TeCHnology

It's online until the end of the weekend.

A massive, Jupiter-size planet has been found orbiting a relatively small, low-mass star, surprising astronomers and challenging theories on how planets form.

The extrasolar planet, or exoplanet, orbits the red dwarf TOI-4860. Located in the constellation of Corvus, TOI-4860 has a mass equivalent to just around a third of the sun's. The exoplanet in question, aptly designated TOI-4860 b , falls close enough to the star to complete an orbit approximately once every 1.5 Earth days, classifying it as a "warm Jupiter."

This is unusual for two reasons.

First, with widths equivalent to about three-quarters of Jupiter's, planets like this one aren't supposed to form around low-mass stars. Second, TOI-4860 b seems to be enriched with a high proportion of metals  — a term astronomers use to describe elements heavier than hydrogen and helium.

"Under the canonical planet formation model, the less mass a star has, the less massive is the disk of material around that star," team member and University of Birmingham Ph.D. candidate, George Dransfield, said in a statement. "Since planets are created from that disk, high-mass planets like Jupiter were widely expected not to form. However, we were curious about this and wanted to check planetary candidates to see if it was possible. TOI-4860 is our first confirmation and also the lowest mass star hosting such a high mass planet."

IBM and open-source AI platform Hugging Face today announced that IBM's watsonx.ai geospatial foundation model – built from NASA's satellite data – will now be openly available on Hugging Face. It will be the largest geospatial foundation model on Hugging Face and the first-ever open-source AI foundation model built in collaboration with NASA.

Access to the latest data remains a significant challenge in climate science where environmental conditions change almost daily. And, despite growing amounts of data — estimates from NASA suggest that by 2024, scientists will have 250,000 terabytes of data from new missions — scientists and researchers still face obstacles in analyzing these large datasets. As part of a Space Act Agreement with NASA, IBM set out earlier this year to build an AI foundation model for geospatial data. And now, by making a geospatial foundation model available via Hugging Face — a recognized leader in open-source and a well-known repository for all transformer models — efforts can advance to democratize access and application of AI to generate new innovations in climate and Earth science.

"The essential role of open-source technologies to accelerate critical areas of discovery such as climate change has never been clearer," said Sriram Raghavan, Vice President, IBM Research AI. "By combining IBM's foundation model efforts aimed at creating flexible, reusable AI systems with NASA's repository of Earth-satellite data, and making it available on the leading open-source AI platform, Hugging Face, we can leverage the power of collaboration to implement faster and more impactful solutions that will improve our planet."

"AI remains a science-driven field, and science can only progress through information sharing and collaboration," said Jeff Boudier, head of product and growth at Hugging Face. "This is why open-source AI and the open release of models and datasets are so fundamental to the continued progress of AI, and making sure the technology will benefit as many people as possible."

"We believe that foundation models have the potential to change the way observational data is analyzed and help us to better understand our planet," said Kevin Murphy, Chief Science Data Officer, NASA. "And by open sourcing such models and making them available to the world, we hope to multiply their impact."

The model – trained jointly by IBM and NASA on Harmonized Landsat Sentinel-2 satellite data (HLS) over one year across the continental United States and fine-tuned on labeled data for flood and burn scar mapping — has demonstrated to date a 15 percent improvement over state-of-the-art techniques using half as much labeled data. With additional fine tuning, the base model can be redeployed for tasks like tracking deforestation, predicting crop yields, or detecting and monitoring greenhouse gasses. IBM and NASA researchers are also working with Clark University to adapt the model for applications such as time-series segmentation and similarity research.

Google is carrying out its corporate mission statement – to organize the world's information and make it universally accessible and useful – by offering to hide certain information in its search results.

In the interest of privacy – something of an issue at the Mountain View, California-based ad giant – the Chocolate Factory has upgraded its "Results About You" tool, introduced last year as a way to help people remove personally identifiable information from Google Search results.

Essentially, you can get alerted when your personal contact information turns up in search results, and tell Google to not show that.

"In the coming days, we’ll be rolling out a new dashboard that will let you know if web results with your contact information are showing up on Search," said Danielle Romain, VP of trust, in an announcement this week.

"Then, you can quickly request the removal of those results from Google — right in the tool. We'll also notify you when new results from the web containing your contact info pop up in Search, to give you added peace of mind."

A group of hackers have exposed an exploit that can unlock Tesla’s software-locked features worth up to $15,000.

Free heated seats and Full Self-Driving package, anyone?

