ReportWire

Tag: ars technica

  • The UK Has No Coal-Fired Power Plants for the First Time in 142 Years

    The UK Has No Coal-Fired Power Plants for the First Time in 142 Years

    [ad_1]

    On Monday, the UK saw the closure of its last operational coal power plant, Ratcliffe-on-Soar, which has been operating since 1968. The closure of the plant, which had a capacity of 2,000 megawatts, brought to an end to the history of the country’s coal use, which started with the opening of the first coal-fired power station in 1882. Coal played a central part in the UK’s power system in the interim, in some years providing over 90 percent of its total electricity.

    But a number of factors combined to place coal in a long-term decline: the growth of natural-gas-powered plants and renewables, pollution controls, carbon pricing, and a government goal to hit net-zero greenhouse gas emissions by 2050.

    From Boom to Bust

    It’s difficult to overstate the importance of coal to the UK grid. It was providing over 90 percent of the UK’s electricity as recently as 1956. The total amount of power generated continued to climb well after that, reaching a peak of 212 terawatt hours of production by 1980. And the construction of new coal plants was under consideration as recently as the late 2000s. According to the organization Carbon Brief’s excellent timeline of coal use in the UK, continuing the use of coal with carbon capture was given consideration.

    But several factors slowed the use of fuel ahead of any climate goals set out by the UK, some of which have parallels to the situation in the US. The European Union, which included the UK at the time, instituted new rules to address acid rain, which raised the cost of coal plants. In addition, the exploitation of oil and gas deposits in the North Sea provided access to an alternative fuel. Meanwhile, major gains in efficiency and the shift of some heavy industry overseas cut demand in the UK significantly.

    Through their effect on coal use, these changes also lowered employment in coal mining. The mining sector has sometimes been a significant force in UK politics, but the decline of coal reduced the number of people employed in the sector, reducing its political influence.

    These had all reduced the use of coal even before governments started taking any aggressive steps to limit climate change. But, by 2005, the EU implemented a carbon trading system that put a cost on emissions. By 2008, the UK government adopted national emissions targets, which have been maintained and strengthened since then by both Labour and Conservative governments up until Rishi Sunak, who was voted out of office before he had altered the UK’s trajectory. What started as a pledge for a 60 percent reduction in greenhouse gas emissions by 2050 now requires the UK to hit net zero by that date.

    These have included a floor on the price of carbon that ensures fossil-powered plants pay a cost for emissions that’s significant enough to promote the transition to renewables, even if prices in the EU’s carbon trading scheme are too low for that. And that transition has been rapid, with the total generations by renewables nearly tripling in the decade since 2013, heavily aided by the growth of offshore wind.

    How to Clean Up the Power Sector

    The trends were significant enough that, in 2015, the UK announced that it would target the end of coal in 2025, despite the fact that the first coal-free day on the grid wouldn’t come until two years after. But two years after that landmark, however, the UK was seeing entire weeks where no coal-fired plants were active.

    To limit the worst impacts of climate change, it will be critical for other countries to follow the UK’s lead. So it’s worthwhile to consider how a country that was committed to coal relatively recently could manage such a rapid transition. There are a few UK-specific factors that won’t be possible to replicate everywhere. The first is that most of its coal infrastructure was quite old—Ratcliffe-on-Soar dates from the 1960s—and so it required replacement in any case. Part of the reason for its aging coal fleet was the local availability of relatively cheap natural gas, something that might not be true elsewhere, which put economic pressure on coal generation.

    [ad_2]

    John Timmer, Ars Technica

    Source link

  • An International Space Station Leak Is Getting Worse—and Keeping NASA Up at Night

    An International Space Station Leak Is Getting Worse—and Keeping NASA Up at Night

    [ad_1]

    US space officials do not like to talk about the perils of flying astronauts on the aging International Space Station, elements of which are now more than a quarter of a century old.

    However, a new report confirms that NASA managers responsible for operating the space station are seriously concerned about a small Russian part of the station, essentially a tunnel that connects a larger module to a docking port, which is leaking.

    Russian and US officials have known that this small PrK module, which lies between a Progress spacecraft airlock and the Zvezda module, has been leaking since September 2019. A new report, published Thursday by NASA’s inspector general, provides details not previously released by the space agency that underline the severity of the problem.

    New Details About the Leak

    For example, in February of this year NASA identified an increase in the leak rate from less than 1 pound of atmosphere a day to 2.4 pounds a day, and in April this rate increased to 3.7 pounds a day. Despite years of investigation, neither Russian nor US officials have identified the underlying cause of the leak.

    “Although the root cause of the leak remains unknown, both agencies have narrowed their focus to internal and external welds,” the report, signed by Deputy Inspector General George A. Scott, states.

    The plan to mitigate the risk is to keep the hatch on the Zvezda module leading to the PrK tunnel closed. Eventually, if the leak worsens further, this hatch might need to be closed permanently, reducing the number of Russian docking ports on the space station from four to three.

    Publicly, NASA has sought to minimize concerns about the cracking issue because it remains, to date, confined to the PrK tunnel and has not spread to other parts of the station. Nevertheless, Ars reported in June that the cracking issue has reached the highest level of concern on the space agency’s 5×5 “risk matrix” to classify the likelihood and consequence of risks to spaceflight activities. The Russian leaks are now classified as a “5” both in terms of high likelihood and high consequence.

    At the time, NASA would not comment on, or confirm, the space agency’s concerns about the risk matrix rating. However, the new report confirms the agency’s concerns.

    “In May and June 2024, ISS Program and Roscosmos officials met to discuss heightened concerns with the increased leak rate,” the inspector general’s report states. “The ISS Program subsequently elevated the Service Module Transfer Tunnel leak risk to the highest level of risk in its risk management system. According to NASA, Roscosmos is confident they will be able to monitor and close the hatch to the Service Module prior to the leak rate reaching an untenable level. However, NASA and Roscosmos have not reached an agreement on the point at which the leak rate is untenable.”

    An Uncertain Future in Low Earth Orbit

    The report comes as NASA is considering the future of the space station. The US space agency and Russia have an agreement to continue flying the station through 2028, and NASA would like to extend operations to 2030. NASA had anticipated that it would agree to this extension more than a year ago, but as of yet no agreement has been finalized.

    Once the station reaches the end of its life, NASA intends to transition its activities in low Earth orbit onto private space stations, and it has funded initial development work by Axiom Space, Northrop Grumman, Blue Origin, and Voyager Space. Northrop has since dropped out of the competition—determining that it would not be a profitable business. There is general uncertainty as to whether any of the private space station operators will be ready in 2030.

    NASA’s other potential option is extending the life of the space station beyond 2030, but this would require a lot of work to ensure the space station’s structure remains viable and yet another extension agreement with Russia. The US partnership with that nation has been severely strained by Russia’s invasion of Ukraine.

    “Extending the ISS past 2030 will require significant funding to operate and maintain the station, acceptance of increased risk stemming from its components and aging structures, and assurances of continued support from NASA’s international partners,” the new report states. “Further complicating matters is the likelihood that NASA may continue to face a flat or reduced budget, inflation, and supply chain challenges.”

    This story originally appeared on Ars Technica.

    [ad_2]

    Eric Berger, Ars Technica

    Source link

  • Scientists Figured Out How to Recycle Plastic by Vaporizing It

    Scientists Figured Out How to Recycle Plastic by Vaporizing It

    [ad_1]

    Our planet is choking on plastics. Some of the worst offenders, which can take decades to degrade in landfills, are polypropylene—which is used for things such as food packaging and bumpers—and polyethylene, found in plastic bags, bottles, toys, and even mulch.

    Polypropylene and polyethylene can be recycled, but the process can be difficult and often produces large quantities of the greenhouse gas methane. They are both polyolefins, which are the products of polymerizing ethylene and propylene, raw materials that are mainly derived from fossil fuels. The bonds of polyolefins are also notoriously hard to break.

    Now, researchers at UC Berkeley have come up with a method of recycling these polymers that uses catalysts that easily break their bonds, converting them into propylene and isobutylene, which are gases at room temperature. Those gases can then be recycled into new plastics.

    “Because polypropylene and polyethylene are among the most difficult and expensive plastics to separate from each other in a mixed waste stream, it is crucial that [a recycling] process apply to both polyolefins,” the research team said in a study recently published in Science.

    Breaking It Down

    The recycling process the team used is known as isomerizing ethenolysis, which relies on a catalyst to break down olefin polymer chains into their small molecules. Polyethylene and polypropylene bonds are highly resistant to chemical reactions, because both of these polyolefins have long chains of single carbon-carbon bonds. Most polymers have at least one carbon-carbon double bond, which is much easier to break.

