An anonymous reader quotes a report from The Drive: Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner's key fob. Dubbed "Rolling Pwn," the attack allows any individual to "eavesdrop" on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future without owner's knowledge. Despite Honda's dispute that the technology in its key fobs "would not allow the vulnerability," The Drive has independently confirmed the validity of the attack with its own demonstration.

Older vehicles used static codes for keyless entry. These static codes are inherently vulnerable, as any individual can capture and replay them at will to lock and unlock a vehicle. Manufacturers later introduced rolling codes to improve vehicle security. Rolling codes work by using a Pseudorandom Number Generator (PRNG). When a lock or unlock button is pressed on a paired key fob, the fob sends a unique code wirelessly to the vehicle encapsulated within the message. The vehicle then checks the code sent to it against its internal database of valid PRNG-generated codes, and if the code is valid, the car grants the request to lock, unlock, or start the vehicle. The database contains several allowed codes, as a key fob may not be in range of a vehicle when a button is pressed and may transmit a different code than what the vehicle is expecting to be next chronologically. This series of codes is also known as a "window," When a vehicle receives a newer code, it typically invalidates all previous codes to protect against replay attacks. This attack works by eavesdropping on a paired keyfob and capturing several codes sent by the fob. The attacker can later replay a sequence of valid codes and re-sync the PRNG. This allows the attacker to re-use older codes that would normally be invalid, even months after the codes have been captured.

[...] Contrary to Honda's claim, I independently confirmed the vulnerability by capturing and replaying a sequence of lock and unlock requests with my 2021 Honda Accord and a Software-Defined Radio. Despite being able to start and unlock the car, the vulnerability doesn't allow the attacker to actually drive off with the vehicle due to the proximity functionality of the key fob. However, the fact that a bad actor can get this far is already a bad sign. At this time, the following vehicles may be affected by the vulnerability: 2012 Honda Civic, 2018 Honda X-RV, 2020 Honda C-RV, 2020 Honda Accord, 2021 Honda Accord, 2020 Honda Odyssey, 2021 Honda Inspire, 2022 Honda Fit, 2022 Honda Civic, 2022 Honda VE-1, and 2022 Honda Breeze. It's not yet clear if this affects any Acura-branded vehicles. "[W]e've looked into past similar allegations and found them to lack substance," said a Honda spokesperson in a statement to The Drive. "While we don't yet have enough information to determine if this report is credible, the key fobs in the referenced vehicles are equipped with rolling code technology that would not allow the vulnerability as represented in the report. In addition, the videos offered as evidence of the absence of rolling code do not include sufficient evidence to support the claims."

Bun is "a modern JavaScript runtime like Node or Deno," according to its newly-launched web site, "built from scratch to focus on three main things."

- Start fast (it has the edge in mind).
- New levels of performance (extending JavaScriptCore, the engine).
- Being a great and complete tool (bundler, transpiler, package manager).

Bun is designed as a drop-in replacement for your current JavaScript & TypeScript apps or scripts — on your local computer, server or on the edge. Bun natively implements hundreds of Node.js and Web APIs, including ~90% of Node-API functions (native modules), fs, path, Buffer and more. [And Bun also implements Node.js' module resolution algorithm, so you can use npm packages in bun.js]

The goal of Bun is to run most of the world's JavaScript outside of browsers, bringing performance and complexity enhancements to your future infrastructure, as well as developer productivity through better, simpler tooling.... Why is Bun fast? An enormous amount of time spent profiling, benchmarking and optimizing things. The answer is different for every part of Bun, but one general theme: [it's written in Zig.] Zig's low-level control over memory and lack of hidden control flow makes it much simpler to write fast software.
An infographic on the site claims its server-side rendering of React is more than three times faster than Node or Deno. And Bun.js can even automatically load environment variables from .env files, according to the site. No more require("dotenv").load()
Hackaday describes it as "a performant all-in-one approach," including "bundling, transpiling, module resolution, and a fantastic foreign-function interface." Many Javascript projects have a bundling and transpiling step that takes the source and packages it together in a more standard format. Typescript needs to be packaged into javascript, and modules need to be resolved. Bun bakes all this in. Typescript and JSX "just work." This dramatically simplifies many projects as much of the build infrastructure is part of Bun itself, lowering cognitive load when trying to understand a project... Some web-specific APIs, such as fetch and Websockets, are also built-in.
"What's even wilder is that Bun is written by one person, Jared Sumner," the article points out — adding that the all the code is available on GitHub under the MIT License ("excluding dependencies which have various licenses.")