Software-locked features that need to be activated by the owner paying or subscribing to a service are becoming increasingly popular in the auto industry.

Tesla has been on board that trend very early since it produced virtually all its vehicles with the same hardware and owners can unlock features later through software updates.

This includes features like heated seats, acceleration boost, and even Tesla’s Full Self-Driving package, which costs $15,000.

It creates a market for people trying to get around the software lock.

A group of security researchers (aka hackers) at TU Berlin announced that they managed to exploit a weakness in the onboard computer to unlock these features:

Tesla has been known for their advanced and well-integrated car computers, from serving mundane entertainment purposes to fully autonomous driving capabilities. More recently, Tesla has started using this well-established platform to enable in-car purchases, not only for additional connectivity features but even for analog features like faster acceleration or rear heated seats. As a result, hacking the embedded car computer could allow users to unlock these features without paying.

They plan to unveil the result of their exploit in a presentation called “Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla’s x86-Based Seat Heater” next week.

The hack requires physical access to the car, and it involves a “voltage fault injection attack” on the AMD-based infotainment system:

For this, we are using a known voltage fault injection attack against the AMD Secure Processor (ASP), serving as the root of trust for the system. First, we present how we used low-cost, off-the-self hardware to mount the glitching attack to subvert the ASP’s early boot code. We then show how we reverse-engineered the boot flow to gain a root shell on their recovery and production Linux distribution.

The group of hackers claims that their “Tesla Jailbreak” is “unpatchable” and allows to run “arbitrary software on the infotainment.”

Two separate data analysis firms say the Twitter killer from Instagram has unraveled even as Meta has rushed to add highly requested features.

Similarweb, a digital intelligence platform, shared its data with Gizmodo showing Threads daily active users hovered around 49 million just two days after launch. By Aug. 1 that number had cratered to just over 9.6 million. Engagement is also way down from early in Thread’s lifespan. Similarweb’s data shows time spent on the app in all available markets peaked on July 6 at about 14 minutes a day, but that time has been cut to just 2.3 minutes by Aug. 1..

David Carr, a senior insights manager at the analysis company, told us the engagement time based on just U.S. user data was slightly more favorable to Threads, but not by much. The app peaked at 20 minutes but now it’s keeping steady at around 3 minutes for U.S. users.

According to the market research firm Sensor Tower, as CNN first reported and later seen by Gizmodo, the daily active user count on Threads is down 82% from when the app launched July 5 to July 31. According to Sensor Tower, the app was leveraging about 44 million DAU at its peak as more folks sought a real Twitter alternative. By the end of the month, it was hovering around 8 million visitors. The company told CNN that DAU is falling at about 1% every day. Sensor Tower data also mentioned that engagement was down to just 2.9 minutes a day compared to 19 minutes earlier in July.

UPDATE, Aug. 4, 2023: NASA has reestablished full communications with Voyager 2.

Microsoft has killed its standalone Cortana app on Windows 11. If you have the app installed on your PC, Microsoft has just released a new update that will make it display a message explaining that it’s now been deprecated (via Windows Latest).

Back in June, Microsoft warned that it would stop supporting Cortana as a standalone app in Windows 11 and Windows 10 in “late 2023,” but we’re already there. If the Cortana app no longer works on Windows 11, Cortana remains available as a “productivity assistant” in Outlook mobile, Teams mobile, Microsoft Teams displays, and Microsoft Teams rooms.

Cortana first launched on Windows Phone 8.1 back in 2014, and Microsoft brought it to Windows 10 PCs a year later. Unfortunately, the voice assistant never enjoyed the same momentum as Alexa or the Google Assistant, and except for the Harman Kardon Invoke, there was no interest from third-party manufacturers to include Cortana in their products.

In recent years, Microsoft tried to focus on productivity use cases for Cortana, but the writing was already on the wall. Despite the end of support for Cortana on Windows, Panos Panay, Microsoft’s Chief Product Officer said at CES earlier this year that AI was “going to reinvent how you do everything on Windows.” This bold claim is already starting to materialize with Microsoft’s various “Copilot” products built with OpenAI’s GPT-4 technology.

Brave Software, maker of the Brave web browser, has tuned its search engine to run on a homegrown index of images and videos in an effort to end its dependency on "Big Tech" rivals.

On Thursday, the biz said image and video results from Brave Search – available on the web at search.brave.com and via its browser – will be served from Brave's own index.

Search indexes are made by visiting online resources – typically web pages, images, videos, or other files – with a crawler bot and recording the locations of these resources in a database. And when an internet user submits a query to a search engine, the search engine checks its index (and possible other sources) to find the addresses of resources that correspond to the query keywords. There's actually a lot more to it but that's the basic idea.

