Alterslash picks up to the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.
The New US-China Proxy War Over Undersea Internet Cables
400 undersea cables carry 95% of the world's international internet traffic, reports Reuters (citing figures from Washington-based telecommunications research firm TeleGeography).
But now there's "a growing proxy war between the United States and China over technologies that could determine who achieves economic and military dominance for decades to come."
In February, American subsea cable company SubCom LLC began laying a $600-million cable to transport data from Asia to Europe, via Africa and the Middle East, at super-fast speeds over 12,000 miles of fiber running along the seafloor. That cable is known as South East Asia-Middle East-Western Europe 6, or SeaMeWe-6 for short. It will connect a dozen countries as it snakes its way from Singapore to France, crossing three seas and the Indian Ocean on the way. It is slated to be finished in 2025.
It was a project that slipped through China's fingers....
The Singapore-to-France cable would have been HMN Tech's biggest such project to date, cementing it as the world's fastest-rising subsea cable builder, and extending the global reach of the three Chinese telecom firms that had intended to invest in it. But the U.S. government, concerned about the potential for Chinese spying on these sensitive communications cables, ran a successful campaign to flip the contract to SubCom through incentives and pressure on consortium members.... It's one of at least six private undersea cable deals in the Asia-Pacific region over the past four years where the U.S. government either intervened to keep HMN Tech from winning that business, or forced the rerouting or abandonment of cables that would have directly linked U.S. and Chinese territories....
Justin Sherman, a fellow at the Cyber Statecraft Initiative of the Atlantic Council, a Washington-based think tank, told Reuters that undersea cables were "a surveillance gold mine" for the world's intelligence agencies. "When we talk about U.S.-China tech competition, when we talk about espionage and the capture of data, submarine cables are involved in every aspect of those rising geopolitical tensions," Sherman said.
Google Security Researchers Accuse CentOS of Failing to Backport Kernel Fixes
An anonymous reader quotes Neowin:
Google Project Zero is a security team responsible for discovering security flaws in Google's own products as well as software developed by other vendors. Following discovery, the issues are privately reported to vendors and they are given 90 days to fix the reported problems before they are disclosed publicly.... Now, the security team has reported several flaws in CentOS' kernel. Horn is urging better patch scheduling so "an attacker who wants to quickly find a nice memory corruption bug in CentOS/RHEL can't just find such bugs in the delta between upstream stable and your kernel."
As detailed in the technical document here, Google Project Zero's security researcher Jann Horn learned that kernel fixes made to stable trees are not backported to many enterprise versions of Linux. To validate this hypothesis, Horn compared the CentOS Stream 9 kernel to the stable linux-5.15.y stable tree.... As expected, it turned out that several kernel fixes have not been made deployed in older, but supported versions of CentOS Stream/RHEL. Horn further noted that for this case, Project Zero is giving a 90-day deadline to release a fix, but in the future, it may allot even stricter deadlines for missing backports....
Red Hat accepted all three bugs reported by Horn and assigned them CVE numbers. However, the company failed to fix these issues in the allotted 90-day timeline, and as such, these vulnerabilities are being made public by Google Project Zero.
Amazon Rejects Petition from 30,000 Workers Opposing Return-to-Office Mandate
An anonymous reader shares this report from the New York Post:
Disgruntled Amazon corporate employees are reportedly devastated after a top human resources executive shot down an internal petition that asked the tech giant's leaders to nix its return-to-office plan. Approximately 30,000 workers had signed a petition begging CEO Andy Jassy to cancel his directive that most employees work on site at least three days per week. The return-to-office plan is slated to take effect on May 1.
Beth Galetti, Amazon's HR chief, shot down the petition in a message to organizers obtained by Insider and signaled that the return-to-office plan will move forward as scheduled. "Given the large size of our workforce and our wide range of businesses and customers, we recognize this transition may take time, but we are confident it will result in long-term benefits to increasing our ability to deliver for our customers, bolstering our culture, and growing and developing employees," Galetti said in the memo....
In the petition, which first surfaced last month, Amazon workers argued they are more productive and enjoy a better work-life balance in a remote work environment. The workers also asserted that the three-day-per-week requirement runs contrary to Amazon's stances on issues such as affordable housing, diversity and climate change.... Meanwhile, Jassy has argued that working more days on site will help build effective collaboration and "deliver for customers and the business."
