An anonymous reader shares a report: One Raspberry Pi often leads to another. Soon enough, you're running out of spots in your free RealVNC account for your tiny boards and "real" computers. Even if you go the hardened route of SSH or an X connection, you have to keep track of where they all are. All of this is not the easiest thing to tackle if you're new to single-board computers or just eager to get started.

Enter Raspberry Pi Connect, a new built-in way to access a Raspberry Pi from nearly anywhere you can open a browser, whether to control yourself or provide remote assistance. On a Raspberry Pi 4, 5, or Pi 400 kit, you install Pi connect with a single terminal line, reboot the Pi, and then click a new tray icon to connect the Pi to a Raspberry Pi ID (and then enable two-factor authentication, of course). From then on, visiting connect.raspberrypi.com gives you an encrypted connection to your desktop. It's a direct connection if possible, and if not, it runs through relay servers in London, encrypting it with DTLS and keeping only the metadata needed for the service to work. The Pi will show a notification in its tray that somebody has connected, and you can manage screen sharing from there.

Markos Moulitsas is the poll-watching founder of the political blog Daily Kos. Thursday he wrote that in 2021, future third-party presidential candidate RFK Jr. had sued their web site.

"Things are not going well for him." Back in 2021, Robert F. Kennedy Jr. sued Daily Kos to unmask the identity of a community member who posted a critical story about his dalliance with neo-Nazis at a Berlin rally. I updated the story here, here, here, here, and here.

To briefly summarize, Kennedy wanted us to doxx our community member, and we stridently refused.
The site and the politician then continued fighting for more than three years. "Daily Kos lost the first legal round in court," Moulitsas posted in 2021, "thanks to a judge who is apparently unconcerned with First Amendment ramifications given the chilling effect of her ruling."

But even then, Moulitsas was clear on his rights: Because of Section 230 of the Communications Decency Act, [Kennedy] cannot sue Daily Kos — the site itself — for defamation. We are protected by the so-called safe harbor. That's why he's demanding we reveal what we know about "DowneastDem" so they can sue her or him directly.
Moulitsas also stressed that his own 2021 blog post was "reiterating everything that community member wrote, and expanding on it. And so instead of going after a pseudonymous community writer/diarist on this site, maybe Kennedy will drop that pointless lawsuit and go after me... consider this an escalation." (Among other things, the post cited a German-language news account saying Kennedy "sounded the alarm concerning the 5G mobile network and Microsoft founder Bill Gates..." Moulitsas also noted an Irish Times article which confirmed that at the rally Kennedy spoke at, "Noticeable numbers of neo-Nazis, kitted out with historic Reich flags and other extremist accessories, mixed in with the crowd.")

So what happened? Moulitsas posted an update Thursday: Shockingly, Kennedy got a trial court judge in New York to agree with him, and a subpoena was issued to Daily Kos to turn over any information we might have on the account. However, we are based in California, not New York, so once I received the subpoena at home, we had a California court not just quash the subpoena, but essentially signal that if New York didn't do the right thing on appeal, California could very well take care of it.

It's been a while since I updated, and given a favorable court ruling Thursday, it's way past time to catch everyone up.
New York is one of the U.S. states that doesn't have a strict "Dendrite standard" law protecting anonymous speech. But soon the blog founder discovered he had allies: The issues at hand are so important that The New York Times, the E.W.Scripps Company, the First Amendment Coalition, New York Public Radio, and seven other New York media companies joined the appeals effort with their own joint amicus brief. What started as a dispute over a Daily Kos diarist has become a meaningful First Amendment battle, with major repercussions given New York's role as a major news media and distribution center.

After reportedly spending over $1 million on legal fees, Kennedy somehow discovered the identity of our community member sometime last year and promptly filed a defamation suit in New Hampshire in what seemed a clumsy attempt at forum shopping, or the practice of choosing where to file suit based on the belief you'll be granted a favorable outcome. The community member lives in Maine, Kennedy lives in California, and Daily Kos doesn't publish specifically in New Hampshire. A perplexed court threw out the case this past February on those obvious jurisdictional grounds....

