Mike M. – Page 82

For the first time, ULA’s Vulcan rocket is fully stacked at Cape Canaveral

Space, united launch alliance, vulcan rocket / Mike M. / December 20, 2023

United Launch Alliance's first Vulcan rocket stands 202 feet (61.6 meters) tall with the addition of its payload fairing. — Enlarge / United Launch Alliance’s first Vulcan rocket stands 202 feet (61.6 meters) tall with the addition of its payload fairing.

United Launch Alliance’s first Vulcan rocket has been fully assembled at Cape Canaveral, Florida, in preparation for its inaugural flight next month.

Technicians hoisted the Vulcan rocket’s payload fairing, containing a commercial lunar lander from Astrobotic, on top of the launch vehicle Wednesday morning at ULA’s Vertical Integration Facility. This milestone followed the early morning transfer of the payload fairing from a nearby facility where Astrobotic’s lunar lander was fueled for its flight to the Moon.

ULA’s new rocket has rolled between its vertical hangar and the launch pad at Cape Canaveral Space Force Station several times for countdown rehearsals and fueling tests. But ULA only needed the Vulcan rocket’s first stage and upper stage to complete those tests. The addition of the payload shroud Wednesday marked the first time ULA has fully stacked a Vulcan rocket, standing some 202 feet (61.6 meters) tall, still surrounded by scaffolding and work platforms inside its assembly building.

This moves the launch company closer to the first flight of Vulcan, the vehicle slated to replace ULA’s Atlas V and Delta IV rockets. After some final checkouts and a holiday break, ground crews will transport the Vulcan rocket to its launch pad in preparation for liftoff at 2: 18 am ET (07: 18 UTC) on January 8.

The launch was previously scheduled for December 24, but ULA delayed the flight until the next launch window to resolve ground system issues uncovered during one of the recent Vulcan countdown rehearsals. Astrobotic’s first robotic lunar lander, named Peregrine Mission One, only has a few days per month when it can depart Earth and take a course toward the Moon. The launch and trajectory must be timed to allow the spacecraft to reach its landing site with the proper lighting conditions.

First full stack

United Launch Alliance, a 50-50 joint venture between Boeing and Lockheed Martin, has been under pressure from rival SpaceX for the last few years. While SpaceX has launched more than 90 times this year, ULA’s rockets have only flown three times as the company winds down its Atlas V and Delta IV programs.

One Delta IV-Heavy rocket remains in ULA’s inventory. It’s supposed to launch next year with a classified payload for the National Reconnaissance Office, the US government’s spy satellite agency. There are 17 Atlas V rockets left to fly.

With Vulcan, ULA is poised to ramp up its launch rate. Tory Bruno, the company’s chief executive, says ULA has sold 70 Vulcan launches—more than half to commercial customers and the rest to the US military. Amazon has booked 38 Vulcan missions to deploy satellites for its Project Kuiper broadband network. Vulcan will initially be fully expendable, but ULA plans to introduce engine recovery and reuse later this decade.

ULA’s goal is to launch an average of two Vulcan rockets per month by the end of 2025. This would be a remarkably fast launch cadence just two years after the first flight of Vulcan. For comparison, it took longer for the Atlas V rocket and SpaceX’s Falcon 9 to get to four flights.

Astrobotic's Peregrine lander was recently encapsulated inside the Vulcan rocket's payload fairing. — Enlarge / Astrobotic’s Peregrine lander was recently encapsulated inside the Vulcan rocket’s payload fairing.

The Vulcan rocket was originally slated to launch in 2019 but faced repeated delays, primarily due to late deliveries of rocket engines from Blue Origin, Jeff Bezos’ space company. ULA bypassed a launch opportunity in May after a Vulcan upper stage exploded during a ground test.

Unlike the debuts of most rockets, the Vulcan will launch with a functioning payload. Astrobotic’s uncrewed Peregrine Mission One will carry 20 payloads to the lunar surface, including five for NASA through the agency’s Commercial Lunar Payload Services (CLPS) program. This will be the first mission to launch under the CLPS initiative, which NASA set up in 2018 to purchase commercial transportation services to the Moon for scientific instruments and experiments.

For the first time, ULA’s Vulcan rocket is fully stacked at Cape Canaveral Read More »

7.1 million miles, 3 minor injuries: Waymo’s safety data looks good

Cars / Mike M. / December 20, 2023

Waymo on Wednesday released new crash data based on the company’s first 7.1 million miles of fully driverless operations in Arizona and California. The data show that human-driven cars are more than twice as likely to get into a crash that is reported to the police. And depending on how you do the math, human-driven cars are four to seven times more likely to get into crashes that lead to an injury.

Through October 2023, driverless Waymo vehicles have had only three crashes with injuries—two in the Phoenix area and one in San Francisco. Waymo says all three injuries were minor. If those same miles had been driven by typical human drivers in the same cities, we would have expected around 13 injury crashes.

The new data comes at a crucial time for the self-driving industry. In October, a woman was dragged about 20 feet underneath a vehicle by Waymo’s main rival, Cruise. Since then, Cruise has lost its CEO, laid off 24 percent of its workforce, and suspended driverless operations nationwide.

