codeaholic - Slashdot User

Submission + - Software Flaw Exposes Millions of Subarus, Rivers of Driver Data

Submitted by chicksdaddy on Monday January 27, 2025 @09:52AM

chicksdaddy writes: Vulnerabilities in Subaru's STARLINK telematics software enabled two, independent security researchers to gain unrestricted access to millions of Subaru vehicles deployed in the U.S., Canada and Japan, The Security Ledger is reporting. (https://securityledger.com/2025/01/more-of-the-shame-software-flaw-exposes-millions-of-subarus-rivers-of-driver-data/)

In a report published Thursday (https://samcurry.net/hacking-subaru) researchers Sam Curry (zlz.bsky.social) and Shubham Shah revealed a now-patched flaw in Subaru’s STARLINK connected vehicle service that allowed them to remotely control Subarus and access vehicle location information and driver data with nothing more than the vehicle’s license plate number, or easily accessible information like the vehicle owner’s email address, Zip code and phone number. (Note: Subaru STARLINK is not to be confused with the Starlink satellite- based high speed Internet service.) Curry and Shah downloaded a year's worth of vehicle location data for Curry's mother's 2023 Impreza (Curry bought her the car with the understanding that she'd let him hack it. :-) ). The two researchers also added themselves to a friend's STARLINK account without any notification to the owner and used that access to remotely lock and unlock the friend's Subaru.

The details of Curry and Shah’s hack of the STARLINK telematics system bears a strong resemblance to hacks documented in his 2023 report Web Hackers versus the Auto Industry (https://samcurry.net/web-hackers-vs-the-auto-industry/ ) as well as a September, 2024 discovery of a remote access flaw in web-based applications used by KIA automotive dealers that also gave remote attackers the ability to steal owners’ personal information and take control of their KIA vehicle.(https://securityledger.com/2024/09/kia-ko-web-hackers-vs-the-auto-industry-round-2/)

In each case, publicly accessible connected vehicle infrastructure intended for use by employees and dealers was found to be trivially vulnerable to compromise and lack even basic protections around account creation and authentication.

Submission + - China's new energy storage capacity surges to 74 GW/168 GWh in 2024, up 130% YoY (ess-news.com)

Submitted by AmiMoJo on Monday January 27, 2025 @05:29AM

AmiMoJo writes: China’s National Energy Administration (NEA) announced on January 23 that the country’s installed capacity of new energy storage had surged to 73.76 GW/168 GWh by the end of 2024, marking a twentyfold increase from the end of 2021. Compared to the 31.39 GW/66.87 GWh recorded at the end of 2023, this represents an annual growth rate exceeding 130%.

According to NEA’s definition, new types of energy storage exclude pumped hydro and include electrochemical energy storage, compressed air energy storage, flywheel energy storage, superconducting energy storage, supercapacitor energy storage, and hydrogen energy storage.

In 2024 alone, China added 42.37 GW/101.13 GWh of new storage capacity, with an average discharge duration of 2.3 hours—up from 2.1 hours in 2023. Grid operators reported that these systems operated for approximately 1,000 equivalent full-load hours throughout the year, supporting renewable energy integration, peak shaving management, and grid stability.

Submission + - Uber Will Need To Fingerprint Drivers In California To Transport Teens (techcrunch.com)

Submitted by Anonymous Coward on Monday December 16, 2024 @05:37PM

An anonymous reader writes: Uber has 30 days to require certain drivers to get fingerprinted if the ride-hail giant intends to continue transporting unaccompanied teens in California. The California Public Utilities Commission (CPUC) issued a ruling Thursday that requires taxi and ride-hail drivers who are carrying unaccompanied minors in the state to pass a fingerprint background check. The ruling also requires transport companies to pay for the cost of those background checks. “When an adult is being tasked to provide a service to a minor, the adult is placed in a position of trust, responsibility, and control over California’s most vulnerable citizenry — children,” reads the decision. “Not conducting a fingerprint-based background check to identify adults with disqualifying arrests or criminal records would place the unaccompanied minor in a potentially dangerous, if not life-threatening situation." [...]

The CPUC’s ruling also requires transport companies that intend to transport minors share information with the agency on how they implement live trip tracking for parents, what safety procedures they implement at pickup and drop-off locations, and what sort of driver training the companies implement specifically around transporting unaccompanied minors. The ruling also says that each company is responsible for paying for the checks. Uber has also argued against this stipulation, saying that forcing the company — which has a market cap of around $150 billion as of December — to pay for fingerprinting would result in a price hike for the Uber for Teens service.