Ranking matches from the list in such a way that the search user sees results ordered by predicted relevance is an ongoing computer science challenge, one that Google handled effectively for years with the help of its PageRank algorithm and other machinations. And it continues to dominate the US search market, with more than 90 percent market share in June, according to Similarweb.

But in recent years, there has been growing sentiment that Google Search is getting worse. Part of the problem is AI content generation, which is being used to create web spam, to the detriment of web users.

Yet AI is also part of the supposed solution, at least for rival Microsoft, which sees OpenAI's chatbot tech as a way to rewrite the expectations for web search at Google's expense.

A glitch may have silenced NASA’s Voyager 2 spacecraft until mid-October—but a “heartbeat” signal offers hope for reestablishing contact earlier.

Earth may not hear from one of its most beloved spacecraft until mid-October because of a glitch that altered Voyager 2’s orientation to our planet. But NASA engineers have caught a “heartbeat” signal that the agency says might help it reestablish communications sooner.

“A series of planned commands sent to NASA’s Voyager 2 spacecraft July 21 inadvertently caused the antenna to point 2 degrees away from Earth,” wrote NASA officials in a July 28 statement. “As a result, Voyager 2 is currently unable to receive commands or transmit data back to Earth.”

Since the initial glitch, NASA has detected what mission personnel call a carrier signal from the spacecraft, which confirms that it’s still operating properly.

“A bit like hearing the spacecraft’s ‘heartbeat,’ it confirms the spacecraft is still broadcasting, which engineers expected,” wrote officials at NASA’s Jet Propulsion Laboratory, which operates the spacecraft, in a tweet on August 1. “Engineers will now try to send Voyager 2 a command to point itself back at Earth.”

If that doesn’t work, NASA expects Voyager 2 will resume communications in October thanks to regularly scheduled commands that direct the spacecraft to reset its orientation. The next of these reorientation maneuvers will occur on October 15.

Voyager 2 launched in August of 1977, about two weeks before its twin Voyager 1, which swung past Jupiter and Saturn, followed by Titan, Saturn’s largest moon. Voyager 2 took a different path, zipping by Jupiter and Saturn and then Uranus and Neptune. To date, it remains the only spacecraft to ever visit the latter two planets.

Pixar, Adobe, Apple, Autodesk, and NVIDIA, together with the Joint Development Foundation (JDF), an affiliate of the Linux Foundation, today announced the Alliance for OpenUSD (AOUSD) to promote the standardization, development, evolution, and growth of Pixar’s Universal Scene Description technology. The alliance seeks to standardize the 3D ecosystem by advancing the capabilities of Open Universal Scene Description (OpenUSD). By promoting greater interoperability of 3D tools and data, the alliance will enable developers and content creators to describe, compose, and simulate large-scale 3D projects and build an ever-widening range of 3D-enabled products and services.

Created by Pixar Animation Studios, OpenUSD is a high-performance 3D scene description technology that offers robust interoperability across tools, data, and workflows. Already known for its ability to collaboratively capture artistic expression and streamline cinematic content production, OpenUSD’s power and flexibility make it an ideal content platform to embrace the needs of new industries and applications.

The alliance will develop written specifications detailing the features of OpenUSD. This will enable greater compatibility and wider adoption, integration, and implementation, and allows inclusion by other standards bodies into their specifications. The Linux Foundation’s JDF was chosen to house the project, as it will enable open, efficient, and effective development of OpenUSD specifications, while providing a path to recognition through the International Organization for Standardization (ISO).

AOUSD will also provide the primary forum for the collaborative definition of enhancements to the technology by the greater industry. The alliance invites a broad range of companies and organizations to join and participate in shaping the future of OpenUSD.

After more than five years of extensive litigation by noyb, the German Kartellamt and decisions by the EDPB and CJEU it seems that Meta finally complies with EU privacy laws. The company announced it will ask its users for consent before showing behavioral ads in the future. It is uncelar if Meta fully applies the consent requirement. noyb will follow up with litigation if the GDPR is not fully implemented by Meta.

Meta might finally buckle. On Tuesday, Meta announced its intention to change the legal basis used "to process certain data for behavioural advertising" for people living in the European Union and Switzerland from "legitimate interest" to "consent". Although we have to wait to see the details, we might finally see some progress in the protection of the user's data privacy. Depending on Meta's implementation of this change, people living in the EU could for the first time gain some control over their data.

