Iphone

iPhone 15 Models Support USB-C to Ethernet for Faster Internet Speeds 80

Posted by msmash from the how-about-that dept.
An anonymous reader shares a report: Following the launch of the iPhone 15 series today, a few readers of our website have reached out to highlight that the devices support USB-C to Ethernet adapters, allowing for a wired internet connection with faster download speeds than Wi-Fi. Apple confirmed this information in a support document last week, with USB to Ethernet adapters listed as compatible with iPhone 15 models. When an iPhone is connected to an Ethernet cable, an otherwise hidden Ethernet menu appears in the Settings app with IP-related information and various configuration options.
Earth

New Study Could Upend How We Think About the Ozone Layer and Health (msn.com) 30

Posted by EditorDavid from the layers-of-meaning dept.
First the Washington Post summarizes what scientists believed in the 1970s. Chlorofluorocarbons, or (CFCs, "could float up into the stratosphere and break down a protective layer of ozone, allowing more ultraviolet light to enter the atmosphere and harm humans, crops, and entire ecosystems. In fact, this had already happened: There was a hole in the ozone layer over the South Pole." Experts view the subsequent treaty to cut down on the use of CFCs — the 1987 Montreal Protocol — as a landmark environmental achievement. Scientists estimate that the pact has prevented millions of cases of skin cancer. Today, the ozone hole is recovering well. But a provocative scientific paper published Friday in the journal AGU Advances suggests that the link between the ozone layer and human health is more complicated than it seems. Under certain circumstances, the researchers write, small decreases in the ozone layer could now save lives...

The researchers initially were examining something else: what would happen to the chemistry of the atmosphere if humans injected sulfates into the stratosphere, a controversial strategy to cool the planet. But in the process, they found that the chemicals would alter the atmosphere's ozone content — with consequences for human health. Sulfate chemicals are known to deplete ozone high in the atmosphere, but, the paper shows, they could also decrease ground-level air pollution. Ozone, or O3, occurs in two forms in the atmosphere: what scientists call "good ozone" in the stratosphere, the layer of the atmosphere that sits 6 to 31 miles above the surface, and "bad ozone" in the troposphere, the atmospheric layer that reaches to the ground... an air pollutant in the troposphere that comes from power plants, cars, and industrial sites. It can be deadly, exacerbating respiratory diseases. According to one study, over 400,000 people died from long-term exposure to ozone in 2019 alone.

The new paper shows that "good ozone" and "bad ozone" can interact in unexpected ways. When good ozone is depleted, more UV light reaches the troposphere, which increases the rate of skin cancer. But UV light also catalyzes chemical reactions in the troposphere, including one in which hydroxide, or OH — which some scientists call the "Pac-Man of the atmosphere" — swallows up pollutants. The more UV light, the more OH eats up dangerous pollutants. This decrease in ground-level air pollution, according to the study, could actually outweigh the rise in skin cancer. A small decrease in stratospheric ozone, according to their study, could save between 33,000 and 86,000 lives every year.

Only a few papers have made this connection, including one in 2018 that similarly found that a small decrease in the ozone layer could save lives from air pollution... One way to read the study is as another warning of how dangerous ground-level air pollution is and how far the world still needs to go to clean it up. (Outdoor air pollution writ large is associated with an estimated 4.2 million premature deaths every year.)
XBox (Games)

Microsoft Accidentally Reveals New Disc-Less Xbox Series X Design With a Lift-To-Wake Controller (theverge.com) 24

Posted by BeauHD from the what-to-expect dept.
Microsoft is planning to refresh its Xbox Series X console in 2024 with an all-new design and features. The Verge reports: Codenamed Brooklin, the unannounced console refresh has been accidentally revealed in new FTC v. Microsoft documents this week. The new Xbox Series X design looks a lot more cylindrical than the existing console and will ship without a disc drive. Internal confidential Microsoft documents reveal it has 2TB of storage (up from 1TB), a USB-C front port with power delivery, and an "all-new, more immersive controller."