Submission + - China Tested Mach 6 Jumbo Jet Prototype (interestingengineering.com)

Submitted by hackingbear on Monday December 16, 2024 @04:09PM

hackingbear writes: Scientists in China have announced that a jumbo jet prototype with a rather bulky body had managed to reach the hypersonic speed of Mach 6.56 during a flight test in 2021. The test flight results had been kept a secret [for 3 years] by the institute and authorities in China owing to the sensitivity of the project until it is revealed by the Chinese Academy of Sciences through a post on social media in which they shared a video of the jumbo jet prototype’s lift-off. The unique bulk body design addresses a big problem of other supersonic/hypersonic aircraft designs [with typical slim body] that the usable interior space of the aircraft had to be decreased as the flight speed of the vehicle decreased, restricting those designs only for missiles, unmanned reconnaissance missions, and other military uses. Cui Kai, the project’s leader and a researcher at the Institute of Mechanics under the Chinese Academy of Sciences, is quoted as saying that his design was received with much skepticism when it was first unveiled. However, the team conducted several experiments a number of times to validate each uncertainty associated with the project before the final test flight. However, Cui or the Chinese Academy of Sciences did not reveal whether a full-scale model of the aircraft has been constructed, is under construction, or the time period for its first flight.

Submission + - AT&T to kill off landline phone service for most people by 2029 (zdnet.com)

Submitted by SonicSpike on Sunday December 15, 2024 @11:45AM

SonicSpike writes: AT&T customers who still use the carrier's landline service should be prepared to say goodbye sometime in the next five years.

At its 2024 Analysts and Investors Day on Wednesday, the company said that it's "actively working to exit its legacy copper network operations across the large majority of its wireline footprint by the end of 2029." Yep, that means its traditional landlines will largely be gone by that point, at least if the roadmap comes true.

Like many carriers, AT&T has devoted more of its time, money, and resources to its broadband network and wireless services. AT&T in particular has focused on building out its fiber network, which it forecasts will expand to more than 50 million locations in the US by the end of 2029.

The problem with copper lines, argue the carriers, is that they're old, vulnerable to power surges and other electrical issues, and subject to damage from weather and other conditions. Plus, companies like AT&T simply don't want to support traditional landlines when so many people have switched to mobile or broadband services.

Submission + - Gene behind orange fur color in cats found at last (science.org)

Submitted by sciencehabit on Wednesday November 27, 2024 @02:14PM

sciencehabit writes: It would be pretty easy to guess that Garfield was a tomcat even if you didn’t know his name—or didn’t want to peek under his tail. Most orange cats are boys, a quirk of feline genetics that also explains why almost all calicos and tortoiseshells are girls.

Scientists curious about those sex differences—or perhaps just cat lovers—have spent more than 60 years unsuccessfully seeking the gene that causes orange fur and the striking patchwork of colors in calicos and tortoiseshells. Now, two teams have independently found the long-awaited mutation and discovered a protein that influences hair color in a way never seen before in any animal.

Unlike other mammals, the coat colors of cats are partially determined by their sex. Besides orange cats typically being male, calicos and tortoiseshells are almost always female. The phenomenon is due to a quirk in feline genetics: Female cats inherit an X chromosome—the suspected home of the orange fur gene—from each parent. Cells don't generally need both, however, so during embryonic development each cell randomly chooses one X to express genes from, giving calicos and tortoiseshells their striking orange and black patterns. But despite 60 years of searching, scientists haven’t figured out exactly which gene is responsible for the orange color.

In preprints published this month on bioRxiv, scientists say they have independently found the long-awaited orange mutation and discovered a protein that influences hair color in a way never seen before in any animal. Using skin samples collected from various cats, the researchers were able to hone in a mutation on the X chromosome that impacts how much of a protein a gene called Arhgap36 produces. Increasing the amount of the Arhgap36 in pigment producing cells called melanocytes activates a molecular pathway that produces a light red pigment.

“It’s a long-awaited gene,” says Leslie Lyons, a feline geneticist at the University of Missouri in Columbia. Research into cat color has revealed all kinds of phenomena, she says, including how the environment influences gene expression. “Everything you need to know about genetics you can learn from your cat.”