No way out. While the social media corporations' PR department talks about a supposedly new GDPR interpretation by the Irish DPC that resulted in the upcoming adaptation, the reality is much more unpleasent for Meta. Following two noyb complaints from 2018, the EDPB decided earlier this year, that it is forbidden to Meta to use personal data for advertising. Furthermore, the CJEU decided in July, that company is not allowed to use personal data beyond what is strictly necessary to provide its core products. Although the Irish DPC hasn't yet enforced these decisions, there seems to be no way out anymore.

Two of humanity's most ubiquitous historical materials, cement and carbon black (which resembles very fine charcoal), may form the basis for a novel, low-cost energy storage system, according to a new study. The technology could facilitate the use of renewable energy sources such as solar, wind, and tidal power by allowing energy networks to remain stable despite fluctuations in renewable energy supply.

The two materials, the researchers found, can be combined with water to make a supercapacitor — an alternative to batteries — that could provide storage of electrical energy. As an example, the MIT researchers who developed the system say that their supercapacitor could eventually be incorporated into the concrete foundation of a house, where it could store a full day’s worth of energy while adding little (or no) to the cost of the foundation and still providing the needed structural strength. The researchers also envision a concrete roadway that could provide contactless recharging for electric cars as they travel over that road.

The simple but innovative technology is described this week in the journal PNAS, in a paper by MIT professors Franz-Josef Ulm, Admir Masic, and Yang-Shao Horn, and four others at MIT and at the Wyss Institute for Biologically Inspired Engineering.

Capacitors are in principle very simple devices, consisting of two electrically conductive plates immersed in an electrolyte and separated by a membrane. When a voltage is applied across the capacitor, positively charged ions from the electrolyte accumulate on the negatively charged plate, while the positively charged plate accumulates negatively charged ions. Since the membrane in between the plates blocks charged ions from migrating across, this separation of charges creates an electric field between the plates, and the capacitor becomes charged. The two plates can maintain this pair of charges for a long time and then deliver them very quickly when needed. Supercapacitors are simply capacitors that can store exceptionally large charges.

...

The team calculated that a block of nanocarbon-black-doped concrete that is 45 cubic meters (or yards) in size — equivalent to a cube about 3.5 meters across — would have enough capacity to store about 10 kilowatt-hours of energy, which is considered the average daily electricity usage for a household. Since the concrete would retain its strength, a house with a foundation made of this material could store a day’s worth of energy produced by solar panels or windmills and allow it to be used whenever it’s needed. And, supercapacitors can be charged and discharged much more rapidly than batteries.

After a series of tests used to determine the most effective ratios of cement, carbon black, and water, the team demonstrated the process by making small supercapacitors, about the size of some button-cell batteries, about 1 centimeter across and 1 millimeter thick, that could each be charged to 1 volt, comparable to a 1-volt battery. They then connected three of these to demonstrate their ability to light up a 3-volt light-emitting diode (LED). Having proved the principle, they now plan to build a series of larger versions, starting with ones about the size of a typical 12-volt car battery, then working up to a 45-cubic-meter version to demonstrate its ability to store a house-worth of power.

There is a tradeoff between the storage capacity of the material and its structural strength, they found. By adding more carbon black, the resulting supercapacitor can store more energy, but the concrete is slightly weaker, and this could be useful for applications where the concrete is not playing a structural role or where the full strength-potential of concrete is not required. For applications such as a foundation, or structural elements of the base of a wind turbine, the “sweet spot” is around 10 percent carbon black in the mix, they found.

The City of Hope-developed investigational small molecule selectively disrupts DNA replication and repair in cancer cells, leaving healthy cells unaffected, a new study reports.

LOS ANGELES, Aug. 1, 2023 /PRNewswire/ -- Researchers at City of Hope, one of the largest cancer research and treatment organizations in the United States, today published a new study explaining how they took a protein once thought to be too challenging for targeted therapy, proliferating cell nuclear antigen (PCNA), and developed a targeted chemotherapy that appears to annihilate all solid tumors in preclinical research. As the scientists continue to investigate the foundational mechanisms that make this cancer-stopping pill work in animal models, they note that there is an ongoing Phase 1 clinical trial testing the City of Hope-developed therapeutic in humans.

Mailvelope is a browser add-on that you can use in Chrome, Edge and Firefox to securely encrypt your emails with PGP using webmail providers

The messenger service WhatsApp no longer has access to the more than 100 billion daily messages on its platform, a comprehensive security test funded by the Swiss National Science Foundation (SNSF) has concluded. One identified weakness can be resolved with a strong password.

