Feed aggregator

After deleting a web server, I started checking what I typed before hitting 'Enter'  theregister.com

Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication  CybersecurityNews

Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication  CybersecurityNews

Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication  CybersecurityNews

Linux CUPS Flaw Allows Remote Denial of Service and Authentication Bypass  gbhackers.com

"Engineers from Ohio State University are developing a new way to power rocket engines," reports Gizmodo, "using liquid uranium for a faster, more efficient form of nuclear propulsion that could deliver round trips to Mars within a single year..." Nuclear propulsion uses a nuclear reactor to heat a liquid propellant to extremely high temperatures, turning it into a gas that's expelled through a nozzle and used to generate thrust. The newly developed engine concept, called the centrifugal nuclear thermal rocket (CNTR), uses liquid uranium to heat rocket propellant directly. In doing so, the engine promises more efficiency than traditional chemical rockets, as well as other nuclear propulsion engines, according to new research published in Acta Astronautica... Traditional chemical engines produce about 450 seconds of thrust from a given amount of propellant, a measure known as specific impulse. Nuclear propulsion engines can reach around 900 seconds, with the CNTR possibly pushing that number even higher. "You could have a safe one-way trip to Mars in six months, for example, as opposed to doing the same mission in a year," Spencer Christian, a PhD student at Ohio State and leader of CNTR's prototype construction, said in a statement. CNTR promises faster routes, but it could also use different types of propellant, like ammonia, methane, hydrazine, or propane, that can be found in asteroids or other objects in space. "Some potential hurdles include ensuring that the methods used for startup, operation and shutdown avoid instabilities," according to the researchers' announcement, as well as "envisioning ways to minimize the loss of uranium fuel and accommodate potential engine failures." But "This team's CNTR concept is expected to reach design readiness within the next five years..."

Read more of this story at Slashdot.

Rethinking the AI Race  The Regulatory Review

VirtualBox 7.2.2 Update Resolves TPM Emulation on Linux  OMG! Ubuntu

The UK's data-protecting Information Commissioner's Office has issued a warning about what it calls a worrying trend, reports the BBC: "students hacking their own school and college IT systems for fun or as part of dares." Since 2022, the the Information Commissioner's Office (ICO) has investigated 215 hacks and breaches originating from inside education settings and says 57% were carried out by children. Other breaches are thought to come from staff, third party IT suppliers and other organisations with access. According to the new data, almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers. In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency's Cyber Choices programme to help them understand the seriousness of their actions... In another incident three Year 11 students aged 15 or 16 unlawfully accessed school databases containing the personal information of more than 1,400 students. The pupils used hacking tools downloaded from the internet to break passwords and security protocols. When questioned, they said they were interested in cyber security and wanted to test their skills and knowledge. Another example the ICO gave is of a student illegally logging into their college's databases with a teachers' details to change or delete personal information belonging to more than 9,000 staff, students and applicants. The system stored personal information such as name and home address, school records, health data, safeguarding and pastoral logs and emergency contacts. Schools are facing an increasing number of cyber attacks, with 44% of schools reporting an attack or breach in the last year according the government's most recent Cyber Security Breaches Survey. "Youth cyber crime culture is a growing threat linked to English-speaking teen gangs," the article argues, noting breaches at major companies to suggest it's a kind of "gateway" crime. The ICO's principal cyber specialist tells the BBC that "What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure."

Read more of this story at Slashdot.

