An anonymous reader shares a report: The arrival of energy-assisted magnetic recording (EAMR) technologies like Seagate's HAMR will play a crucial role in accelerating HDD capacity growth in the coming years. According to the new IEEE International Roadmap for Devices and Systems Mass Data Storage, we will see 60 TB hard disk drives in 2028. If the prediction is accurate, we will see HDD storage capacity doubling in just four years, something that did not happen for a while. Also, IEEE believes that HDD unit sales will increase.

IEEE's latest HDD development roadmap spans 2022 to 2037 and covers 15 years of hard drive evolution. The arrival of HAMR in 2024 will play a pivotal role in the increase in HDD capacity (even though Western Digital has managed to stay competitive with Seagate's HAMR HDDs using a set of its technologies) over the next few years. IEEE engineers expect HDDs to leapfrog to 40TB in 2025 and 60TB in 2028, doubling capacity from 30TB in 2024. By 2037, there will be 100TB of storage space, according to IEEE.

To get to those extreme capacities, HDD makers will have to increase the areal density of their platters steadily. To get to 40TB per drive, they will have to get to 2 TB/inch^2 in 2025 and then to over 4 TB/inch^2 in 2028 to build 60TB HDDs. By 2037, areal density will grow to over 10 Tb/inch^2. Increasing areal density will necessitate the use of new media, magnetic films, and all-new write and read heads.

Past studies have suggested a major ocean current could collapse, quickly changing temperatures and climate patterns, reports the Washington Post.

"But scientists disagree on whether the the Atlantic Meridional Overturning Circulation (AMOC) is already slowing, and questions remain as to whether a variety of proxy measurements actually indicate a slowdown" — including a new analysis arguing that the current "has remained remarkably stable." One way to detect AMOC weakening is to monitor the strength of its components such as the Florida Current, which flows swiftly from the Gulf of Mexico into the North Atlantic. The current is a "major contributor" to the AMOC, the researchers write, and a slowdown of the current might indicate a slowdown of the AMOC. Scientists have been tracking its strength since the 1980s using a submarine cable that measures the volume of water it transports.

In the current study, researchers reconsider the data, correcting for a gradual shift in Earth's magnetic field that they say affected the cable measurements. Previous assessments of the uncorrected data showed a slight slowing in the Florida Current. But when they corrected for the shift in Earth's magnetic field, the researchers write, they found that the current "has remained remarkably stable" and not declined significantly over the past 40 years.
The researchers' announcement acknowledges that "It is possible that the AMOC is changing without a corresponding change in the Florida Current..."

An anonymous reader quotes a report from TechCrunch: With the perennial tensions between proprietary and open source software (OSS) unlikely to end anytime soon, a $3 billion startup is throwing its weight behind a new licensing paradigm -- one that's designed to bridge the open and proprietary worlds, replete with new definition, terminology, and governance model. Developer software company Sentry recently introduced a new license category dubbed "fair source." Sentry is an initial adopter, as are some half dozen others, including GitButler, a developer tooling company from one of GitHub's founders. The fair source concept is designed to help companies align themselves with the "open" software development sphere, without encroaching into existing licensing landscapes, be that open source, open core, or source-available, and while avoiding any negative associations that exist with "proprietary." However, fair source is also a response to the growing sense that open source isn't working out commercially.

"Open source isn't a business model -- open source is a distribution model, it's a software development model, primarily," Chad Whitacre, Sentry's head of open source, told TechCrunch. "And in fact, it places severe limits on what business models are available, because of the licensing terms." Sure, there are hugely successful open source projects, but they are generally components of larger proprietary products. Businesses that have flown the open source flag have mostly retreated to protect their hard work, moving either from fully permissive to a more restrictive "copyleft" license, as the likes of Element did last year and Grafana before it, or ditched open source altogether as HashiCorp did with Terraform. "Most of the world's software is still closed source," Whitacre added. "Kubernetes is open source, but Google Search is closed. React is open source, but Facebook Newsfeed is closed. With fair source, we're carving a space for companies to safely share not just these lower-level infrastructure components, but share access to their core product." Further reading: As Companies Try 'Open Source Rug Pull', Open Source Foundations Considered Helpful

American Battery Technology and lithium-producer Albemarle are among 25 companies getting more than $3 billion in funding from the Biden administration to boost domestic production of advanced batteries and components. From a report: The funding -- part of a broader White House goal of creating an American battery supply chain -- is going to projects that are building, expanding or retrofitting facilities to process critical minerals, build components and batteries and recycle materials, the Energy Department said Friday.