System76, the Colorado-based Linux laptop, desktop, and server specialist, has announced a new highly portable laptop with an Intel Alder Lake processor inside. Tom's Hardware reports: The new Lemur Pro(opens in new tab) is a "lighter than Air" 14-inch form factor laptop with excellent battery life and attractions such as open firmware (powered by Coreboot) and a 180-degree hinge. In addition, buyers can choose to go with Pop!_OS 22.04 LTS or Ubuntu 22.04 LTS pre-installed. The new Lemur Pro has many attractive modern features you might see advertised in many rival mainstream thin and light designs. However, the special sauce here is the "System76 Open Firmware with Coreboot." Coreboot, known initially as LinuxBIOS, is significant as it is an open-source BIOS implementation embraced by Linux users. It is lightweight, flexible, and feature-rich. [...]

System76 has designed the Lemur Pro with monitor-based docking in mind. It envisions users connecting to a big screen using the USB-C connection to benefit from the more expansive workspace and laptop charging. Like Windows, Linux had to have some serious tinkering under the hood to prepare for the mix of Performance and Efficiency cores in Alder Lake chips. However, rest assured, efficient hybrid scheduling is taken care of with the two OS options that can be pre-installed on the Lemur Pro.

System76 allows customers to configure and buy Lemur Pro laptops right now. There are many RAM and storage configurations to pick through, and you can add external keyboards and monitors to the bundle. The entry price with an Intel Core i5-1235U, 8GB RAM, 240GB of storage, and no extras is $1,149. However, the Core i7-1255U model is a bit of a stretch, adding $200 to the base price for the faster CPU clocks.

An anonymous reader quotes a report from CNN Travel: Breakfast in Paris, lunch in Frankfurt and dinner in Vienna -- all without the hassle and frustration of flying. Imagine a network of modern, super-fast and comfortable trains hurtling between every major city in the European Union, providing a reliable, comfortable and sustainable alternative to air travel. That was the vision outlined by rail industry leaders in Lyon, France, on June 29, amid ambitious European plans to double high-speed rail use by 2030 and triple current levels by 2050. Only a massive -- and accelerated -- expansion of the high-speed network can achieve these hugely ambitious targets, but are they a realistic and affordable proposition?

Unlike many parts of the world, Europe already has thousands of kilometers of dedicated high-speed railway. France's world-famous TGVs, Germany's ICE and Spain's AVE have transformed rail travel over the last 40 years, but they remain largely focused on domestic markets. That's no surprise. When countries are investing billions of euros in new infrastructure, political pressure to squeeze out the maximum benefit for taxpayers is inevitable. Building lines across international borders, even within the European Union, creates tension over who pays for what, how the contracts are allocated, conflicting national standards and regulations and a host of other obstacles. For decades it's been too easy to kick difficult projects down the road until they become someone else's problem.

Now a body of European organizations have committed to a new study highlighting the numerous benefits of an expanded high-speed rail network connecting national capitals and major cities. These include the European Commission, the Community of European Railways, the European Rail Supply Industry and ALLRAIL, which represents non-state-owned railways. Most importantly the group will investigate how to pay for tens of thousands of kilometers of new lines and how a radical transformation of the continent's rail network can help the EU deliver on its "Green Deal' objective of carbon neutrality by 2050. Some of that expansion will come on new routes that are planned or under construction but many more will be needed to facilitate the vision of European leaders. "According to EU statistics, 17 of the 20 busiest air routes in Europe cover distances of less than 434 miles (700 kilometers) -- exactly the kind of distances where city center-to-city center trains can offer faster, cleaner and more sustainable journeys -- if the right infrastructure exists," adds CNN.