DoomLinux: the Distro That Loads Only Enough Software to Play DOOM
Hackaday recently shared some thoughts on "purpose-built" distros:
Some examples are Kali for security testing, DragonOS for software-defined radio, or Hannah Montana Linux for certain music fans. Their report includes video of the distro booting up and playing Doom.
Anyone can roll their own Linux distribution with the right tools, including [Shadly], who recently created one which only loads enough software to launch the 1993 classic DOOM.... It loads the Linux kernel and the standard utilities via BusyBox, then runs fbDOOM, which is a port of the game specifically designed to run on the Linux framebuffer with minimal dependencies.
"The entire distribution is placed into a bootable ISO file that can be placed on any bootable drive."
FSF Honors Emacs Co-Maintainer, 'Replicant' Developer, and Videoconferencing Tool Jami
The Free Software Foundation held their annual LibrePlanet conference last week — and announced that Eli Zaretskii, co-maintainer of GNU Emacs, won their "Advancement of Free Software" award. "He has been a contributor to Emacs for more than thirty years," notes the FSF announcement, "and as co-maintainer, coordinates the work of more than two hundred active contributors. During Zaretskii's tenure as co-maintainer, the Emacs development community has implemented several important new features, including native compilation of the editor's Emacs Lisp backbone into machine code."
Zaretskii was honored with a recorded message from the original author/principal maintainer of GNU Emacs back in 1985, Richard Stallman:
"For many years, I was the principal maintainer of GNU Emacs, but then others came along to do the work, and I haven't been heavily involved in Emacs development for many, many years. Nowadays, our principal maintainer of Emacs is extremely diligent and conscientious and has brought about a renaissance in new features and new packages added to Emacs, and the result is very impressive. So I'm happy to give the Free Software Award to Eli Zaretskii, principal maintainer of GNU Emacs. Thank you for your work." Their award for Outstanding New Free Software Contributor went to Tad (SkewedZeppelin), the chief developer of DivestOS, a fork of Android which removes many proprietary binaries "and which puts freedom, security, and device longevity as its main concerns," according to the FSF's announcement. "Tad has also contributed to the Replicant distribution of Android, a project fiscally sponsored by the FSF."
In his recorded acceptance of the award, Zaretskii said, "The truth is my contribution to free software in general and to Emacs development in particular is quite modest, certainly compared to those who won this award before me.... And even my modest achievement as the Emacs developer and lately the co-maintainer would have been impossible without all the other contributors and the Emacs community as a whole. No significant free software project can be developed, maintained, and led forward without participation and support of its members. And Emacs is no exception."
And their award for Project of Social Benefit went to GNU Jami, a free software videoconferencing tool "that is fully decentralized and encrypted, allowing thousands around the world to communicate in both freedom and security. In contrast to proprietary conferencing programs like Zoom, which are nonfree software, Jami is an official GNU package licensed under the GNU GPLv3+."
TikTok Trackers Embedded in U.S. State-Government Websites, Review Finds
Toronto-based Feroot Security "found that so-called tracking pixels from the TikTok parent company were present in 30 U.S. state-government websites across 27 states," reports the Wall Street Journal, "including some where the app has been banned from state networks and devices." The review was performed in January and February.
The presence of that code means that U.S. state governments around the country are inadvertently participating in a data-collection effort for a foreign-owned company, one that senior Biden administration officials and lawmakers of both parties have said could be harmful to U.S. national security and the privacy of Americans.
Administrators who manage government websites use such pixels to help measure the effectiveness of advertising they have purchased on TikTok.... The presence of the TikTok tracking code on government websites underlines the challenge for those who deem the China-owned app a potential data-security threat. Lawmakers in both parties are considering a nationwide ban, but simply uprooting the app from U.S. smartphones wouldn't stop all data-tracking activities....
Feroot found that the average website it studied had more than 13 embedded pixels. Google's were far and away the most common, with 92% of websites examined having some sort of Google tracking pixel embedded. About 50% of the websites the firm examined had Microsoft Corp. or Facebook pixels. TikTok had a presence in less than 10% of sites examined.
Internet Archive Loses in Court. Judge Rules They Can't Scan and Lend eBooks
The Verge reports:
A federal judge has ruled against the Internet Archive in Hachette v. Internet Archive, a lawsuit brought against it by four book publishers, deciding that the website does not have the right to scan books and lend them out like a library. Judge John G. Koeltl decided that the Internet Archive had done nothing more than create "derivative works," and so would have needed authorization from the books' copyright holders — the publishers — before lending them out through its National Emergency Library program. The Internet Archive says it will appeal.
