SoylentNews

quietus writes:

"After years of promises and years of lip service, we finally have all the funding needed, all the approvals, all the permits, all the union workers, and there's only one thing left to do now to get this party started.

We need to build it. And that starts today."

U.S. Sen. Catherine Cortez Masto, D-Nev., April 22, Las Vegas.

It looks like America is going to get its first real high-speed rail train.

On Monday, April 22, U.S. Transportation Secretary Pete Buttigieg officially opened the start of the works for the Brightline West High-Speed Rail Project. The 218-mile rail line will operate between Las Vegas, Nevada, and Rancho Cucamonga, California, and will be a fully electric, zero-emission system.

The high-speed train should average an 186 miles an hour speed, bringing the overland travel time between Las Vegas and Los Angeles down from 4 to 2 hours. To do so, 195 miles (315 km) of new track needs to be laid down to exacting standards, on the mid-shoulder of Interstate 15. There will be stations in Las Vegas, Victor Valley, Hesperia and Rancho Cucamonga, California. The line should be fully operational by 2028, in time for the Olympic Games.

Funding, to the tune of 12 billion dollar, comes half from private industry, and half from the Federal Government ($6.5 billion in grants and financing). An estimated 35,000 jobs, including 10,000 direct union construction jobs, and 1,000 permanent jobs once the line is operational, are associated with the project initiated by Brightline, a company which already runs a train service between Miami and Orlando.

"Today answers the question that has been asked too often, likely," Buttigieg said during the groundbreaking ceremony.

"The question whether America can still build massive, forward-looking engineering marvels that make people's lives better for generations ... and this is just the start."

Original Submission

The specific process by which Google enshittified its search (24 Apr 2024)

owl writes:

https://pluralistic.net/2024/04/24/naming-names/#prabhakar-raghavan

All digital businesses have the technical capacity to enshittify: the ability to change the underlying functions of the business from moment to moment and user to user, allowing for the rapid transfer of value between business customers, end users and shareholders:

Which raises an important question: why do companies enshittify at a specific moment, after refraining from enshittifying before? After all, a company always has the potential to benefit by treating its business customers and end users worse, by giving them a worse deal. If you charge more for your product and pay your suppliers less, that leaves more money on the table for your investors.

Of course, it's not that simple. While cheating, price-gouging, and degrading your product can produce gains, these tactics also threaten losses. You might lose customers to a rival, or get punished by a regulator, or face mass resignations from your employees who really believe in your product.

Companies choose not to enshittify their products...until they choose to do so. One theory to explain this is that companies are engaged in a process of continuous assessment, gathering data about their competitive risks, their regulators' mettle, their employees' boldness. When these assessments indicate that the conditions are favorable to enshittification, the CEO walks over to the big "enshittification" lever on the wall and yanks it all the way to MAX.

The Men Who Killed Google Search

Uncle_Al writes:

https://www.wheresyoured.at/the-men-who-killed-google/

The story begins on February 5th 2019, when Ben Gomes, Google's head of search, had a problem. Jerry Dischler, then the VP and General Manager of Ads at Google, and Shiv Venkataraman, then the VP of Engineering, Search and Ads on Google properties, had called a "code yellow" for search revenue due to, and I quote, "steady weakness in the daily numbers" and a likeliness that it would end the quarter significantly behind.

For those unfamiliar with Google's internal scientology-esque jargon, let me explain. A "code yellow" isn't, as you might think, a crisis of moderate severity. The yellow, according to Steven Levy's tell-all book about Google, refers to — and I promise that I'm not making this up — the color of a tank top that former VP of Engineering Wayne Rosing used to wear during his time at the company. It's essentially the equivalent of DEFCON 1 and activates, as Levy explained, a war room-like situation where workers are pulled from their desks and into a conference room where they tackle the problem as a top priority. Any other projects or concerns are sidelined.

In emails released as part of the Department of Justice's antitrust case against Google, Dischler laid out several contributing factors — search query growth was "significantly behind forecast," the "timing" of revenue launches was significantly behind, and a vague worry that "several advertiser-specific and sector weaknesses" existed in search.

hubie writes:

https://www.technologyreview.com/2024/04/24/1091740/chinese-keyboard-app-security-encryption/

Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing.

The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps—built by major internet companies like Baidu, Tencent, and iFlytek—basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China.

What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties.

"Because we had so much luck looking at this one, we figured maybe this generalizes to the others, and they suffer from the same kinds of problems for the same reason that the one did," says Jeffrey Knockel, a senior research associate at the Citizen Lab, "and as it turns out, we were unfortunately right."

Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping.

fliptop writes:

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy:

While most of the malware activity has been based around the Microsoft GitHub URLs, this "flaw" could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.

Yesterday, McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repositories for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg, and the STL library.

The URLs for the malware installers, shown below, clearly indicate that they belong to the Microsoft repo, but we could not find any reference to the files in the project's source code.

Finding it strange that a Microsoft repo would be distributing malware since February, BleepingComputer looked into it and found that the files are not part of vcpkg but were uploaded as part of a comment left on a commit or issue in the project.

[...] As the file's URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures.

For example, a threat actor could upload a malware executable in NVIDIA's driver installer repo that pretends to be a new driver fixing issues in a popular game. Or a threat actor could upload a file in a comment to the Google Chromium source code and pretend it's a new test version of the web browser.

Originally spotted on Schneier on Security.

Recently: xz-style Attacks Continue to Target Open-Source Maintainers

Original Submission

DannyB writes:

FAA to require reentry vehicles licensed before launch

[....] In a notice published in the Federal Register April 17, the FAA's Office of Commercial Space Transportation announced it will no longer approve the launch of spacecraft designed to reenter unless they already have a reentry license. The office said that it will, going forward, check that a spacecraft designed to return to Earth has a reentry license as part of the standard payload review process.

[....] "Unlike typical payloads designed to operate in outer space, a reentry vehicle has primary components that are designed to withstand reentry substantially intact and therefore have a near-guaranteed ground impact as a result of either a controlled reentry or a random reentry,"

[....] "Therefore, it is crucial to evaluate the safety of the reentry prior to launch," the agency concluded in the notice. "This way, the FAA is able to work with the reentry operator to meet the required risk and other criteria."

The notice did not state what prompted the change. However, it comes after Varda Space Industries launched its first spacecraft in June 2023 but did not get a reentry license for it until February after months of effort and an earlier, rejected reentry license application. Varda's capsule safely landed at the Utah Test and Training Range a week after receiving the license.

[....] Commercial spacecraft reentries remain rare. The FAA currently lists only two active reentry licenses, one for Varda and the other for SpaceX's Dragon spacecraft. However, the FAA expects demand for those licenses to increase as more companies seek to return cargo or crew from space.

Catch a falling space junk, put it in your pocket, savor radioactive decay.

Original Submission

canopic jug writes:

Gearnews has an article about use of Raspberry Pi microcomputers in digital signal processing (DSP) systems, observing that digital synthesizers are essentially computers in specialized housings. In addition to the complex software, there is a lot of work in making an enclosure with useful controls and displays. Increasingly manufacturers are building their synthesizers around the Raspberry Pi:

The biggest synthesizer manufacturer to make use of the Raspberry Pi is Korg. The Japanese synth company's Wavestate, Modwave and Opsix digital synths all make use of the Raspberry Pi Compute Module. (They're in the module versions too.)

In an article on the Raspberry Pi home page, Korg's Andy Leary sites price and manufacturing scale as the main reason Korg decided on these components. He also liked that it was ready to go as is, providing CPU, RAM and storage in a single package. "That part of the work is already done," he said in the article. "It's like any other component; we don't have to lay out the board, build it and test it."

The software for each instrument is, of course, custom. The Raspberry Pi, however, generates the sound. "Not everyone understands that Raspberry Pi is actually making the sound," said Korg's Dan Philips in the same piece. "We use the CM3 because it's very powerful, which makes it possible to create deep, compelling instruments."

These used to be designed with off-the-shelf parts from Motorola and Texas Instruments. However around 20 years ago, according to a Raspberry Pi link about Korg synthesizers, Linux entered synthesizer production scene.

Previously:
(2024) Berlin's Techno Scene Added to UNESCO Cultural Heritage List
(2021) The Yamaha DX7 Synthesizer's Clever Exponential Circuit, Reverse-Engineered
(2019) Moog Brings Back its Legendary Model 10 'Compact' Modular Synth
(2014) History of the Synthesizer - 50 Years

Original Submission

Windows 11 Start menu ads are now rolling out to everyone

looorg writes:

W11 rolling out ads (or "recommendations") in the start-menu. I guess this explains blocking alternative start menus. Security and Performance reasons standing in the way of the "recommendation-dollars".

https://www.theverge.com/2024/4/24/24138949/microsoft-windows-11-start-menu-ads-recommendations-setting-disable

Microsoft is starting to enable ads inside the Start menu on Windows 11 for all users. After testing these briefly with Windows Insiders earlier this month, Microsoft has started to distribute update KB5036980 to Windows 11 users this week, which includes "recommendations" for apps from the Microsoft Store in the Start menu.