"And according to Alberto Mazzola of the Community of European Railways, carbon emissions trading could be a key tool in funding the massive investment required to complete a Europe-wide high-speed rail network." A Paris-Berlin flight generates at least six times the CO2 emissions of a similar train journey, notes the report. Meanwhile, flights of less than 621 miles between and within European countries are estimated to create 28 million metric tons of CO2 every year.

"Excess carbon emissions from airliners, trucks and cars are currently charged at 50 euros per ton in the EU, but this could soon rise to 80 euros per ton," reports CNN. "If just 10% of that revenue is re-invested in transport it could add around 8 billion euros a year to the pot for rail upgrades."

For 3-D printing, whose origins stretch back to the 1980s, the technology, economic and investment trends may finally be falling into place for the industry's commercial breakout, according to manufacturing experts, business executives and investors. From a report: They say 3-D printing, also called additive manufacturing, is no longer a novelty technology for a few consumer and industrial products, or for making prototype design concepts. "It is now a technology that is beginning to deliver industrial-grade product quality and printing in volume," said Jorg Bromberger, a manufacturing expert at McKinsey & Company. He is the lead author of a recent report by the consulting firm titled, "The Mainstreaming of Additive Manufacturing."

3-D printing refers to making something from the ground up, one layer at a time. Computer-guided laser beams melt powders of metal, plastic or composite material to create the layers. In traditional "subtractive" manufacturing, a block of metal, for example, is cast and then a part is carved down into shape with machine tools. In recent years, some companies have used additive technology to make specialized parts. General Electric relies on 3-D printing to make fuel nozzles for jet engines, Stryker makes spinal implants and Adidas prints latticed soles for high-end running shoes. Dental implants and teeth-straightening devices are 3-D printed. During the Covid-19 pandemic, 3-D printers produced emergency supplies of face shields and ventilator parts.

Today, experts say, the potential is far broader than a relative handful of niche products. The 3-D printing market is expected to triple to nearly $45 billion worldwide by 2026, according to a report by Hubs, a marketplace for manufacturing services. The Biden administration is looking to 3-D printing to help lead a resurgence of American manufacturing. Additive technology will be one of "the foundations of modern manufacturing in the 21st century," along with robotics and artificial intelligence, said Elisabeth Reynolds, special assistant to the president for manufacturing and economic development.

slack_justyb writes: Thunderbird 102 has been released with some new UI improvements and new features. There has been a change in the icons, the layout of the address book has been upgraded to feature a more modern UI, and a new UI feature known as the spaces toolbar to get around Thunderbird. New features include an updated import and export wizard, a UI for editing the email header settings, and Matrix client support within Thunderbird, which is a messaging system using HTTPS that is similar to Discord if you've used that.

Finally, the Thunderbird Twitter account released the first screenshot of the new UI that is being targeted for the 114 release. For those wondering what the Thunderbird team has done and is doing, you can always head over to the planning section of the developer site. The roadmap are things they're working on the current release and the backlog are the things they are working towards.

Comparing genomes of intestinal bacteria in various primates and human populations begins to pinpoint the possibly helpful microbes that have gone missing from our guts. From a report: Deep in the human gut, myriad "good" bacteria and other microbes help us digest our food, as well as keep us healthy by affecting our immune, metabolic, and nervous systems. Some of these humble microbial assistants have been in our guts since before humans became human -- certain gut microbes are found in almost all primates, suggesting they first colonized a common ancestor. But humans have also lost many of these helpers found in other primates and may be losing even more as people around the world continue to flock to cities, a researcher reported last week at a microbiology meeting in Washington, D.C. Those absent gut microbes could affect human health, he says.

"This work helps us develop a new understanding of the course of human biological and cultural development," says Lev Tsypin, a microbiology graduate student at the California Institute of Technology who was not involved in the new study. The microbiome comprises all the bacteria, fungi, viruses, and other microscopic life that inhabit an individual, be it a person, a plant, or a planaria. For humans and many other species, the best characterized microbiome centers on the bacteria in the gut. The more microbiologists study these gut microbes, the more they link the bacteria to functions of their hosts. In humans, for example, gut bacteria influence how the immune system responds to pathogens and allergens, or interact with the brain, affecting mood.