Cruise’s implosion has left Waymo as the undisputed leader in the driverless taxi market. But it has also heightened public skepticism about self-driving technology in general. So Waymo is going to have to work hard to convince the public that its technology not only has the potential to make the roads safer in the future, but is already doing so now.

The new data provides Waymo fresh ammunition to make that case. If Waymo can maintain its excellent safety record in the coming months and years, it will have a strong argument for continued expansion regardless of what happens in the rest of the industry.

7 million miles, 3 injuries

Since their inception, Waymo vehicles have driven 5.3 million driverless miles in Phoenix, 1.8 million driverless miles in San Francisco, and a few thousand driverless miles in Los Angeles through the end of October 2023. And during all those miles, there were three crashes serious enough to cause injuries:

In July, a Waymo in Tempe, Arizona, braked to avoid hitting a downed branch, leading to a three-car pileup. A Waymo passenger was not wearing a seatbelt (they were sitting on the buckled seatbelt instead) and sustained injuries that Waymo described as minor.
In August, a Waymo at an intersection “began to proceed forward” but then “slowed to a stop” and was hit from behind by an SUV. The SUV left the scene without exchanging information, and a Waymo passenger reported minor injuries.
In October, a Waymo vehicle in Chandler, Arizona, was traveling in the left lane when it detected another vehicle approaching from behind at high speed. The Waymo tried to accelerate to avoid a collision but got hit from behind. Again, there was an injury, but Waymo described it as minor.

The two Arizona injuries over 5.3 million miles works out to 0.38 injuries per million vehicle miles. One San Francisco injury over 1.75 million miles equals 0.57 injuries per million vehicle miles. An important question is whether that’s more or less than you’d expect from a human-driven vehicle.

After making certain adjustments—including the fact that driverless Waymo vehicles do not travel on freeways—Waymo calculates that comparable human drivers reported 1.29 injury crashes per million miles in Phoenix and 3.79 injury crashes per million miles in San Francisco. In other words, human drivers get into injury crashes three times as often as Waymo in the Phoenix area and six times as often in San Francisco.

Waymo argues that these figures actually understate the gap because human drivers don’t report all crashes. Independent studies have estimated that about a third of injury crashes go unreported. After adjusting for these and other reporting biases, Waymo estimates that human-driven vehicles actually get into five times as many injury crashes in Phoenix and nine times as many in San Francisco.

To help evaluate the study, I talked to David Zuby, the chief research officer at the Insurance Institute for Highway Safety. The IIHS is a well-respected non-profit that is funded by the insurance industry, which has a strong interest in promoting automotive safety.

While Zuby had some quibbles with some details of Waymo’s methodology, he was generally positive about the study. Zuby agrees with Waymo that human drivers underreport crashes relative to Waymo. But it’s hard to estimate this underreporting rate with any precision. Ultimately, Zuby believes that the true rate of crashes for human-driven vehicles lies somewhere between Waymo’s adjusted and unadjusted figures.

7.1 million miles, 3 minor injuries: Waymo’s safety data looks good Read More »

Lian Li has discovered a new frontier for LCD screens: $47 PC case fans

ars pc guide, Lian Li, pc building, Tech / Mike M. / December 20, 2023

i have a screen —

120 and 140 mm fans can add to the blinding glow of your gaming PC’s RGB setup.

Andrew Cunningham – Dec 20, 2023 9: 50 pm UTC

Enlarge / The UNI FAN TL LCD series puts screens where there were no screens before.

Lian Li

If you’re trying to add lights to a PC case, you have lots of options: LED strips, CPU coolers with lights, case fans with lights, keyboards and mice with lights, motherboards with lights, GPUs with lights, sticks of RAM with lights, even fake sticks of RAM that go into your RAM slots so that you don’t have un-RGB-ed spots in your setup.

But if all of that isn’t enough for you, and you need to take things one step further, Lian Li has a new product for you: case fans that include not just RGB LEDs with two different lighting zones, but 1.6-inch LCD screens that can be programmed to show your PC’s stats or small looping images and videos.

Fans in the UNI FAN TL LCD lineup are available in 120 mm and 140 mm sizes, with black and white color options. The versions with screens cost $47 for a 120 mm version and $52 for a 140 mm version, and TL fans without screens go for $33 and $36, respectively. The fans need to be connected to their own dedicated fan controller, which can drive up to seven of the LCD-equipped fans at a time. The screens can then be customized via proprietary software, as is unfortunately common for RGB lights and mini-screens.

One wrinkle for people who take pains to optimize their airflow: The LCD screens are only visible on one side of each fan. Normally, if you wanted to switch a fan from intake to exhaust—that is, blowing warm air out of the case instead of bringing cool air in—you could just flip it over. If you do that to a TL LCD fan, you’d be obscuring the screens. Lian Li sells dedicated “Reverse” versions of each fan that blow air the other way; Lian Li says that mounting the LCD fans the wrong way can damage the screens. The non-LCD versions can simply be flipped, like a regular case fan.

Other companies have played with the idea of putting LCD screens on internal components before—multiple companies manufacture all-in-one CPU watercoolers that integrate a customizable LCD screen on the water block that’s easily readable through an acrylic or glass side panel. You can also sometimes find air coolers with an LCD mounted on the heatsink somewhere. But Lian Li’s fans are, as far as we can tell, the first to mount LCD screens on the fans.