"The Recommended section of the Start menu will show some Microsoft Store apps," says Microsoft in the update notes of its latest public Windows 11 release. "These apps come from a small set of curated developers." The ads are designed to help Windows 11 users discover more apps, but will largely benefit the developers that Microsoft is trying to tempt into building more Windows apps.

[...] Luckily you can disable these ads, or "recommendations" as Microsoft calls them. If you've installed the latest KB5036980 update then head into Settings > Personalization > Start and turn off the toggle for "Show recommendations for tips, app promotions, and more." While KB5036980 is optional right now, Microsoft will push this to all Windows 11 machines in the coming weeks.

Microsoft is Annoying Users Again. Here's What It Could Do Instead

upstart writes:

The temptation to coldly stuff ads into every service is just too much for some people. There must be a better way - and Microsoft knows it:

It's tempting to believe that brute force always works.

After all, wasn't much of the modern tech industry built upon the notion of moving fast and breaking things?

When it comes to Microsoft and some of its ingrained customer-facing habits, the idea that you can simply force things on your users rarely dies.

Yet the company's latest attempts seem, as often happens, to have annoyed the very people Microsoft shouldn't.

First, Microsoft decided this was the right time to mess with the Windows 11 Start menu. By inserting ads for "recommended apps."

I know this annoyed people because my colleague Lance Whitney began his description of this maneuver with delicious words: "Microsoft is testing a way to further mismanage the Windows 11 Start menu: displaying icons for recommended apps."

I sense he may even have been very annoyed by this maneuver -- even though it's only a test -- because he added: "As a Windows Insider, I have some feedback, none of which is printable. Despite being a $3 trillion company with $227 billion in revenue in 2023, Microsoft apparently feels the need to eke out more money from Windows users by annoying them with ads."

[...] In this case, the ads were for Copilot, Microsoft's new AI companion. The promise is for "Copilot with more efficient settings." These include managing your passwords and bookmarking tabs.

[...] There is another way, Microsoft. Truly there is.

pkrasimirov writes:

https://www.bbc.com/news/science-environment-68881369

The 46-year-old Nasa spacecraft is humanity's most distant object.

A computer fault stopped it returning readable data in November but engineers have now fixed this.

For the moment, Voyager is sending back only health data about its onboard systems, but further work should get the scientific instruments back online.

Voyager-1 is more than 24 billion km (15 billion miles) away, so distant, its radio messages take fully 22.5 hours to reach us.

"Voyager-1 spacecraft is returning usable data about the health and status of its onboard engineering systems," Nasa said in a statement.

"The next step is to enable the spacecraft to begin returning science data again."

[...] A corrupted chip has been blamed for the ageing spacecraft's recent woes.

This prevented Voyager's computers from accessing a vital segment of software code used to package information for transmission to Earth.

For a period of time, engineers could get no sense whatsoever out of Voyager, even though they could tell the spacecraft was still receiving their commands and otherwise operating normally.

The issue was resolved by shifting the affected code to different locations in the memory of the probe's computers.

Previously:
    NASA Knows What Knocked Voyager 1 Offline, but It Will Take a While to Fix
    Voyager 1 Starts Making Sense Again After Months of Babble
    Humanity's Most Distant Space Probe Jeopardized by Computer Glitch

Original Submission

Arthur T Knackerbracket has processed the following story:

Since Framework showed off its first prototypes in February 2021, we've generally been fans of the company's modular, repairable, upgradeable laptops.

Not that the company's hardware releases to date have been perfect—each Framework Laptop 13 model has had quirks and flaws that range from minor to quite significant, and the Laptop 16's upsides struggle to balance its downsides. But the hardware mostly does a good job of functioning as a regular laptop while being much more tinkerer-friendly than your typical MacBook, XPS, or ThinkPad.

But even as it builds new upgrades for its systems, expands sales of refurbished and B-stock hardware as budget options, and promotes the re-use of its products via external enclosures, Framework has struggled with the other side of computing longevity and sustainability: providing up-to-date software.

Driver bundles remain un-updated for years after their initial release. BIOS updates go through long and confusing beta processes, keeping users from getting feature improvements, bug fixes, and security updates. In its community support forums, Framework employees, including founder and CEO Nirav Patel, have acknowledged these issues and promised fixes but have remained inconsistent and vague about actual timelines.

Patel says Framework has taken steps to improve the update problem, but he admits that the team's initial approach—supporting existing laptops while also trying to spin up firmware for upcoming launches—wasn't working.

Arthur T Knackerbracket has processed the following story:

You don't hear much about it, but the U.S. Air Force has been flying an aircraft that made its first flight in 1955. The U-2 Dragon Lady is one of the longest-serving aircraft in the U.S. inventory, and there's a reason the USAF continues using it in one military conflict after another — it's reliable, difficult to shoot down, and can perform a variety of tasks in and out of combat operations.