American Battery Technology received $150 million to build a commercial-scale lithium-ion battery recycling facility in South Carolina. Albemarle is getting $67 million to retrofit a facility to manufacture commercial anode material for next-generation lithium-ion batteries around Charlotte, North Carolina. Other projects included $50 million for Cabot and $225 million for SWA Lithium, a joint venture of Standard Lithium and Equinor. Batteries -- which are used for electric vehicles as well as storing renewable energy for use on the electric grid -- are considered critical to reaching the administration's goal of net-zero emissions by 2050 and for boosting electric vehicles to half of all new light-duty vehicle sales by 2030.

Deadly attacks using booby-trapped pagers and walkie-talkies in Lebanon has revealed significant vulnerabilities in the supply chains for older electronic devices. The incident, which killed 37 people and injured about 3,000, has sparked investigations across Europe into the origins of the weaponized gadgets.

Taiwan-based Gold Apollo blamed a European licensee for the compromised pagers, while Japan's Icom could not verify the authenticity of the walkie-talkies bearing its name. Both companies denied manufacturing the deadly components in their home countries. Industry executives say older electronics from Asia often lack the tight supply chain controls of newer products, making it difficult to trace their origins. Counterfeiting, surplus inventories, and complex manufacturing deals further complicate the issue.

The Register's Jessica Lyons reports: Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer. It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

This particular company, which Dwyer declined to name, makes components for public and private aerospace organizations and other critical sectors, including oil and gas. The intrusion has been attributed to an unnamed People's Republic of China team, whose motivation appears to be espionage and blueprint theft. It's worth noting the Feds have issued multiple security alerts this year about Beijing's spy crews including APT40 and Volt Typhoon, which has been accused of burrowing into American networks in preparation for destructive cyberattacks.

After discovering China's agents within its network in August, the manufacturer alerted local and federal law enforcement agencies and worked with government cybersecurity officials on attribution and mitigation, we're told. Binary Defense was also called in to investigate. Before being caught and subsequently booted off the network, the Chinese intruders uploaded a web shell and established persistent access, thus giving them full, remote access to the IT network -- putting the spies in a prime position for potential intellectual property theft and supply-chain manipulation. If a compromised component makes it out of the supply chain and into machinery in production, whoever is using that equipment or vehicle will end up feeling the brunt when that component fails, goes rogue, or goes awry.

"The scary side of it is: With our supply chain, we have an assumed risk chain, where whoever is consuming the final product -- whether it is the government, the US Department of the Defense, school systems â" assumes all of the risks of all the interconnected pieces of the supply chain," Dwyer told The Register. Plus, he added, adversarial nations are well aware of this, "and the attacks continually seem to be shifting left." That is to say, attempts to meddle with products are happening earlier and earlier in the supply-chain pipeline, thus affecting more and more victims and being more deep-rooted in systems. Breaking into a classified network to steal designs or cause trouble is not super easy. "But can I get into a piece of the supply chain at a manufacturing center that isn't beholden to the same standards and accomplish my goals and objectives?" Dwyer asked. The answer, of course, is yes. [...]

An anonymous reader quotes a report from Ars Technica, written by Scharon Harding: TCL has come under scrutiny this month after testing that claimed to examine three TCL TVs marketed as quantum dot TVs reportedly showed no trace of quantum dots. [...] Earlier this month, South Korean IT news publication ETNews published a report on testing that seemingly showed three TCL quantum dot TVs, marketed as QD TVs, as not having quantum dots present. Hansol Chemical, a Seoul-headquartered chemicals company, commissioned the testing. SGS, a Geneva-headquartered testing and certification company, and Intertek, a London-headquartered testing and certification company, performed the tests. The models examined were TCL's C755, said to be a quantum dot Mini LED TV, the C655, a purported quantum dot LED (QLED) TV, and the C655 Pro, another QLED. None of those models are sold in the US, but TCL sells various Mini LED and LED TVs in the US that claim to use quantum dots. According to a Google translation, ETNews reported: "According to industry sources on the 5th, the results of tests commissioned by Hansol Chemical to global testing and certification agencies SGS and Intertek showed that indium... and cadmium... were not detected in three TCL QD TV models. Indium and cadmium are essential materials that cannot be omitted in QD implementation." The testing was supposed to detect cadmium if present at a minimum concentration of 0.5 mg per 1 kg, while indium was tested at a minimum detection standard of 2 mg/kg or 5 mg/kg, depending on the testing lab. [...]