Then, last week, the judge threw out the appeal of that decision because Kennedy's lawyer didn't file in time — and blamed the delay on bad Wi-Fi...

Kennedy tried to dismiss the original case, the one awaiting an appellate decision in New York, claiming it was now moot. His legal team had sued to get the community member's identity, and now that they had it, they argued that there was no reason for the case to continue. We disagreed, arguing that there were important issues to resolve (i.e., Dendrite), and we also wanted lawyer fees for their unconstitutional assault on our First Amendment rights...

On Thursday, in a unanimous decision, a four-judge New York Supreme Court appellate panel ordered the case to continue, keeping the Dendrite issue alive and also allowing us to proceed in seeking damages based on New York's anti-SLAPP law, which prohibits "strategic lawsuits against public participation."
Thursday's blog post concludes with this summation. "Kennedy opened up a can of worms and has spent millions fighting this stupid battle. Despite his losses, we aren't letting him weasel out of this."

An anonymous reader shares a report: A software engineer has been keeping nearly 7,500 Firefox tabs open on her Mac computer for over two years -- and doesn't plan on closing them anytime soon. The Firefox power user, who goes by the pseudonym "Hazel" online, posted a screenshot showing 7,470 tabs open earlier this week after finding the browser initially unable to restore all the tabs. Hazel was able to bring the tabs back to life via a Firefox profile cache, however, and tells PCMag that reloading the full session took "no more than a minute."

"I feel like a part of me is restored," Hazel wrote on X once the Firefox tabs had returned. The Firefox fan tells PCMag in a message that she keeps so many tabs open for nostalgia reasons. "I like to scroll back and see clusters of tabs from months ago -- it's like a trip down memory lane on whatever I was doing/learning about/thinking about," she says. Surprisingly, all those tabs haven't impacted the computer's performance. "Firefox is quite memory efficient and isn't actually loading the websites unless I click on the tab -- so it's not very resource intensive," Hazel says.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission chair today made a final plea to Congress, asking for money to continue a broadband-affordability program that gave out its last round of $30 discounts to people with low incomes in April. The Affordable Connectivity Program (ACP) has lowered monthly Internet bills for people who qualify for benefits, but Congress allowed funding to run out. People may receive up to $14 in May if their ISP opted into offering a partial discount during the program's final month. After that there will be no financial help for the 23 million households enrolled in the program.

"Additional funding from Congress is the only near-term solution for keeping the ACP going," FCC Chairwoman Jessica Rosenworcel wrote in a letter to members of Congress today. "If additional funding is not promptly appropriated, the one in six households nationwide that rely on this program will face rising bills and increasing disconnection. In fact, according to our survey of ACP beneficiaries, 77 percent of participating households report that losing this benefit would disrupt their service by making them change their plan or lead to them dropping Internet service entirely." The ACP started with $14.2 billion allocated by Congress in late 2021. The $30 monthly ACP benefit replaced the previous $50 monthly subsidy from the Emergency Broadband Benefit Program.

U.S. authorities consider DJI a security threat. Congress is weighing legislation to ban it [non-paywalled link], prompting a lobbying campaign from the company, which dominates the commercial and consumer drone markets. The New York Times: DJI is on a Defense Department list of Chinese military companies whose products the U.S. armed forces will be prohibited from purchasing in the future. As part of the defense budget that Congress passed for this year, other federal agencies and programs are likely to be prohibited from purchasing DJI drones as well. The drones -- though not designed or authorized for combat use -- have also become ubiquitous in Russia's war against Ukraine.