    While isomerizing ethenolysis had been tried by the same researchers before, the previous catalysts were expensive metals that did not remain pure long enough to convert all of the plastic into gas. Using sodium on alumina followed by tungsten oxide on silica proved much more economical and effective, even though the high temperatures required for the reaction added a bit to the cost.

    In both plastics, exposure to sodium on alumina broke each polymer chain into shorter polymer chains and created breakable carbon-carbon double bonds at the ends. The chains continued to break over and over. Both then underwent a second process known as olefin metathesis. They were exposed to a stream of ethylene gas flowing into a reaction chamber while being introduced to tungsten oxide on silica, which resulted in the breakage of the carbon-carbon bonds.

    The reaction breaks all the carbon-carbon bonds in polyethylene and polypropylene, with the carbon atoms released during the breaking of these bonds ending up attached to molecules of ethylene. “The ethylene is critical to this reaction, as it is a coreactant,” researcher R.J. Conk, one of the authors of the study, told Ars Technica. “The broken links then react with ethylene, which removes the links from the chain. Without ethylene, the reaction cannot occur.”

    The entire chain is catalyzed until polyethylene is fully converted to propylene, and polypropylene is converted to a mixture of propylene and isobutylene.

    This method has high selectivity—meaning it produces a large amount of the desired product: propylene derived from polyethylene, and both propylene and isobutylene derived from polypropylene. Both of these chemicals are in high demand; propylene is an important raw material for the chemical industry, while isobutylene is a frequently used monomer in many different polymers, including synthetic rubber and a gasoline additive.

    Mixing It Up

    Because plastics are often mixed at recycling centers, the researchers wanted to see what would happen if polypropylene and polyethylene underwent isomerizing ethenolysis together. The reaction was successful, converting the mixture into propylene and isobutylene, with slightly more propylene than isobutylene.

    Mixtures also typically include contaminants in the form of additional plastics. So the team also wanted to see whether the reaction would still work if there were contaminants. They experimented with plastic objects that would otherwise be thrown away, including a centrifuge and a bread bag, both of which contained traces of other polymers besides polypropylene and polyethylene. The reaction yielded only slightly less propylene and isobutylene than it did with unadulterated versions of the polyolefins.

    Another test involved introducing different plastics, such as PET and PVC, to polypropylene and polyethylene to see if that would make a difference. These did lower the yield significantly. If this approach is going to be successful, then all but the slightest traces of contaminants will have to be removed from polypropylene and polyethylene products before they are recycled.

    While this recycling method sounds like it could prevent tons upon tons of waste, it will need to be scaled up enormously for this to happen. When the research team increased the scale of the experiment, it produced the same yield, which looks promising for the future. Still, we’ll need to build considerable infrastructure before this could make a dent in our plastic waste.

    “We hope that the work described 
 will lead to practical methods for 
 [producing] new polymers,” the researchers said in the same study. “By doing so, the demand for production of these essential commodity chemicals starting from fossil carbon sources and the associated greenhouse gas emissions could be greatly reduced.”

    This story originally appeared on Ars Technica.

    [ad_2]

    Elizabeth Rayne, Ars Technica

    Source link

  • Some Mad Genius Put ChatGPT on a TI-84 Graphing Calculator

    Some Mad Genius Put ChatGPT on a TI-84 Graphing Calculator

    [ad_1]

    On Saturday, a YouTube creator called ChromaLock published a video detailing how he modified a Texas Instruments TI-84 graphing calculator to connect to the internet and access OpenAI’s ChatGPT, potentially enabling students to cheat on tests. The video, titled “I Made the Ultimate Cheating Device,” demonstrates a custom hardware modification that allows users of the graphing calculator to type in problems sent to ChatGPT using the keypad and receive live responses on the screen.

    ChromaLock began by exploring the calculator’s link port, typically used for transferring educational programs between devices. He then designed a custom circuit board he calls “TI-32” that incorporates a tiny Wi-Fi-enabled microcontroller, the Seed Studio ESP32-C3 (which costs about $5), along with other components to interface with the calculator’s systems.

    It’s worth noting that the TI-32 hack isn’t a commercial project. Replicating ChromaLock’s work would involve purchasing a TI-84 calculator, a Seed Studio ESP32-C3 microcontroller, and various electronic components, and fabricating a custom PCB based on ChromaLock’s design, which is available online.

    The creator says he encountered several engineering challenges during development, including voltage incompatibilities and signal integrity issues. After developing multiple versions, ChromaLock successfully installed the custom board into the calculator’s housing without any visible signs of modifications from the outside.

    To accompany the hardware, ChromaLock developed custom software for the microcontroller and the calculator, which is available open source on GitHub. The system simulates another TI-84, allowing people to use the calculator’s built-in “send” and “get” commands to transfer files. This allows a user to easily download a launcher program that provides access to various “applets” designed for cheating.

    One of the applets is a ChatGPT interface that might be most useful for answering short questions, but it has a drawback in that it’s slow and cumbersome to type in long alphanumeric questions on the limited keypad.

    Beyond the ChatGPT interface, the device offers several other cheating tools. An image browser allows users to access pre-prepared visual aids stored on the central server. The app browser feature enables students to download not only games for post-exam entertainment but also text-based cheat sheets disguised as program source code. ChromaLock even hinted at a future video discussing a camera feature, though details were sparse in the current demo.

    ChromaLock claims his new device can bypass common anti-cheating measures. The launcher program can be downloaded on-demand, avoiding detection if a teacher inspects or clears the calculator’s memory before a test. The modification can also supposedly break calculators out of Test Mode, a locked-down state used to prevent cheating.

    While the video presents the project as a technical achievement, consulting ChatGPT during a test on your calculator almost certainly represents an ethical breach and/or a form of academic dishonesty that could get you in serious trouble at most schools. So tread carefully, study hard, and remember to eat your Wheaties.

    This story originally appeared on Ars Technica.

    [ad_2]

    Benj Edwards, Ars Technica

    Source link

  • OpenAI Threatens Bans as Users Probe Its ‘Strawberry’ AI Models

    OpenAI Threatens Bans as Users Probe Its ‘Strawberry’ AI Models

    [ad_1]

    OpenAI truly does not want you to know what its latest AI model is “thinking.” Since the company launched its “Strawberry” AI model family last week, touting so-called reasoning abilities with o1-preview and o1-mini, OpenAI has been sending out warning emails and threats of bans to any user who tries to probe how the model works.

    Unlike previous AI models from OpenAI, such as GPT-4o, the company trained o1 specifically to work through a step-by-step problem-solving process before generating an answer. When users ask an “o1” model a question in ChatGPT, users have the option of seeing this chain-of-thought process written out in the ChatGPT interface. However, by design, OpenAI hides the raw chain of thought from users, instead presenting a filtered interpretation created by a second AI model.

    Nothing is more enticing to enthusiasts than information obscured, so the race has been on among hackers and red-teamers to try to uncover o1’s raw chain of thought using jailbreaking or prompt injection techniques that attempt to trick the model into spilling its secrets. There have been early reports of some successes, but nothing has yet been strongly confirmed.

    Along the way, OpenAI is watching through the ChatGPT interface, and the company is reportedly coming down hard on any attempts to probe o1’s reasoning, even among the merely curious.

    One X user reported (confirmed by others, including Scale AI prompt engineer Riley Goodside) that they received a warning email if they used the term “reasoning trace” in conversation with o1. Others say the warning is triggered simply by asking ChatGPT about the model’s “reasoning” at all.

    The warning email from OpenAI states that specific user requests have been flagged for violating policies against circumventing safeguards or safety measures. “Please halt this activity and ensure you are using ChatGPT in accordance with our Terms of Use and our Usage Policies,” it reads. “Additional violations of this policy may result in loss of access to GPT-4o with Reasoning,” referring to an internal name for the o1 model.

    Marco Figueroa, who manages Mozilla’s GenAI bug bounty programs, was one of the first to post about the OpenAI warning email on X last Friday, complaining that it hinders his ability to do positive red-teaming safety research on the model. “I was too lost focusing on #AIRedTeaming to realized that I received this email from @OpenAI yesterday after all my jailbreaks,” he wrote. “I’m now on the get banned list!!!”

    Hidden Chains of Thought

    In a post titled “Learning to Reason With LLMs” on OpenAI’s blog, the company says that hidden chains of thought in AI models offer a unique monitoring opportunity, allowing them to “read the mind” of the model and understand its so-called thought process. Those processes are most useful to the company if they are left raw and uncensored, but that might not align with the company’s best commercial interests for several reasons.

    “For example, in the future we may wish to monitor the chain of thought for signs of manipulating the user,” the company writes. “However, for this to work the model must have freedom to express its thoughts in unaltered form, so we cannot train any policy compliance or user preferences onto the chain of thought. We also do not want to make an unaligned chain of thought directly visible to users.”