The new controller, codenamed Sebile, is set to be announced early next year for $69.99 and will include an accelerometer which should let you merely lift it to wake the gamepad. It has a two-tone color scheme and will support a direct connection to cloud, Bluetooth 5.2, and a presumably updated âoeXbox Wireless 2â connection. Microsoft also lists "precision haptic feedback" and "VCA haptics double as speakers" as specs for the controller. It will also have quieter buttons and thumbsticks, a rechargeable and swappable battery, and modular thumbsticks.

Inside the new Xbox Series X design, Microsoft is also adding Wi-Fi 6E support, a Bluetooth 5.2 radio, and the company is shrinking the existing die to 6nm "for improve efficiency." The PSU power will be reduced by 15 percent, according to Microsoft's document. Microsoft is targeting the same $499 launch price of the Xbox Series X. Microsoft lists a roadmap for this new Xbox Series X console and controller, alongside a refreshed Xbox Series S with 1TB of storage. Microsoft just launched a refreshed Xbox Series S in black, but there could be another refresh on the way in 2024 with Wi-Fi 6E support and Bluetooth 5.2. It will also include this new Xbox controller. [...] Microsoft is tentatively planning to launch this new Xbox Series S refresh next September, with the Xbox Series X refresh in November.
Wireless Networking

Why Apple Put a Thread Radio In the iPhone 15 Pro (theverge.com) 56

Posted by BeauHD from the intriguing-futureproofing dept.
On Tuesday, Apple unveiled the iPhone 15 Pro and Pro Max featuring USB-C ports, titanium bodies, and Action Buttons. They're also the first smartphones to support the open-source smart home protocol Thread. The Verge's Jennifer Pattison Tuohy explains how Apple might deploy this wireless connectivity protocol in its ecosystem: The obvious use for Thread in the iPhone is as a Thread border router for the slew of new Apple Home and Matter-enabled Thread smart home devices from companies like Eve, Nanoleaf, and Belkin WeMo. This would mean you wouldn't have to have a HomePod Mini, Apple TV 4K, or other Thread border router to use Thread smart home gadgets with your iPhone. ... [Jonathan Hui, VP of technology at the Thread Group and a software engineer at Google] says that Thread connectivity in a smartphone will allow it to communicate directly with a Thread device. "Compared to existing smartphones without Thread, a smartphone with Thread can communicate directly with a Thread device, without relying on a separate Thread border router or any other communication technology," he said.

Another possibility with direct control is some type of trigger or presence detection. Your Thread devices could know you're home as soon as you walk into the house and respond appropriately. However, presence detection -- something the smart home sorely needs -- would be easier to do with the UWB chips already in most iPhones and HomePods (and is already being done to some extent). As an IP-based mesh protocol, Thread could be a more reliable way to connect multiple such devices to your phone while also having multiple "parent" devices within the same home (such as your iPad, MacBook, or other family member's iPhones). Its IP characteristic makes it easier to maintain a persistent data connection directly to the device, says Moneta. Additionally, Thread being mesh means your device doesn't have to be in range of the controller (iPhone/iPad etc.), as it would with Bluetooth. This could apply to Apple accessories such as the Apple Watch and third-party devices that use Bluetooth, like camera accessories and medical devices. Of course, all of those would need a Thread radio in, too, so that's not going to happen anytime soon. [...]

A popular theory in my X (formerly Twitter) feed after the Apple event was that Thread is in the iPhone 15 Pro line more or less as a freebie. It's plausible that the Wi-Fi / Bluetooth chip Apple is using in its highest-end phones comes as a sort of three-for-one: you pay for Wi-Fi and Bluetooth, and you get your Thread for free! Given that Apple itself doesn't seem to have a clear idea or any concrete examples of what the Thread capabilities will add (beyond a vague "opening up future opportunities for Home app integrations" statement in the iPhone 15 press release), this does seem to be the most likely reason -- for now. Although, Apple rarely does anything without some purpose in mind.
Graphics

Hobbyist Builds HDMI ISA Graphics Card For Vintage PCs By Improving Graphics Gremlin (yeokhengmeng.com) 60

Posted by EditorDavid from the making-a-connection dept.
Earlier this year, Singapore-based embedded security researcher yeokm1 built a ChatGPT client for MS-DOS.