The Treasury and Commerce Departments have penalized DJI over the use of its drones for spying on Uyghur Muslims who are held in camps by Chinese officials in the Xinjiang region. Researchers have found that Beijing could potentially exploit vulnerabilities in an app that controls the drone to gain access to large amounts of personal information, although a U.S. official said there are currently no known vulnerabilities that have not been patched. Now Congress is weighing legislation that could kill much of DJI's commercial business in the United States by putting it on a Federal Communications Commission roster blocking it from running on the country's communications infrastructure.

The bill, which has bipartisan support, has been met with a muscular lobbying campaign by DJI. The company is hoping that Americans like Mr. Nordfors who use its products will help persuade lawmakers that the United States has nothing to fear -- and much to gain -- by keeping DJI drones flying. "DJI presents an unacceptable national security risk, and it is past time that drones made by Communist China are removed from America," Representative Elise Stefanik, Republican of New York and one of the bill's primary sponsors, said in an emailed statement this month.

Google is delaying the end of third-party cookies in Chrome -- again. This marks the third time Google pushed back its original deadline set in January 2020, when the company said it would phase out third-party cookies "within two years" to improve internet security. Digiday reports: The announcement was made on Tuesday ahead of quarterly reports from Google and the ever-watchful U.K. Competition and Markets Authority (CMA), keeping tabs on how this whole situation unfolds.

"We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem," according to a statement Google posted on its website for the Privacy Sandbox. "It's also critical that the CMA has sufficient time to review all evidence including results from industry tests, which the CMA has asked market participants to provide by the end of June. Given both of these significant considerations, we will not complete third-party cookie deprecation during the second half of Q4."

Google did not outline a more specific timetable beyond hoping for 2025. [...] "We remain committed to engaging closely with the CMA and ICO and we hope to conclude that process this year," Google's statement read. "Assuming we can reach an agreement, we envision proceeding with third-party cookie deprecation starting early next year." "We welcome Google's announcement clarifying the timing of third-party cookie deprecation. This will allow time to assess the results of industry tests and resolve remaining issues," said a spokesperson from the CMA. "Under the commitments, Google has agreed to resolve our remaining competition concerns before going ahead with third-party cookie deprecation. Working closely with the ICO we expect to conclude this process by the end of 2024."

At the start of the year, Google started purging third-party cookies for one percent of browser traffic.

An anonymous reader quotes a report from Ars Technica: There's a new Linux distro on the scene today, and it's a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it's the first open source OS that complies with the automotive industry's functional safety requirements. [...] With Elektrobit's EB corbos Linux for Safety Applications (that sure is a long name), there's an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TUV Nord. (It also complies with the IEC 61508 standard for safety applications.) "The beauty of our concept is that you don't even need to safety-qualify Linux itself," said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.

"When you look at how safety is typically being done, look at communication -- you don't safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system," Neukirchner told me. "So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don't have any problems in keeping up to speed with the developer community," he explained. "Because if you start it off and say, 'Well, we're going to do Linux as a one-shot for safety,' you're going to have the next five patches and you're off [schedule] again, especially with the security regulation that's now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle."

"In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you're being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications," Neukirchner said. Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.

An anonymous reader quotes a report from Ars Technica: Home Assistant, until recently, has been a wide-ranging and hard-to-define project. The open smart home platform is an open source OS you can run anywhere that aims to connect all your devices together. But it's also bespoke Raspberry Pi hardware, in Yellow and Green. It's entirely free, but it also receives funding through a private cloud services company, Nabu Casa. It contains tiny board project ESPHome and other inter-connected bits. It has wide-ranging voice assistant ambitions, but it doesn't want to be Alexa or Google Assistant. Home Assistant is a lot.