Do you actually need this many little screens all over your PC, showing your components’ internal temperatures and looping little snippets of video? No, of course not. But packing RGB lighting and other customizable components into your PC focuses more on what can be done than what should be done.

The UNI FAN TL LCDs can be pre-ordered in one– or three-packs starting today. The three-packs also include the fan controller, which is available for $25 extra.

Lian Li has discovered a new frontier for LCD screens: $47 PC case fans Read More »

Wireless TVs use built-in cameras, NFC readers to sell you stuff you see on TV

ads, Tech, TVs / Mike M. / December 20, 2023

webcam protruding out of the Displace TV — Enlarge / A closeup of the webcam on the Displace TV announced in January.

Dislace

It’s no secret that TV makers are seriously invested in pushing ads. Using TVs for advertising goes back to 1941 when the first TV commercial aired. But as we trudge our way through the 21st century, TV vendors are becoming more involved in ensuring that their hardware is used to sell stuff and add to their own recurring revenue.

This has taken various forms, but in some cases, we’re seeing increasingly invasive strategies for turning TVs into a primary place for shopping. The latest approach catching attention comes from the startup Displace. Its upcoming TVs will use integrated webcams and NFC payment readers to make it easy for people to buy stuff they see on TV.

Displace hasn’t officially released a product yet, so skepticism about the TVs it says it will demo at CES 2024 in Las Vegas next month, as spotted by sites like Wifi Hifi, is warranted. (Displace said it would have images of the newly announced TVs to share next year). The startup specializes in wireless TVs with hot-swappable batteries that can vacuum suction-mount to a wall and zip-line slowly off said wall when sensing an unstable connection or low battery. The original “Displace TV” that Displace announced in January is supposed to ship in mid-2024. Displace has been taking preorders for those.

The two new TVs Displace is adding to its 2024 release plans, the Displace Flex and Displace Mini, are all about making ~~watching TV~~ shopping better.

Stop & shop: TV edition

According to Displace’s announcement, the Displace Flex (a 55-inch 4K OLED TV) and Displace Mini (a 27-inch 4K OLED TV) will use proprietary gesture technology and each TV’s integrated 4K camera to tell when a user is raising their hand. It’s unclear how accurate that will be (could the shopping experience accidentally be activated if I raised my hand to tie my hair up, for example?), but at that point, the TV is supposed to pause the content being played. Then, it uses computer vision to “analyze the screen to find products available for sale. Once they see something they want to purchase, viewers drag and drop the product into the global Displace Shopping Cart,” the announcement says.

Displace Shopping will work at any moment the TV is on, and users can buy stuff they see in commercials by using the TVs.

Displace’s December 14 announcement said:

As soon as the viewer is ready to checkout, Displace Payments makes paying as easy as bringing a user’s smartphone or watch near the TV’s built-in NFC payment reader, a fully secure process that requires no credit card info. Viewers can also pay from within the Displace app.

If the TV can’t find a specific product for sale, it will “search for similar items” without user intervention, according to Displace. The TV will show products from any available online retailers, allowing users to select where they want to make their purchase.

Displace hasn’t provided full details about how it will make money off these transactions, but when reached for comment, founder and CEO Balaji Krishnan told Ars Technica that Displace has “different business models, and one of them is to take a transaction fee,” and that Displace will share more details “later.”

Displace also sees people using Displace Payments to pay for telehealth applications and equipped the Flex and Mini with thermal cameras.

Wireless TVs use built-in cameras, NFC readers to sell you stuff you see on TV Read More »

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on.

alphv, Biz & IT, fbi, ransomware, Security, tor / Mike M. / December 20, 2023

DUELING SEIZURES —

In a bizarre twist, both groups issue dueling notices to ransomware website.

Dan Goodin – Dec 20, 2023 9: 08 pm UTC

Enlarge / Shortly after the FBI posted a notice saying it had seized the dark-web site of AlphV, the ransomware group posted this notice claiming otherwise.

The FBI spent much of Tuesday locked in an online tug-of-war with one of the Internet’s most aggressive ransomware groups after taking control of infrastructure the group has used to generate more than $300 million in illicit payments to date.

Early Tuesday morning, the dark-web site belonging to AlphV, a ransomware group that also goes by the name BlackCat, suddenly started displaying a banner that said it had been seized by the FBI as part of a coordinated law enforcement action. Gone was all the content AlphV had posted to the site previously.

Around the same time, the Justice Department said it had disrupted AlphV’s operations by releasing a software tool that would allow roughly 500 AlphV victims to restore their systems and data. In all, Justice Department officials said, AlphV had extorted roughly $300 million from 1,000 victims.

An affidavit unsealed in a Florida federal court, meanwhile, revealed that the disruption involved FBI agents obtaining 946 private keys used to host victim communication sites. The legal document said the keys were obtained with the help of a confidential human source who had “responded to an advertisement posted to a publicly accessible online forum soliciting applicants for Blackcat affiliate positions.”

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” Deputy Attorney General Lisa O. Monaco said in Tuesday’s announcement. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Within hours, the FBI seizure notice displayed on the AlphV dark-web site was gone. In its place was a new notice proclaiming: “This website has been unseized.” The new notice, written by AlphV officials, downplayed the significance of the FBI’s action. While not disputing the decryptor tool worked for 400 victims, AlphV officials said that the disruption would prevent data belonging to another 3,000 victims from being decrypted.