Now they're back with a new project: HDMI is a relatively modern video connector we take for granted on modern PCs and monitors. Now vintage PCs can join in the fun too with a native connection to modern HDMI monitors without any additional adapter.

Two years ago, I learned of an open-source project called Graphics Gremlin by Eric Schlaepfer who runs the website Tubetime.us. It is an 8-bit ISA graphics card that supports display standards like Color Graphics Adapter (CGA) and Monochrome Display Adapter (MDA). CGA and MDA are display standards used by older IBM(-compatible) PCs in the 1980s. The frequencies and connectors used by CGA and MDA are no longer supported by modern monitors hence it is difficult for older PCs of the 1980s era to have modern displays connected to them without external adapters. Graphics Gremline addresses this problem by using techniques like scan doubling (for CGA) and increasing the vertical refresh rate (for MDA) then outputing to a relatively newer but still old VGA port.

I fabricated and assembled the design then installed it into my IBM5155... I decided to modify the Graphics Gremlin design so it can connect natively to an external HDMI monitor and service the internal Composite-based CRT at the same time.
The post concludes triumphantly with a photo of their IBM 5155 running the CGA Compatibility Tester displaying the color palette.
The Internet

US Broadband Buildout Finds Cost to Connect Some Households as High as $53,000 (msn.com) 119

Posted by EditorDavid from the consuming-more-fiber dept.
Internet services has long been slow for the Winnebago Tribe in the state of Nebraska, reports the Wall Street Journal. Now the U.S. government "plans to fix that by crisscrossing the reservation with fiber-optic cable — at an average cost of $53,000 for each household and workplace connected."

While that amount exceeds the assessed value of some of the 658 homes getting hookups — at a cost of $35.2 million — "the tribe is also starting an internet company to run the network, creating jobs and competing with an existing provider known for slow customer service." While most connections will cost far less, the expense to reach some remote communities has triggered concerns over the ultimate price tag for ensuring every rural home, business, school and workplace in America has the same internet that city dwellers enjoy... The U.S. has committed more than $60 billion for what the Biden administration calls the "Internet for All" program, the latest in a series of sometimes troubled efforts to bring high-speed internet to rural areas... Providing fiber-optic cable is the industry standard, but alternative options such as satellite service are cheaper, if less reliable. Congress has left it up to state and federal officials implementing the program to decide how much is too much in hard-to-reach areas...

Defenders of the broadband programs say a simple per-location cost doesn't capture their benefits. Once built, rural fiber lines can be used to upgrade cell service or to add more connections to nearby towns...

Some of the differences can be explained by the distinct geographic areas the programs are targeting. While the FCC program included some suburbs and excluded remote locations such as Alaska, the programs run by Commerce and USDA specifically targeted far-flung regions with difficult construction conditions. "These are some of the most challenging locations that there are to reach in America," said Andy Berke, administrator of the USDA's Rural Utilities Service. He cited one project in Alaska that involves a 793-mile undersea fiber cable to reach remote villages.
Education

'Staggering' Education Inequality Caused During Pandemic by Overreliance on Tech, Says UN Agency (sanjuandailystar.com) 215

Posted by EditorDavid from the distant-learning dept.
A United Nations report "says that overreliance on remote learning technology during the pandemic led to 'staggering' education inequality around the world," reports the New York Times. The 655-page report from the United Nations' education/culture agency UNESCO asks if we've just experienced a worldwide "ed-tech tragedy."

