direct message. "After infecting the development machine, they would allow code execution and then a payload could be downloaded by the attacker that would modify the software projects under development. However, we don't have evidence that this was actually done." Read more of this story at Slashdot.

    - BeauHD

    The devastating heatwave that struck the Northwest US and southwest Canada in June was "the most extreme summer heatwave" ever recorded in North America, according to a new analysis from nonprofit research group Berkeley Earth. The Verge reports: Record temperatures in the region reached roughly 20 degrees Celsius (or 36 ÂF) hotter than average in June. Canada recorded its hottest temperature ever on June 29th when the village of Lytton in British Columbia reached an astonishing 49.6 degrees Celsius (121 degrees Fahrenheit). Typical temperatures there in June are closer to 20 to 30 degrees Celsius (68 to 86 degrees Fahrenheit). The consequences of that heat are staggering. Scorching temperatures fed wildfires, which burned down 90 percent of Lytton. There were at least 570 heat-related deaths in Canada and at least 194 in the US. Thousands more people wound up in emergency departments. For the entire Northern Hemisphere, it was the warmest June on record averaged across all land areas. Nearly 4 percent of the surface of the Earth hit record high average temperatures during the first half of 2021, according to the Berkeley Earth analysis. That's despite the cooling effect of a La Nina event. Looking at the first six months of the year, "Nowhere has been record cold," tweeted Berkeley Earth lead scientist Robert Rohde. Globally, the odds of more "record-shattering" heatwaves like the one that took such a huge toll in the US and Canada in June are likely on the rise. Read more of this story at Slashdot.

    - BeauHD

    An anonymous reader quotes a report from Kotaku: A cybersecurity company whose security researcher had once been harassed by Blizzard employees at a hacking conference charged the game developer a 50 percent "misogyny tax" when it sought a quote for security services, according to a new report from Waypoint. The researcher, Emily Mitchell, told Waypoint that she approached the Blizzard booth during the annual Black Hat USA cybersecurity conference in 2015 to see if the major video game company had any open positions. Her shirt, which referenced [to] a security process known as "penetration testing," prompted two unnamed Blizzard employees to ask her questions laced with misogyny and sexual double entendre. "One of them asked me when was the last time I was personally penetrated, if I liked being penetrated, and how often I got penetrated," Mitchell said. "I was furious and felt humiliated, so I took the free swag and left." Two years later, Blizzard approached cybersecurity firm Sagitta HPC (now known as Terahash) to request a quote on one of Sagitta HPC's password-cracking boxes. Mitchell, who was Sagitta HPC's chief operating officer at the time, saw Blizzard's request and immediately remembered what occurred at Black Hat USA 2015. After learning of the incident from Mitchell, Sagitta HPC founder and chief executive officer Jeremi M. Gosney responded to Blizzard's inquiry with a lengthy message decrying her treatment at the hands of Blizzard's employees. "[R]ather than dismiss you and tell you that we will not do business with you, we'd like to give Blizzard the opportunity to redeem themselves," Gosney wrote. (He eventually shared the email on Twitter with Blizzard's name redacted.) "We are committed to combating inequality, and I am calling on Blizzard to do the same. As you may or may not know, today is International Women's Day. And in honor of this day, we are attaching a few conditions if Blizzard wishes to do business with us." These conditions included a 50 percent "misogyny tax" on any business Sagitta HPC did with Blizzard (to be used as a donation to three different organizations devoted to support girls and women in the tech industry), Blizzard becoming a Gold-level sponsor of the Grace Hopper Celebration of Women in Computing conference, and a formal letter of apology from Blizzard executives to Mitchell in which they'd further dedicate themselves to supporting equality for women and sexual harassment training. [...] In 2017, the organizers of Black Hat USA, the Las Vegas hacking conference at which Mitchell was originally accosted, promised her that they would not allow Blizzard back as a sponsor for future events. As far as Kotaku can tell from historical information, neither Blizzard nor Activision have had a presence at the cybersecurity event since the year Blizzard staff harassed Mitchell. "Once this incident was reported to us, the Company began an investigation, promptly removed all unauthorized cameras, and notified the authorities," Activision Blizzard told Waypoint. "The authorities conducted a thorough investigation, with the full cooperation of the Company. As soon as the authorities and Company identified the perpetrator, he was terminated for his abhorrent conduct. The Company provided crisis counselors to employees, onsite and virtually, and increased security." Read more of this story at Slashdot.

