Cloudflare blocking Pale Moon and other alternative browser engines

Aside from reporting it on Cloudflare’s forum, there appears to be little users can do, and the company doesn’t seem to be paying attention.

Cloudflare is one of the giants of content distribution network. As well as providing fast local caches of busy websites, it also attempts to block bot networks and DDoS attacks by detecting and blocking suspicious activity. Among other things, being “suspicious” includes machines that are part of botnets and are running scripts. One way to identify this is by looking at the browser agent and, if it’s not from a known browser, blocking it. This is a problem if the list of legitimate browsers is especially short and only includes recent versions of big names such as Chrome (and its many derivatives) and Firefox.

The problem isn’t new, and whatever fixes or updates occasionally resolve it, the relief is only temporary and it keeps recurring. We’ve found reports of Cloudflare site-blocking difficulties dating back to 2015 and continuing through 2022.

In the last year, The Register has received reports of Cloudflare blocking readers in March, again in July 2024, and earlier this year in January.

Users of recent versions of Pale Moon, Falkon, and SeaMonkey are all affected. Indeed, the Pale Moon release notes for the most recent couple of versions mention that they’re attempts to bypass this specific issue, which often manifests as the browser getting trapped in an infinite loop and either becoming unresponsive or crashing. Some users of Firefox 115 ESR have had problems, too. Since this is the latest release in that family for macOS 10.13 and Windows 7, it poses a significant issue. Websites affected include science.org, steamdb.info, convertapi.com, and – ironically enough – community.cloudflare.com.

According to some in the Hacker News discussion of the problem, something else that can count as suspicious – other than using niche browsers or OSes – is something as simple as asking for a URL unaccompanied by any referrer IDs. To us, that sounds like a user with good security measures that block tracking, but it seems that, to the CDN merchant, this looks like an alert to an action that isn’t operated by a human.

Making matters worse, Cloudflare tech support is aimed at its corporate customers, and there seems to be no direct way for non-paying users to report issues other than the community forums. The number of repeated posts suggests to us that the company isn’t monitoring these for reports of problems.

[…]

Source: Cloudflare blocking Pale Moon and other browsers • The Register

Microsoft Exchange Admin Center goes down for EU users

Microsoft’s Exchange Administration Center (EAC) has fallen over and appears to be struggling to get up.

The issue affects users trying to access EAC to administer Exchange Online for their users. Users began expressing frustration about the service being down just before lunchtime in the UK. The issue appears widespread in Europe, with users from countries such as Germany, Poland, and Belgium reporting problems.

Canada and the US appear fine, hinting that the issue might be location-based. The Register asked Microsoft for more details, but the company has not responded.

The EAC manages mailboxes, administers groups, and migrates data, among other functions. A lot of its functionality is also accessible via PowerShell, which currently seems to be working fine. However, the company has not commented on the issue or when it will be resolved.

Microsoft is very keen for customers to migrate from on-premises versions of Exchange to the company’s cloud, although one observer on social media remarked: “The amount of downtime they are facing is getting to a point where you can’t even argue ‘Cloud has better availability.'”

Quite. The long-held assertion that the cloud is a cheaper, more reliable option than an on-premises rack of servers has been ringing increasingly hollow in recent times. Microsoft suffered an Outlook outage over the weekend, and some Microsoft 365 users experienced downtime on Monday.

[…]

Source: Microsoft Exchange Admin Center takes siesta for EU users • The Register

How to stop Android from scanning your phone pictures for content and interpreting them

process called Android System SafetyCore – which arrived in a recent update for devices running Android 9 and later. It scans a user’s photo library for explicit images and displays content warnings before viewing them. Google says “the classification of content runs exclusively on your device and the results aren’t shared with Google.”

Naturally, it will also bring similar tech to Google Messages down the line to prevent certain unsolicited images from affecting a receiver.

Google started installing SafetyCore on user devices in November 2024, and there’s no way of opting out or managing the installation. One day, it’s just there.