In response to the results from SGS and Intertek, a TCL representative told ETNews and The Korea Times that TCL is "manufacturing TV sets with QD films supplied by three companies" and that "the amount of quantum dots... in the film may vary depending on the supplier, but it is certain that cadmium is included." TCL also published testing results on May 10 commissioned by Guangdong Region Advanced Materials, one of TCL's quantum dot film suppliers. Interestingly, SGS, one of the companies that found that TCL's TVs lacked quantum dots, performed the tests. This time, SGS detected the presence of cadmium in the TV films at a concentration of 4 mg/kg (an image of the results can be seen via ETNews here). TCL also said that it "confirmed the fluorescent characteristics of QD," per Google's translation, and provided a spectrogram purportedly depicting the presence of quantum dots in its TVs' quantum dot films. [...]

TCL obviously has reason to try to push results that show the presence of cadmium. However, some analysts and publications have pointed out that Hansol could have reason to push results claiming the opposite. As mentioned above, Hansol is in the chemical manufacturing and distribution business. It notably does not sell to TCL but does have a customer in TCL rival Samsung. Taking a step back further, Hansol is headquartered in Seoul and is considered a chaebol. TV giants Samsung and LG are also chaebols, and the South Korean government has reported interest in Samsung and LG continuing to be the world's biggest TV companies—titles that are increasingly challenged by Chinese brands. It has previously been reported that the South Korean government urged Samsung and LG to meet with each other to help ensure their leadership. The talks resulted in a partnership between the two companies reportedly centered on counteracting high prices that Samsung was facing for TV components sold by Chinese companies. With this background in mind, Hansol could be viewed as a biased party when it sought testing for TCL quantum dot TVs. "I'm really puzzled by Hansol's results," said Eric Virey, principal displays analyst at Yole Intelligence. "I have a very hard time believing that TCL would go through the troubles of making ... 'fake' QD films without QDs: this would cost almost as much as making a real QD films but without the performance benefits."

Ars Technica concludes: "As previously stated, it's possible that TCL is indeed using quantum dots but is using them in a small amount alongside phosphor. If true, the performance may not be as high as it would be with other designs, but it would also mean that TCL's quantum dot TVs aren't bogus. As it stands, the situation could benefit from more, preferably third-party, testing..."

An anonymous reader quotes a report from Ars Technica: Researchers still don't know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections. "At the moment, the source of the TV boxes' backdoor infection remains unknown," Thursday's post stated. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access." The following device models infected by Vo1d are: [R4, TV BOX, KJ-SMART4KVIP].

One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What's more, Doctor Web said it's not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models. Further, while only licensed device makers are permitted to modify Google's AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user. "These off-brand devices discovered to be infected were not Play Protect certified Android devices," Google said in a statement. "If a device isn't Play Protect certified, Google doesn't have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety."

Users can confirm if their device runs Android TV OS via this link and following the steps here.

An anonymous reader shares a column: The PS5 Pro's announcement yesterday wasn't a surprise. What was a surprise was the price: at $699.99, it debuts as Sony's most expensive console ever. It brought back memories of the PS3's controversial price tag, a console that when adjusted for inflation is the same $779 price point of a PS5 Pro with the additional disc drive. It's a very expensive PlayStation, and I fear it's a test of what's to come for next-gen console pricing.

For years, console gamers have been used to purchasing hardware at a significantly reduced price compared to what you could build yourself in the PC gaming space. Yes, you can find components that match the PS5 or Xbox Series X on paper, but it's still difficult to hit the price points that consoles sell for, especially when they're discounted during promotions. Besides, the easy plug-and-play model, simplified UI, and hassle-free warranty process are all big benefits over having to build or find a good prebuilt PC and then deal with Windows and driver updates. Consoles sell in their millions because they're far more consumer-friendly than PCs.