Long-time Slashdot reader theodp writes: Some of the main findings of the report include:

1. The promise of education technology was overstated
2. Remote online learning worsened education disparities
3. Learning was hindered and altered
4. Regulation and guardrails are needed.
Remember that the report covers countries around the world, with different levels of economic development. One section of the report is actually titled, "Most learners were left behind," citing estimates that "at least half of all students expected to access remote learning systems to continue their education were unable to do so due to technology gaps... In many parts of the world, accessing education via a technology portal was so uncommon and so unrealistic that many families did not even know that the option existed when schools closed." This should not have come as a particular surprise. The International Telecommunication Union (ITU), the specialized agency of the United Nations for ICT, estimated that approximately 3.7 billion people — roughly half of the world's population — lacked a functional internet connection in 2020... Countries around the world invested heavily in internet-connected solutions for education, even though these solutions commonly reached only a minority of students, resulting in a bifurcation of educational opportunity.
The report begins with a warning from the agency's assistant director-general for education. "Ultimately, we should heed this publication's recommendation to exercise greater humility and caution when considering the educational promise of the latest technological marvels."
Businesses

BMW Drops Controversial Heated Seats Subscription, To Refocus On Software Services (forbes.com) 73

Posted by msmash from the sorry-about-that dept.
BMW has made a U-turn on a controversial subscription service that saw drivers pay a fee to activate the heated seats already fitted to their car. From a report: First announced in 2020, the subscription was intended to be one of many ways to offer flexibility to customers, who could opt in to pay for vehicle functions when it suited them, then stop paying when they were no longer wanted. But instead of options like increased electric car performance -- as was later offered by Mercedes -- or other technology-driven functions like autonomous parking or a 5G data connection, BMW drew criticism for charging a subscription for heated seats already installed at the factory. Now though, BMW will no longer offer such a service.

Submission + - The $53,000 Connection: The High Cost of High-Speed Internet for Everyone (wsj.com)

Submitted by Anonymous Coward
An anonymous reader writes:

Nebraska’s Winnebago Tribe has long been stuck with sluggish internet service. The federal government plans to fix that by crisscrossing the reservation with fiber-optic cable—at an average cost of $53,000 for each household and workplace connected.

That amount exceeds the assessed value of some of the homes getting hookups, property records show. While most connections will cost far less, the expense to reach some remote communities has triggered concerns over the ultimate price tag for ensuring every rural home, business, school and workplace in America has the same internet that city dwellers enjoy.

“The problem is, money is not infinite,” said Blair Levin, a senior communications policy official in the Clinton and Obama administrations who is now an equity research analyst. “If you’re spending $50,000 to connect a very remote location, you have to ask yourself, would we be better off spending that same amount of money to connect [more] families?”

The U.S. has committed more than $60 billion for what the Biden administration calls the “Internet for All” program, the latest in a series of sometimes troubled efforts to bring high-speed internet to rural areas.

Plus: "In Montana, laying fiber-optic cable to some remote locations could cost more than $300,000 per connection, said Misty Ann Giles, director of Montana’s Department of Administration. Building to those places would empty the state’s coffers, she said: 'That’s when we might not reach everyone.'"

Ya think?

Private Enterprise: Rural users in most places in the US can get Starlink up and running for $599 in hardware, do-it-yourself installation in most cases, and $120 a month for high-speed service.
IT

Israel PM Pitches Fiber Optic Cable To Link Asia, Middle East With Europe (bloomberg.com) 20

Posted by msmash from the moving-forward dept.
Israel's prime minister on Sunday floated the idea of building infrastructure projects such as a fiber optic cable linking countries in Asia and the Arabian Peninsula with Europe through Israel and Cyprus. From a report: Prime Minister Benjamin Netanyahu said he's "quite confident" such an infrastructure "corridor" linking Asia to Europe through Israel and Cyprus is feasible. He said such projects could happen if Israel normalizes relations with other countries in the region. The 2020 U.S.-brokered Abraham Accords normalized relations between Israel and the United Arab Emirates and Bahrain, and the Biden administration is trying to establish official ties between Israel and Saudi Arabia.