“Now because of them, more than 3,000 companies will never receive their keys.”

As the hours went on, the FBI and AlphV sparred over control of the dark-web site, with each replacing the notices of the other.

One researcher described the ongoing struggle as a “tug of Tor,” a reference to Tor, the network of servers that allows people to browse and publish websites anonymously. Like most ransomware groups, AlphV hosts its sites over Tor. Not only does this arrangement prevent law enforcement investigators from identifying group members, it also hampers investigators from obtaining court orders compelling the web host to turn over control of the site.

The only way to control a Tor address is with possession of a dedicated private encryption key. Once the FBI obtained it, investigators were able to publish Tuesday’s seizure notice to it. Since AlphV also maintained possession of the key, group members were similarly free to post their own content. Since Tor makes it impossible to change the private key corresponding to an address, neither side has been able to lock the other out.

With each side essentially deadlocked, AlphV has resorted to removing some of the restrictions it previously placed on affiliates. Under the common ransomware-as-a-service model, affiliates are the ones who actually hack victims. When successful, the affiliates use the AlphV ransomware and infrastructure to encrypt data and then negotiate and facilitate a payment by bitcoin or another cryptocurrency.

Up to now, AlphV placed rules on affiliates forbidding them from targeting hospitals and critical infrastructure. Now, those rules no longer apply unless the victim is located in the Commonwealth of Independent States—a list of countries that were once part of the former Soviet Union.

“Because of their actions, we are introducing new rules, or rather, we are removing ALL rules except one, you cannot touch the CIS, you can now block hospitals, nuclear power plants, anything, anywhere,” the AlphV notice said. The notice said that AlphV was also allowing affiliates to retain 90 percent of any ransom payments they get, and that ‘VIP’ affiliates would receive a private program on separate isolated data centers. The move is likely an attempt to stanch the possible defection by affiliates spooked by the FBI’s access to the AlphV infrastructure.

The back and forth has prompted some to say that the disruption failed, since AlphV retains control of its site and continues to possess the data it stole from victims. In a discussion on social media with one such critic, ransomware expert Allan Liska pushed back.

“The server and all of its data is still in possession of FBI—and ALPHV ain’t getting none of that back,” Liska, a threat researcher at security firm Recorded Future, wrote.

Enlarge / Social media post by Liska arguing the FBI maintains access to AlphV infrastructure.

“But, hey you are correct and I am 100% wrong. I encourage you, and all ransomware groups to sign up to be an ALPHV affiliate now, it is definitely safe. Do it, Chicken!”

AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. Read More »

SpaceX completes static fire test in push toward third Starship launch

Science, Space, spacex, starship / Mike M. / December 20, 2023

IFT-3 goes whee? —

The rocket and test equipment looked undamaged after the test.

Eric Berger – Dec 20, 2023 8: 44 pm UTC

Ship 28 is seen after being moved to SpaceX's launch site in South Texas. — Enlarge / Ship 28 is seen after being moved to SpaceX’s launch site in South Texas.

SpaceX

Just one month after the second flight of its massive Starship rocket, SpaceX is making progress toward a third attempt.

On Wednesday, at 1: 37 pm local time in South Texas, the company performed a static fire test of the next Starship—which bears the serial number Ship 28. The test of the rocket’s six engines appeared to be nominal as the Raptors ignited for a handful of seconds. The rocket and ground support equipment looked undamaged after the test.

Also this week SpaceX rolled the booster to be used for the next attempt—Booster 10—to the launch site at its Starbase facility in South Texas. The vehicle has since been lifted onto the orbital launch mount. Presumably this rocket, too, will undergo a static fire test in the coming days.

After these tests are complete the Starship upper stage is likely to be stacked on top of the booster to complete the launch vehicle. At this point it seems likely that the hardware for “Integrated Flight Test 3” would be substantially ready to launch.

With this third flight, SpaceX will seek to fly further into a profile that will see Starship ultimately make a controlled landing into the ocean north of Kauai, Hawaii. SpaceX may also perform an in-space propellant transfer test, but this has not been confirmed.

Starship’s second launch attempt, on November 18, was notably more successful than the first attempt in April 2023. The second flight test demonstrated substantial improvements in engine reliability and provided valuable data about a challenging “hot staging” maneuver to separate the Super Heavy booster from the Starship upper stage.

Another test flight soon?

Recently Kathy Lueders, SpaceX’s general manager for the Starbase launch site near Brownsville, said the company will target the first quarter of next year for this third test flight. “It would be great if we were in the first quarter, definitely,” she said. “Elon [Musk] obviously would probably say the end of December, but I don’t think we’ll get there.”

Since the second test flight occurred, neither the company nor SpaceX founder Elon Musk has provided a technical update on what ultimately went wrong with the Starship upper stage, which failed a few minutes into its flight, or why the booster was ultimately lost after it separated from the Starship vehicle.

Enlarge / Booster 10, with a few holiday decorations, is rolled to the launch site in South Texas.

SpaceX

However, far fewer modifications have been made to the rocket hardware or the launch site ahead of this third attempt, suggesting that at least some of the problems may have been flight software-related.