    [ad_2]

    Benj Edwards, Ars Technica

    Source link

  • The Polaris Dawn Spaceflight Was More Than Just a Billionaire Joyride

    The Polaris Dawn Spaceflight Was More Than Just a Billionaire Joyride

    [ad_1]

    A white spacecraft, lightly toasted like a marshmallow and smelling of singed metal, fell out of the night sky early on Sunday morning and splashed down in the Gulf of Mexico not all that far from Key West.

    The darkened waters there were carefully chosen from among dozens of potential landing spots near Florida. This is because the wind and seas were predicted to be especially calm and serene as the Crew Dragon spacecraft named Resilience floated down to the sea and bobbed gently, awaiting the arrival of a recovery ship.

    Inside waited a crew of four—commander Jared Isaacman, a billionaire who funded the mission and had just completed his second private spaceflight; SpaceX engineers Sarah Gillis and Anna Menon, who were the company’s first employees to fly into orbit; and pilot Kidd Poteet.

    They were happy to be home.

    “We are mission complete,” Isaacman said after the spacecraft landed.

    A Significant Success

    Their mission, certainly the most ambitious private spaceflight to date, was a total success. Named Polaris Dawn, the mission flew to an altitude of 1,408.1 kilometers on the first day of the flight. This was the highest Earth-orbit mission ever flown and the farthest humans have traveled from our planet since the Apollo missions more than half a century ago.

    Photograph: SpaceX/Getty Images

    Then, on the third day of the flight, the four crew members donned space suits designed and developed within the past two years. After venting the cabin’s atmosphere into space, first Isaacman, and then Gillis, spent several minutes extending their bodies out of the Dragon spacecraft. This was the first-ever private spacewalk in history.

    Although this foray into space largely repeated what the Soviet Union, and then the United States, performed in the mid-1960s, with tethered spacewalks, it nonetheless was significant. These commercial space suits cost a fraction of government suits and can be considered version 1.0 of suits that could one day enable many people to walk in space, on the moon, and eventually Mars.

    Finally, on the mission’s final full day in space, the Dragon spacecraft demonstrated connectivity with a mesh of Starlink satellites in low-Earth orbit. The crew held a 40-minute, uninterrupted video call with flight operators back at SpaceX’s headquarters in Hawthorne, California. During that time, according to the company, Dragon maintained contact via laser links to Starlink satellites through 16 firings of the spacecraft’s Draco thrusters.

    This test demonstrated the viability of using the thousands of Starlink satellites in orbit as a means of providing high-speed Internet to people and spacecraft in space.

    Wait, Isn’t This Just a Billionaire Joyride?

    Some people have misunderstood the mission. They saw in Isaacman a financial tech billionaire gratifying his desire to go to space, inside a crew vehicle built by Elon Musk’s rocket company SpaceX. Thus, this appeared to be just a roller-coaster ride for the ultrarich and famous—for those who could not sate their thrill-seeking with the pleasures attainable on planet Earth.

    I understand this viewpoint, but I do not share it.

    [ad_2]

    Eric Berger, Ars Technica

    Source link

  • The Music Industry’s ’90s Hard Drives Are Dying

    The Music Industry’s ’90s Hard Drives Are Dying

    [ad_1]

    One of the things enterprise storage and destruction company Iron Mountain does is handle the archiving of the media industry’s vaults. What it has been seeing lately should be a wake-up call: Roughly one-fifth of the hard disk drives dating to the 1990s it was sent are entirely unreadable.

    Music industry publication Mix spoke with the people in charge of backing up the entertainment industry. The resulting tale is part explainer on how music is so complicated to archive now, part warning about everyone’s data stored on spinning disks.

    “In our line of work, if we discover an inherent problem with a format, it makes sense to let everybody know,” Robert Koszela, global director for studio growth and strategic initiatives at Iron Mountain, told Mix. “It may sound like a sales pitch, but it’s not; it’s a call for action.”

    Hard drives gained popularity over spooled magnetic tape as digital audio workstations, mixing and editing software, and the perceived downsides of tape, including deterioration from substrate separation and fire. But hard drives present their own archival problems. Standard hard drives were also not designed for long-term archival use. You can almost never decouple the magnetic disks from the reading hardware inside, so if either fails, the whole drive dies.

    There are also general computer storage issues, including the separation of samples and finished tracks, or proprietary file formats requiring archival versions of software. Still, Iron Mountain tells Mix that “if the disk platters spin and aren’t damaged,” it can access the content.

    But “if it spins” is becoming a big question mark. Musicians and studios now digging into their archives to remaster tracks often find that drives, even when stored at industry-standard temperature and humidity, have failed in some way, with no partial recovery option available.

    “It’s so sad to see a project come into the studio, a hard drive in a brand-new case with the wrapper and the tags from wherever they bought it still in there,” Koszela says. “Next to it is a case with the safety drive in it. Everything’s in order. And both of them are bricks.”

    Entropy Wins

    Mix’s passing along of Iron Mountain’s warning hit Hacker News earlier this week, which spurred other tales of faith in the wrong formats. The gist of it: You cannot trust any medium, so you copy important things over and over, into fresh storage. “Optical media rots, magnetic media rots and loses magnetic charge, bearings seize, flash storage loses charge, etc.,” writes user abracadaniel. “Entropy wins, sometimes much faster than you’d expect.”

    There is discussion of how SSDs are not archival at all; how floppy disk quality varied greatly between the 1980s, 1990s, and 2000s; how Linear Tape-Open, a format specifically designed for long-term tape storage, loses compatibility over successive generations; how the binder sleeves we put our CD-Rs and DVD-Rs in have allowed them to bend too much and stop being readable.

    Knowing that hard drives will eventually fail is nothing new. Ars wrote about the five stages of hard drive death, including denial, back in 2005. Last year, backup company Backblaze shared failure data on specific drives, showing that drives that fail tend to fail within three years, that no drive was totally exempt, and that time does, generally, wear down all drives. Google’s server drive data showed in 2007 that HDD failure was mostly unpredictable, and that temperatures were not really the deciding factor.

    So Iron Mountain’s admonition to music companies is yet another warning about something we’ve already heard. But it’s always good to get some new data about just how fragile a good archive really is.

    This story originally appeared on Ars Technica.

    [ad_2]

    Kevin Purdy, Ars Technica

    Source link

  • Boeing Starliner Returns Home to an Uncertain Future

    Boeing Starliner Returns Home to an Uncertain Future

    [ad_1]

    Until now, NASA has paid Boeing roughly $2.7 billion of the $4.6 billion total potential value of its commercial crew contract, according to Finch. The Starliner contract NASA awarded Boeing in 2014 originally had a maximum value of $4.2 billion, but contract modifications since 2014 have added $400 million to the deal. Most of the money NASA has paid Boeing to date has been for Starliner development costs, while the remaining funds under the contract cover future service payments for operational flights.

    So, if Boeing walked away from Starliner, the company would be giving up nearly $1.9 billion on potential revenue from NASA, still more than the $1.6 billion in losses it has taken on the program so far.

    Ready for Departure

    Since deciding last month to fly Starliner home without its crew, NASA managers have reviewed plans for the spacecraft to depart the space station in autopilot mode. The preparations included updating Starliner’s software parameters to enable the autonomous undocking. Then, last Thursday, NASA officials convened a Flight Readiness Review and cleared Starliner to return to Earth.

    “Everybody polled ‘go’ in that review, pending the operational status of the vehicle and the landing weather,” said Steve Stich, NASA’s commercial crew program manager. “So we’re proceeding toward undock and landing on Friday.”

    As Starliner approached the space station on June 6, five of the ship’s 28 Reaction Control System (RCS) thrusters dropped offline, requiring Wilmore to take manual control while ground controllers tried to recover some of the control jets.

    Engineers tested thrusters and analyzed data for over two months to track down the cause of the thrusters’ failure. Ground teams were able to bring four of the five failed thrusters back online, but NASA officials could not assure themselves the same thrusters, or perhaps more, won’t overheat again and fail as Starliner departs the station and heads for reentry.

    Investigators found that repeated pulses of the RCS jets led to rising temperatures in the thrusters. This likely caused a seal in each of the problematic thrusters to bulge and deform, restricting the flow of propellant, according to NASA officials.

    Stich said Wednesday that possible solutions to the problem on future Starliner flights range from changing the way the ship fires its thrusters to prevent overheating, to changing the seal design, to modifying the doghouse-shaped propulsion pods where the thrusters reside on the spacecraft’s service module. The design of these “doghouses” cause them to retain heat like a thermos, exacerbating the thermal problem.