"An example and the most obvious one is a fiber optic connection. That's the shortest route. It's the safest route. It's the most economic route," Netanyahu said after talks with Cypriot President Nikos Christodoulides. The Israeli leader's pitch is itself an extension of proposed energy links with Cyprus and Greece as part of growing collaboration on energy in the wake of discoveries of significant natural gas deposits in the economic zones of both Israel and Cyprus.
United States

Australian MPs To Lobby US To Drop Julian Assange Prosecution or Risk 'Very Dangerous' Precedent for Russia and China (theguardian.com) 117

Posted by msmash from the up-next dept.
Julian Assange's supporters will urge the US to drop the prosecution of the Australian citizen on the basis the "very dangerous" precedent will be exploited by China and Russia. From a report: Six Australian politicians are expected to focus on freedom-of-speech arguments when they fly to Washington DC later this month to warn against extraditing the WikiLeaks founder from the UK. The MPs and senators from across the political spectrum are aiming to help build momentum for the prime minister, Anthony Albanese, to raise the case in bilateral talks with Joe Biden at the White House in late October. The trip is being funded by the Assange campaign.

Assange remains in Belmarsh prison in London as he fights a US attempt to extradite him to face charges in connection with the publication of hundreds of thousands of leaked documents about the Afghanistan and Iraq wars as well as diplomatic cables. Greg Barns SC, an adviser to the Assange campaign, said on Tuesday that it was "not an ordinary run-of-the-mill extradition case." He said freedom of speech was "an important theme in the US."

"You've got China chasing journalists around the world, and you've got the Russians who have recently arrested journalists," Barns told Guardian Australia. "You've now got China using the Assange case as a sort of moral equivalence argument. So the message [of the Australian delegation] is going to be: this is very dangerous for journalists around the world and a race to the bottom that's going on."

Submission + - Why is .US Being Used to Phish So Many of Us? (krebsonsecurity.com)

Submitted by Anonymous Coward
An anonymous reader writes: Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States. .US is the “country code top-level domain” or ccTLD of the United States. Most countries have their own ccTLDs: .MX for Mexico, for example, or .CA for Canada. But few other major countries in the world have anywhere near as many phishing domains each year as .US.

That’s according to The Interisle Consulting Group, which gathers phishing data from multiple industry sources and publishes an annual report on the latest trends. Interisle’s newest study examined six million phishing reports between May 1, 2022 and April 30, 2023, and found 30,000 .US phishing domains. .US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. Department of Commerce. However, NTIA currently contracts out the management of the .US domain to GoDaddy, by far the world’s largest domain registrar. Under NTIA regulations, the administrator of the .US registry must take certain steps to verify that their customers actually reside in the United States, or own organizations based in the U.S. But Interisle found that whatever GoDaddy was doing to manage that vetting process wasn’t working. “The .US ‘nexus’ requirement theoretically limits registrations to parties with a national connection, but .US had very high numbers of phishing domains,” Interisle wrote. “This indicates a possible problem with the administration or application of the nexus requirements.”

Dean Marks is executive director and legal counsel for a group called the Coalition for Online Accountability, which has been critical of the NTIA’s stewardship of .US. Marks says virtually all European Union member state ccTLDs that enforce nexus restrictions also have massively lower levels of abuse due to their policies and oversight. [...] Marks said there are very few phishing domains ever registered in other ccTLDs that also restrict registrations to their citizens, such as .HU (Hungary), .NZ (New Zealand), and .FI (Finland), where a connection to the country, a proof of identity, or evidence of incorporation are required. “Or .LK (Sri Lanka), where the acceptable use policy includes a ‘lock and suspend’ if domains are reported for suspicious activity,” Marks said. “These ccTLDs make a strong case for validating domain registrants in the interest of public safety.” Sadly, .US has been a cesspool of phishing activity for many years. As far back as 2018, Interisle found .US domains were the worst in the world for spam, botnet (attack infrastructure for DDOS etc.) and illicit or harmful content. Back then, .US was being operated by a different contractor.
Android