SpaceX has yet to receive regulatory approval for a third launch of Starship. The Federal Aviation Administration characterized the second attempt in November as a “mishap,” while acknowledging that no injuries or public property damage were reported.

After the anomaly, the agency said, via the social media site X, that “the FAA will oversee the @SpaceX-led mishap investigation to ensure SpaceX complies with its FAA-approved mishap investigation plan and other regulatory requirements.” The FAA has provided no additional information in the month since then.

SpaceX completes static fire test in push toward third Starship launch Read More »

Child sex abuse images found in dataset training image generators, report says

AI, Policy / Mike M. / December 20, 2023

More than 1,000 known child sexual abuse materials (CSAM) were found in a large open dataset—known as LAION-5B—that was used to train popular text-to-image generators such as Stable Diffusion, Stanford Internet Observatory (SIO) researcher David Thiel revealed on Wednesday.

SIO’s report seems to confirm rumors swirling on the Internet since 2022 that LAION-5B included illegal images, Bloomberg reported. In an email to Ars, Thiel warned that “the inclusion of child abuse material in AI model training data teaches tools to associate children in illicit sexual activity and uses known child abuse images to generate new, potentially realistic child abuse content.”

Thiel began his research in September after discovering in June that AI image generators were being used to create thousands of fake but realistic AI child sex images rapidly spreading on the dark web. His goal was to find out what role CSAM may play in the training process of AI models powering the image generators spouting this illicit content.

“Our new investigation reveals that these models are trained directly on CSAM present in a public dataset of billions of images, known as LAION-5B,” Thiel’s report said. “The dataset included known CSAM scraped from a wide array of sources, including mainstream social media websites”—like Reddit, X, WordPress, and Blogspot—as well as “popular adult video sites”—like XHamster and XVideos.

Shortly after Thiel’s report was published, a spokesperson for LAION, the Germany-based nonprofit that produced the dataset, told Bloomberg that LAION “was temporarily removing LAION datasets from the Internet” due to LAION’s “zero tolerance policy” for illegal content. The datasets will be republished once LAION ensures “they are safe,” the spokesperson said. A spokesperson for Hugging Face, which hosts a link to a LAION dataset that’s currently unavailable, confirmed to Ars that the dataset is now unavailable to the public after being switched to private by the uploader.

Removing the datasets now doesn’t fix any lingering issues with previously downloaded datasets or previously trained models, though, like Stable Diffusion 1.5. Thiel’s report said that Stability AI’s subsequent versions of Stable Diffusion—2.0 and 2.1—filtered out some or most of the content deemed “unsafe,” “making it difficult to generate explicit content.” But because users were dissatisfied by these later, more filtered versions, Stable Diffusion 1.5 remains “the most popular model for generating explicit imagery,” Thiel’s report said.

A spokesperson for Stability AI told Ars that Stability AI is “committed to preventing the misuse of AI and prohibit the use of our image models and services for unlawful activity, including attempts to edit or create CSAM.” The spokesperson pointed out that SIO’s report “focuses on the LAION-5B dataset as a whole,” whereas “Stability AI models were trained on a filtered subset of that dataset” and were “subsequently fine-tuned” to “mitigate residual behaviors.” The implication seems to be that Stability AI’s filtered dataset is not as problematic as the larger dataset.

Stability AI’s spokesperson also noted that Stable Diffusion 1.5 “was released by Runway ML, not Stability AI.” There seems to be some confusion on that point, though, as a Runway ML spokesperson told Ars that Stable Diffusion “was released in collaboration with Stability AI.”

A demo of Stable Diffusion 1.5 noted that the model was “supported by Stability AI” but released by CompVis and Runway. While a YCombinator thread linking to a blog—titled “Why we chose not to release Stable Diffusion 1.5 as quickly”—from Stability AI’s former chief information officer, Daniel Jeffries, may have provided some clarity on this, it has since been deleted.

Runway ML’s spokesperson declined to comment on any updates being considered for Stable Diffusion 1.5 but linked Ars to a Stability AI blog from August 2022 that said, “Stability AI co-released Stable Diffusion alongside talented researchers from” Runway ML.

Stability AI’s spokesperson said that Stability AI does not host Stable Diffusion 1.5 but has taken other steps to reduce harmful outputs. Those include only hosting “versions of Stable Diffusion that include filters” that “remove unsafe content” and “prevent the model from generating unsafe content.”

“Additionally, we have implemented filters to intercept unsafe prompts or unsafe outputs when users interact with models on our platform,” Stability AI’s spokesperson said. “We have also invested in content labelling features to help identify images generated on our platform. These layers of mitigation make it harder for bad actors to misuse AI.”

Beyond verifying 1,008 instances of CSAM in the LAION-5B dataset, SIO found 3,226 instances of suspected CSAM in the LAION dataset. Thiel’s report warned that both figures are “inherently a significant undercount” due to researchers’ limited ability to detect and flag all the CSAM in the datasets. His report also predicted that “the repercussions of Stable Diffusion 1.5’s training process will be with us for some time to come.”

“The most obvious solution is for the bulk of those in possession of LAION‐5B‐derived training sets to delete them or work with intermediaries to clean the material,” SIO’s report said. “Models based on Stable Diffusion 1.5 that have not had safety measures applied to them should be deprecated and distribution ceased where feasible.”