After an announcement this weekend, however, Home Assistant's shape is a bit easier to draw out. All of the project's ambitions now fall under the Open Home Foundation, a non-profit organization that now contains Home Assistant and more than 240 related bits. Its mission statement is refreshing, and refreshingly honest about the state of modern open source projects. "We've done this to create a bulwark against surveillance capitalism, the risk of buyout, and open-source projects becoming abandonware," the Open Home Foundation states in a press release. "To an extent, this protection extends even against our future selves -- so that smart home users can continue to benefit for years, if not decades. No matter what comes." Along with keeping Home Assistant funded and secure from buy-outs or mission creep, the foundation intends to help fund and collaborate with external projects crucial to Home Assistant, like Z-Wave JS and Zigbee2MQTT.

Home Assistant's ambitions don't stop with money and board seats, though. They aim to "be an active political advocate" in the smart home field, toward three primary principles:

- Data privacy, which means devices with local-only options, and cloud services with explicit permissions
- Choice in using devices with one another through open standards and local APIs
- Sustainability by repurposing old devices and appliances beyond company-defined lifetimes

Notably, individuals cannot contribute modest-size donations to the Open Home Foundation. Instead, the foundation asks supporters to purchase a Nabu Casa subscription or contribute code or other help to its open source projects. Further reading: The Verge's interview with Home Assistant founder Paulus Schoutsen

The SEC has blocked third-party messaging apps and texts from employees' work phones, "bringing its own practices closer to the standards it's enforcing for the industry," reports Bloomberg. From the report: The SEC's decision to block disappearing-messaging apps will help improve record-keeping and address potential security vulnerabilities at the agency, which saw one of its social-media accounts compromised earlier this year. It follows about $3 billion in fines imposed on financial firms to settle allegations that they failed to keep adequate records of work-related communications on mobile devices and apps such as Signal and Meta's WhatsApp.

The scrutiny prompted Wall Street to overhaul how employees communicate on business matters using mobile phones. Meanwhile, the SEC took a hard look at policies covering its own staff's communications on agency-issued phones. The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts "to lower risk that our systems could be compromised and to enhance recordkeeping," an SEC spokeswoman said in an emailed statement. The process of blocking the apps began in September and has continued over the past several months, she added.

Framework, the company known for designing and selling upgradeable, modular laptops, has struggled with providing up-to-date software for its products. Ars Technica's Andrew Cunningham spoke with CEO Nirav Patel to discuss how the company is working on fixing these issues. Longtime Slashdot reader snikulin shares the report: Driver bundles remain un-updated for years after their initial release. BIOS updates go through long and confusing beta processes, keeping users from getting feature improvements, bug fixes, and security updates. In its community support forums, Framework employees, including founder and CEO Nirav Patel, have acknowledged these issues and promised fixes but have remained inconsistent and vague about actual timelines. [...] Patel says Framework has taken steps to improve the update problem, but he admits that the team's initial approach -- supporting existing laptops while also trying to spin up firmware for upcoming launches -- wasn't working. "We started 12th-gen [Intel Framework Laptop] development, basically the 12th-gen team was also handling looking back at 11th-gen [Intel Framework Laptop] to do firmware updates there," Patel told Ars. "And it became clear, especially as we continued to add on more platforms, that just wasn't a sustainable path to proceed on."

Part of the issue is that Framework relies on external companies to put together firmware updates. Some components are provided by Intel, AMD, and other chip companies to all PC companies that use their chips. Others are provided by Insyde, which writes UEFI firmware for Framework and others. And some are handled by Compal, the contract manufacturer that actually produces Framework's systems and has also designed and sold systems for most of the big-name PC companies. As far back as August 2023, Patel has written that the plan is to work with Compal and Insyde to hire dedicated staff to provide better firmware support for Framework laptops. However, the benefits of this arrangement have been slow to reach users. "[Compal] started recruiting on their side towards the end of last year," Patel told Ars. "And now, just at the beginning of this year, we've been able to get that whole team into place and start onboarding them. And especially after Lunar New Year, which is in early February, that team is now up and running at full speed." The goal, Patel says, is to continuously cycle through all of Framework's actively supported laptops, updating each of them one at a time before looping back around and starting the process over again. Functionality-breaking problems and security fixes will take precedence, while additional features and user requests will be lower-priority. ... snikulin adds: "As a recent Framework 13/AMD owner, I can confirm that it does not sleep properly on a default Windows 11 install. When I close the lid in the evening, the battery is dead the next morning. It's interesting to hear from Linus Sebastian (LTT) on the topic because he is a stakeholder in Framework."