The decision was "a blow to all libraries and the communities we serve," argued Chris Freeland, the director of Open Libraries at the Internet Archive. In a blog post he argued the decision "impacts libraries across the U.S. who rely on controlled digital lending to connect their patrons with books online.
It hurts authors by saying that unfair licensing models are the only way their books can be read online. And it holds back access to information in the digital age, harming all readers, everywhere.
The Verge adds that the judge rejected "fair use" arguments which had previously protected a 2014 digital book preservation project by Google Books and HathiTrust:
Koetl wrote that any "alleged benefits" from the Internet Archive's library "cannot outweigh the market harm to the publishers," declaring that "there is nothing transformative about [Internet Archive's] copying and unauthorized lending," and that copying these books doesn't provide "criticism, commentary, or information about them." He notes that the Google Books use was found "transformative" because it created a searchable database instead of simply publishing copies of books on the internet. Thanks to long-time Slashdot reader esme for sharing the news.
Koetl also dismissed arguments that the Internet Archive might theoretically have helped publishers sell more copies of their books, saying there was no direct evidence, and that it was "irrelevant" that the Internet Archive had purchased its own copies of the books before making copies for its online audience. According to data obtained during the trial, the Internet Archive currently hosts around 70,000 e-book "borrows" a day.
OpenAI Admits ChatGPT Leaked Some Payment Data, Blames Open-Source Bug
OpenAI took ChatGPT offline earlier this week "due to a bug in an open-source library which allowed some users to see titles from another active user's chat history," according to an OpenAI blog post. "It's also possible that the first message of a newly-created conversation was visible in someone else's chat history if both users were active around the same time....
"Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window."
In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user's first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time. "The bug is now patched. We were able to restore both the ChatGPT service and, later, its chat history feature, with the exception of a few hours of history."
We believe the number of users whose data was actually revealed to someone else is extremely low. To access this information, a ChatGPT Plus subscriber would have needed to do one of the following:
- Open a subscription confirmation email sent on Monday, March 20, between 1 a.m. and 10 a.m. Pacific time. Due to the bug, some subscription confirmation emails generated during that window were sent to the wrong users. These emails contained the last four digits of another user's credit card number, but full credit card numbers did not appear. It's possible that a small number of subscription confirmation emails might have been incorrectly addressed prior to March 20, although we have not confirmed any instances of this.
- In ChatGPT, click on "My account," then "Manage my subscription" between 1 a.m. and 10 a.m. Pacific time on Monday, March 20. During this window, another active ChatGPT Plus user's first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date might have been visible. It's possible that this also could have occurred prior to March 20, although we have not confirmed any instances of this.
We have reached out to notify affected users that their payment information may have been exposed. We are confident that there is no ongoing risk to users' data. Everyone at OpenAI is committed to protecting our users' privacy and keeping their data safe. It's a responsibility we take incredibly seriously. Unfortunately, this week we fell short of that commitment, and of our users' expectations. We apologize again to our users and to the entire ChatGPT community and will work diligently to rebuild trust.
The bug was discovered in the Redis client open-source library, redis-py. As soon as we identified the bug, we reached out to the Redis maintainers with a patch to resolve the issue.
A Geometric Shape That Does Not Repeat Itself When Tiled
IHTFISP shares a report from Phys.Org:
A quartet of mathematicians from Yorkshire University, the University of Cambridge, the University of Waterloo and the University of Arkansas has discovered a 2D geometric shape that does not repeat itself when tiled. David Smith, Joseph Samuel Myers, Craig Kaplan and Chaim Goodman-Strauss have written a paper describing how they discovered the unique shape and possible uses for it. Their full paper is available on the arXiv preprint server. [...]
The shape has 13 sides and the team refers to it simply as "the hat." They found it by first paring down possibilities using a computer and then by studying the resulting smaller sets by hand. Once they had what they believed was a good possibility, they tested it using a combinatorial software program -- and followed that up by proving the shape was aperiodic using a geometric incommensurability argument. The researchers close by suggesting that the most likely application of the hat is in the arts.