Ars Technica's Benj Edwards writes: In an age when you can get just about anything online, it's probably no surprise that you can buy a diamond-making machine for $200,000 on Chinese eCommerce site Alibaba. If, like me, you haven't been paying attention to the diamond industry, it turns out that the availability of these machines reflects an ongoing trend toward democratizing diamond production -- a process that began decades ago and continues to evolve. [...] Today, there are two primary methods for creating lab-grown diamonds: the HPHT process and chemical vapor deposition (CVD). Both types of machines are now listed on Alibaba, with prices starting at around $200,000, as pointed out in a Hacker News comment by engineer John Nagle (who goes by "Animats" on Hacker News). A CVD machine we found is more pricey, at around $450,000.

While the idea of purchasing a diamond-making machine on Alibaba might be intriguing, it's important to note that operating one isn't as simple as plugging it in and watching diamonds form. According to Lakha's article, these machines require significant expertise and additional resources to operate effectively. For an HPHT press, you'd need a reliable source of high-quality graphite, metal catalysts like iron or cobalt, and precise temperature and pressure control systems. CVD machines require a steady supply of methane and hydrogen gases, as well as the ability to generate and control microwaves or hot filaments. Both methods need diamond seed crystals to start the growth process. Moreover, you'd need specialized knowledge to manage the growth parameters, handle potentially hazardous materials and high-pressure equipment safely, and process the resulting raw diamonds into usable gems or industrial components. The machines also use considerable amounts of energy and require regular maintenance. Those factors may make the process subject to some regulations that are far beyond the scope of this piece. In short, while these machines are more accessible than ever, turning one into a productive diamond-making operation would still require significant investment in equipment, materials, expertise, and safety measures. But hey, a guy can dream, right?

wiredmikey shares a report from SecurityWeek: Microsoft on Tuesday raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system. The Windows flaw, tagged as CVE-2024-43491 and marked as actively exploited, is rated critical and carries a CVSS severity score of 9.8/10. Redmond's documentation of the bug suggests a downgrade-type attack similar to the 'Windows Downdate' issue discussed at this year's Black Hat conference. Microsoft's bulletin reads: "Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 -- KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability."

To protect against this exploit, Microsoft says Windows users should install this month's Servicing stack update (SSU KB5043936) and the September 2024 Windows security update (KB5043083), in that order.

Long-time Slashdot reader theodp writes: "The Impact of AI on Computer Science Education" recounts an experiment Eric Klopfer conducted in his undergrad CS class at MIT. He divided the class into three groups and gave them a programming task to solve in the Fortran language, which none of them knew. Reminiscent of how The Three Little Pigs used straw, sticks, and bricks to build their houses with very different results, Klopfer allowed one group to use ChatGPT to solve the problem, while the second group was told to use Meta's Code Llama LLM, and the third group could only use Google. The group that used ChatGPT, predictably, solved the problem quickest, while it took the second group longer to solve it. It took the group using Google even longer, because they had to break the task down into components.

Then, the students were tested on how they solved the problem from memory, and the tables turned. The ChatGPT group "remembered nothing, and they all failed," recalled Klopfer. Meanwhile, half of the Code Llama group passed the test. The group that used Google? Every student passed.

"This is an important educational lesson," said Klopfer. "Working hard and struggling is actually an important way of learning. When you're given an answer, you're not struggling and you're not learning. And when you get more of a complex problem, it's tedious to go back to the beginning of a large language model and troubleshoot it and integrate it." In contrast, breaking the problem into components allows you to use an LLM to work on small aspects, as opposed to trying to use the model for an entire project, he says. "These skills, of how to break down the problem, are critical to learn."

An anonymous reader quotes a report from 404 Media, written by Jason Koebler: I've been videochatting with Mixael Swan Laufer for about 30 minutes about an exciting discovery when he points out that to date, the best way he's been able to bring attention to his organization is "the old school method of me performing a bunch of federal felonies on stage in front of a bunch of people." I stop him and ask: "In this case, what are the felonies?" "Well, the list is pretty long," he said. Laufer is the chief spokesperson of Four Thieves Vinegar Collective, an anarchist collective that has spent the last few years teaching people how to make DIY versions of expensive pharmaceuticals at a tiny fraction of the cost.