Submission + - US Lawmakers On EPA To Ban Pesticide Linked To Parkinson's Disease (theguardian.com)

Submitted by Anonymous Coward on Friday November 01, 2024 @11:36PM

An anonymous reader writes: More than 50 US lawmakers are calling on the Environmental Protection Agency (EPA) to join dozens of other countries in banning a widely used weedkiller linked to Parkinson’s disease and other health dangers. In a October 31 letter (PDF) to the agency, seven US senators said that paraquat, a weedkiller commonly applied on US farms, was a “highly toxic pesticide whose continued use cannot be justified given its harms to farmworkers and rural communities”. The call for a ban from the senators came after 47 members of the US House of Representatives sent a similar letter (PDF) to the EPA calling for a ban earlier in October.

The lawmakers cite scientific links between paraquat use and development of Parkinson’s and other “life threatening diseases” as well as “grave impacts on the environment”. “Health risks include a higher risk of Parkinson’s disease, with some studies finding a 64% increase in the likelihood of developing Parkinson’s, non-Hodgkin’s Lymphoma, thyroid cancer, and other thyroid issues,” they wrote. The New Jersey senator Cory Booker, organizer of the Senate letter, said the risks of paraquat exposure were “well documented” and that it was “irresponsible” for the EPA to continue to allow its use. “I hope the EPA will follow the science and ban paraquat,” Booker said. The EPA has long maintained that there is no “clear link” between paraquat exposure and Parkinson’s disease, though the agency does have a number of restrictions on use of the chemical due to its acute toxicity. The agency issued a draft report earlier this year affirming its position. Still, the agency said at that time that it would be reviewing more scientific studies and would issue a final report by January 17, 2025.

Submission + - Nvidia To Join Dow Jones Industrial Average, Replacing Intel (cnbc.com)

Submitted by Anonymous Coward on Friday November 01, 2024 @11:32PM

An anonymous reader writes: Nvidia is replacing rival chipmaker Intel in the Dow Jones Industrial Average, a shakeup to the blue-chip index that reflects the boom in artificial intelligence and a major shift in the semiconductor industry. Intel shares were down 1% in extended trading on Friday. Nvidia shares rose 1%. The switch will take place on Nov. 8. Also, Sherwin Williams will replace Dow Inc. in the index, S&P Dow Jones said in a statement (PDF).

With the addition of Nvidia, four of the six trillion-dollar tech companies are now in the index. The two not in the Dow are Alphabet and Meta. While Nvidia has been soaring, Intel has been slumping. Long the dominant maker of PC chips, Intel has lost market share to Advanced Micro Devices and has made very little headway in AI. Intel shares have fallen by more than half this year as the company struggles with manufacturing challenges and new competition for its central processors. Intel said in a filing this week that the board’s audit and finance committee approved cost and capital reduction activities, including lowering head count by 16,500 employees and reducing its real estate footprint. The job cuts were originally announced in August.

The Dow contains 30 components and is weighted by the share price of the individual stocks instead of total market value. Nvidia put itself in better position to join the index in May, when the company announced a 10-for-1 stock split. While doing nothing to its market cap, the move slashed the price of each share by 90%, allowing the company to become a part of the Dow without having too heavy a weighting. The switch is the first change to the index since February, when Amazon replaced Walgreens Boots Alliance. Over the years, the Dow has been playing catchup in gaining exposure to the largest technology companies. The stocks in the index are chosen by a committee from S&P Dow Jones Indices.

Submission + - Watch as "Halloween Comet" dies an early death

Submitted by davidwr on Monday October 28, 2024 @06:03PM

davidwr writes: Most vampires can't survive sunlight, and neither could the would-be "Halloween Comet" C/2024 S1 (Atlas). You can watch the video of it burning up earlier today here (ESA/NASA SOHO via space.com).

Submission + - Journals w/ high rates of suspicious papers flagged by science-integrity startup (nature.com)

Submitted by schwit1 on Wednesday October 23, 2024 @10:11AM

schwit1 writes: Scitility’s tool ‘Argos’ identifies work whose authors have a record of misconduct.

Which scientific publishers and journals are worst affected by fraudulent or dubious research papers — and which have done least to clean up their portfolio? A technology start-up founded to help publishers spot potentially problematic papers says that it has some answers, and has shared its early findings with Nature.