Major Shake-Up Coming For Fermilab
An anonymous reader quotes a report from Science Magazine:
In an unusual move, the U.S. Department of Energy (DOE) has quietly begun a new competition for the contract to run the United States's sole dedicated particle physics laboratory. Announced in January, the rebid comes 1 year after Fermi National Accelerator Laboratory (Fermilab), which is managed in part by the University of Chicago (UChicago), failed an annual DOE performance review and 9 months after it named a new director. DOE would not comment, but observers say its frustrations include cost increases and delays in a gargantuan new neutrino experiment.
"I don't think it's surprising at all given the department's evaluation of [Fermilab's] performance," says James Decker, a physicist and consultant with Decker, Garman, Sullivan & Associates, LLC, who served as principal deputy director of DOE's Office of Science from 1973 to 2007. Although Fermilab passed its 2022 performance evaluation, the one for fiscal year 2021 was "one of the most scathing I have seen," Decker says.
DOE has already solicited letters of interest and will issue a request for formal proposals this summer. It intends to award the new contract by the end of the next fiscal year, 30 September 2024, and transfer control of the lab, which employs 2100 staff and has an annual budget of $614 million, on January 1, 2025. UChicago hopes to win the contract again, says Paul Alivisatos, president of the university, who is also chair of FRA's board of directors and a former director of DOE's Lawrence Berkeley National Laboratory. "We absolutely will be bidding to continue." [...] How many parties will bid on the contract remains unclear. Managing the lab requires very specific technical expertise but pays $5 million per year, at most. "I don't think that there are too many organizations that could really compete for this contract," Decker says. If just UChicago or URA bid on the new contract, they'll need a new partner, multiple observers say, perhaps one with expertise in huge construction projects. DOE is sure to insist that something changes.
Natural History Museums Join Forces To Produce Global Digital Inventory
Dozens of the world's largest natural history museums revealed on Thursday a survey of everything in their collections. The global inventory is made up of 1.1 billion objects that range from dinosaur skulls to pollen grains to mosquitoes. The New York Times reports:
The survey's organizers, who described the effort in the journal Science, said they hoped the survey would help museums join forces to answer pressing questions, such as how quickly species are becoming extinct and how climate change is altering the natural world. "It gives us intelligence now to start thinking about things that museums can do together that we wouldn't have conceived of before," said Kirk Johnson, the director of the Smithsonian National Museum of Natural History in Washington and one of the leaders of the project. "It's the argument for networking the global museum."
Scientists had created smaller inventory databases before. But the new effort, which included 73 museums in 28 countries, was unparalleled, experts said. The survey revealed important gaps in the world's collections. Relatively few objects come from the regions around the earth's poles, which are especially vulnerable to the impact of global warming, for example. Insects, the most diverse group of animal species, were also underrepresented.
"The analysis is at a global scale that no one else has managed," said Emily Meineke, an entomologist at the University of California, Davis, who was not involved in the survey. Dr. Meineke said that this survey of large institutions also laid the groundwork for surveys of smaller ones, which might hold even more surprises. "Once these methods are applied down the line to smaller collections, the results are likely to give us a truer picture of biodiversity globally," she said.
Starlink Rival OneWeb Poised for Global Coverage After Weekend Launch
British satellite company OneWeb is gearing up for the launch of its final batch of internet satellites, completing a constellation in low Earth orbit despite some hiccups along the way. Gizmodo reports:
India's heaviest launch vehicle LVM-3 will carry 36 OneWeb satellites, with liftoff slated for Sunday at 11:30 p.m. ET, according to OneWeb. The launch will take place at the Satish Dhawan Space Centre in Sriharikota, India, marking OneWeb's second deployment from India. You can watch the launch at the livestream [here].
OneWeb has been building an internet constellation in low Earth orbit since 2020, and it currently consists of 579 functioning satellites, according to statistics kept by Harvard-Smithsonian astrophysicist Jonathan McDowell. The addition of 36 new units will raise the population of the constellation to 615, completing the first orbital shell. The company had originally planned on building a 648-unit constellation, but it says this final launch will cap it off and allow for global coverage.