Russia Targets Ukraine With New Android Backdoor, Intel Agencies Say (arstechnica.com) 24

Posted by BeauHD from the cyber-warfare dept.
An anonymous reader quotes a report from Ars Technica: Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel," the tracking name for new malware that's designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. "Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). "The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military."

Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that's resolved using a request to dns.google.

Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn't say how the malware gets installed. In the advisory Ukraine's security service issued earlier this month (PDF), officials said that Russian personnel had "captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system." It's unclear if this was the vector.

Submission + - Russia Targets Ukraine With New Android Backdoor, Intel Agencies Say (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Russia’s military intelligence unit has been targeting Ukrainian Android devices with “Infamous Chisel,” the tracking name for new malware that’s designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. “Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices,” intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). “The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military.”

Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that’s resolved using a request to dns.google.

Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn’t say how the malware gets installed. In the advisory Ukraine’s security service issued earlier this month (PDF), officials said that Russian personnel had “captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system.” It’s unclear if this was the vector.
United States

EPA Removes Federal Protections For Most of the Country's Wetlands (npr.org) 122

Posted by BeauHD from the no-more-protections dept.
An anonymous reader quotes a report from NPR: The Environmental Protection Agency removed federal protections for a majority of the country's wetlands on Tuesday to comply with a recent U.S. Supreme Court ruling. The EPA and Department of the Army announced a final rule amending the definition of protected "waters of the United States" in light of the decision in Sackett v. EPA in May, which narrowed the scope of the Clean Water Act and the agency's power to regulate waterways and wetlands. A 2006 Supreme Court decision determined that wetlands would be protected if they had a "significant nexus" to major waterways. This year's court decision undid that standard. The EPA's new rule "removes the significant nexus test from consideration when identifying tributaries and other waters as federally protected," the agency said.

In May, Justice Samuel Alito said the navigable U.S. waters regulated by the EPA under the Clean Water Act do not include many previously regulated wetlands. Writing the court's decision, he said the law includes only streams, oceans, rivers and lakes, and wetlands with a "continuous surface connection to those bodies." The EPA said the rule will take effect immediately. "The agencies are issuing this amendment to the 2023 rule expeditiously -- three months after the Supreme Court decision -- to provide clarity and a path forward consistent with the ruling," the agency said. As a result of the rule change, protections for many waterways and wetlands will now fall to states.
Movies

Is 'Blue Beetle' the Best Modern DC Superhero Movie? (msn.com) 85

Posted by EditorDavid from the just-the-beginning dept.
At the Washington Post, David Betancourt's title is "reporter focusing on comic book culture."

Saturday he wrote that the Blue Beetle movie "isn't just a good superhero movie, it's the best film from DC in its modern era, this past decade marked by their struggle to catch up to Marvel Studios..." "Blue Beetle" has heart. "Blue Beetle" has soul... There's a feeling that those of us who love superhero cinema get when we know we've seen something special. The feeling that compelled us to buy a ticket for a midnight screening back in the day. That feeling that makes you see a superhero flick four to five times in theaters because you want to see it again and can't wait for it to arrive on home video. "Blue Beetle" will leave you feeling that way when you walk out of the theater. It certainly made me feel that way...