Scientists from Oxford University Physics have developed a breakthrough in cloud-based quantum computing that could allow it to be harnessed by millions of individuals and companies. The findings have been published in the journal Physical Review Letters. Phys.Org reports: In the new study, the researchers use an approach dubbed "blind quantum computing," which connects two totally separate quantum computing entities -- potentially an individual at home or in an office accessing a cloud server -- in a completely secure way. Importantly, their new methods could be scaled up to large quantum computations. "Using blind quantum computing, clients can access remote quantum computers to process confidential data with secret algorithms and even verify the results are correct, without revealing any useful information. Realizing this concept is a big step forward in both quantum computing and keeping our information safe online," said study lead Dr. Peter Drmota, of Oxford University Physics.

The researchers created a system comprising a fiber network link between a quantum computing server and a simple device detecting photons, or particles of light, at an independent computer remotely accessing its cloud services. This allows so-called blind quantum computing over a network. Every computation incurs a correction that must be applied to all that follow and needs real-time information to comply with the algorithm. The researchers used a unique combination of quantum memory and photons to achieve this. The results could ultimately lead to commercial development of devices to plug into laptops, to safeguard data when people are using quantum cloud computing services. "We have shown for the first time that quantum computing in the cloud can be accessed in a scalable, practical way which will also give people complete security and privacy of data, plus the ability to verify its authenticity," said Professor David Lucas, who co-heads the Oxford University Physics research team and is lead scientist at the UK Quantum Computing and Simulation Hub, led from Oxford University Physics.

According to the latest data from the U.S. National Oceanic and Atmospheric Administration, carbon dioxide and methane levels in the atmosphere reached historic highs last year, growing at near-record fast paces. The Associated Press reports: Carbon dioxide, the most important and abundant of the greenhouse gases caused by humans, rose in 2023 by the third highest amount in 65 years of record keeping, NOAA announced Friday. Scientists are also worried about the rapid rise in atmospheric levels of methane, a shorter-lived but more potent heat-trapping gas. Both jumped 5.5% over the past decade. The 2.8 parts per million increase in carbon dioxide airborne levels from January 2023 to December, wasn't as high as the jumps were in 2014 and 2015, but they were larger than every other year since 1959, when precise records started. Carbon dioxide's average level for 2023 was 419.3 parts per million, up 50% from pre-industrial times.

Last year's methane's jump of 11.1 parts per billion was lower than record annual rises from 2020 to 2022. It averaged 1922.6 parts per billion last year. It has risen 3% in just the past five years and jumped 160% from pre-industrial levels showing faster rates of increase than carbon dioxide, said Xin "Lindsay" Lan, the University of Colorado and NOAA atmospheric scientist who did the calculations. [...] The third biggest human-caused greenhouse gas, nitrous oxide, jumped 1 part per billion last year to record levels, but the increases were not as high as those in 2020 and 2021. Nitrous oxide, which lasts about a century in the atmosphere, comes from agriculture, burning of fuels, manure and industrial processes, according to the EPA.
"Studies of the specific isotopes of methane in the air show much of the increased methane is from microbes, pointing to spiking emissions from wetlands and perhaps agriculture and landfills, but not as much the energy industry, Lan said."

An Ethiopian bank has put up posters shaming customers it says have not returned money they gained during a technical glitch. From a report: Notices bearing their names and photos could be seen outside branches of the Commercial Bank of Ethiopia (CBE) on Friday. The bank says it has recovered almost three-quarters of the $14m it lost, its head said last week. He warned that those keeping money that is not theirs will be prosecuted. Last month, an hours-long glitch allowed customers at the CBE, Ethiopia's largest commercial bank, to withdraw or transfer more than they had in their accounts.