    - BeauHD

    On Wednesday, language learning app Duolingo reached a valuation of $6.5 billion after its shares surged nearly 40% in the company's Nasdaq debut. Reuters reports: Duolingo's stock opened at $141.4 per share, blowing past the initial public offering price (IPO) of $102 per share, which crossed the top end of its target range. The stock later pared some gains to trade at $130.92 in the afternoon. The company's flotation comes at a time of increased investor interest in the edtech space, after pandemic restrictions sent students and teachers from the classroom to the web. "Being a public company will allow us to operate at a higher level, and get going from the minor leagues to the major leagues," said Luis von Ahn, co-founder and chief executive officer of Duolingo. Following the IPO, the company will focus on improving its flagship app and getting more active users to switch to paying subscribers, von Ahn said. Duolingo offers courses in 40 languages to about 40 million monthly active users. The company also plans to expand more in Asia, its fastest growing region. Currently, Duolingo's largest market is the United States, home to 20% of its users and bringing in 45% of the company's revenue, von Ahn said. Read more of this story at Slashdot.

    - BeauHD

    Forget the home office -- 45% of American teleworkers regularly work from a couch, 38% regularly work from bed and 20% often work outside, according to a study by the home improvement marketing firm CraftJack. Axios reports: People have spent an average of $268 trying to improve their remote work setups, but a whopping 50% still say the pain and discomfort of working from home is enough to send them back to the office. It's not enough for companies to provide stipends for teleworkers to buy ergonomic chairs or desks, Axios' Kia Kokalitcheva notes. Many people simply do not have the space allocated inside their homes for an office setup, and it can be too expensive to move to a bigger place. Read more of this story at Slashdot.

    - BeauHD

    An anonymous reader quotes a report from Phys.Org: Today, the LHCb experiment at CERN is presenting a new discovery at the European Physical Society Conference on High Energy Physics (EPS-HEP). The new particle discovered by LHCb, labeled as Tcc+, is a tetraquark -- an exotic hadron containing two quarks and two antiquarks. It is the longest-lived exotic matter particle ever discovered, and the first to contain two heavy quarks and two light antiquarks. Quarks are the fundamental building blocks from which matter is constructed. They combine to form hadrons, namely baryons, such as the proton and the neutron, which consist of three quarks, and mesons, which are formed as quark-antiquark pairs. In recent years a number of so-called exotic hadrons -- particles with four or five quarks, instead of the conventional two or three -- have been found. Today's discovery is of a particularly unique exotic hadron, an exotic exotic hadron if you like. The new particle contains two charm quarks and an up and a down antiquark. Several tetraquarks have been discovered in recent years (including one with two charm quarks and two charm antiquarks), but this is the first one that contains two charm quarks, without charm antiquarks to balance them. Physicists call this "open charm" (in this case, "double open charm"). Particles containing a charm quark and a charm antiquark have "hidden charm" -- the charm quantum number for the whole particle adds up to zero, just like a positive and a negative electrical charge would do. Here the charm quantum number adds up to two, so it has twice the charm! The quark content of Tcc+, has other interesting features besides being open charm. It is the first particle to be found that belongs to a class of tetraquarks with two heavy quarks and two light antiquarks. Such particles decay by transforming into a pair of mesons, each formed by one of the heavy quarks and one of the light antiquarks. According to some theoretical predictions, the mass of tetraquarks of this type should be very close to the sum of masses of the two mesons. Such proximity in mass makes the decay "difficult," resulting in a longer lifetime of the particle, and indeed Tcc+, is the longest-lived exotic hadron found to date. Read more of this story at Slashdot.

    - msmash

    The lifestyles of around three average Americans will create enough planet-heating emissions to kill one person, and the emissions from a single coal-fired power plant are likely to result in more than 900 deaths, according to the first analysis to calculate the mortal cost of carbon emissions. From a report: The new research builds upon what is known as the "social cost of carbon," a monetary figure placed upon the damage caused by each ton of carbon dioxide emissions, by assigning an expected death toll from the emissions that cause the climate crisis. The analysis draws upon several public health studies to conclude that for every 4,434 metric tons of CO2 pumped into the atmosphere beyond the 2020 rate of emissions, one person globally will die prematurely from the increased temperature. This additional CO2 is equivalent to the current lifetime emissions of 3.5 Americans. Adding a further 4m metric tons above last year's level, produced by the average US coal plant, will cost 904 lives worldwide by the end of the century, the research found. On a grander scale, eliminating planet-heating emissions by 2050 would save an expected 74 million lives around the world this century. The figures for expected deaths from the release of emissions aren't definitive and may well be "a vast underestimate" as they only account for heat-related mortality rather than deaths from flooding, storms, crop failures and other impacts that flow from the climate crisis, according to Daniel Bressler of Columbia University's Earth Institute, who wrote the paper. Read more of this story at Slashdot.