    Boeing and NASA also must resolve helium leaks that plagued the Starliner test flight. Engineers believe a separate set of degraded seals is causing helium leaks, which the spacecraft uses to pressurize the propulsion system and drive propellants into its thrusters. Ground controllers have closed valves to isolate the helium system and close off the leaks while Starliner has been docked at the space station. Those isolation valves will open before Starliner departs the space station, but NASA officials say the spacecraft has more than enough helium for the six-hour flight from undocking until landing Friday night.

    Wilmore and Williams originally planned to stay at the space station for around eight days, but will now remain as residents on the complex until February, when they will come home in a SpaceX Dragon spacecraft.

    Dana Weigel, NASA’s ISS program manager, said Wednesday that the Starliner astronauts, both veterans of previous six-month stays on the space station, are fully trained to perform spacewalks, operate the lab’s robotic arm, and conduct maintenance and scientific experiments. They will be fully integrated into the space station’s long-duration crew, which usually includes seven residents. With the Starliner crew’s extended stay, the station crew size has grown to nine people.

    The crew shakeup forced NASA to remove two astronauts from the next SpaceX Dragon crew flight launching to the ISS later this month, leaving two seats empty to accommodate Wilmore and Williams when the Dragon spacecraft returns to Earth early next year. This upcoming SpaceX crew rotation will bring the station crew size back to its usual complement of seven US astronauts and Russian cosmonauts.

    This story originally appeared on Ars Technica.

    [ad_2]

    Stephen Clark, Ars Technica

    Source link

  • YubiKeys Are a Security Gold Standard—but They Can Be Cloned

    YubiKeys Are a Security Gold Standard—but They Can Be Cloned

    [ad_1]

    The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-sized device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday.

    The cryptographic flaw, known as a side channel, resides in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.

    Patching Not Possible

    YubiKey maker Yubico issued an advisory in coordination with a detailed disclosure report from NinjaLab, the security firm that reverse engineered the YubiKey 5 series and devised the cloning attack. All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable. Updating key firmware on the YubiKey isn’t possible. That leaves all affected YubiKeys permanently vulnerable.

    “An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys,” the advisory confirmed. “The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM; knowledge of the accounts they want to target; and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge, including username, PIN, account password, or authentication key.”

    Side channels are the result of clues left in physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task that leaks cryptographic secrets. In this case, the side channel is the amount of time taken during a mathematical calculation known as a modular inversion. The Infineon cryptolibrary failed to implement a common side-channel defense known as constant time as it performs modular inversion operations involving the Elliptic Curve Digital Signature Algorithm. Constant time ensures the time-sensitive cryptographic operations execute is uniform rather than variable depending on the specific keys.

    More precisely, the side channel is located in the Infineon implementation of the Extended Euclidean Algorithm, a method for, among other things, computing the modular inverse. By using an oscilloscope to measure the electromagnetic radiation while the token is authenticating itself, the researchers can detect tiny execution time differences that reveal a token’s ephemeral ECDSA key, also known as a nonce. Further analysis allows the researchers to extract the secret ECDSA key that underpins the entire security of the token.

    In Tuesday’s report, NinjaLab cofounder Thomas Roche wrote:

    In the present work, NinjaLab unveils a new side-channel vulnerability in the ECDSA implementation of Infineon 9 on any security microcontroller family of the manufacturer. This vulnerability lies in the ECDSA ephemeral key (or nonce) modular inversion, and, more precisely, in the Infineon implementation of the Extended Euclidean Algorithm (EEA for short). To our knowledge, this is the first time an implementation of the EEA is shown to be vulnerable to side-channel analysis (contrarily to the EEA binary version). The exploitation of this vulnerability is demonstrated through realistic experiments and we show that an adversary only needs to have access to the device for a few minutes. The offline phase took us about 24 hours; with more engineering work in the attack development, it would take less than one hour.

    After a long phase of understanding Infineon implementation through side-channel analysis on a Feitian 10 open JavaCard smartcard, the attack is tested on a YubiKey 5Ci, a FIDO hardware token from Yubico. All YubiKey 5 Series (before the firmware update 5.7 11 of May 6th, 2024) are affected by the attack. In fact all products relying on the ECDSA of Infineon cryptographic library running on an Infineon security microcontroller are affected by the attack. We estimate that the vulnerability exists for more than 14 years in Infineon top secure chips. These chips and the vulnerable part of the cryptographic library went through about 80 CC certification evaluations of level AVA VAN 4 (for TPMs) or AVA VAN 5 (for the others) from 2010 to 2024 (and a bit less than 30 certificate maintenances).

    [ad_2]

    Dan Goodin, Ars Technica

    Source link

  • Strange Noises Are Coming from Inside Boeing’s Starliner Spacecraft

    Strange Noises Are Coming from Inside Boeing’s Starliner Spacecraft

    [ad_1]

    On Saturday NASA astronaut Butch Wilmore noticed some strange noises emanating from a speaker inside the Starliner spacecraft.

    “I’ve got a question about Starliner,” Wilmore radioed down to Mission Control, at Johnson Space Center in Houston. “There’s a strange noise coming through the speaker … I don’t know what’s making it.”

    Wilmore said he was not sure if there was some oddity in the connection between the station and the spacecraft causing the noise, or something else. He asked the flight controllers in Houston to see if they could listen to the audio inside the spacecraft. A few minutes later, Mission Control radioed back that they were linked via “hardline” to listen to audio inside Starliner, which has now been docked to the International Space Station for nearly three months.

    Wilmore, apparently floating in Starliner, then put his microphone up to the speaker inside Starliner. Shortly thereafter, there was an audible pinging that was quite distinctive. “Alright Butch, that one came through,” Mission control radioed up to Wilmore. “It was kind of like a pulsing noise, almost like a sonar ping.”

    Listen to a recording of the noises heard by Butch Wilmore.

    “I’ll do it one more time, and I’ll let y’all scratch your heads and see if you can figure out what’s going on,” Wilmore replied. The odd, sonar-like audio then repeated itself. “Alright, over to you. Call us if you figure it out.”

    A Space Oddity

    A recording of this audio, and Wilmore’s conversation with Mission Control, was captured and shared by a Michigan-based meteorologist named Rob Dale.

    It was not immediately clear what was causing the odd, and somewhat eerie noise. As Starliner flies to the space station, it maintains communications with the space station via a radio frequency system. Once docked, however, there is a hardline umbilical that carries audio.

    Astronauts notice such oddities in space from time to time. For example, during China’s first human spaceflight int 2003, astronaut Yang Liwei said he heard what sounded like an iron bucket being knocked by a wooden hammer while in orbit. Later, scientists realized the noise was due to small deformations in the spacecraft due to a difference in pressure between its inner and outer walls.

    This weekend’s sonar-like noises most likely have a benign cause, and Wilmore certainly did not sound frazzled. But the odd noises are worth noting given the challenges that Boeing and NASA have had with the debut crewed flight of Starliner, including substantial helium leaks in flight, and failing thrusters. NASA announced a week ago that, due to uncertainty about the flyability of Starliner, it would come home without its original crew of Wilmore and Suni Williams.

    Starliner is now due to fly back autonomously to Earth on Friday, September 6. Wilmore and Williams will return to Earth next February, flying aboard a Crew Dragon spacecraft scheduled to launch with just two astronauts later this month.

    This story originally appeared on Ars Technica.

    [ad_2]

    Eric Berger, Ars Technica

    Source link

  • Martin Shkreli Made Copies of His $2 Million Wu-Tang Album—and Hid Them in ‘Safes All Around the World’

    Martin Shkreli Made Copies of His $2 Million Wu-Tang Album—and Hid Them in ‘Safes All Around the World’

    [ad_1]

    The members of PleasrDAO are, well, pretty displeased with Martin Shkreli.

    The “digital autonomous organization” spent $4.75 million to buy the fabled Wu-Tang Clan album Once Upon a Time in Shaolin, which had been produced as only a single copy. The album had once belonged to Shkreli, who purchased it directly from Wu-Tang Clan for $2 million in 2015. But after Shkreli became the “pharma bro” poster boy for price gouging in the drug sector, he ended up in severe legal trouble and served a seven-year prison sentence for securities fraud.

    He also had to pay a $7.4 million penalty in that case, and the government seized and then sold Once Upon a Time in Shaolin to help pay the bill.

    The album was truly “one of a kind”—a protest against the devaluation of music in the digital age and the kind of fascinating curio that instantly made its owners into “interesting people.” The album came as a two-CD set inside a nickel and silver box inscribed with the Wu-Tang logo, and the full package included a pair of customized audio speakers and a 174-page leather book featuring lyrics and “anecdotes on the production.”