Users have vented their frustrations about SafetyCore ever since and despite being able to uninstall and opt out of image scanning, the consent-less approach that runs throughout Android nevertheless left some users upset. It can be uninstalled on Android forks like Xiaomi’s MIUI using Settings>Apps>Android System SafetyCore>Uninstall or on Android using Apps/Apps & Notifications>Show System Apps>Show system apps>Locate SafetyCore>Uninstall or Disable. Reviewers report that in some cases the uninstall option is grayed out, and it can only be disabled, while others complain that it reinstalls on the next update.

The app’s Google Play page is littered with negative reviews, many of which cite its installation without consent.

“In short, it is spyware. We were not informed. It feels like the right to privacy is secondary to Google’s corporate interests,” one reviewer wrote.

Source: Google’s ‘consent-less’ Android tracking probed by academics • The Register

Android tracks you before you start an app – no consent required. Also, it scans your photos.

Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app.

Doug Leith, professor and chair of computer systems at Trinity College Dublin, who carried out the research, claims in his write up that no consent is sought for the various identifiers and there is no way of opting out from having them run.

He found various mechanisms operating on the Android system which were then relaying the data back to Google via pre-installed apps such as Google Play Services and the Google Play store, all without users ever opening a Google app.

One of these is the “DSID” cookie, which Google explains in its documentation is used to identify a “signed in user on non-Google websites so that the user’s preference for personalized advertising is respected accordingly.” The “DSID” cookie lasts for two weeks.

Speaking about Google’s description in its documentation, Leith’s research states the explanation was still “rather vague and not as helpful as it might be,” and the main issue is that there’s no consent sought from Google before dropping the cookie and there’s no opt-out feature either.

Leith says the DSID advertising cookie is created shortly after the user logs into their Google account – part of the Android startup process – with a tracking file linked to that account placed into the Google Play Service’s app data folder.

This DSID cookie is “almost certainly” the primary method Google uses to link analytics and advertising events, such as ad clicks, to individual users, Leith writes in his paper [PDF].

Another tracker which cannot be removed once created is the Google Android ID, a device identifier that’s linked to a user’s Google account and created after the first connection made to the device by Google Play Services.

It continues to send data about the device back to Google even after the user logs out of their Google account and the only way to remove it, and its data, is to factory-reset the device.

Leith said he wasn’t able to ascertain the purpose of the identifier but his paper notes a code comment, presumably made by a Google dev, acknowledging that this identifier is considered personally identifiable information (PII), likely bringing it into the scope of European privacy law GDPR – still mostly intact in British law as UK GDPR.

The paper details the various other trackers and identifiers dropped by Google onto Android devices, all without user consent and according to Leith, in many cases it presents possible violations of data protection law.

Leith approached Google for a response before publishing his findings, which he delayed allowing time for a dialogue.

[…]

The findings come amid something of a recent uproar about another process called Android System SafetyCore – which arrived in a recent update for devices running Android 9 and later. It scans a user’s photo library for explicit images and displays content warnings before viewing them. Google says “the classification of content runs exclusively on your device and the results aren’t shared with Google.”

Naturally, it will also bring similar tech to Google Messages down the line to prevent certain unsolicited images from affecting a receiver.

Google started installing SafetyCore on user devices in November 2024, and there’s no way of opting out or managing the installation. One day, it’s just there.

Users have vented their frustrations about SafetyCore ever since and despite being able to uninstall and opt out of image scanning, the consent-less approach that runs throughout Android nevertheless left some users upset. It can be uninstalled on Android forks like Xiaomi’s MIUI using Settings>Apps>Android System SafetyCore>Uninstall or on Android using Apps/Apps & Notifications>Show System Apps>Show system apps>Locate SafetyCore>Uninstall or Disable. Reviewers report that in some cases the uninstall option is grayed out, and it can only be disabled, while others complain that it reinstalls on the next update.

The app’s Google Play page is littered with negative reviews, many of which cite its installation without consent.

“In short, it is spyware. We were not informed. It feels like the right to privacy is secondary to Google’s corporate interests,” one reviewer wrote.