The science-integrity website Argos, which was launched in September by Scitility, a technology firm headquartered in Sparks, Nevada, gives papers a risk score on the basis of their authors’ publication records, and on whether the paper heavily cites already-retracted research. A paper categorized as ‘high risk’ might have multiple authors whose other studies have been retracted for reasons related to misconduct, for example. Having a high score doesn’t prove that a paper is low quality, but suggests that it is worth investigating.

Argos is one of a growing number of research-integrity tools that look for red flags in papers. These include the Papermill Alarm, made by Clear Skies, and Signals, by Research Signals, both London-based firms. Because creators of such software sell their manuscript-screening tools to publishers, they are generally reluctant to name affected journals. But Argos, which is offering free accounts to individuals and fuller access to science-integrity sleuths and journalists, is the first to show public insights.

“We wanted to build a piece of technology that was able to see hidden patterns and bring transparency to the industry,” says Scitility co-founder Erik de Boer, who is based in Roosendaal, the Netherlands.

By early October, Argos had flagged more than 40,000 high-risk and 180,000 medium-risk papers. It has also indexed more than 50,000 retracted papers.

Submission + - Easter Island findings change everything we know about the Earth's mantle (labrujulaverde.com)

Submitted by Anonymous Coward on Monday October 21, 2024 @06:55PM

An anonymous reader writes: Easter Island findings change everything we know about the Earth’s mantle and how it moves beneath the crust

Traditionally, textbooks have described the mantle as a viscous, well-mixed layer that shifts along with tectonic plates, much like a conveyor belt. This theory has been a cornerstone of geology for nearly a century but has been notoriously difficult to prove. Now, a study by geologists from Cuba, Colombia, and the Netherlands is challenging that long-held view.

Easter Island, known for its extinct volcanoes, was formed around 2.5 million years ago. In 2019, a team of geologists from Cuba and Colombia traveled to the island to accurately date its volcanic origins. To do so, they used a technique called zircon dating. Zircons are minerals that form when magma cools, and they contain trace amounts of uranium, which decays into lead at a known rate. By measuring the ratio of uranium to lead in these zircons, scientists can determine how long ago the minerals crystallized.

The team, led by Cuban geologist Yamirka Rojas-Agramonte, discovered hundreds of zircons on Easter Island, but to their surprise, some of these minerals dated back as far as 165 million years—far older than the 2.5 million years expected. This posed a major puzzle. How could such ancient minerals exist on a relatively young volcanic island?

In essence, the discovery suggests that the mantle behaves quite differently from what geologists have long assumed. Rather than constantly flowing with tectonic plates, the mantle around hotspot plumes may remain relatively still, allowing ancient materials to persist.

This revelation could force a significant reevaluation of how the Earth’s mantle operates and moves, potentially altering fundamental geological theories about plate tectonics and mantle dynamics.

Submission + - Cheap AI 'Video Scraping' Can Now Extract Data From Any Screen Recording (arstechnica.com)

Submitted by Anonymous Coward on Friday October 18, 2024 @04:52PM

An anonymous reader writes: Recently, AI researcher Simon Willison wanted to add up his charges from using a cloud service, but the payment values and dates he needed were scattered among a dozen separate emails. Inputting them manually would have been tedious, so he turned to a technique he calls "video scraping," which involves feeding a screen recording video into an AI model, similar to ChatGPT, for data extraction purposes. What he discovered seems simple on its surface, but the quality of the result has deeper implications for the future of AI assistants, which may soon be able to see and interact with what we're doing on our computer screens.

"The other day I found myself needing to add up some numeric values that were scattered across twelve different emails," Willison wrote in a detailed post on his blog. He recorded a 35-second video scrolling through the relevant emails, then fed that video into Google's AI Studio tool, which allows people to experiment with several versions of Google's Gemini 1.5 Pro and Gemini 1.5 Flash AI models. Willison then asked Gemini to pull the price data from the video and arrange it into a special data format called JSON (JavaScript Object Notation) that included dates and dollar amounts. The AI model successfully extracted the data, which Willison then formatted as CSV (comma-separated values) table for spreadsheet use. After double-checking for errors as part of his experiment, the accuracy of the results—and what the video analysis cost to run—surprised him.