Child sex abuse images found in dataset training image generators, report says Read More »

Reminder: Donate to win swag in our annual Charity Drive sweepstakes

charity, gaming / Mike M. / December 20, 2023

Have you given yet? —

Add to a charity haul that has already raised over $19,000.

Kyle Orland – Dec 20, 2023 8: 08 pm UTC

If you’ve been too busy reading about major game publisher leaks to take part in this year’s Ars Technica Charity Drive sweepstakes, don’t worry. You still have time to donate to a good cause and get a chance to win your share of over $2,500 worth of swag (no purchase necessary to win).

So far, over 220 readers have contributed more than $19,000 to either the Electronic Frontier Foundation or Child’s Play as part of the charity drive (EFF is still leading in the donation totals by nearly $6,000). That’s a long way from 2020’s record haul of over $58,000, but there’s still plenty of time until the Charity Drive wraps up on Tuesday, January 2, 2024.

That doesn’t mean you should put your donation off, though. Do yourself and the charities involved a favor and give now while you’re thinking about it.

See below for instructions on how to enter and check out the Charity Drive kickoff post for a complete list of the available prizes.

How it works

Donating is easy. Simply donate to Child’s Play using PayPal or donate to the EFF using PayPal, credit card, or bitcoin. You can also support Child’s Play directly by picking an item from the Amazon wish list of a specific hospital on its donation page. Donate as much or as little as you feel comfortable with—every little bit helps.

Once that’s done, it’s time to register your entry in our sweepstakes. Just grab a digital copy of your receipt (a forwarded email, a screenshot, or simply a cut-and-paste of the text) and send it to ArsCharityDrive@gmail.com with your name, postal address, daytime telephone number, and email address by 11: 59 pm ET Tuesday, January 2, 2024. (One entry per person, and each person can only win up to one prize. US residents only. NO PURCHASE NECESSARY. See Official Rules for more information, including how to enter without donating. Also, refer to the Ars Technica privacy policy at https://www.condenast.com/privacy-policy.)

We’ll then contact the winners and have them choose their prize by January 31, 2024. Choosing takes place in the order the winners are drawn. Good luck!

Listing image by CanStockPhoto

Reminder: Donate to win swag in our annual Charity Drive sweepstakes Read More »

Contact-tracing software could accurately gauge COVID-19 risk

Biology, COVID-19, epidemiology, infectious diseases, SARS-CoV-2, Science / Mike M. / December 20, 2023

As it turns out, epidemiology works —

Time spent with infected individuals is a key determinant of risk.

Diana Gitig – Dec 20, 2023 7: 29 pm UTC

A woman wearing a face mask and checking her phone.

It’s summer 2021. You rent a house in the countryside with a bunch of friends for someone’s birthday. The weather’s gorgeous that weekend, so mostly you’re all outside—pool, firepit, hammock, etc.—but you do all sleep in the same house. And then on Tuesday, you get an alert on your phone that you’ve been exposed to SARS-CoV-2, the virus that causes COVID-19. How likely are you to now have it?

To answer that question, a group of statisticians, data scientists, computer scientists, and epidemiologists in the UK analyzed 7 million people who were notified that they were exposed to COVID-19 by the NHS COVID-19 app in England and Wales between April 2021 and February 2022. They wanted to know if—and how—these app notifications correlated to actual disease transmission. Analyses like this can help ensure that an app designed for the next pathogen could retain efficacy while minimizing social and economic burdens. And it can tell us more about the dynamics of SARS-CoV-2 transmission.

Over 20 million quarantine requests

The NHS COVID-19 app was active on 13 to 18 million smartphones per day in 2021. It used Bluetooth signals to estimate the proximity between those smartphones while maintaining privacy and then alerted people who spent 15 minutes or more at a distance of 2 meters or less from a confirmed case. This led to over 20 million such alerts, each of which came with a request to quarantine—quite a burden.

The researchers found that the app did, in fact, accurately translate the duration and proximity of a COVID-19 exposure to a relevant epidemiological risk score. The app assessed a contact’s risk by multiplying the length of contact, the proximity of contact, and the infectiousness of the index case as determined by how long it had been since the index case started showing symptoms or tested positive.

There was an increasing probability of reported infection as the app’s risk score increased: more contacts whom the app deemed were at a high transmission risk did go on to test positive for COVID-19 within the following two weeks than those who were notified but had lower risk levels. (That’s positive tests that were reported by using the app. Some of the high-risk people probably did not test at all, did not report their test results, or did not report them within the allotted time. So this is an underestimation of the correlation between notification of risk and infection.)

More exposure = higher risk

When the researchers separated the factors contributing to the risk of an exposure, they found that duration was the most important indicator. Household exposures accounted for 6 percent of all contacts but 41 percent of transmissions.

One caveat: The app didn’t record any contextual variables that are known to impact transmission risk, like if people live in an urban or rural area, was the meeting indoors or outdoors, was it during the week or over the weekend, was anyone vaccinated, etc. Including such data could make risk assessment more accurate.