The U-2 arose after World War II when the U.S. sought to utilize aerial reconnaissance against the growing threat of the Soviet Union. This necessitated an aircraft capable of flying at incredibly high altitudes and the development of special equipment to conduct intelligence, surveillance, and reconnaissance (ISR) missions in and out of enemy territory. The U-2 entered development in the early 1950s and continued production until 1989, leaving 31 operational aircraft in the inventory.

[...] An aircraft doesn't remain in operation for over seven decades without putting something on the table, and the U-2 didn't disappoint. While the USAF uses it to gather intelligence during combat operations, it can support strategic ISR missions during peacetime. USAF pilot Capt. Francis Gary Powers' U-2 was shot down over Sverdlovsk, Soviet Union, in 1960, escalating tensions between the U.S. and the USSR.

[...] The U-2 has a small radar signature and operates at a 70,000-foot altitude, which makes it challenging to shoot down. Still, the U.S. lost some while flying missions over enemy territory, but the USAF continued using U-2s long after more robust and technologically advanced options arose. These days, ISR missions employ various collection tools to build a complete picture of the battlespace, and the U-2 is still an integral part of that endeavor.

Freeman writes:

https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/

Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday.

When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian hackers—the company made no mention that it was under active exploitation. As of publication, the company's advisory still made no mention of the in-the-wild targeting.

[...] On Monday, Microsoft revealed that a hacking group tracked under the name Forest Blizzard has been exploiting CVE-2022-38028 since at least June 2020—and possibly as early as April 2019. The threat group—which is also tracked under names including APT28, Sednit, Sofacy, GRU Unit 26165, and Fancy Bear—has been linked by the US and the UK governments to Unit 26165 of the Main Intelligence Directorate, a Russian military intelligence arm better known as the GRU.

Since as early as April 2019, Forest Blizzard has been exploiting CVE-2022-38028 in attacks that, once system privileges are acquired, use a previously undocumented tool that Microsoft calls GooseEgg. The post-exploitation malware elevates privileges within a compromised system and goes on to provide a simple interface for installing additional pieces of malware that also run with system privileges. This additional malware, which includes credential stealers and tools for moving laterally through a compromised network, can be customized for each target.

[...] People administering Windows machines should ensure that the fix for CVE-2022-38028 has been installed, as well as the fix for CVE-2021-34527, the tracking designation for a previous critical zero-day that came under mass attack in 2021.

Original Submission

fliptop writes:

The Federal Trade Commission (FTC) voted 3-2 on Tuesday to ban noncompete agreements that prevent tens of millions of employees from working for competitors or starting a competing business after they leave a job:

From fast food workers to CEOs, the FTC estimates 18 percent of the U.S. workforce is covered by noncompete agreements — about 30 million people.

The final rule would ban new noncompete agreements for all workers and require companies to let current and past employees know they won't enforce them. Companies will also have to throw out existing noncompete agreements for most employees, although in a change from the original proposal, the agreements may remain in effect for senior executives.

[...] The new rule is slated to go into effect in 120 days after it's published in the Federal Register. But its future is uncertain, as pro-business groups opposing the rule are expected to take legal action to block its implementation.

[...] The U.S. Chamber of Commerce, the largest pro-business lobbying group in the country, has said it will sue to block the rule.

Previously: Is This the End of Non-Compete Contracts?

Original Submission

quietus writes:

Remember graphene, the single-atom-thick material nobody has managed to bring to production scale (yet)?

Problem with graphene -- and other 2D materials -- is that their atoms have always tended to cluster together to make nanoparticles instead. Instead of a clean sheet of material, you'll get a 3D blob, and a mournful look at the Star Trek poster on your lab wall.

Now scientists have managed to make such a 2D, single-atom, layer, using a fairly simple technique. This opens up the possibility of having a valid candidate for mass production.

The new technique was discovered through the well-honed scientific process of trying (and failing) to do something else. In this case, the investigators started out with a material containing atomic monolayers of silicon sandwiched between titanium carbide. The researchers' aim was to coat this electrically conductive ceramic with a thin layer of gold, at a high temperature, to make a contact. (Maybe someone of the team had plumbing problems at home.)

To their surprise, instead of a nice golden coat they ended up with intercalation, where one material in a layered structure is replaced by another. In this case, the silicon atoms were replaced with gold atoms. Some smart-ass noted that this meant they effectively had a 2D layer of gold atoms sandwiched in between layers of something else. Maybe, if we remove the titanium carbide?