United Airlines Reveals First eVTOL Passenger Route Starting In 2025
An anonymous reader quotes a report from Ars Technica:
In 2025, United Airlines will fly an air taxi service between the downtown Vertiport Chicago and O'Hare International Airport, using electric vertical takeoff and landing aircraft it is purchasing from Archer Aviation. The Archer Midnight eVTOL aircraft will complete the route in about 10 minutes; according to local resident and Ars Managing Editor Eric Bangeman, that journey by car can take over an hour due to road construction. "Both Archer and United are committed to decarbonizing air travel and leveraging innovative technologies to deliver on the promise of the electrification of the aviation industry," said Michael Leskinen, president of United Airlines Ventures. "Once operational, we're excited to offer our customers a more sustainable, convenient, and cost-effective mode of transportation during their commutes to the airport."
If Chicago works out, United plans to add other airport-to-city "trunk routes," with "branch" routes between different communities coming later. The Archer Midnight has a range of 100 miles (160 km) and a top speed of 150 mph (241 km/h). If approved by the FAA, the Chicago air shuttle would be the first commercial eVTOL service to begin operating in North America. Asked about the cost, an Archer spokesperson told the Chicago Sun-Times that the company hopes to make the service competitive with Uber Black, so it will be roughly $100 for the trip.
Intel Co-Founder/Creator of 'Moore's Law' Gordon Moore Dies at Age 94
Intel announced Friday that Gordon Moore, Intel's co-founder, has died at the age of 94:
Moore and his longtime colleague Robert Noyce founded Intel in July 1968. Moore initially served as executive vice president until 1975, when he became president. In 1979, Moore was named chairman of the board and chief executive officer, posts he held until 1987, when he gave up the CEO position and continued as chairman. In 1997, Moore became chairman emeritus, stepping down in 2006.
During his lifetime, Moore also dedicated his focus and energy to philanthropy, particularly environmental conservation, science and patient care improvements. Along with his wife of 72 years, he established the Gordon and Betty Moore Foundation, which has donated more than $5.1 billion to charitable causes since its founding in 2000....
"Though he never aspired to be a household name, Gordon's vision and his life's work enabled the phenomenal innovation and technological developments that shape our everyday lives," said foundation president Harvey Fineberg. "Yet those historic achievements are only part of his legacy. His and Betty's generosity as philanthropists will shape the world for generations to come."
Pat Gelsinger, Intel CEO, said, "Gordon Moore defined the technology industry through his insight and vision. He was instrumental in revealing the power of transistors, and inspired technologists and entrepreneurs across the decades. We at Intel remain inspired by Moore's Law and intend to pursue it until the periodic table is exhausted...."
Prior to establishing Intel, Moore and Noyce participated in the founding of Fairchild Semiconductor, where they played central roles in the first commercial production of diffused silicon transistors and later the world's first commercially viable integrated circuits. The two had previously worked together under William Shockley, the co-inventor of the transistor and founder of Shockley Semiconductor, which was the first semiconductor company established in what would become Silicon Valley.
Huawei Claims To Have Built Its Own 14nm Chip Design Suite
Huawei has reportedly completed work on electronic design automation (EDA) tools for laying out and making chips down to 14nm process nodes. The Register reports:
Chinese media said the platform is one of 78 being developed by the telecoms equipment giant to replace American and European chip design toolkits that have become subject to export controls by the US and others. Huawei's EDA platform was reportedly revealed by rotating Chairman Xu Zhijun during a meeting in February, and later confirmed by media in China. [...] Huawei's focus on EDA software for 14nm and larger chips reflects the current state of China's semiconductor industry. State-backed foundry operator SMIC currently possesses the ability to produce 14nm chips at scale, although there have been some reports the company has had success developing a 7nm process node.
Today, the EDA market is largely controlled by three companies: California-based Synopsys and Cadence, as well as Germany's Siemens. According to the industry watchers at TrendForce, these three companies account for roughly 75 percent of the EDA market. And this poses a problem for Chinese chipmakers and foundries, which have steadily found themselves cut off from these tools. Synopsys and Cadence's EDA tech is already subject to several of these export controls, which were stiffened by the US Commerce Department last summer to include state-of-the-art gate-all-around (GAA) transistors. This January, the White House also reportedly stopped issuing export licenses to companies supplying the likes of Huawei.
This is particularly troublesome for Huawei, foundry operator SMIC, and memory vendor YMTC to name a few on the US Entity List, a roster of companies Uncle Sam would prefer you not to do business with. It leaves them unable to access recent and latest technologies, at the very least. So the development of a homegrown EDA platform for 14nm chips serves as insurance in case broader access to Western production platforms is cut off entirely.
Eat your own dogfood
Jassy, I believe you the second you sit down in the middle of that open floor plan.