Source: Google’s ‘consent-less’ Android tracking probed by academics • The Register

Turning car exhausts into power: New method transforms carbon nanoparticles from emissions into renewable energy catalysts

We have developed a breakthrough method to convert carbon nanoparticles (CNPs) from vehicular emissions into high-performance electrocatalysts. This innovation provides a sustainable approach to pollution management and energy production by repurposing harmful particulate matter into valuable materials for renewable energy applications.

Our work, published in Carbon Neutralization, addresses both environmental challenges and the growing demand for efficient, cost-effective clean energy solutions.

Advancing electrocatalysis with multiheteroatom-doped CNPs

By doping CNPs with boron, nitrogen, oxygen and sulfur, we have significantly enhanced their catalytic performance. These multiheteroatom-doped nanoparticles exhibit remarkable efficiency in key electrochemical reactions. Our catalysts demonstrate high activity in the oxygen reduction reaction (ORR), which is essential for fuel cells and energy storage systems, as well as in the (HER), a crucial process for hydrogen fuel production.

Additionally, they show superior performance in the oxygen evolution reaction (OER), advancing water splitting for green hydrogen generation. By optimizing the composition of these materials, we have created an effective alternative to conventional precious metal-based catalysts, improving both cost-efficiency and sustainability.

[..]

Our research has far-reaching implications for clean energy and sustainable transportation industries. These catalysts can be integrated into fuel cells, enabling more efficient power generation for electric vehicles and energy storage systems. They also play a vital role in hydrogen production, supporting the transition to a hydrogen-based economy. Additionally, their use in renewable energy storage systems enhances the stability of wind and solar power generation.

While our findings demonstrate significant promise, further research is needed to scale up production, optimize material stability, and integrate these catalysts into commercial applications

[…]

Source: Turning pollution into power: New method transforms carbon nanoparticles from emissions into renewable energy catalysts

Why Can’t We Screenshot Frames From DRM-Protected Video on Apple Devices? – or on Android in some apps?

Apple users noticed a change in 2023, “when streaming platforms like Netflix, HBO Max, Amazon Prime, and the Criterion Channel imposed a quiet embargo on the screenshot,” noted the film blog Screen Slate: At first, there were workarounds: users could continue to screenshot by using the browser Brave or by downloading extensions or third-party tools like Fireshot. But gradually, the digital-rights-management tech adapted and became more sophisticated. Today, it is nearly impossible to take a screenshot from the most popular streaming services, at least not on a Macintosh computer. The shift occurred without remark or notice to subscribers, and there’s no clear explanation as to why or what spurred the change…

For PC users, this story takes a different, and happier, turn. With the use of Snipping Tool — a utility exclusive to Microsoft Windows, users are free to screen grab content from all streaming platforms. This seems like a pointed oversight, a choice on the part of streamers to exclude Mac users (though they make up a tiny fraction of the market) because of their assumed cultural class.

“I’m not entirely sure what the technical answer to this is,” tech blogger John Gruber wrote this weekend, “but on MacOS, it seemingly involves the GPU and video decoding hardware…” These DRM blackouts on Apple devices (you can’t capture screenshots from DRM video on iPhones or iPads either) are enabled through the deep integration between the OS and the hardware, thus enabling the blackouts to be imposed at the hardware level. And I don’t think the streaming services opt into this screenshot prohibition other than by “protecting” their video with DRM in the first place. If a video is DRM-protected, you can’t screenshot it; if it’s not, you can.

On the Mac, it used to be the case that DRM video was blacked-out from screen capture in Safari, but not in Chrome (or the dozens of various Chromium-derived browsers). But at some point a few years back, you stopped being able to capture screenshots from DRM videos in Chrome, too — by default. But in Chrome’s Settings page, under System, if you disable “Use graphics acceleration when available” and relaunch Chrome, boom, you can screenshot everything in a Chrome window, including DRM video…

What I don’t understand is why Apple bothered supporting this in the first place for hardware-accelerated video (which is all video on iOS platforms — there is no workaround like using Chrome with hardware acceleration disabled on iPhone or iPad). No one is going to create bootleg copies of DRM-protected video one screenshotted still frame at a time — and even if they tried, they’d be capturing only the images, not the sound. And it’s not like this “feature” in MacOS and iOS has put an end to bootlegging DRM-protected video content.