RestOfWorld.org reports on "a global crisis nobody anticipated when governments started subsidizing electric vehicles..." "EVs can lose almost half their driving distance when temperatures drop, and the billions spent on improving technology have failed to fix this fundamental limitation." In January, Seattle-based Recurrent, a company that tests and analyzes EVs, found an average range loss of 20% in extreme cold... Lithium-ion batteries rely on chemical reactions that slow dramatically in cold weather. When temperatures plunge, the electrolyte thickens, ions move sluggishly, and charging becomes not just inefficient but potentially dangerous. Charging in cold weather has been identified as a primary cause of thermal acceleration, which can lead to fires... The failure pattern repeats globally wherever cold weather meets inadequate infrastructure. Manufacturers, too, have acknowledged the problem. Chinese EV maker BYD's user manual, for instance, advises drivers to charge indoors, with the heating on. That advice is useless for farmers parking in open courtyards. In fact, research across 293 Chinese cities "found that many drivers in colder regions buy EVs only as supplementary vehicles," according to the article, "while still relying on gasoline-powered cars during winter." The article also tells the story of an apple grower chilly Kashmir, India who discovered that his Chinese three-wheeler lost 60% of its 10-hour charge overnight. This made it impossible to begin the 56-kilometer (35-mile) trip on a route with no charging stations — and prevented him from selling his produce while it was fresh (to earn the highest prices). And the problem affects the entire region: Desperate drivers have formed WhatsApp groups, such as "EV Apple Transporters" and "Battery Help Kashmir," sharing increasingly absurd workarounds. Some have wrapped batteries in quilts; others have hauled power packs weighing 90 kilograms (over 200 pounds) into their homes for the night. One driver parked his battery in the living room. "The blankets caused overheating on the road; water bottles leaked into the circuits," [orchard owner] Sajad Ahmad said. "We became mechanics, engineers, and fools all at once." EVs are also not considered cost-efficient. "Diesel vans are expensive, but they can do four or five trips a day," Mohammad Yaseen, a driver based in Shopian, told Rest of World. "With EVs, one half-trip and you're stuck." Norway, where winter temperatures average minus 7 degrees Celsius (19 degrees Fahrenheit), achieved 89% EV market share with its comprehensive infrastructure. It offers more than 200 models for year-round usage. "The ability to preheat batteries upon fast charging in winter is by far the most important improvement we have seen in the past five years," Christina Bu, secretary-general of the Norwegian EV Association, told Rest of World. "These features are standard in Norway's mature market, but remain absent from basic models exported to developing countries."

Read more of this story at Slashdot.

Last year Amazon's robotaxi service Zoox held a training session for 20 Las Vegas firefighters, police officers, and other first responders, reports the Washington Post, calling it "a new ritual for emergency workers across the country, as autonomous vehicles begin to spread beyond the handful of cities that served as initial testing grounds..." Questions that came up included: What can first responders do if the nearly 6,000-pound vehicle is blocking a roadway? (Better to pull, not push.) What happens if the vehicle loses its connectivity? (It's designed to pull over.) And can first responders manually shut off the vehicle? (Not yet, but Zoox is working on it....) The vehicles' operators claim they drive more safely than humans, but anything can happen on public roads, and first responders need to know how to intervene if a robotaxi is caught in a collision that traps passengers, catches fire or gets caught doing something that demands a traffic stop... Alphabet's Waymo, which has more than 2,000 vehicles completing hundreds of thousands of paid trips each week across San Francisco and Silicon Valley, Los Angeles, Phoenix, Austin and Atlanta, has trained more than 20,000 first responders in how to interact with its vehicles, the company said. Tesla didn't respond to a request for comment on how many first responders the company has trained, but a representative from the Austin Police Department confirmed that fire, police and transit workers were trained on the company's Robotaxi before the company launched commercial service in June. Tesla, Waymo and Zoox say their vehicles can detect the lights and sirens of emergency vehicles and automatically attempt to pull over. Waymo says its vehicles can interpret first responders' hand signals.... The first responders appeared excited about the potential of the company's artificial intelligence technology to ferry visitors up and down the Vegas Strip without concern that a driver might be inebriated. They were also wary of problems that might unfold: Autonomous vehicles are electric, and when electric vehicles catch fire, they're difficult to extinguish, the firefighters said. The first responders also worried that a secondary air bag deployment could injure an emergency responder, a common concern with conventional vehicles. And if a police officer wanted to view the footage a Zoox vehicle captured on the road, would the company be willing to share it? Turning over footage would require a subpoena, a Zoox official responded. But "those who've been through the trainings and have seen large-scale commercial rollouts say it's difficult to anticipate all the potential issues in a specific market," the article points out. Darius Luttropp, former deputy chief of operations for the San Francisco Fire Department, told the Post last year that Waymo vehicles had blocked city firefighters from leaving and entering firehouses, and also crashed into their equipment. Lt. William White of the Austin Police Department told the Post that more than once Waymo vehicles failed to recognize an officer on a motorcycle with their police lights activated.

Read more of this story at Slashdot.