Andrew Moeller, an evolutionary biologist at Cornell University, was one of the first to show that gut bacteria and humans have built these relationships over a very long time. Six years ago, he and colleagues reported the work showing human gut microbes are very similar to those in other primates, suggesting their intestinal presence predates the evolution of humans. But his follow-up studies, and work by others, also indicate the human gut microbiome has, in a general sense, become less diverse than the gut microbes in our current primate cousins. One study found 85 microbial genera, such as Bacteroides and Bifidobacterium, in the guts of wild apes, but just 55 in people in U.S. cities. Splitting the difference, people in less developed parts of the world have between 60 and 65 of those bacterial groups, an observation that ties the decrease in microbial diversity to urbanization.

LinkedIn recently added 'dyslexic thinking' as an official skill.

And now the U.K. national newspaper the Telegraph reports on scientists arguing that dyslexia is not a "disorder" — but an evolutionarily beneficial willingness to explore: The experts suggested that dyslexia, which causes difficulty reading, writing and spelling, is a useful specialisation and not a "neurocognitive condition"....

About one in five people have dyslexia, and their tendency to push the envelope would have been balanced out by other members of a prehistoric society, leading to a well-rounded group with equally useful skill sets. However, Dr Helen Taylor, from the University of Strathclyde, and Dr Martin Vestergaard, from the University of Cambridge, said that dyslexia was now seen as a problem because modern education systems focused on the things sufferers struggled with and neglected what they excelled at. They reassessed past studies on dyslexic individuals and disagreed with the prevailing theory that it was a cognitive deficit....

[S]ince the invention of written language, dyslexia has been seen as a problem, not a talent. "Schools, academic institutes and workplaces are not designed to make the most of explorative learning," said Dr Taylor. "We urgently need to start nurturing this way of thinking to allow humanity to continue to adapt and solve key challenges." They posit that dyslexic people are naturally more skilled "in realms like discovery, invention and creativity" and that this specialisation stems from millennia of human evolution.... Without the streak of curiosity and willingness to investigate that is commonplace in dyslexic brains, groups of people would likely struggle to survive, they said.

"The deficit-centred view of dyslexia isn't telling the whole story," said Dr Taylor. "We believe that the areas of difficulty experienced by people with dyslexia result from a cognitive trade-off between exploration of new information and exploitation of existing knowledge, with the upside being an explorative bias that could explain enhanced abilities observed in certain realms like discovery, invention and creativity.
The researchers argue this "explorative specialization in people with dyslexia could help explain why they have difficulties with tasks related to exploitation, such as reading and writing.

"It could also explain why people with dyslexia appear to gravitate towards certain professions that require exploration-related abilities, such as arts, architecture, engineering and entrepreneurship."

Thanks to Slashdot reader Bruce66423 for sharing the story

Switzerland-based software developer Jean-Christophe Collet writes: A long time ago I got involved with the development of NetHack, a very early computer role playing game, and soon joined the DevTeam, as we've been known since the early days. I was very active for the first 10 years then progressively faded out even though I am still officially (or semi-officially as there is nothing much really "official" about NetHack, but more on that later) part of the team.

This is how, as we were closing on the 35th anniversary of the project, I learned that NetHack was being added to the collection of the Museum of Modern Art of New York. It had been selected by the Architecture and Design department for its small collection of video games, and was going to be displayed as part of the Never Alone exhibition this fall.
From its humble beginnings as a fork of the 1982 dungeon-exploring game "Hack" (based on the 1980 game Rogue), Nethack influenced both Diablo and Torchlight, Collet writes. But that's just the beginning: It is one of the oldest open-source projects still in activity. It actually predates the term "open-source" (it was "free software" back then) and even the GPL by a few years. It is also one of the first, if not the first software project to be developed entirely over the Internet by a team distributed across the globe (hence the "Net" in "NetHack").

In the same spirit, it is one of the first projects to take feedback, suggestions, bug reports and bug fixes from the online community (mostly over UseNet at the time) long, long before tools like GitHub (or Git for that matter), BugZilla or Discord were even a glimmer of an idea in the minds of their creators....