Xolo Maridueña as Jaime Reyes (the kid under the Blue Beetle armor) gives a performance that I can only describe as Downey-esque. Yes, I have no qualms in saying "Blue Beetle" gave me "Iron Man"-in-2008 vibes. Not just in the individual performance of the lead actor or the high-tech suit of armor, but also in the feeling that this is the start of something big. The second "Blue Beetle's" credits started rolling I knew I had seen the best DC movie of the last decade. The movie had heart. Humor. Multiple complex villains...
The DC movie has a 91% audience score and a 75% critics' score on Rotten Tomatoes, notes this analysis from Forbes: The DC movie is projected to make between $25 million to $32 million through Sunday, Variety reported, though Deadline puts it at $25 million, making it DC's latest underperforming film as it struggles to compete with rival Marvel... By comparison, Marvel's Guardians of the Galaxy Vol. 3 pulled in $118.4 million in its opening weekend in May, while Ant-Man and the Wasp: Quantumania grossed $106.2 million in its opening weekend in February and Sony's Spider-Man: Across the Spider-Verse grossed $120.7 million in its first weekend.
"Warner Bros. has experienced underperformance with recent superhero films like Black Adam, Shazam! Fury of the Gods, and The Flash," writes Collider: Originally designed as a direct-to-streaming title, Blue Beetle now serves as the second-last installment of a bygone era of the DC Extended Universe, which will be rebooted under the supervision of James Gunn and Peter Safran with Superman: Legacy in 2025. The current DCEU era will officially come to a close with Aquaman and the Lost Kingdom later this year, which has a larger overall connection with the series, while Blue Beetle is a mostly standalone story. The movie's opening is in the same range as Birds of Prey some years ago. That film is generally considered to have underperformed at the box office, finishing with less than $100 million domestically and just around $200 million worldwide...

Barbie will take second place with an estimated $20 million fifth weekend, after grossing $6 million on Friday. By Sunday, the film's running domestic box office haul should hit $566 million. A few days after that, it'll overtake The Super Mario Bros. Movie's $574 million lifetime haul to become the year's biggest film...

[Oppenheimer] is also passing $700 million as we speak.
Debian

Debian Turns 30 (debian.org) 33

Posted by msmash from the moving-forward dept.
Debian blog: Over 30 years ago the late Ian Murdock wrote to the comp.os.linux.development newsgroup about the completion of a brand-new Linux release which he named "The Debian Linux Release." He built the release by hand, from scratch, so to speak. Ian laid out guidelines for how this new release would work, what approach the release would take regarding its size, manner of upgrades, installation procedures; and with great care of consideration for users without Internet connection. Unaware that he had sparked a movement in the fledgling F/OSS community, Ian worked on and continued to work on Debian. The release, now aided by volunteers from the newsgroup and around the world, grew and continues to grow as one of the largest and oldest FREE operating systems that still exist today.

Debian at its core is comprised of Users, Contributors, Developers, and Sponsors, but most importantly, People. Ians drive and focus remains embedded in the core of Debian, it remains in all of our work, it remains in the minds and hands of the users of The Universal Operating System. The Debian Project is proud and happy to share our anniversary not exclusively unto ourselves, instead we share this moment with everyone, as we come together in celebration of a resounding community that works together, effects change, and continues to make a difference, not just in our work but around the world. Debian is present in cluster systems, datacenters, desktop computers, embedded systems, IoT devices, laptops, servers, it may possibly be powering the web server and device you are reading this article on, and it can also be found in Spacecraft.
Encryption

Google's Chrome Begins Supporting Post-Quantum Key Agreement to Shield Encryption Keys (theregister.com) 13

Posted by EditorDavid from the quantum-leaps dept.
"Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography," writes Chrome's technical program manager for security, Devon O'Brien.