    In a complicated transaction, PleasrDAO purchased the album from an unnamed intermediary, who had first purchased it from the government. As part of that deal, PleasrDAO created a non-fungible token (NFTs—remember those?) to show ownership of the album. The New York Times has a good description of what this entailed:

    To tie “Once Upon a Time” to the digital realm, an NFT was created to stand as the ownership deed for the physical album, said Peter Scoolidge, a lawyer who specializes in cryptocurrency and NFT deals and was involved in the transaction. The 74 members of PleasrDAO 
 share collective ownership of the NFT deed, and thus own the album.

    Makin’ Copies 


    But after purchasing the album and sharing the collective ownership of its NFT, PleasrDAO discovered that its “one of a kind” object wasn’t quite as exclusive as it had thought.

    Shkreli had, in fact, made copies of the music. Lots of copies. On June 30, 2022, PleasrDAO said that Shkreli played music from the album on his YouTube channel and stated, “Of course I made MP3 copies, they’re like hidden in safes all around the world 
 I’m not stupid. I don’t buy something for $2 million just so I can keep one copy.”

    Shkreli began taunting PleasrDAO members about the album, telling one of them, “I literally play it on my Discord all the time, you’re an idiot” and claiming that PleasrDAO was concerned about an album that “>5000 people have.” Shkreli claimed on a 2024 podcast that he had “burned the album and sent it to like, 50 different chicks”—and that this had been extremely good for his sex life.

    Shkreli even offered to send copies of the album to random internet commenters if they would just send him their “email addy.” He also told people to “look out for a torrent” and hosted listening parties for the album on his X account, which reached “potentially over 4,900 listeners.”

    We know all of these details because PleasrDAO has sued Shkreli, claiming that he is acting in violation of the asset forfeiture order and that he is misappropriating “trade secrets” under New York law.

    [ad_2]

    Nate Anderson, Ars Technica

    Source link

  • A Popular iOS Illustration App Is Saying No to Generative AI

    A Popular iOS Illustration App Is Saying No to Generative AI

    [ad_1]

    The backlash against image and video synthesis is not solely focused on creative app developers. Hardware manufacturer Wacom and game publisher Wizards of the Coast have faced criticism and issued apologies after using AI-generated content in their marketing materials. Toys “R” Us also faced a negative reaction after debuting an AI-generated commercial. Companies are still grappling with balancing the potential benefits of generative AI with the ethical concerns it raises.

    Artists and Critics React

    So far, Procreate’s anti-AI announcement has been met with a largely positive reaction in replies to its social media post. In a widely liked comment, artist Freya HolmĂ©r wrote on X, “This is very appreciated, thank you.”

    Some of the more outspoken opponents of image synthesis also replied favorably to Procreate’s move. Karla Ortiz, who is a plaintiff in a lawsuit against AI image-generator companies, replied to Procreate’s video on X, “Whatever you need at any time, know I’m here!! Artists support each other, and also support those who allow us to continue doing what we do! So thank you for all you all do and so excited to see what the team does next!”

    Artist R. J. Palmer, who stoked the first major wave of AI art backlash with a viral tweet in 2022, also replied to Cuda’s video statement, saying, “Now thats the way to send a message. Now if only you guys could get a full power competitor to [Photoshop] on desktop with plugin support. Until someone can build a real competitor to high level [Photoshop] use, I’m stuck with it.”

    A few pro-AI users also replied to the X post, including AI-augmented artist Claire Silver, who uses generative AI as an accessibility tool. She wrote on X, “Most of my early work is made with a combination of AI and Procreate. 7 years ago, before text to image was really even a thing. I loved Procreate because it used tech to boost accessibility. Like AI, it augmented trad skill to allow more people to create. No rules, only tools.”

    Since AI image synthesis continues to be a highly charged subject among some artists, reaffirming support for human-centric creativity could be an effective differentiated marketing move for Procreate, which currently plays underdog to creativity app giant Adobe. While some may prefer to use AI tools, in an (ideally healthy) app ecosystem with personal choice in illustration apps, people can follow their conscience.

    Procreate’s anti-AI stance is slightly risky, because it might also polarize part of its user base—and if the company changes its mind about including generative AI in the future, it will have to walk back its pledge. But for now, Procreate is confident in its decision: “In this technological rush, this might make us an exception or seem at risk of being left behind,” Procreate wrote. “But we see this road less traveled as the more exciting and fruitful one for our community.”

    This story originally appeared on Ars Technica.

    [ad_2]

    Benj Edwards, Ars Technica

    Source link

  • NASA Nears Decision Time on Boeing Starliner’s Fate

    NASA Nears Decision Time on Boeing Starliner’s Fate

    [ad_1]

    With no consensus on the safety of the Starliner crew capsule, NASA officials said Wednesday they need another week or two before deciding whether to bring two astronauts back to Earth on Boeing’s spacecraft or extend their stay on the International Space Station until next year.

    Boeing’s Starliner spacecraft, stricken by suspect thrusters and helium leaks, is taking up a valuable parking spot at the space station. It needs to depart the orbiting research complex, with or without its two-person crew, before the launch of SpaceX’s next Dragon crew mission to the station, scheduled for September 24.

    “We can juggle things and make things work if we need to extend, but it’s getting a lot harder,” said Ken Bowersox, associate administrator of NASA’s spaceflight operations directorate. “With the consumables we’re using, with the need for the use of the ports for cargo missions, those types of things, we’re reaching a point where that last week in August, we really should be making a call, if not sooner.”

    Last week, NASA officials said they expected to make a decision in mid-August—presumably this week—but Bowersox said Wednesday NASA probably won’t make the final call on what to do with the Starliner spacecraft until the end of next week, or the beginning of the week of August 26.

    “We’ve got time available before we bring Starliner home and we want to use that time wisely,” Bowersox said.

    NASA astronauts Butch Wilmore and Suni Williams launched inside Boeing’s Starliner spacecraft on June 5. Their mission is the first crew test flight on Boeing’s capsule before NASA clears Starliner for regular crew rotation flights to the space station. But after software setbacks, parachute concerns, and previous problems with its propulsion system, Boeing’s Starliner program is running more than four years behind SpaceX’s Dragon crew spacecraft, which flew astronauts to the station for the first time in 2020.

    And now, there’s a significant chance the Starliner crew won’t come home in the spacecraft they launched in. Bowersox, a former astronaut, said NASA brought in propulsion experts from other programs to take a fresh look at the thruster issue.

    Engineers are still investigating the root cause of why five of Starliner’s 28 reaction control system thrusters, supplied by Aerojet Rocketdyne, failed during approach to the space station the day after launch. The thrusters overheated as they pulsed over and over again to fine-tune the ship’s rendezvous with the station. Tests of a similar control jet on the ground suggested a Teflon seal in an internal valve could swell at higher temperatures, restricting the flow of propellant to the thruster.

    Four of the five thrusters that failed before Starliner docked at the station have recovered and generated near-normal thrust levels during test-firings last month. But many engineers at NASA aren’t convinced the thrusters will work normally on Starliner’s journey from the space station back to Earth. These control jets are needed to keep the spacecraft pointed in the right direction when four larger rocket engines fire for the deorbit burn to steer the capsule on a trajectory back into the atmosphere for landing.

    Rapid pulses of the thrusters, coupled with a long firing of the four larger engines, could raise temperatures inside four doghouse-shaped propulsion pods around the perimeter of Starliner’s service module. Once the deorbit burn is complete, Starliner will jettison the service module to burn up in the atmosphere, and its crew module will use a different set of thrusters to guide its reentry. Then, it will deploy parachutes to slow for landing, likely at White Sands, New Mexico.

    Elevated Risk

    Bowersox said the outside engineers brought in from other NASA centers have, so far, largely agreed with the assessments made by the team working full time on Starliner.

    “There are a lot of folks out there that have worked with similar thrusters, and have seen similar issues,” he said. “So we’ve gotten feedback on what we’re seeing, and a lot of it is confirming what we thought was causing the signatures that we were observing on orbit. It’s really tough when you don’t have the actual hardware to look at, when it’s up in space.”

    [ad_2]

    Stephen Clark, Ars Technica

    Source link

  • NASA Is ‘Evaluating All Options’ to Get the Boeing Starliner Crew Home

    NASA Is ‘Evaluating All Options’ to Get the Boeing Starliner Crew Home

    [ad_1]

    It has now been eight weeks since Boeing’s Starliner spacecraft launched into orbit on an Atlas V rocket, bound for the International Space Station. At the time NASA officials said the two crew members, Butch Wilmore and Suni Williams, could return to Earth as soon as June 14, just eight days later.

    Yes, there had been some problems on Starliner’s ride to the space station that involved helium leaks and failing thrusters. But officials said they were relatively minor and sought to downplay them. “Those are pretty small, really, issues to deal with,” Mark Nappi, vice president and manager of Boeing’s Commercial Crew Program, said during a post-docking news conference. “We’ll figure them out for the next mission. I don’t see these as significant at all.”