Four Thieves Vinegar Collective call what they do "right to repair for your body." Laufer has become well known for handing out DIY pills and medicines at hacking conferences, which include, for example, courses of the abortion drug misoprostol that can be manufactured for 89 cents (normal cost: $160) and which has become increasingly difficult to obtain in some states following the Supreme Court decision in Dobbs. In our call, Laufer had just explained that Four Thieves' had made some miscalculations as part of its latest project, to create instructions for replicating sofosbuvir (Sovaldi), a miracle drug that cures hepatitis C, which he planned to explain and reveal at the DEF CON hacking conference. Unlike many other drugs that treat viruses, Sovaldi does not suppress hepatitis C, a virus that kills roughly 250,000 people around the world each year. It cures it. [...]

Crucially, unlike other medical freedom organizations, Four Thieves isn't suggesting people treat COVID with Ivermectin, isn't shilling random supplements, and doesn't have any sort of commercial arm at all. Instead, they are helping people to make their own, identical pirated versions of proven and tested pharmaceuticals by taking the precursor ingredients and performing the chemical reactions to make the medication themselves. "We don't invent anything, really," Laufer said. "We take things that are on the shelf and hijack them. We like to take something established, and be like 'This works, but you can't get it.' Well, here's a way to get it." A slide at his talk reads "Isn't this illegal? Yeah. Grow up." Four Thieves has developed a suite of open-source tools to help achieve its goal. The core tool, Chemhacktica, is a software platform that uses machine learning to map chemical pathways for synthesizing desired molecules. It suggests potential chemical reactions, identifies precursor materials, and checks their availability for purchase.

The other is Microlab, an open-source controlled lab reactor built from affordable, off-the-shelf components costing between $300 and $500. It uses Chemhacktica's suggested pathways to create medications, and detailed instructions for building and operating the Microlab are provided. Additionally, the company developed a drag-and-drop recipe system called Apothecarium that generates executable files for the Microlab, offering step-by-step guidance on producing specific medications.

Laufer told 404 Media: "I am of the firm belief that we are hitting a watershed where economics and morality are coming to a head, like, 'Look: intellectual property law is based off some ideas that came out of 1400s Venice. They're not applicable and they're being abused and people are dying every day because of it, and it's not OK.'"

Further reading: Meet the Anarchists Making Their Own Medicine (Motherboard; 2018)

Intel launched its new Core Ultra 200V-series processors on Tuesday, promising significant improvements in power efficiency, performance, and battery life over competitors and previous generations. The company claims the chips offer "historic x86 power efficiency" and the "world's fastest mobile CPU cores." The processors, available for pre-order in OEM systems and shipping September 24, feature four Lion Cove P-cores and four Skymont E-cores with boost speeds up to 5.1 GHz.

Intel says the chips deliver up to 20.1 hours of battery life, Tom's Hardware reports, outperforming Qualcomm's Snapdragon X Elite by nearly two hours and AMD's chips by almost four hours. Intel asserts a 30% faster gaming performance than competing processors and highlighted compatibility issues with Qualcomm's chips, noting that nearly two dozen games used for benchmarking failed to run on X Elite chips. The company claims up to 64% advantage in single-threaded performance over Qualcomm Snapdragon X Elite and up to 33% over AMD Strix Point HX370.

Politico reports U.S. states have no uniform way of policing the use of overseas subcontractors in election technology, "let alone to understand which individual software components make up a piece of code."

For example, to replace New Hampshire's old voter registration database, state election officials "turned to one of the best — and only — choices on the market," Politico: "a small, Connecticut-based IT firm that was just getting into election software." But last fall, as the new company, WSD Digital, raced to complete the project, New Hampshire officials made an unsettling discovery: The firm had offshored part of the work. That meant unknown coders outside the U.S. had access to the software that would determine which New Hampshirites would be welcome at the polls this November.

The revelation prompted the state to take a precaution that is rare among election officials: It hired a forensic firm to scour the technology for signs that hackers had hidden malware deep inside the coding supply chain. The probe unearthed some unwelcome surprises: software misconfigured to connect to servers in Russia ["probably by accident," they write later] and the use of open-source code — which is freely available online — overseen by a Russian computer engineer convicted of manslaughter, according to a person familiar with the examination and granted anonymity because they were not authorized to speak about it... New Hampshire officials say the scan revealed another issue: A programmer had hard-coded the Ukrainian national anthem into the database, in an apparent gesture of solidarity with Kyiv.