"Continuing with our strategy for handling this major transition, we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success." As a step down this path, Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115. This hybrid mechanism combines the output of two cryptographic algorithms to create the session key used to encrypt the bulk of the TLS connection:

X25519 — an elliptic curve algorithm widely used for key agreement in TLS today
Kyber-768 — a quantum-resistant Key Encapsulation Method, and NIST's PQC winner for general encryption

In order to identify ecosystem incompatibilities with this change, we are rolling this out to Chrome and to Google servers, over both TCP and QUIC and monitoring for possible compatibility issues. Chrome may also use this updated key agreement when connecting to third-party server operators, such as Cloudflare, as they add support. If you are a developer or administrator experiencing an issue that you believe is caused by this change, please file a bug.
The Register delves into Chrome's reasons for implementing this now: "It's believed that quantum computers that can break modern classical cryptography won't arrive for 5, 10, possibly even 50 years from now, so why is it important to start protecting traffic today?" said O'Brien. "The answer is that certain uses of cryptography are vulnerable to a type of attack called Harvest Now, Decrypt Later, in which data is collected and stored today and later decrypted once cryptanalysis improves." O'Brien says that while symmetric encryption algorithms used to defend data traveling on networks are considered safe from quantum cryptanalysis, the way the keys get negotiated is not. By adding support for a hybrid KEM, Chrome should provide a stronger defense against future quantum attacks...

Rebecca Krauthamer, co-founder and chief product officer at QuSecure, told The Register in an email that while this technology sounds futuristic, it's useful and necessary today... [T]he arrival of capable quantum computers should not be thought of as a specific, looming date, but as something that will arrive without warning. "There was no press release when the team at Bletchley Park cracked the Enigma code, either," she said.
Crime

'Bulletproof' Web Site Hosting Ransomware Finally Seized, Founder Indicted (cnbc.com) 16

Posted by EditorDavid from the site-unseen dept.
An anonymous reader shared this report from CNBC: The mastermind behind a ransomware hosting service that allegedly helped criminals collect more than 5,000 bitcoin in ransom from hundreds of victims was indicted in federal court this week, prosecutors announced Thursday. Artur Grabowski's LolekHosted service operated for about a decade and advertised itself as a haven for "everything but child porn," according to Florida prosecutors. Clients allegedly used the hosting service to deploy ransomware viruses that infected around 400 networks around the world... [That's 400 just for the Netwalker ransomware, which the announcement calls "one of the ransomware variants facilitated by LolekHosted."]

Grabowski was charged with computer fraud, wire fraud, and conspiracy to commit international money laundering. Grabowski himself is also the subject of a $21.5 million seizure order... Grabowski, a Polish national, faces a maximum sentence of 45 years, if he is ever detained and convicted.
Grabowski also "remains a fugitive," according to an announcement from the U.S. Department of Justice. It notes that the 36-year-old's site — registered in 2014 — also "facilitated" brute-force attacks, and phishing.

"Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement."
Privacy

After Backlash, Zoom Now Says It Won't Train AI Systems On Customer Content (variety.com) 9

Posted by BeauHD from the this-could've-all-been-avoided dept.
An anonymous reader quotes a report from Variety: Zoom changed its terms of service to say that it won't use any customer content -- at all -- in training generative artificial intelligence models. The update, which the videoconference company announced Friday, comes after observers raised the alarm about a recent change in Zoom's TOS that appeared to grant the company royalty-free rights in perpetuity for customer video calls and presentations for the purposes of training AI models. In its initial response on Aug. 7, Zoom said it doesn't use any customer audio, video or chat content for training AI "without consent." Now it says it will not use such content in any way related to generative AI development.

In a statement Friday appended its its earlier blog post, Zoom said, "Following feedback received regarding Zoom's recently updated terms of service, particularly related to our new generative artificial intelligence features, Zoom has updated our terms of service and the below blog post to make it clear that Zoom does not use any of your audio, video, chat, screen-sharing, attachments or other communications like customer content (such as poll results, whiteboard, and reactions) to train Zoom's or third-party artificial intelligence models." Zoom said it also updated in-product notices to reflect the change. According to Zoom's revised terms of service, the company still owns all rights to what it calls "service-generated data." That comprises telemetry data, product-usage data, diagnostic data and similar data "that Zoom collects or generates in connection with your or your End Users' use of the Services or Software," the terms of service say.

Slashdot Top Deals