An anonymous reader quotes a report from the New York Times: They're vast expanses that can be as big as towns: open landfills where household waste ends up, whether it's vegetable scraps or old appliances. These landfills also belch methane, a powerful, planet-warming gas, on average at almost three times the rate reported to federal regulators, according to a study published Thursday in the journal Science.

For the new study, scientists gathered data from airplane flyovers using a technology called imaging spectrometers designed to measure concentrations of methane in the air. Between 2018 and 2022, they flew planes over 250 sites across 18 states, about 20 percent of the nation's open landfills. At more than half the landfills they surveyed, researchers detected emissions hot spots, or sizable methane plumes that sometimes lasted months or years. That suggested something had gone awry at the site, like a big leak of trapped methane from layers of long-buried, decomposing trash, the researchers said.

"You can sometimes get decades of trash that's sitting under the landfill," said Daniel H. Cusworth, a climate scientist at Carbon Mapper and the University of Arizona, who led the study. "We call it a garbage lasagna." Many landfills are fitted with specialized wells and pipes that collect the methane gas that seeps out of rotting garbage in order to either burn it off or sometimes to use it to generate electricity or heat. But those wells and pipes can leak. The researchers said pinpointing leaks doesn't just help scientists get a better picture of emissions, it also helps landfill operators fix leaks. Keeping more waste out of the landfill, for example by composting food scraps, is another fix. "The Environmental Protection Agency estimates that landfills are the third largest source of human-caused methane emissions in the United States, emitting as much greenhouse gas as 23 million gasoline cars driven for a year," notes the NYT. "Overseas, the picture can be less clear, particularly in countries where landfills aren't strictly regulated. Previous surveys using satellite technology have estimated that globally, landfill methane makes up nearly 20 percent of human-linked methane emissions."

An anonymous reader shares a report: Fisker temporarily lost track of millions of dollars in customer payments as it scaled up deliveries, leading to an internal audit that started in December and took months to complete, TechCrunch has learned.

The EV startup was ultimately able to track down a majority of those payments or request new ones from customers whose payment methods had expired. But the disarray, which was described to TechCrunch by three people familiar with the internal payment crisis, took employees and resources away from Fisker's sales team at a time when the company was attempting to save itself by restructuring its business model.

Fisker struggled to keep tabs on these transactions, which included down payments and in some cases, the full price of the vehicles, because of lax internal procedures for keeping track of them, according to the people. In a few cases, it delivered vehicles without collecting any form of payment at all, they said.

In 2019 Los Angeles film/TV producer Brian Morrison painted Blockbuster's logo onto an old newspaper box — and then filled it up with used DVDs. "The Free Blockbuster movement slowly gained traction," reports the New York Times — aided at times by social media — "and eventually more than 200 other community boxes had opened from Louisiana to Canada and even Britain."

Though it's not clear how many are still operational, a 37-year-old California opened a free "Blockbuster" library outside her home earlier this year, according to the article, "and stocks it with season-specific films, subversive books and free candy." "We are social animals; we want to go out into the world and engage with each other," said Brian Morrison, who keeps a lending library outside his home. He often refills it with DVDs and VHS tapes of TV series, horror movies and, on occasion, signed independent films, and said that it had encouraged interaction with his neighbors.

Andrew Kevin Walker, a Los Angeles-based screenwriter, said he had visited secondhand stores especially to seek out films to leave in the boxes, including two sealed James Bond box sets and a copy of "Cobra," a 1986 film written by Sylvester Stallone. "It's an opportunity for people to really share their love of cinema, whether it be their favorite guilty pleasure or their favorite movie of all time," he said.