"The cost [of running the video model] is so low that I had to re-run my calculations three times to make sure I hadn’t made a mistake," he wrote. Willison says the entire video analysis process ostensibly cost less than one-tenth of a cent, using just 11,018 tokens on the Gemini 1.5 Flash 002 model. In the end, he actually paid nothing because Google AI Studio is currently free for some types of use.

Submission + - Solar-powered low-cost drinking water desalination system without batteries (knowridge.com) 1

Submitted by schwit1 on Monday October 14, 2024 @11:42AM

schwit1 writes: Engineers from MIT have developed a groundbreaking desalination system that runs entirely on solar power without needing extra batteries.

This innovative system can remove salt from water by adapting its energy use to the amount of sunlight available, offering a more efficient, low-cost way to produce clean drinking water.

The research, published in Nature Water, highlights the potential of this technology to provide much-needed drinking water, especially in areas with limited access to electricity or seawater.

Unlike traditional desalination systems that rely on fossil fuels or need constant energy supplies, this solar-powered system adjusts its operations based on sunlight levels.

As the sun rises during the day, the system increases its desalination rate, and when clouds block the sun, the system quickly reduces its energy consumption.

This flexibility allows the system to maximize the use of solar energy without needing a battery or a backup power source.

The system was tested on groundwater wells in New Mexico over six months, where it produced up to 5,000 liters of clean water per day, even with changing weather conditions. On average, the system converted over 94% of the solar energy into desalination power, outperforming other solar-powered desalination systems.

“Conventional desalination systems need steady power, often provided by batteries, to handle variable solar energy,” said Winter. “Our system, by varying its energy use in sync with the sun, eliminates the need for extra power storage while efficiently producing water.”

Submission + - Court rules ISP should have terminated Internet users accused of piracy (arstechnica.com) 1

Submitted by SonicSpike on Saturday October 12, 2024 @08:25PM

SonicSpike writes: Music publishing companies notched another court victory against a broadband provider that refused to terminate the accounts of Internet users accused of piracy. In a ruling on Wednesday, the conservative-leaning US Court of Appeals for the 5th Circuit sided with the big three record labels against Grande Communications, a subsidiary of Astound Broadband.

The appeals court ordered a new trial on damages because it said the $46.8 million award was too high, but affirmed the lower court's finding that Grande is liable for contributory copyright infringement.

"Here, Plaintiffs [Universal, Warner, and Sony] proved at trial that Grande knew (or was willfully blind to) the identities of its infringing subscribers based on Rightscorp’s notices, which informed Grande of specific IP addresses of subscribers engaging in infringing conduct. But Grande made the choice to continue providing services to them anyway, rather than taking simple measures to prevent infringement," said the unanimous ruling by three judges.

Rightscorp is a copyright-enforcement company used by the music labels to detect copyright infringement. The company monitors torrent downloads to find users' IP addresses and sends infringement notices to Internet providers that serve subscribers using those IP addresses.

"The evidence at trial demonstrated that Grande had a simple measure available to it to prevent further damages to copyrighted works (i.e., terminating repeat infringing subscribers), but that Grande never took it," the 5th Circuit ruling said. "On appeal, Grande and its amici make a policy argument—that terminating Internet services is not a simple measure, but instead a 'draconian overreaction' that is a 'drastic and overbroad remedy'—but a reasonable jury could, and did, find that Grande had basic measures, including termination, available to it. And because Grande does not dispute any of the evidence on which Plaintiffs relied to prove material contribution, there is no basis to conclude a reasonable jury lacked sufficient evidence to reach that conclusion."

Submission + - Europeans Spend 575 Million Hours Clicking Cookie Banners Every Year (legiscope.com) 1

Submitted by exodude on Saturday October 12, 2024 @02:28PM

exodude writes: A recent study reveals that Europeans spend over 575 million hours each year clicking through cookie consent banners, resulting in an economic loss of €14.35 billion. Consent banners are mandated by the outdated ePrivacy Directive from 2002, that was originally intended to protect user privacy. However, in a lot of cases today, banners are used by small and medium-sized businesses (SMBs) to understand website usage and providing minimal actual privacy benefits.

The cumulated time loss is equivalent to 287,500 full-time employees dedicating their workdays accepting cookie banners every year...

Experts are urging an urgent revision of the ePrivacy Directive to exempt SMBs, thereby alleviating the €14.35 billion burden and reclaiming valuable time for both businesses and users.

Slashdot Top Deals