Based on their work, the researchers suggest that an “Amber Alert” stage could have been introduced to the app, in which people deemed to have an interim degree of risk would be guided to get a PCR test rather than immediately jumping to quarantine. Including this intermediate Amber Alert population could have significantly reduced the socioeconomic costs of contact tracing while retaining its epidemiological impact or could have increased its effectiveness for a similar cost. Performing analyses like this early on in the next pandemic to determine how it is transmitted might minimize illness and strain on society.

Nature, 2023. DOI: 10.1038/s41586-023-06952-2

Contact-tracing software could accurately gauge COVID-19 risk Read More »

ULA chief says Vulcan rocket will slip to 2024 after ground system issues

rockets, Science, Space, ula, Uncategorized, vulcan / Mike M. / December 10, 2023

ULA delay —

The Colorado-based launch company will end 2023 with just three launches.

Eric Berger – Dec 10, 2023 7: 24 pm UTC

ULA's Vulcan rocket rolls to the launch pad for testing. — Enlarge / ULA’s Vulcan rocket rolls to the launch pad for testing.

United Launch Alliance

United Launch Alliance will not see the debut of its next-generation Vulcan rocket in 2023, as previously planned.

The launch company’s chief executive, Tory Bruno, announced the delay on the social media site X on Sunday. United Launch Alliance had been working toward a debut flight of the lift booster on Christmas Eve, from Cape Canaveral Space Force Station in Florida.

Bruno made the announcement after the company attempted to complete a fueling test of the entire rocket, known as a wet dress rehearsal.

“Vehicle performed well,” Bruno wrote. “Ground system had a couple of (routine) issues, (being corrected). Ran the timeline long so we didn’t quite finish. I’d like a FULL WDR before our first flight, so XMAS eve is likely out. Next Peregrine window is 8 Jan.”

Peregrine is the rocket’s primary payload, a lunar lander built by Astrobotic that is intended to deliver scientific experiments for NASA and other payloads the Moon. It has specific launch windows in order to reach the Moon and attempt a landing during ideal lighting conditions.

From the information contained in Bruno’s comment, it appears as though the work to correct the ground systems to fuel Vulcan—the first stage propellant is methane, which United Launch Alliance has not worked with before—will take long enough that it will preclude another fueling test ahead of the rocket’s late December launch window. Thus, the next launch attempt will likely occur no earlier than January 8.

A light cadence

It has been a slow year for United Launch Alliance, which dominated the US launch industry a decade ago. The company is going to launch just three rockets this calendar year: the classified NROL-68 mission on a Delta IV Heavy rocket in June, the “Silentbarker” mission for the National Reconnaissance Office on an Atlas V in September, and two Project Kuiper satellites for Amazon on an Atlas V in October.

That is the company’s lowest total number of launches since its founding in 2006, when the rocket businesses of Lockheed Martin and Boeing were merged.

Part of the reason for the low total is that United Launch Alliance is undergoing a transition from its historical fleet of Delta and Atlas rockets to Vulcan, which is intended to be more price competitive with other commercial offerings, such as SpaceX’s Falcon 9 and Falcon Heavy rockets. There will be a lot of demand for Vulcan once it starts flying regulary.

However, another factor is that the lower cost and equally reliable Falcon rockets have taken commercial and government launch business away from United Launch Alliance. SpaceX has steadily ascended over the last decade as United Launch Alliance has struggled to compete.

Whereas Bruno’s company launched just three rockets in 2023, on a handful of occasions SpaceX has launched three rockets in three days during this calendar year. SpaceX is likely to end the year with between 95 and 100 total launches.

ULA chief says Vulcan rocket will slip to 2024 after ground system issues Read More »

Why scientists are making transparent wood

Science, syndication, transparent displays / Mike M. / December 10, 2023

a potential sustainable material —

The material is being exploited for smartphone screens, insulated windows, and more.

Jude Coleman, Knowable Magazine – Dec 10, 2023 12: 15 pm UTC

a transparent piece of wood on top of a green leaf — Enlarge / See-through wood has a number of interesting properties that researchers hope to exploit.

Thirty years ago, a botanist in Germany had a simple wish: to see the inner workings of woody plants without dissecting them. By bleaching away the pigments in plant cells, Siegfried Fink managed to create transparent wood, and he published his technique in a niche wood technology journal. The 1992 paper remained the last word on see-through wood for more than a decade, until a researcher named Lars Berglund stumbled across it.

Berglund was inspired by Fink’s discovery, but not for botanical reasons. The materials scientist, who works at KTH Royal Institute of Technology in Sweden, specializes in polymer composites and was interested in creating a more robust alternative to transparent plastic. And he wasn’t the only one interested in wood’s virtues. Across the ocean, researchers at the University of Maryland were busy on a related goal: harnessing the strength of wood for nontraditional purposes.

Now, after years of experiments, the research of these groups is starting to bear fruit. Transparent wood could soon find uses in super-strong screens for smartphones; in soft, glowing light fixtures; and even as structural features, such as color-changing windows.

“I truly believe this material has a promising future,” says Qiliang Fu, a wood nanotechnologist at Nanjing Forestry University in China who worked in Berglund’s lab as a graduate student.