    But days turned to weeks, and weeks turned to months as NASA and Boeing continued to study the two technical problems. Of these issues, the more pressing concern was the failure of multiple reaction control system thrusters that are essential to steering Starliner during its departure from the space station and setting up a critical engine burn to enter Earth’s atmosphere.

    In the last few weeks, ground teams from NASA and Boeing completed testing of a thruster on a test stand at White Sands, New Mexico. Then, last weekend, Boeing and NASA fired the spacecraft’s thrusters in orbit to check their performance while docked at the space station. NASA has said preliminary results from these tests were helpful.

    Dragon Becomes a Real Option

    One week ago, the last time NASA officials spoke to the media, the agency’s program manager for commercial crew, Steve Stich, would not be drawn into discussing what would happen should NASA conclude that Starliner’s thrusters were not reliable enough for the return journey to Earth.

    “Our prime option is to complete the mission,” Stich said one week ago. “There are a lot of good reasons to complete this mission and bring Butch and Suni home on Starliner. Starliner was designed, as a spacecraft, to have the crew in the cockpit.”

    For a long time, it seemed almost certain that the astronauts would return to Earth inside Starliner.

    However, there has been a lot of recent activity at NASA, Boeing, and SpaceX that suggests that Wilmore and Williams could come home aboard a Crew Dragon spacecraft rather than Starliner. Due to the critical importance of this mission, Ars is sharing what we know as of Thursday afternoon.

    One informed source said it was greater than a 50-50 chance that the crew would come back on Dragon. Another source said it was significantly more likely than not they would. To be clear, NASA has not made a final decision. This probably will not happen until at least next week. It is likely that Jim Free, NASA’s associate administrator, will make the call.

    Asked if it was now more likely than not that Starliner’s crew would return on Dragon, NASA spokesperson Josh Finch told Ars on Thursday evening, “NASA is evaluating all options for the return of agency astronauts Butch Wilmore and Suni Williams from the International Space Station as safely as possible. No decisions have been made, and the agency will continue to provide updates on its planning.”

    Putting Together Puzzle Pieces

    What follows are some data points that Ars can confidently report based on multiple sources:

    • NASA keeps delaying a decision. A Flight Readiness Review meeting had been scheduled for today, August 1, several days in advance. However, it was canceled. Instead, NASA put out a vague blog update on Thursday stating, “Following the completion of Starliner’s return planning, which is expected to continue into next week, more information will be shared about the agency’s return readiness review preparations and subsequent media briefing.” So maybe the meeting will take place next week.
    • NASA issued a $266,678 task award to SpaceX on July 14 for a “special study for emergency response.” NASA said this study was not directly related to Starliner’s problems, but two sources told Ars it really was. Although the study entailed work on flying more than four crew members home on Crew Dragon—a scenario related to Frank Rubio and the Soyuz MS-22 leaks—it also allowed SpaceX to study flying Dragon home with six passengers, a regular crew complement in addition to Wilmore and Williams.
    • SpaceX has been actively working on a scenario in which two or four astronauts launch on board Crew 9. (A normal crew is four) This mission has a nominal launch date of August 18, but it could well be delayed. SpaceX has already identified flight suits that would fit Wilmore and Williams, allowing them to fly home on the Crew-8 spacecraft (presently docked to the space station) or the Crew-9 vehicle. It is unclear how crews would be assigned to the two Dragon return flights. It is possible, if four astronauts launch on Crew 9, that five people could fly home on each of the two Dragons.
    • Two sources told Ars that in meetings this week at NASA field centers, there have been vigorous discussions about whether or not to fly crew home on Starliner. Multiple groups remain “no” on Starliner as of Wednesday. It is unclear how this will be resolved. Some engineers believe that if there are questions about Starliner, then NASA should opt for the safe course—flying on Crew Dragon, which has safely launched 13 times and landed 12 times.

    The Toughest of Calls

    NASA officials face a difficult decision. Because there is still at least a small risk to flying Starliner in its present condition, the space agency and Boeing have tested the thrusters as thoroughly as possible while the spacecraft is docked to the space station. This testing was intended to “buy down” these risks. But while the data is good, it has not addressed all of NASA’s concerns.

    So what will the space agency do? Starliner probably could make it back to Earth safely. But there appears to be some reasonable doubt that Starliner will come back safely. If NASA defers to its fallback plan, flying on Dragon, it may spell the end of the Starliner program. During the development and testing of Starliner, the company has already lost $1.6 billion. Reflying a crew test flight mission, which likely would be necessary should Starliner return autonomously, would cost much more. Boeing might opt to cancel Starliner and leave NASA with just a single provider of crew transportation. That would be painful for both NASA and Boeing.

    But the alternative—Starliner not coming home safely with the crew inside—is far, far worse. This is the risk-reward decision that Free, Stich, and other NASA officials ultimately must balance in the coming days.

    This story originally appeared on Ars Technica.

    [ad_2]

    Eric Berger, Ars Technica

    Source link

  • Amazon Has to Recall More Than 400,000 Dangerous Products

    Amazon Has to Recall More Than 400,000 Dangerous Products

    [ad_1]

    Amazon failed to adequately alert more than 300,000 customers to serious risks—including death and electrocution—that US Consumer Product Safety Commission (CPSC) testing found with more than 400,000 products that third parties sold on its platform.

    The CPSC unanimously voted to hold Amazon legally responsible for third-party sellers’ defective products. Now, Amazon must make a CPSC-approved plan to properly recall the dangerous products—including highly flammable children’s pajamas, faulty carbon monoxide detectors, and unsafe hair dryers that could cause electrocution—which the CPSC fears may still be widely used in homes across America.

    While Amazon scrambles to devise a plan, the CPSC summarized the ongoing risks to consumers:

    If the [products] remain in consumers’ possession, children will continue to wear sleepwear garments that could ignite and result in injury or death; consumers will unwittingly rely on defective [carbon monoxide] detectors that will never alert them to the presence of deadly carbon monoxide in their homes; and consumers will use the hair dryers they purchased, which lack immersion protection, in the bathroom near water, leaving them vulnerable to electrocution.

    Instead of recalling the products, which were sold between 2018 and 2021, Amazon sent messages to customers that the CPSC said “downplayed the severity” of hazards.

    In these messages—”despite conclusive testing that the products were hazardous” by the CPSC—Amazon only warned customers that the products “may fail” to meet federal safety standards and only “potentially” posed risks of “burn injuries to children,” “electric shock,” or “exposure to potentially dangerous levels of carbon monoxide.”

    Typically, a distributor would be required to specifically use the word “recall” in the subject line of these kinds of messages, but Amazon dodged using that language entirely. Instead, Amazon opted to use much less alarming subject lines that said, “Attention: Important safety notice about your past Amazon order” or “Important safety notice about your past Amazon order.”

    Amazon then left it up to customers to destroy products and explicitly discouraged them from making returns. The ecommerce giant also gave every affected customer a gift card without requiring proof of destruction or adequately providing public notice or informing customers of actual hazards, as can be required by law to ensure public safety.

    Further, Amazon’s messages did not include photos of the defective products, as required by law, and provided no way for customers to respond. The commission found that Amazon “made no effort” to track how many items were destroyed or even do the minimum of monitoring the “number of messages that were opened.”

    Amazon still thinks these messages were appropriate remedies, though. An Amazon spokesperson told Ars that Amazon plans to appeal the ruling.

    “We are disappointed by the CPSC’s decision,” Amazon’s spokesperson said. “We plan to appeal the decision and look forward to presenting our case in court. When we were initially notified by the CPSC three years ago about potential safety issues with a small number of third-party products at the center of this lawsuit, we swiftly notified customers, instructed them to stop using the products, and refunded them.”

    Amazon’s “Sidestepped” Safety Obligations

    The CPSC has additional concerns about Amazon’s “insufficient” remedies. It is particularly concerned that anyone who received the products as a gift or bought them on the secondary market likely was not informed of serious known hazards. The CPSC found that Amazon resold faulty hair dryers and carbon monoxide detectors, proving that secondary markets for these products exist.

    “Amazon has made no direct attempt to reach consumers who obtained the hazardous products as gifts, hand-me-downs, donations, or on the secondary market,” the CPSC said.

    [ad_2]

    Ashley Belanger, Ars Technica

    Source link

  • The Affordable Connectivity Program Died—and Thousands of Households Have Already Lost Their Internet

    The Affordable Connectivity Program Died—and Thousands of Households Have Already Lost Their Internet

    [ad_1]

    The death of the US government’s Affordable Connectivity Program (ACP) is starting to result in disconnection of internet service for Americans with low incomes. On Friday, Charter Communications reported a net loss of 154,000 internet subscribers that it said was mostly driven by customers canceling after losing the federal discount. About 100,000 of those subscribers were reportedly getting the discount, which in some cases made internet service free to the consumer.