So what did I learn working as part of the NetHack DevTeam?

First, I learned that you should always write clean code that you won't be embarrassed by, 35 years later, when it ends up in a museum....
Collet praises things like asynchronous communication and distributed teams, before closing with the final lesson he learned. "Having fun is the best way to boost your creativity and productivity to the highest levels.

"There is no substitute.... I am incredibly grateful to have been part of that adventure."

Bipartisan legislation to establish broad privacy rights for consumers won approval from a House subcommittee on Thursday, adding to its momentum. From a report: Lawmakers approved the bill, the American Data Privacy and Protection Act, on a voice vote with no dissent. It now moves to the full Energy and Commerce Committee for a vote. The bill still faces a long and potentially difficult path, particularly in the Senate. Rep. Frank Pallone (D., N.J.), the committee chairman and a sponsor of the bill, termed it "a massive step forward."

"Every American knows it is long past time for Congress to protect their data privacy and security," he said. "The modern world demands it." Republicans also praised the legislation, while suggesting more changes might be needed. "This bill protects all Americans, regardless of ZIP Code, and provides certainty for businesses so they clearly understand their obligations," said Rep. Cathy McMorris Rodgers (R., Wash.), the committee's top Republican. She said the legislation also would strengthen national security by requiring companies such as TikTok -- owned by Beijing-based ByteDance -- to specify when they are transferring and storing consumers' data in countries such as China.

RISC OS, the operating system of the original Arm computer, the Acorn Archimedes, is still very much alive -- and doing relatively well for its age. The Register reports: In June 1987, Acorn launched the Archimedes A305 and A310, starting at $982 and running a new operating system called Arthur. At the time, it was a radical and very fast computer. In his review (PDF) for Personal Computer World, Dick Pountain memorably said: "It loads huge programs with a faint burping noise, in the time it takes to blink an eye." Arthur was loosely related to Acorn's earlier MOS, the BBC Micro operating system but looked very different thanks to a prototype graphical desktop, implemented in BBC BASIC, that could charitably be called "technicolor." Renamed RISC OS, version 2 followed in 1989 -- the same year that Sun started selling its new SPARCstation 1 (a snip at $9,200) and DEC launched the MIPS R2000-chipset-based DECstation 3100 (for $10,800).

RISC OS has had a rather convoluted history, partly due to Acorn spinning out Arm, eventually pulling out of the computer market, rebranding as Element 14 and being acquired by Broadcom, where Arm co-designer Sophie Wilson still works today. And partly due to drama over the ownership of the OS post-Acorn at one point. One fork of RISC OS still supports Acorn-era Arm's odd 26-bit mode, meaning that today it mostly runs on the commercial Virtual Acorn emulator. The other branch, designed for the 32-bit mode of more recent Arm chips, is now owned by RISC OS Developments, which made it fully open source back in 2018. Development and maintenance is done by the team at RISC OS Open Ltd -- ROOL for short -- which offers downloads for a variety of current Arm hardware, such as the Titanium desktops. [...]

RISC OS Developments are still working on new functionality for the OS. Notably, it recently released a new TCP/IP stack, derived from OpenBSD. Right now, the main benefit is IPv6 support. A feature more significant to most users is still in development: Wi-Fi support. Also still under development, but available to paid backers, is a new RISC OS web browser, Iris. RISC OS does come with a choice of browsers -- NetSurf and Otter -- but the plan is that the new Iris browser will be a native app, with the RISC OS look and feel, but using the WebKit engine for better compatibility with the modern web. The main remaining limitation is SMP. As an OS from the 1980s, long before the 21st-century technology of mainstream multicore processors, RISC OS practically only supports a single CPU core. Various experimental efforts are under way to address this. One has got NetBSD running on another core, and another has the experimental Genode OS running alongside RISC OS. Another effort is working on adding SMP support into the RISC OS kernel itself.