Wood is made up of countless little vertical channels, like a tight bundle of straws bound together with glue. These tube-shaped cells transport water and nutrients throughout a tree, and when the tree is harvested and the moisture evaporates, pockets of air are left behind. To create see-through wood, scientists first need to modify or get rid of the glue, called lignin, that holds the cell bundles together and provides trunks and branches with most of their earthy brown hues. After bleaching lignin’s color away or otherwise removing it, a milky-white skeleton of hollow cells remains.

This skeleton is still opaque, because the cell walls bend light to a different degree than the air in the cell pockets does—a value called a refractive index. Filling the air pockets with a substance like epoxy resin that bends light to a similar degree to the cell walls renders the wood transparent.

The material the scientists worked with is thin—typically less than a millimeter to around a centimeter thick. But the cells create a sturdy honeycomb structure, and the tiny wood fibers are stronger than the best carbon fibers, says materials scientist Liangbing Hu, who leads the research group working on transparent wood at the University of Maryland in College Park. And with the resin added, transparent wood outperforms plastic and glass: In tests measuring how easily materials fracture or break under pressure, transparent wood came out around three times stronger than transparent plastics like Plexiglass and about 10 times tougher than glass.

“The results are amazing, that a piece of wood can be as strong as glass,” says Hu, who highlighted the features of transparent wood in the 2023 Annual Review of Materials Research.

The process also works with thicker wood but the view through that substance is hazier because it scatters more light. In their original studies from 2016, Hu and Berglund both found that millimeter-thin sheets of the resin-filled wood skeletons let through 80 to 90 percent of light. As the thickness gets closer to a centimeter, light transmittance drops: Berglund’s group reported that 3.7-millimeter-thick wood—roughly two pennies thick—transmitted only 40 percent of light.

The slim profile and strength of the material means it could be a great alternative to products made from thin, easily shattered cuts of plastic or glass, such as display screens. The French company Woodoo, for example, uses a similar lignin-removing process in its wood screens, but leaves a bit of lignin to create a different color aesthetic. The company is tailoring its recyclable, touch-sensitive digital displays for products, including car dashboards and advertising billboards.

But most research has centered on transparent wood as an architectural feature, with windows a particularly promising use, says Prodyut Dhar, a biochemical engineer at the Indian Institute of Technology Varanasi. Transparent wood is a far better insulator than glass, so it could help buildings retain heat or keep it out. Hu and colleagues have also used polyvinyl alcohol, or PVA—a polymer used in glue and food packaging—to infiltrate the wood skeletons, making transparent wood that conducts heat at a rate five times lower than that of glass, the team reported in 2019 in Advanced Functional Materials.

Why scientists are making transparent wood Read More »

Stealthy Linux rootkit found in the wild after going undetected for 2 years

backdoor, Biz & IT, Linux, malware, rootkits, Security / Mike M. / December 10, 2023

Trojan horse on top of blocks of hexadecimal programming codes. Illustration of the concept of online hacking, computer spyware, malware and ransomware.

Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday.

Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a nocturnal spirit depicted in Southeast Asian folklore “floating in mid-air, with no torso, just her intestines hanging from below her chin.” The researchers chose the name because evidence to date shows it almost exclusively targets victims in Thailand and “poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network.

According to the researchers:

Krasue is a Linux Remote Access Trojan that has been active since 20 and predominantly targets organizations in Thailand.

Group-IB can confirm that telecommunications companies were targeted by Krasue.

The malware contains several embedded rootkits to support different Linux kernel versions.

Krasue’s rootkit is drawn from public sources (3 open-source Linux Kernel Module rootkits), as is the case with many Linux rootkits.

The rootkit can hook the `kill()` syscall, network-related functions, and file listing operations in order to hide its activities and evade detection.

Notably, Krasue uses RTSP (Real-Time Streaming Protocol) messages to serve as a disguised “alive ping,” a tactic rarely seen in the wild.

This Linux malware, Group-IB researchers presume, is deployed during the later stages of an attack chain in order to maintain access to a victim host.

Krasue is likely to either be deployed as part of a botnet or sold by initial access brokers to other cybercriminals.

Group-IB researchers believe that Krasue was created by the same author as the XorDdos Linux Trojan, documented by Microsoft in a March 2022 blog post, or someone who had access to the latter’s source code.

During the initialization phase, the rootkit conceals its own presence. It then proceeds to hook the `kill()` syscall, network-related functions, and file listing operations, thereby obscuring its activities and evading detection.

The researchers have so far been unable to determine precisely how Krasue gets installed. Possible infection vectors include through vulnerability exploitation, credential-stealing or -guessing attacks, or by unwittingly being installed as trojan stashed in an installation file or update masquerading as legitimate software.

The three open source rootkit packages incorporated into Krasue are:

Enlarge / An image showing salient research points of Krasue.

Group-IB

Rootkits are a type of malware that hides directories, files, processes, and other evidence of its presence to the operating system it’s installed on. By hooking legitimate Linux processes, the malware is able to suspend them at select points and interject functions that conceal its presence. Specifically, it hides files and directories beginning with the names “auwd” and “vmware_helper” from directory listings and hides ports 52695 and 52699, where communications to attacker-controlled servers occur. Intercepting the kill() syscall also allows the trojan to survive Linux commands attempting to abort the program and shut it down.

Stealthy Linux rootkit found in the wild after going undetected for 2 years Read More »

Author name: Mike M.