    The $30 monthly broadband discounts provided by the ACP ended in May after Congress failed to allocate more funding. The Biden administration requested $6 billion to fund the ACP through December 2024, but Republicans called the program “wasteful.”

    Republican lawmakers’ main complaint was that most of the ACP money went to households that already had broadband before the subsidy was created. FCC Chairwoman Jessica Rosenworcel warned that killing the discounts would reduce internet access, saying an FCC survey found that 77 percent of participating households would change their plan or drop internet service entirely once the discounts expired.

    Charter’s Q2 2024 earnings report provides some of the first evidence of users dropping internet service after losing the discount. “Second quarter residential Iiternet customers decreased by 154,000, largely driven by the end of the FCC’s Affordable Connectivity Program subsidies in the second quarter, compared to an increase of 70,000 during the second quarter of 2023,” Charter said.

    Across all ISPs, there were 23 million US households enrolled in the ACP. Research released in January 2024 found that Charter was serving over 4 million ACP recipients and that up to 300,000 of those Charter customers would be “at risk” of dropping internet service if the discounts expired. Given that ACP recipients must meet low-income eligibility requirements, losing the discounts could put a strain on their overall finances even if they choose to keep paying for internet service.

    “The Real Question Is the Customers’ Ability to Pay”

    Charter, which offers service under the brand name Spectrum, has 28.3 million residential internet customers in 41 states. The company’s earnings report said Charter made retention offers to customers that previously received an ACP subsidy. The customer loss apparently would have been higher if not for those offers.

    Light Reading reported that Charter attributed about 100,000 of the 154,000 customer losses to the ACP shutdown. Charter said it retained most of its ACP subscribers so far, but that low-income households might not be able to continue paying for internet service without a new subsidy for much longer:

    “We’ve retained the vast majority of ACP customers so far,” Charter CEO Chris Winfrey said on [Friday’s] earnings call, pointing to low-cost internet programs and the offer of a free mobile line designed to keep those customers in the fold. “The real question is the customers’ ability to pay—not just now, but over time.”

    The ACP only lasted a couple of years. The FCC implemented the $30 monthly benefit in early 2022, replacing a previous $50 monthly subsidy from the Emergency Broadband Benefit Program that started enrolling users in May 2021.

    Separately, the FCC Lifeline program that provides $9.25 monthly discounts is in jeopardy after a court ruling last week. Lifeline is paid for by the Universal Service Fund, which was the subject of a constitutional challenge.

    The US Court of Appeals for the 5th Circuit found that Universal Service fees on phone bills are a “misbegotten tax” that violate the Constitution. But in similar cases, the 6th and 11th circuit appeals courts ruled that the fund is constitutional. The circuit split increases the chances that the Supreme Court will take up the case.

    Disclosure: The Advance/Newhouse Partnership, which owns 12.4 percent of Charter, is part of Advance Publications, which also owns Ars Technica and WIRED parent Condé Nast.

    This story originally appeared on Ars Technica.

    [ad_2]

    Jon Brodkin, Ars Technica

    Source link

  • A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them

    A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them

    [ad_1]

    KnowBe4, a US-based security vendor, revealed that it unwittingly hired a North Korean hacker who attempted to load malware into the company’s network. KnowBe4 CEO and founder Stu Sjouwerman described the incident in a blog post this week, calling it a cautionary tale that was fortunately detected before causing any major problems.

    “First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems,” Sjouwerman wrote. “This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you. If it can happen to us, it can happen to almost anyone. Don’t let it happen to you.”

    KnowBe4 said it was looking for a software engineer for its internal IT AI team. The firm hired a person who, it turns out, was from North Korea and was “using a valid but stolen US-based identity” and a photo that was “enhanced” by artificial intelligence. There is now an active FBI investigation amid suspicion that the worker is what KnowBe4’s blog post called “an Insider Threat/Nation State Actor.”

    KnowBe4 operates in 11 countries and is headquartered in Florida. It provides security awareness training, including phishing security tests, to corporate customers. If you occasionally receive a fake phishing email from your employer, you might be working for a company that uses the KnowBe4 service to test its employees’ ability to spot scams.

    Person Passed Background Check and Video Interviews

    KnowBe4 hired the North Korean hacker through its usual process. “We posted the job, received rĂ©sumĂ©s, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware,” the company said.

    Even though the photo provided to HR was fake, the person who was interviewed for the job apparently looked enough like it to pass. KnowBe4’s HR team “conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application,” the post said. “Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI ‘enhanced.’”

    The two images at the top of this story are a stock photo and what KnowBe4 says is the AI fake based on the stock photo. The stock photo is on the left, and the AI fake is on the right.

    The employee, referred to as “XXXX” in the blog post, was hired as a principal software engineer. The new hire’s suspicious activities were flagged by security software, leading KnowBe4’s Security Operations Center (SOC) to investigate:

    On July 15, 2024, a series of suspicious activities were detected on the user beginning at 9:55 pm EST. When these alerts came in KnowBe4’s SOC team reached out to the user to inquire about the anomalous activity and possible cause. XXXX responded to SOC that he was following steps on his router guide to troubleshoot a speed issue and that it may have caused a compromise.

    The attacker performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software. He used a Raspberry Pi to download the malware. SOC attempted to get more details from XXXX including getting him on a call. XXXX stated he was unavailable for a call and later became unresponsive. At around 10:20 pm EST SOC contained XXXX’s device.

    “Fake IT Worker From North Korea”

    The SOC analysis indicated that the loading of malware “may have been intentional by the user,” and the group “suspected he may be an Insider Threat/Nation State Actor,” the blog post said.

    “We shared the collected data with our friends at Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings. It turns out this was a fake IT worker from North Korea,” Sjouwerman wrote.

    KnowBe4 said it can’t provide much detail because of the active FBI investigation. But the person hired for the job may have logged into the company computer remotely from North Korea, Sjouwerman explained:

    How this works is that the fake worker asks to get their workstation sent to an address that is basically an “IT mule laptop farm.” They then VPN in from where they really physically are (North Korea or over the border in China) and work the night shift so that they seem to be working in US daytime. The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs. I don’t have to tell you about the severe risk of this. It’s good we have new employees in a highly restricted area when they start, and have no access to production systems. Our controls caught it, but that was sure a learning moment that I am happy to share with everyone.

    This story originally appeared on Ars Technica.

    [ad_2]

    Jon Brodkin, Ars Technica

    Source link

  • Class Action Lawsuit Alleges T-Mobile Broke Its Lifetime Price Guarantee

    Class Action Lawsuit Alleges T-Mobile Broke Its Lifetime Price Guarantee

    [ad_1]

    Angry T-Mobile customers have filed a class action lawsuit over the carrier’s decision to raise prices on plans that were advertised as having a lifetime price guarantee.

    “Based upon T-Mobile’s representations that the rates offered with respect to certain plans were guaranteed to last for life or as long as the customer wanted to remain with that plan, each Plaintiff and the Class Members agreed to these plans for wireless cellphone service from T-Mobile,” said the complaint filed in US District Court for the District of New Jersey. “However, in May 2024, T-Mobile unilaterally did away with these legacy phone plans and switched Plaintiffs and the Class to more expensive plans without their consent.”

    The complaint, filed on July 12, has four named plaintiffs who live in New Jersey, Georgia, Nevada, and Pennsylvania. They are seeking to represent a class of all US residents “who entered into a T-Mobile One Plan, Simple Choice plan, Magenta, Magenta Max, Magenta 55+, Magenta Amplified or Magenta Military Plan with T-Mobile which included a promised lifetime price guarantee but had their price increased without their consent and in violation of the promises made by T-Mobile and relied upon by Plaintiffs and the proposed class.”

    The complaint seeks “restitution of all amounts obtained by Defendant as a result of its violation,” plus interest. It also seeks statutory and punitive damages, and an injunction to prevent further “wrongful, unlawful, fraudulent, deceptive, and unfair conduct.”

    “T-Mobile Will Never Change the Price You Pay”

    The lawsuit’s allegations will be familiar to those who read our previous articles on the recent price hikes of up to $5 per line. In January 2017, T-Mobile issued a press release announcing the “Un-contract” promise for T-Mobile One plans. “Now, T-Mobile One customers keep their price until THEY decide to change it. T-Mobile will never change the price you pay for your T-Mobile One plan,” the company said at the time.

    The price guarantee was also hyped by then CEO John Legere at a press event in Las Vegas. But separately from the announcement, T-Mobile revealed a significant caveat that essentially nullified the promise. T-Mobile said in a FAQ on its website that the only guarantee was T-Mobile would pay your final month’s bill if the carrier raised the price and you decided to cancel.