An end-to-end encryption is used to ensure the confidentiality of WhatsApp. However, until recently, the automatic backup of the chats did not offer the same security, according to a statementExternal link by the SNSF. This is because the personal key to the data stored in the cloud was known to the company.

“Backups were safe from everyone apart from WhatsApp itself,” said Julia Hesse, a cryptographer from the IBM Research Institute in Zurich who has received funding from the SNSF.

Wiz Research discovered CVE-2023-2640 and CVE-2023-32629, two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu affecting 40% of Ubuntu cloud workloads.

CVE-2023-2640 and CVE-2023-32629 were found in the OverlayFS module in Ubuntu, which is a widely used Linux filesystem that became highly popular with the rise of containers as its features enable the deployment of dynamic filesystems based on pre-built images. OverlayFS serves as an attractive attack surface as it has a history of numerous logical vulnerabilities that were easy to exploit. This makes the new discovered vulnerabilities especially risky given the exploits for the past OverlayFS vulnerabilities work out of the box without any changes.

The two vulnerabilities are exclusive to Ubuntu because Ubuntu introduced several changes to the OverlayFS module in 2018. These modifications did not pose any risks at the time. In 2020, a security vulnerability was discovered and patched in the Linux kernel, however due to Ubuntu’s modifications, an additional vulnerable flow was never fixed in Ubuntu.

The new Overflow AI offerings come on the heels of the company’s annual developer survey that revealed that the majority of developers want to use AI tools but only 40% actually trust AI.

Overflow AI is not a single product, rather, it is a series of initiatives including updated AI search on both the public and enterprise platforms. For enterprise, there is also an Overflow AI Visual Studio code extension as well as a Slack integration.

Stack Overflow for Teams will also benefit from Overflow AI to help with enterprise knowledge ingestion. The overall goal is to help make it easier for developers and enterprises to find and use the information they need.

Tianhao Chi chitianhao at google.com:

We are very excited to announce that case randomization of DNS query names sent to authoritative nameservers has been enabled globally in Google Public DNS! This means that almost all UDP queries (over 90% based on recent measurements) sent from Google Public DNS to authoritative nameservers are protected with case randomization. This significantly reduces the risk of cache poisoning attacks.

As previously reported, Quad9 has been part of a potentially precedent-setting legal case involving Sony Music Entertainment (Germany). The suit involves Sony’s demand that Quad9 block DNS resolution for our users for a specific domain, unrelated to Quad9, on which Sony asserts there are web-based links that lead to copyright-infringing content.

We objected to the injunction, but Sony prevailed, and the injunction was upheld...

The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents.

According to the Wall Street watchdog, material incidents are those that a public company's shareholders would consider important "in making an investment decision."

The SEC also adopted new regulations mandating foreign private issuers to provide equivalent disclosures following cybersecurity breaches.

"Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors. Currently, many public companies provide cybersecurity disclosure to investors," said SEC Chair Gary Gensler today.

"I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today's rules will benefit investors, companies, and the markets connecting them."

Listed companies must now include details about the cyberattack (including the incident's nature, scope, and timing) in periodic report filings, specifically on 8-K forms.

Why Vivaldi browser thinks Google’s new proposal, the Web-Environment-Integrity spec, is a major threat to the open web and should be pushed back. ...

So, what is the issue?

Simply, if an entity has the power of deciding which browsers are trusted and which are not, there is no guarantee that they will trust any given browser. Any new browser would by default not be trusted until they have somehow demonstrated that they are trustworthy, to the discretion of the attesters. Also, anyone stuck running on legacy software where this spec is not supported would eventually be excluded from the web.

​To make matters worse, the primary example given of an attester is Google Play on Android. This means Google decides which browser is trustworthy on its own platform. I do not see how they can be expected to be impartial.

On Windows, they would probably defer to Microsoft via the Windows Store, and on Mac, they would defer to Apple. So, we can expect that at least Edge and Safari are going to be trusted. Any other browser will be left to the good graces of those three companies.

In this paper we take a broad look at child sexual exploitation concerns on decentralized social media, present new findings on the nature and prevalence of child safety issues on the Fediverse, and offer several proposals to improve the ecosystem in a sustainable manner. We focus primarily on the Fediverse (i.e., the ecosystem supporting the ActivityPub protocol) and Mastodon, but several techniques could also be repurposed on decentralized networks such as Nostr, or semi-centralized networks such as Bluesky.