None of the findings amounted to evidence of wrongdoing, the officials said, and the company resolved the issues before the new database came into use ahead of the presidential vote this spring. This was "a disaster averted," said the person familiar with the probe, citing the risk that hackers could have exploited the first two issues to surreptitiously edit the state's voter rolls, or use them and the presence of the Ukrainian national anthem to stoke election conspiracies. [Though WSD only maintains one other state's voter registration database — Vermont] the supply-chain scare in New Hampshire — which has not been reported before — underscores a broader vulnerability in the U.S. election system, POLITICO found during a six-month-long investigation: There is little oversight of the supply chain that produces crucial election software, leaving financially strapped state and county offices to do the best they can with scant resources and expertise.

The technology vendors who build software used on Election Day face razor-thin profit margins in a market that is unforgiving commercially and toxic politically. That provides little room for needed investments in security, POLITICO found. It also leaves states with minimal leverage over underperforming vendors, who provide them with everything from software to check in Americans at their polling stations to voting machines and election night reporting systems. Many states lack a uniform or rigorous system to verify what goes into software used on Election Day and whether it is secure.
The article also points out that many state and federal election officials "insist there has been significant progress" since 2016, with more regular state-federal communication. "The Cybersecurity and Infrastructure Security Agency, now the lead federal agency on election security, didn't even exist back then.

"Perhaps most importantly, more than 95% of U.S. voters now vote by hand or on machines that leave some type of paper trail, which officials can audit after Election Day."

This weekend NASA said they'd turn to SpaceX to return two astronauts from the International Space Station, notes the Associated Press, "rather than risk using the Boeing Starliner capsule that delivered them." (They add that Boeing's capsule "has been plagued by problems with its propulsion system.")

But Reuters reported that even before the setback, Boeing and Lockheed Martin were "in talks to sell their rocket-launching joint venture United Launch Alliance to Sierra Space, two people familiar with the discussions said." A deal to sell ULA, a major provider of launch services to the U.S. government and a top rival to Elon Musk's SpaceX, would mark a significant shift in the U.S. space launch industry as ULA separates from two of the largest defense contractors to a smaller, privately held firm.

The potential sale comes after years of speculation about ULA's future and failed attempts to divest the joint venture over the past decade. In 2019, Boeing and Lockheed Martin reportedly explored selling ULA but couldn't agree on terms with potential buyers... Jeff Bezos' Blue Origin and Cerberus Capital Management had placed bids in early 2023 for the company, according to people familiar with the negotiations. Rocket Lab had also expressed interest, two people said. None of those discussions led to a deal...

A potential deal could accelerate deployment of [Sierra Space's] crewed spaceflight business, analysts said. A ULA acquisition, they said, would give the company in-house access to launch vehicles that could send its spaceplane and space-station components into Earth's orbit, rather than spending hundreds of millions of dollars for those launches as a customer...

ULA has faced challenges in scaling Vulcan production and upping its launch rate to meet commercial demand and fulfill contract obligations with the Space Force, which in 2021 picked Vulcan for a sizable chunk of national security missions alongside SpaceX's Falcon fleet. A sale of ULA would unshackle the company from Boeing and Lockheed, whose boards have long resisted ideas from ULA to expand the business beyond rockets and into new competitive markets such as lunar habitats or maneuverable spacecraft, according to former executives.
While Reuters's sources say the negotiations could still end without a deal, they also said ULA could be valued between $2 billion and $3 billion, giving Boeing some cash while shifting its focus to its core businesses of aerospace and defense.

Thanks to long-time Slashdot reader schwit1 for sharing the news.