    Many customers saw the prominent lifetime price guarantee but not T-Mobile’s contradiction of that promise and signed up for plans thinking their prices would never be raised. The “Un-contract promise” was offered on certain plans between January 5, 2017, and April 27, 2022.

    T-Mobile started offering a different guarantee called Price Lock on April 28, 2022. This was originally more ironclad than the Un-contract, and customers who snagged it were apparently not impacted by this year’s price increases.

    But T-Mobile then created a confusing situation with Price Lock. The stronger version of Price Lock was offered from April 28, 2022, to January 17, 2024. It was replaced by a weaker version that is still called Price Lock but is basically the same as the Un-contract. Customers who signed up for Price Lock on or after January 18, 2024, don’t actually have a price lock—but they can get their final month’s bill covered if T-Mobile raises the price and they decide to cancel.

    After the price hikes, several T-Mobile customers contacted Ars to express their displeasure. One of those customers said that he canceled and tried to get his final month’s bill covered, but T-Mobile refused to provide the refund. The Federal Communications Commission told us it had received about 1,600 consumer complaints about the price hikes as of late June.

    Class Action Plaintiffs

    The lawsuit says the plaintiffs and many other customers were swayed to switch plans based on promises made in the January 2017 announcement and afterward.

    “The experiences of the named Plaintiffs [are] not unique. Numerous wireless customers were motivated to switch to T-Mobile based upon the Press Events and Videos first promoted at the Las Vegas Trade Show,” the lawsuit said. “The extensive advertising by T-Mobile in print and on television also motivated customers to switch to what have now become legacy plans that T-Mobile customers are no longer able to keep.”

    [ad_2]

    Jon Brodkin, Ars Technica

    Source link

  • Nike Is Killing the App for Its $350 Self-Tying Sneakers

    Nike Is Killing the App for Its $350 Self-Tying Sneakers

    [ad_1]

    In 2019, Nike got closer than ever to its dream of popularizing self-tying sneakers by releasing the Adapt BB. Using Bluetooth, the sneakers paired to the Adapt app that let users do things like tighten or loosen the shoes’ laces and control its LED lights. However, Nike has announced that it’s “retiring” the app on August 6, when it will no longer be downloadable from Apple’s App Store or the Google Play Store; nor will it be updated.

    In an announcement recently spotted by The Verge, Nike’s brief explanation for discontinuing the app is that Nike “is no longer creating new versions of Adapt shoes.” The company started informing owners about the app’s retirement about four months ago.

    Those who already bought the shoes can still use the app after August 6, but it’s expected that iOS or Android updates will eventually make the app unusable. Also, those who get a new device won’t be able to download Adapt after August 6.

    Without the app, wearers are unable to change the color of the sneaker’s LED lights. The lights will either maintain the last color scheme selected via the app or, per Nike, “if you didn’t install the app, light will be the default color.” While owners will still be able to use on-shoe buttons to turn the shoes on or off, check its battery, adjust the lace’s tightness, and save fit settings, the ability to change lighting and control the shoes via mobile phone were big selling points of the $350 kicks.

    Despite the Adapt BB being Nike’s third version of self-tying sneakers and its most widely available one yet, the sneakers look doomed to have some its most marketed features bricked. Nike still maintains other mobile apps that are directly tied to shoe functionality, like its shopping app and Run Club app for tracking running.

    Disappointed Sneakerheads

    Adapt BB owners have shared disappointment after learning the news. One Reddit user who claimed to own multiple pairs of the shoes called the news “hyper bullshit,” while another described it as “immensely disappointing.”

    Some hope that Nike will open-source the app so that customers can maintain their shoes’ original and full functionality. But Nike hasn’t shared any plans to do so. Ars Technica asked the company about this but didn’t hear back ahead of press time.

    One person going by Maverick-1776 on Reddit wrote:

    These shoes were so expensive when they came out. I don’t see why it’s such a big deal to keep supporting the app. It doesn’t mean they need to dedicate a dev team. …

    Hopefully the app doesn’t disappear if you already have it installed. I like using the app to see how much battery is left, or just messing around with the LEDs.”

    Reddit’s Taizan said companies like Nike should “offer alternatives or put out stuff to the public domain when they do these things,” adding: “Sustainability also involves maintenance of past products, digital or not.”

    “I’m Out. Fuck ’Em.”

    Some may be unsurprised that Nike’s attempt at commercializing the shoes from Back to the Future Part II has run into a wall. Nike, for instance, also discontinued NikeConnect, its app for $200 NBA jerseys announced in 2017 that turned wearers into marketing gold.

    Casual sneaker wearers would overlook the Adapt BB’s flashy features, but the shoe had inherent flaws that could frustrate sneaker fanatics, too. It didn’t take long, for example, for a recommended software update to break the shoes, including making them unwearable to anyone who wanted to tighten the laces. (At the time, Nike said the problem affected a small number of owners.) Nike’s tech inexperience played a role, as the company’s testing reportedly didn’t fully consider all the different phone models in use and their varying Bluetooth capabilities.

    [ad_2]

    Scharon Harding, Ars Technica

    Source link

  • The Words That Give Away Generative AI Text

    The Words That Give Away Generative AI Text

    [ad_1]

    Thus far, even AI companies have had trouble coming up with tools that can reliably detect when a piece of writing was generated using a large language model. Now, a group of researchers has established a novel method for estimating LLM usage across a large set of scientific writing by measuring which “excess words” started showing up much more frequently during the LLM era (i.e., 2023 and 2024). The results “suggest that at least 10 percent of 2024 abstracts were processed with LLMs,” according to the researchers.

    In a preprint paper posted earlier this month, four researchers from Germany’s University of TĂŒbingen and Northwestern University said they were inspired by studies that measured the impact of the Covid-19 pandemic by looking at excess deaths compared to the recent past. By taking a similar look at “excess word usage” after LLM writing tools became widely available in late 2022, the researchers found that “the appearance of LLMs led to an abrupt increase in the frequency of certain style words” that was “unprecedented in both quality and quantity.”

    Delving In

    To measure these vocabulary changes, the researchers analyzed 14 million paper abstracts published on PubMed between 2010 and 2024, tracking the relative frequency of each word as it appeared across each year. They then compared the expected frequency of those words (based on the pre-2023 trend line) to the actual frequency of those words in abstracts from 2023 and 2024, when LLMs were in widespread use.

    The results found a number of words that were extremely uncommon in these scientific abstracts before 2023 that suddenly surged in popularity after LLMs were introduced. The word “delves,” for instance, shows up in 25 times as many 2024 papers as the pre-LLM trend would expect; words like “showcasing” and “underscores” increased in usage by nine times as well. Other previously common words became notably more common in post-LLM abstracts: The frequency of “potential” increased by 4.1 percentage points, “findings” by 2.7 percentage points, and “crucial” by 2.6 percentage points, for instance.

    These kinds of changes in word use could happen independently of LLM usage, of course—the natural evolution of language means words sometimes go in and out of style. However, the researchers found that, in the pre-LLM era, such massive and sudden year-over-year increases were only seen for words related to major world health events: “ebola” in 2015; “zika” in 2017; and words like “coronavirus,” “lockdown,” and “pandemic” in the 2020 to 2022 period.

    In the post-LLM period, though, the researchers found hundreds of words with sudden, pronounced increases in scientific usage that had no common link to world events. In fact, while the excess words during the Covid pandemic were overwhelmingly nouns, the researchers found that the words with a post-LLM frequency bump were overwhelmingly “style words” like verbs, adjectives, and adverbs (a small sampling: “across, additionally, comprehensive, crucial, enhancing, exhibited, insights, notably, particularly, within”).

    This isn’t a completely new finding—the increased prevalence of “delve” in scientific papers has been widely noted in the recent past, for instance. But previous studies generally relied on comparisons with “ground truth” human writing samples or lists of predefined LLM markers obtained from outside the study. Here, the pre-2023 set of abstracts acts as its own effective control group to show how vocabulary choice has changed overall in the post-LLM era.

    An Intricate Interplay

    By highlighting hundreds of so-called “marker words” that became significantly more common in the post-LLM era, the telltale signs of LLM use can sometimes be easy to pick out. Take this example abstract line called out by the researchers, with the marker words highlighted: “A comprehensive grasp of the intricate interplay between […] and […] is pivotal for effective therapeutic strategies.”

    After doing some statistical measures of marker word appearance across individual papers, the researchers estimate that at least 10 percent of the post-2022 papers in the PubMed corpus were written with at least some LLM assistance. The number could be even higher, the researchers say, because their set could be missing LLM-assisted abstracts that don’t include any of the marker words they identified.

    [ad_2]

    Kyle Orland, Ars Technica

    Source link