Early this morning SpaceX tweeted video showing its deployment of a communications satellite. But the deployment was part of a historic first, reports CBS News: SpaceX completed a record triple-header early Sunday, launching a Globalstar communications satellite from Cape Canaveral after putting a German radar satellite in orbit from California Saturday and launching 53 Starlink internet satellites Friday from the Kennedy Space Center. The Globalstar launch capped the fastest three-flight cadence for an orbit-class rocket in modern space history as the company chalked up its 158th, 159th and 160th Falcon 9 flights in just 36 hours and 18 minutes. More than 50 launches are expected by the end of the year.
Space.com also notes another milestone: The Friday mission set a new rocket-reuse record for SpaceX; the Falcon 9 that flew it featured a first stage that already had 12 launches under its belt. (Sunday's launch was the ninth for this particular Falcon 9 first stage, according to a SpaceX mission description.)
SpaceX also tweeted footage of that rocket's liftoff and night-time landing.

"While silicon-based solar cells dominate the photovoltaics market, silicon is far from the only material that can effectively harvest electricity from sunlight," notes Ars Technica: Thin-film solar cells using cadmium and telluride are common in utility-scale solar deployments, and in space, we use high-efficiency cells that rely on three distinct materials to harvest different parts of the spectrum. Another class of materials, which we're currently not using, has been the subject of extensive research: perovskites. These materials are cheap and incredibly easy to process into a functional solar cell. The reason they're not used is that they tend to degrade when placed in sunlight, limiting their utility to a few years. That has drawn the attention of the research community, which has been experimenting with ways to keep them stable for longer.

In Thursday's edition of Science, a research team from Princeton described how they've structured a perovskite material to limit the main mechanism by which it decays, resulting in a solar cell with a lifetime similar to that of silicon. While the perovskite cell isn't as efficient as what is currently on the market, a similar structure might work to preserve related materials that have higher efficiencies.
Their research involved a capping layer that's just a few atoms thick, according to an announcement from Princeton University, calling the resulting solar cell "a major milestone for an emerging class of renewable energy technology... the first of its kind to rival the performance of silicon-based cells, which have dominated the market since their introduction in 1954..."

"The team projects their device can perform above industry standards for around 30 years, far more than the 20 years used as a threshold for viability for solar cells." Perovskites can be manufactured at room temperature, using much less energy than silicon, making them cheaper and more sustainable to produce. And whereas silicon is stiff and opaque, perovskites can be made flexible and transparent, extending solar power well beyond the iconic panels that populate hillsides and rooftops across America....

[Engineering professor/team lead] Loo said it's not that perovskite solar cells will replace silicon devices so much that the new technology will complement the old, making solar panels even cheaper, more efficient and more durable than they are now, and expanding solar energy into untold new areas of modern life. For example, Loo's group recently demonstrated a completely transparent perovskite film (having different chemistry) that can turn windows into energy producing devices without changing their appearance. Other groups have found ways to print photovoltaic inks using perovskites, allowing formfactors scientists are only now dreaming up.

Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday. From a report: Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding.

The team discovered that dynamic voltage and frequency scaling (DVFS) -- a power and thermal management feature added to every modern CPU -- allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely. The researchers have dubbed their attack Hertzbleed because it uses the insights into DVFS to expose -- or bleed out -- data that's expected to remain private. The vulnerability is tracked as CVE-2022-24436 for Intel chips and CVE-2022-23823 for AMD CPUs. The researchers have already shown how the exploit technique they developed can be used to extract an encryption key from a server running SIKE, a cryptographic algorithm used to establish a secret key between two parties over an otherwise insecure communications channel.

Disneyland's Galaxy's Edge, aka "Star Wars Land," lets its visitors "immersively" experience the planet Batuu during the period between Star Wars: Episode VIII — The Last Jedi and Episode IX — The Rise of Skywalker. But there's some big changes coming, reports SFGate.com: Disney recently announced — at the "From a Galaxy Far, Far Away to Disney Park Near You" panel at Star Wars Celebration Anaheim 2022 event — that main characters from the immensely popular Disney Plus series "The Book of Boba Fett" and "The Mandalorian" would begin appearing at Disneyland.

Yes, including the universally adored, merchandise and meme-dominating Grogu, aka "Baby Yoda."