    - msmash

    China's breathtaking economic growth created cities ill-equipped to face extreme weather. Last week's dramatic floods showed that much will have to change. From a report: China's breakneck growth over the last four decades erected soaring cities where there had been hamlets and farmland. The cities lured factories, and the factories lured workers. The boom lifted hundreds of millions of people out of the poverty and rural hardship they once faced. Now those cities face the daunting new challenge of adapting to extreme weather caused by climate change, a possibility that few gave much thought to when the country began its extraordinary economic transformation. China's pell-mell, brisk urbanization has in some ways made the challenge harder to face. No one weather event can be immediately linked to climate change, but the storm that flooded Zhengzhou and other cities in central China last week, killing at least 69 as of Monday, reflects a global trend of extreme weather that has seen deadly flooding recently in Germany and Belgium, and severe heat and wildfires in Siberia. The flooding in China, which engulfed subway lines, washed away roads and cut off villages, also highlights the environmental vulnerabilities that accompanied the country's economic boom and could yet undermine it. China has always had floods, but as Kong Feng, then a public policy professor at Tsinghua University in Beijing, wrote in 2019, the flooding of cities across China in recent years is "a general manifestation of urban problems" in the country. The vast expansion of roads, subways and railways in cities that swelled almost overnight meant there were fewer places where rain could safely be absorbed -- disrupting what scientists call the natural hydrological cycle. Faith Chan, a professor of geology with the University of Nottingham in Ningbo in eastern China, said the country's cities -- and there are 93 with populations of more than a million -- modernized at a time when Chinese leaders made climate resiliency less of a priority than economic growth. "If they had a chance to build a city again, or to plan one, I think they would agree to make it more balanced," said Mr. Chan, who is also a visiting fellow at the Water@Leeds Research Institute of the University of Leeds. Read more of this story at Slashdot.

    - msmash

    The U.S. agency leading the fight against Covid-19 gave up a crucial surveillance tool tracking the effectiveness of vaccines just as a troublesome new variant of the virus was emerging. From a report: While the Centers for Disease Control and Prevention stopped comprehensively tracking what are known as vaccine breakthrough cases in May, the consequences of that choice are only now beginning to show. At the time, the agency had identified only 10,262 cases across the U.S. where a fully vaccinated person had tested positive for Covid. Most people who got infected after vaccination showed few symptoms, and appeared to be at low risk of infecting others. But in the months since, the number of vaccine breakthrough cases has grown, as has the risk that they present. Further reading: 'The War Has Changed': Internal CDC Document Urges New Messaging, Warns Delta Infections Likely More Severe. Read more of this story at Slashdot.

    - msmash

    In a preprint posted online Thursday night, researchers at Google in collaboration with physicists at Stanford, Princeton and other universities say that they have used Google's quantum computer to demonstrate a genuine "time crystal" for the first time. From a report: A novel phase of matter that physicists have strived to realize for many years, a time crystal is an object whose parts move in a regular, repeating cycle, sustaining this constant change without burning any energy. "The consequence is amazing: You evade the second law of thermodynamics," said co-author Roderich Moessner, director of the Max Planck Institute for the Physics of Complex Systems in Dresden, Germany. That's the law that says disorder always increases. Time crystals are also the first objects to spontaneously break "time-translation symmetry," the usual rule that a stable object will remain the same throughout time. A time crystal is both stable and ever-changing, with special moments that come at periodic intervals in time. The time crystal is a new category of phases of matter, expanding the definition of what a phase is. All other known phases, like water or ice, are in thermal equilibrium: Their constituent atoms have settled into the state with the lowest energy permitted by the ambient temperature, and their properties don't change with time. The time crystal is the first "out-of-equilibrium" phase: It has order and perfect stability despite being in an excited and evolving state. "This is just this completely new and exciting space that we're working in now," said Vedika Khemani, a condensed matter physicist now at Stanford who co-discovered the novel phase while she was a graduate student and co-authored the new paper. Read more of this story at Slashdot.

    - msmash

    Several readers shared this story: Tesla CEO Elon Musk reportedly demanded to become Apple's CEO in a 2016 phone call with current Apple CEO Tim Cook, according to an upcoming book about Tesla. The story, shared by the Los Angeles Times, comes from Power Play: Tesla, Elon Musk, and the Bet of the Century by The Wall Street Journal reporter Tim Higgins. As the book tells it, Cook suggested to Musk that Apple acquire Tesla, and Musk said he wanted to be CEO. Cook reportedly agreed, but Musk clarified that he wanted to be the CEO of Apple. "According to a former aide who heard (Musk's) retelling of the exchange," Cook said "Fuck you" before hanging up the phone. But Musk and Apple have both suggested that the conversation couldn't have happened because Musk and Cook have never spoken. Musk, in a tweet on Friday, flat out said that "Cook & I have never spoken or written to each other ever." He also said that he attempted to meet with Cook about Apple acquiring Tesla, a meeting that Cook refused. When asked for comment about the reported conversation, Apple pointed to remarks Cook made during an interview with The New York Times' Kara Swisher where he denied having ever spoken to Elon. "You know, I've never spoken to Elon, although I have great admiration and respect for the company he's built," Cook said. Read more of this story at Slashdot.

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here