Viewers with streaming fatigue say they are tired of chasing content that moves around an ever-expanding array of platforms or even disappears altogether, and some long for the physical media that was dominant until streaming took over. "I think it's great that folks are doing this, keeping the spirit of DVDs alive, circulating film[s] in and exchanging them," said Joe Pichirallo, a film producer and professor at New York University...

Alfonso Castillo, who co-founded a Free Blockbuster on Long Island, N.Y., with his son, said the lending library sees regular turnover with people both taking and dropping off movies, including older people. "My sense is that for them, it's less of this cool novelty sort of ironic thing and more like, finally, there's a place to get DVDs again," he said.
Award-winning filmmaker Ava DuVernay misses the commentary tracks on DVDs (along with director's cuts).

But more importantly, they told the Times that when it comes to art, "nothing beats holding it in your hand... It is a part of the experience of consuming and experiencing art."

A newly discovered vulnerability baked into Apple's M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. From a report: The flaw -- a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols -- can't be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

The threat resides in the chips' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it's actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel's 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years. Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.

An anonymous reader quotes a report from Ars Technica: The Biden administration on Tuesday warned the nation's governors that drinking water and wastewater utilities in their states are facing "disabling cyberattacks" by hostile foreign nations that are targeting mission-critical plant operations. "Disabling cyberattacks are striking water and wastewater systems throughout the United States," Jake Sullivan, assistant to the President for National Security Affairs, and Michael S. Regan, administrator of the Environmental Protection Agency, wrote in a letter. "These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities." [...]

"Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices," Sullivan and Regan wrote in Tuesday's letter. They went on to urge all water facilities to follow basic security measures such as resetting default passwords and keeping software updated. They linked to this list of additional actions, published by CISA and guidance and tools jointly provided by CISA and the EPA. They went on to provide a list of cybersecurity resources available from private sector companies.

The letter extended an invitation for secretaries of each state's governor to attend a meeting to discuss better securing the water sector's critical infrastructure. It also announced that the EPA is forming a Water Sector Cybersecurity Task Force to identify vulnerabilities in water systems. The virtual meeting will take place on Thursday. "EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems," Regan said in a separate statement.

Databricks CTO Matei Zaharia "said that Databricks had to keep track of scheduling a million things," remembers adjunct MIT professor Michael Stonebraker. " He said that this can't be done with traditional operating system scheduling, and so this was done out of a Postgres database. And then he started to whine that Postgres was too slow, and I told him we can do better than that...."

This resulted in DBOS — short for "database operating system" — which they teamed up to build with teams Stanford and MIT, according to The Next Platform: They founded a company to commercialize the idea in April 2023 and secured $8.5 million initial seed funding to start building the real DBOS. Engine Ventures and Construct Capital led the funding, along with Sinewave and GutBrain Ventures...

"The state that the operating system has to keep track of — memory, files, messages, and so on — is approximately linear to the resources you have got," says Stonebraker. "So without me saying another word, keeping track of operating system state is a database problem not addressed by current operating system schedulers. Moreover, OLTP [Online Transaction Processing] database performance has gone up dramatically, and that is why we thought instead of running the database system in user space on top of the operating system, why don't we invert our thinking 180 degrees and run the operating system on top of the database, with all of the operating services are coded in SQL...?"

For now, DBOS can give the same kind of performance as that full blown Linux operating system, and thanks to the distributed database underpinnings of its kernel, it can do things that a Linux kernel just cannot do... One is provide reliable execution, which means that if a program running atop DBOS is ever interrupted, it starts where it left off and does not have to redo its work from some arbitrary earlier point and does not crash and have to start from the beginning. And because every little bit of the state of the operating system — and therefore the applications that run atop it — is preserved, you can go backwards in time in the system and restart the operating system if it experiences some sort of anomaly, such as a bad piece of application software running or a hack attack. You can use this "time travel" feature, as Stonebraker calls it, to reproduce what are called heisenbugs — ones that are very hard to reproduce precisely because there is no shared state in the distributed Linux and Kubernetes environment and that are increasingly prevalent in a world of microservices.