However, there is one sarlacc-sized snag: Those stories are set about five years after Return of the Jedi, and about 25 years before The Force Awakens, which raises a galaxy of questions about how this will impact Galaxy's Edge. The introduction of new characters into the attraction will either break the timeline of Star Wars land or, perhaps, unburden it from self-imposed shackles. This could be a good thing, the article suggests, since "Currently there is frankly not a lot of character interaction on Batuu." Kylo Ren pops in on occasion to interrogate guests, and some stormtroopers march around. Rey and Chewie pose for pics, R2-D2 wheels around, and Vi randomly shows up. But that's about it. There is no BB-8 or C-3PO, no Poe or Finn walking around, no Captain Phasma (who died in "The Last Jedi"). The cast members do their part to speak the local lingo of "bright suns" and "till the spire," but Black Spire Outpost feels somewhat unpopulated. It looks and feels like a Star Wars town, but lacks true full immersion. Oga's Cantina does feel lived in, and always crowded, but the closest immersive experience is Savi's Workshop, where building a lightsaber is a damn near religious experience, complete with the Force ghost voice of Yoda.

So how would new characters impact this? If Mando appears at Galaxy's Edge, are guests to assume he (and Grogu) are still bouncing about by the time of the sequel series...? The town of Black Spire Outpost might come to resemble Fantasyland, for instance, where multiple characters occupy their own zones and don't intersect...

Regardless, this change further populates Galaxy's Edge, which is good for the guest who wants to take a lot of character photos. It also allows Disney to roll out their most popular modern characters, and potentially open the door for them to showcase original trilogy and prequel trilogy characters (which are having a moment right now).

But it does create major story hiccups.

Apple's M1 chips have an "unpatchable" hardware vulnerability that could allow attackers to break through its last line of security defenses, MIT researchers have discovered. TechCrunch reports: The vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC. This feature makes it much harder for an attacker to inject malicious code into a device's memory and provides a level of defense against buffer overflow exploits, a type of attack that forces memory to spill out to other locations on the chip. Researchers from MIT's Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.

The attack, appropriately called "Pacman," works by "guessing" a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn't been maliciously altered. This is done using speculative execution -- a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation -- to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct. What's more, since there are only so many possible values for the PAC, the researchers found that it's possible to try them all to find the right one.

An anonymous reader quotes a report from Ars Technica: One of the few things that Intel Macs can do that Apple Silicon Macs can't is run operating systems written for Intel or AMD processors inside of virtual machines. Most notably, this has meant that there is currently no legal way to run Windows on an Apple Silicon Mac. Apple Silicon Macs can, however, run operating systems written for Arm processors inside of virtual machines, including other versions of macOS and Arm-compatible versions of Linux. And those Linux VMs are getting a new feature in macOS Ventura: the ability to run apps written for x86 processors using Rosetta, the same binary translation technology that allows Apple Silicon Macs to run apps written for Intel Macs.

Apple's documentation will walk you through the requirements for using Rosetta within a Linux guest operating system -- it requires creating a shared directory that both macOS and Linux can access and running some terminal commands in Linux to get it set up. But once you do those steps, you'll be able to enjoy the wider app compatibility that comes with being able to run x86 code as well as Arm code. Some developers, including Hector Martin of the Asahi Linux project and Twitter user @never_released, have already found that these steps can also enable Rosetta on non-Apple ARM CPUs as long as they're modern enough to support at least version 8.2 of the Arm instruction set. As Martin points out, this isn't strictly legal because of macOS's licensing restrictions, and there are some relatively minor Apple-specific hardware features needed to unlock Rosetta's full capabilities.

Bozhidar Batsov writes: Every now and again I come across some discussion on making Emacs "modern". The argument always go more or less like this - Emacs doesn't look and behave like and the world will end if we don't copy something "crucial" from it. [...] If you ask me -- there's pretty much nothing we can do that would suddenly make Emacs as popular as VS Code. But you know what -- that's perfectly fine. After all there are plenty of "modern" editors that are even less popular than Emacs, so clearly being "modern" doesn't make you popular. And there's also our "arch-nemesis" vim, that's supposedly as "dated" as Emacs, but is extremely popular.