America's Department of Energy has three R&D labs, according to Wikipedia, one of which is Sandia National Labs. And that New Mexico-based lab has just announced that "A milestone in quantum sensing is drawing closer, promising exquisitely accurate, GPS-free navigation." with research into "a motion sensor so precise it could minimize the nation's reliance on global positioning satellites." Until recently, such a sensor — a thousand times more sensitive than today's navigation-grade devices — would have filled a moving truck. But advancements are dramatically shrinking the size and cost of this technology. For the first time, researchers from Sandia National Laboratories have used silicon photonic microchip components to perform a quantum sensing technique called atom interferometry, an ultra-precise way of measuring acceleration. It is the latest milestone toward developing a kind of quantum compass for navigation when GPS signals are unavailable. The team published its findings and introduced a new high-performance silicon photonic modulator — a device that controls light on a microchip — as the cover story in the journal Science Advances... The new modulator is the centerpiece of a laser system on a microchip. Rugged enough to handle heavy vibrations, it would replace a conventional laser system typically the size of a refrigerator...

Besides size, cost has been a major obstacle to deploying quantum navigation devices. Every atom interferometer needs a laser system, and laser systems need modulators. "Just one full-size single-sideband modulator, a commercially available one, is more than $10,000," said Sandia scientist Jongmin Lee. Miniaturizing bulky, expensive components into silicon photonic chips helps drive down these costs. "We can make hundreds of modulators on a single 8-inch wafer and even more on a 12-inch wafer," Kodigala said. And since they can be manufactured using the same process as virtually all computer chips, "This sophisticated four-channel component, including additional custom features, can be mass-produced at a much lower cost compared to today's commercial alternatives, enabling the production of quantum inertial measurement units at a reduced cost," Lee said.

As the technology gets closer to field deployment, the team is exploring other uses beyond navigation. Researchers are investigating whether it could help locate underground cavities and resources by detecting the tiny changes these make to Earth's gravitational force. They also see potential for the optical components they invented, including the modulator, in LIDAR, quantum computing, and optical communications.
Thanks to Slashdot reader schwit1 for sharing the news.

Long-time Slashdot reader UnderAttack explains: A blog post at the SANS Internet Storm Center suggests that OpenAI actions are being abused to scan for WordPress vulnerabilities.

Honeypot sensors at the Storm Center detected scans for URLs targeting WordPress that originated exclusively from OpenAI systems. The URLs requested all pages including the pattern '%%target%%', which may indicate that the scan is meant to include additional path components but the expansion of the template failed. The scans were not only identified by the unique user agent but also by the origin IP addresses matching addresses OpenAI published as being used for OpenAI actions. OpenAI actions allow OpenAI to connect to external APIs.
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu, wrote that OpenAI seems to be scanning random IP addresses — including honeypots.

Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company's database, which they claimed has been floating around the underground since December 2023.

Following last week's story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property -- the background search service recordscheck.net -- was hosting an archive that included the usernames and password for the site's administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named "members.zip," indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD's founder, an actor and retired sheriff's deputy from Florida named Salvatore "Sal" Verini.

Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company's website, and that the site is slated to cease operations "in the next week or so." "Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords," Verini told KrebsOnSecurity. "Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative." The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com's homepage features a positive testimonial from Sal Verini.

Bloomberg's Mark Gruman remembers how Apple's hardware group "allowed Apple to dump Intel chips from its entire Mac lineup."

And they're now building an in-house cellular modem: For more than a decade, Apple has used modem chips designed by Qualcomm... But in 2018 — while facing a legal battle over royalties and patents — Apple started work on its own modem design.... It's devoting billions of dollars, thousands of engineers and millions of working hours to a project that won't really improve its devices — at least at the outset...

Over the past few years, Apple's modem project has suffered numerous setbacks. There have been problems with performance and overheating, and Apple has been forced to push back the modem's debut until next year at the earliest. The rollout will take place on a gradual basis — starting with niche models — and take a few years to complete. In a sign of this slow transition, Apple extended its supplier agreement with Qualcomm through March 2027... But Qualcomm has said that Apple will still have to pay it some royalties regardless (the chipmaker believes that Apple won't be able to avoid infringing its patents).

So it's hard to tell how big the benefits will be in the near term. Down the road, there are plans for Apple to fold its modem design into a new wireless chip that handles Wi-Fi and Bluetooth access. That would create a single connectivity component, potentially improving reliability and battery life. There's also the possibility that Apple could one day combine all of this into the device's main system on a chip, or SoC. That could further cut costs and save space inside the iPhone, allowing for more design choices. Furthermore, if Apple does ultimately save money by switching away from Qualcomm, it could redirect that spending toward new features and components.