9to5Linux Weekly Roundup: September 14th, 2025  9to5Linux

Intel Loses Key Linux USB4 and Thunderbolt Maintainer Mika Westerberg  WebProNews

Linux 6.17-rc6 Released With VMSCAPE Mitigation, FLYDIGI APEX 5 Support & Fixes  Phoronix

"There has never been a successful, widespread malware attack against iPhone," notes Apple's security blog, pointing out that "The only system-level iOS attacks we observe in the wild come from mercenary spyware... historically associated with state actors and [using] exploit chains that cost millions of dollars..." But they're doing something about it — this week announcing a new always-on memory-safety protection in the iPhone 17 lineup and iPhone Air (including the kernel and over 70 userland processes)... Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry... For Apple, improving memory safety is a broad effort that includes developing with safe languages and deploying mitigations at scale... Our analysis found that, when employed as a real-time defensive measure, the original Arm Memory Tagging Extension (MTE) release exhibited weaknesses that were unacceptable to us, and we worked with Arm to address these shortcomings in the new Enhanced Memory Tagging Extension (EMTE) specification, released in 2022. More importantly, our analysis showed that while EMTE had great potential as specified, a rigorous implementation with deep hardware and operating system support could be a breakthrough that produces an extraordinary new security mechanism.... Ultimately, we determined that to deliver truly best-in-class memory safety, we would carry out a massive engineering effort spanning all of Apple — including updates to Apple silicon, our operating systems, and our software frameworks. This effort, together with our highly successful secure memory allocator work, would transform MTE from a helpful debugging tool into a groundbreaking new security feature. Today we're introducing the culmination of this effort: Memory Integrity Enforcement (MIE), our comprehensive memory safety defense for Apple platforms. Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies. MIE is built right into Apple hardware and software in all models of iPhone 17 and iPhone Air and offers unparalleled, always-on memory safety protection for our key attack surfaces including the kernel, while maintaining the power and performance that users expect. In addition, we're making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that we released earlier this year during WWDC... Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products. Because of how dramatically it reduces an attacker's ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.

Read more of this story at Slashdot.

I tried turning my old Android phone into a Linux server, but ended up distro-hopping instead  xda-developers.com

The oldest person living in Japan is 114 years old, reports the BBC. But "The number of people in Japan aged 100 or older has risen to a record high of nearly 100,000, its government has announced." Setting a new record for the 55th year in a row, the number of centenarians in Japan was 99,763 as of September, the health ministry said on Friday. Of that total, women accounted for an overwhelming 88%... Health minister Takamaro Fukoka congratulated the 87,784 female and 11,979 male centenarians on their longevity and expressed his "gratitude for their many years of contributions to the development of society".... The higher life expectancy is mainly attributed to fewer deaths from heart disease and common forms of cancer, in particular breast and prostate cancer. Japan has low rates of obesity, a major contributing factor to both diseases, thanks to diets low in red meat and high in fish and vegetables. The obesity rate is particularly low for women, which could go some way to explaining why Japanese women have a much higher life expectancy than their male counterparts... But it's not just diet. Japanese people tend to stay active into later life, walking and using public transport more than elderly people in the US and Europe... However, several studies have cast doubt on the validity of global centenarian numbers, suggesting data errors, unreliable public records and missing birth certificates may account for elevated figures. A government audit of family registries in Japan in 2010 uncovered more than 230,000 people listed as being aged 100 or older who were unaccounted for, some having in fact died decades previously. The miscounting was attributed to patchy record-keeping and suspicions that some families may have tried to hide the deaths of elderly relatives in order to claim their pensions.

Read more of this story at Slashdot.

Installing Ubuntu Questing Quokka Beta  Daily Kos

7 Linux Distributions I Tested in the Past Year, Ranked  How-To Geek

"When residents of Equatorial Guinea's Annobón island wrote to the government in Malabo in July last year complaining about the dynamite explosions by a Moroccan construction company, they didn't expect the swift end to their internet access..." reports the Associated Press. "Residents and activists said the company's dynamite explosions in open quarries and construction activities have been polluting their farmlands and water supply..." Dozens of the signatories and residents were imprisoned for nearly a year, while internet access to the small island has been cut off since then, according to several residents and rights groups. Local residents interviewed by The Associated Press left the island in the past months, citing fear for their lives and the difficulty of life without internet. Banking services have shut down, hospital services for emergencies have been brought to a halt and residents say they rack up phone bills they can't afford because cellphone calls are the only way to communicate... The company's work on the island continues. Residents hoped to pressure authorities to improve the situation with their complaint in July last year. Instead, [the country's president] then deployed a repressive tactic now common in Africa to cut off access to internet to clamp down on protests and criticisms.

Read more of this story at Slashdot.