Google has halted businesses from using RCS for promotion in India, the company's biggest market by users, following reports of rampant spam by some firms in a setback for the standard that the company is hoping to help become the future of SMS messaging. From a report: Rich Communication Services, or RCS, is the collective effort of a number of industry players to supercharge the traditional SMS with modern features such as richer texts and end-to-end encryption. Google, Samsung and a number of other firms including telecom operators have rolled out support for RCS to hundreds of millions of users worldwide in recent years. Google said last month that RCS messaging in the Messages app for Android had amassed over 500 million monthly active users. The problem, however, is that scores of businesses in India including top banks and other lending firms have been abusing the feature to send unsolicited promotional materials to any individual's phone number they can find in the country.

Thane Gustafson is a longtime specialist on Russian energy — and even before Russia invaded Ukraine, he'd pulled together some startling predictions for his new book. The New York Review of Books looks at Klimat: Russia in the Age of Climate Change: About two thirds of Russia is covered in permafrost, a mixture of sand and ice that, until recently, remained frozen year-round. As permafrost melts, walls built on it fracture, buildings sink, railways warp, roads buckle, and pipelines break. Anthrax from long-frozen reindeer corpses has thawed and infected modern herds. Sinkholes have opened in the melting ground, swallowing up whole buildings. Ice roads over frozen water, once the only way to travel in some remote regions, are available for ever-shorter periods. The Arctic coast is eroding rapidly, imperiling structures built close to the water.... As burning, dying, clear-cut forests become carbon producers rather than carbon sinks, they make the problem of climate change even worse. The same is true of melting permafrost, which releases methane, another potent greenhouse gas.

In Klimat, Gustafson maintains that Russia's agricultural exports and revenues will continue to increase until the end of this decade, with global warming of one degree Celsius improving Russian agricultural productivity. But in the 2030s and 2040s the rate of increase will diminish, because of harm to Russian crops caused by drought, heat waves, and torrential rain. Some of these difficulties may be counteracted by rising prices, as climate change compromises the world's food supply, but Russia will also hit the limit of its supply of arable land. Two thirds of European Russia, the country's most fertile agricultural area, is already too dry. Thawed permafrost, meanwhile, is sandy and infertile, and will not make good farmland. Russia will require more resources to produce the same amount of food. More aggressive tactics to increase production (e.g., heavy use xof fertilizer) will ultimately cause acidification and erosion....

[T]he long-term future of the Russian oil industry, like that of the Russian economy, looked dismal even before the new sanctions. West Siberia, long the country's primary source of oil, is running low. The extraction of Arctic oil is already well underway, but it is expensive and relies in part on foreign technology that was sanctioned even before the invasion of Ukraine.... As time goes on, Gustafson argues, the Russian oil industry will be more and more dependent on government tax breaks. A dwindling supply will lose value in a global market that is shifting to renewable energy. In Gustafson's account, most of the factors that will determine the future of Russia's oil exports lie outside its control: exhaustion of its most accessible oilfields, increasing difficulty and expense in reaching remaining sources, damage to oil infrastructure caused by climate change, and reduction in demand from the EU and later from Asia. But Russia's choices have had some effect. Its invasion of Ukraine has vastly accelerated the timeline for this squeeze by prompting new sanctions and informal boycotts...

As Russia's income declines, so will its ability to placate its population with cheap household gas and generous welfare policies. This will likely lead to social destabilization, exacerbated by the disruption and suffering caused by climate change and a weakening economy. The Russian war on Ukraine, meanwhile, has resulted in the emigration not only of opposition politicians and journalists but also of professionals, especially younger ones, who have skills marketable elsewhere in the world — for instance, IT specialists, who find it easy to work from safer, freer cities like Bishkek or Tbilisi. The scientists, activists, and businesspeople who might help Russia cope with climate change are also among those likely to emigrate.

Klimat's time horizon of 2050 is short, but Putin's is even shorter: he is now almost seventy years old. After him will come the deluge, the wildfires, the droughts, the collapse.
"Russia will be one of the countries most affected by climate change..." according to the book's description on the Harvard University Press website.

"Lucid and thought-provoking, Klimat shows how climate change is poised to alter the global order, potentially toppling even great powers from their perches."