The other benefit of the DBOS is that it presents a smaller attack surface for hackers, which boosts security, and that you analyze the metrics of the operating system in place since they are already in a NoSQL database that can be queried rather than aggregating a bunch of log files from up and down the software stack to try to figure out what is going on...

There is also a custom tier for DBOS, which we presume costs money, that can use other databases and datastores for user application data, stores more than three days of log data, can have multiple users per account, that adds email and Slack support with DBOS techies, and that is available on other clouds as well as AWS.
The operating system kernel/scheduler "is itself largely a database," with services written in TypeScript, according to the article. The first iteration used the FoundationDB distributed key-value store for its scheduling core (open sourced by Apple in 2018), according to the article — "a blazingly fast NoSQL database... Stonebraker says there is no reason to believe that DBOS can't scale across 1 million cores or more and support Java, Python, and other application languages as they are needed by customers..."

And the article speculates they could take things even further. "There is no reason why DBOS cannot complete the circle and not only have a database as an operating system kernel, but also have a relational database as the file system for applications."

In 2020 Oregon passed Measure 110, decriminalizing possession of small amounts of drugs.

But now "America's most radical experiment with drug decriminalization has ended," writes the Atlantic, "after more than three years of painful results." Oregon Governor Tina Kotek has pledged to sign legislation repealing the principal elements of the ballot initiative... Possessing hard drugs is again a crime in Oregon, and courts will return to mandating treatment for offenders. Oregonians had supported Measure 110 with 59 percent of the vote in 2020, but three years later, polling showed that 64 percent wanted some or all of it repealed...

More than $260 million were allocated to services such as naloxone distribution, employment and housing services, and voluntary treatment... Once drugs were decriminalized and destigmatized, the thinking went, those who wanted to continue using would be more willing to access harm-reduction services that helped them use in safer ways. Meanwhile, the many people who wanted to quit using drugs but had been too ashamed or fearful to seek treatment would do so. Advocates foresaw a surge of help-seeking, a reduction in drug-overdose deaths, fewer racial disparities in the health and criminal-justice systems, lower rates of incarceration, and safer neighborhoods for all...

Measure 110 did not reduce Oregon's drug problems. The drug-overdose-death rate increased by 43 percent in 2021, its first year of implementation — and then kept rising. The latest CDC data show that in the 12 months ending in September 2023, deaths by overdose grew by 41.6 percent, versus 2.1 percent nationwide. No other state saw a higher rise in deaths... Neither did decriminalization produce a flood of help-seeking. The replacement for criminal penalties, a $100 ticket for drug possession with the fine waived if the individual called a toll-free number for a health assessment, with the aim of encouraging treatment, failed completely. More than 95 percent of people ignored the ticket, for which — in keeping with the spirit of Measure 110 — there was no consequence. The cost of the hotline worked out to about $7,000 per completed phone call, according to The Economist. These realities, as well as associated disorder such as open-air drug markets and a sharp rise in violent crime — while such crime was falling nationally — led Oregonians to rethink their drug policy.
The article notes that Oregon was the first U.S. state to decriminalize marijuana back in 1973, and had long shown low rates of imprisonment for non-violent crimes (diverting offenders into so-called "drug courts" which could mandate treatment or order court-directed supervision). "However, after Measure 110 was passed and the threat of jail time eliminated, the flow of people into these programs slowed."

But "One thing Measure 110 got right, at least in principle, is that Oregon's addiction-treatment system was grossly underfunded," the article concludes. And it adds that the newly-passed law now "provides extensive new funding for immediate needs, including detox facilities, sobering centers, treatment facilities, and the staff to support those services."

They recommend other states adopt "adequately funded, evidence-based prevention and treatment" — and instead of punitive incarcerations, "use criminal justice productively to discourage drug use."