How they got the idea is not clarified (an iaido practitioner in the ranks, one presumes), but the team turned to an etching technique used by ancient Japanese blacksmiths. While the process immediately showed promise, the researchers said that finding the exact formula involved months of trial and error, but no limbs were lost.

In the end, what was crucial was the solution and duration of application of the reagent (Murakami's etch) used, as well as complete darkness. That's because light hitting Murakami's reagent can produce cyanide, which dissolves gold. When trying to create a 2D gold sheet, having it dissolve is clearly an unwanted result.

Arthur T Knackerbracket has processed the following story:

Rotary engines (also known as Wankel engines and Wankel rotary engines) are quite different from piston or "reciprocating" engines. One of the distinguishing features is that they don't need valves to operate. That's to say, the Wankel rotary engine design doesn't have valves — but quite a few rotary engine designs have incorporated them. Both rotary engines and piston engines utilize internal combustion and share the same phases of intake, compression, power, and exhaust. But beyond this similarity, they are very different in design and operation.

The work done by a rotary engine doesn't need to be converted into rotational motive power for use by propellers or transmission, as is the case with piston engines. As a result, they are considered more efficient by some metrics and require fewer moving parts to function. The first rotary engines were primarily used for aircraft during World War I, but the design was abandoned due to flaws and inefficiencies.

In 1954, German engineer Felix Wankel invented a new design for an automobile rotary engine for the German car and bike company NSU. After prototype testing by NSU in the following years, they entered into an agreement with Japanese company Mazda to develop Wankel rotary engines for its cars. The first Mazda cars with rotary engines were launched in Japan in the 1960s before crossing the Pacific to America in 1971. Remaining one of the few companies that stuck with the rotary engine design, Mazda has, over the years, developed some of the most innovative engines of this type.

These engines create power by combusting a mixture of compressed air and fuel within a chamber or cylinder, translating the displacement of the rotor or piston into motion. Wankel rotary engines feature an equilateral triangular rotor with convex edges in an ovaloid chamber or rotor housing (the shape is an epitrochoid where the long sides of a symmetrical oval have two curves like a slight figure eight).

As the triangular rotor moves through the chamber, all three of its apexes are in constant contact with the housing (thanks to rotary engine apex seals), creating three gas volumes that are isolated by the rotor. There are two ports on the same side of the figure eight housing, with the top one for intake of fuel and air and the bottom one for the exhaust of combusted gases. Intake can be assisted by a supercharger pushing air into the chamber, while exhaust can be assisted by a turbocharger pulling air out of the chamber.

As the leading edge of the rotor passes the intake port, it creates a vacuum, inducing (or pulling) air and fuel into the chamber. The rotor's motion then compresses the air and fuel, lit by a spark plug (two in Mazda's design), further propelling the rotor along its path and sending the combusted gases out of the exhaust port. The rotor is attached to an eccentric output shaft (containing lobes not on the center of the shaft) via a gear, and as it rotates, the shaft produces a torque that's used to turn the transmission.

So far, we've explained the most basic Wankel rotary engine, but Mazda — the company that popularized it — has developed several variations over the years. One improvement included a concave pocket on each of the three convex edges of the rotor, which increased the amount of volume within the epitrochoid housing.

Arthur T Knackerbracket has processed the following story:

Microsoft this week demoed VASA–1, a framework for creating videos of people talking from a still image, audio sample, and text script, and claims – rightly – it's too dangerous to be released to the public.

These AI-generated videos, in which people can be convincingly animated to speak scripted words in a cloned voice, are just the sort of thing the US Federal Trade Commission warned about last month, after previously proposing a rule to prevent AI technology from being used for impersonation fraud.

Microsoft's team acknowledge as much in their announcement, which explains the technology is not being released due to ethical considerations. They insist that they're presenting research for generating virtual interactive characters and not for impersonating anyone. As such, there's no product or API planned.

"Our research focuses on generating visual affective skills for virtual AI avatars, aiming for positive applications," the Redmond boffins state. "It is not intended to create content that is used to mislead or deceive.

"However, like other related content generation techniques, it could still potentially be misused for impersonating humans. We are opposed to any behavior to create misleading or harmful contents of real persons, and are interested in applying our technique for advancing forgery detection."

Kevin Surace, Chair of Token, a biometric authentication biz, and frequent speaker on generative AI, told The Register in an email that while there have been prior technology demonstrations of faces animated from a still frame and cloned voice file, Microsoft's demonstration reflects the state of the art.

"The implications for personalizing emails and other business mass communication is fabulous," he opined. "Even animating older pictures as well. To some extent this is just fun and to another it has solid business applications we will all use in the coming months and years."