Gruber’s conclusion? “This ‘feature’ accomplishes nothing of value for anyone, including the streaming services, but imposes a massive (and for most people, confusing and frustrating) hindrance on honest people simply trying to easily capture high-quality (as opposed to, say, using their damn phone to take a photograph of their reflective laptop display) screenshots of the shows and movies they’re watching.”

Source: ‘Why Can’t We Screenshot Frames From DRM-Protected Video on Apple Devices?

And for that matter, there are plenty of apps that refuse screen shotting – I thought Android was the customisable one?

These buildings use batteries made of ice to stay cool and save money

Thousands of buildings across the United States are staying cool with the help of cutting-edge batteries made from one of the world’s simplest materials: ice.

When electricity is cheap, the batteries freeze water. When energy costs go up, building managers turn off their pricey chillers and use the ice to keep things cool.

A typical building uses about a fifth of its electricity for cooling, according to the International Energy Agency. By shifting their energy use to cheaper times of day, the biggest buildings can save hundreds of thousands of dollars a year on their power bills. They can also avoid using electricity from the dirtiest fossil fuel plants.

In places where the weather is hot and energy prices swing widely throughout the day — for instance, Texas, Southern California and most of the American Southwest — buildings could cut their power bills and carbon emissions by as much as a third, experts say.

“That’s huge and absolutely worth doing when you consider how many buildings exist that need cooling,” said Neera Jain, an associate professor of mechanical engineering at Purdue University.

So far, ice batteries have been mostly limited to big commercial buildings with central cooling systems and extra storage space for a giant vat of ice. But new designs could bring the batteries into smaller buildings and even houses.

Source: These buildings use batteries made of ice to stay cool and save money

Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations

The cybersecurity outlet The Record originally reported that under Trump’s new Defense Secretary Pete Hegseth, U.S. Cyber Command has been ordered to “stand down from all planning against Russia, including offensive digital actions.” The outlet cites three anonymous sources who are familiar with the matter. The order reportedly does not apply to the National Security Agency.

The policy shift represents a complete 180-degree turn from America’s posture over the past decade, which has consistently considered Russia one of the top cybersecurity threats. Credible reporting and government investigations have shown that Russia has hacked into U.S. systems countless times.

The Guardian has reported that a memo recently circulated to staff at America’s Cybersecurity and Infrastructure Security Agency (CISA) established “new priorities” for the agency and, while mentioning the threat of digital incursions by China and other enemies, failed to mention Russia.

“Russia and China are our biggest adversaries. With all the cuts being made to different agencies, a lot of cyber security personnel have been fired. Our systems are not going to be protected and our adversaries know this,” a source, who was familiar with the internal memo, told The Guardian. “People are saying Russia is winning. Putin is on the inside now.”

Another anonymous source, who said that CISA staff had been “verbally informed that they were not to follow or report on Russian threats,” expressed concern for the shift: “There are thousands of US government employees and military working daily on the massive threat Russia poses as possibly the most significant nation state threat actor. Not to diminish the significance of China, Iran, or North Korea, but Russia is at least on par with China as the most significant cyber threat,” they said.

[…]

As far as layoffs go, the NSA purge is a drop in the bucket for America’s signals intelligence agency. One of the intel community’s biggest outfits is reputed to employ at least 20,000 employees but has been estimated to use as many as 50,000. In general, despite Trump’s promise to smash the “deep state,” America’s dark and powerful national security state has remained largely untouched since he took office, with his administration’s wrecking ball DOGE content to spend most of its time smashing agencies that dispense services to the public.

Source: Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations

“Cool” years are now hotter than the “warm” years of the past: tracking global temperatures through El Niño and La Niña

Temperatures, as defined by “climate”, are based on temperatures over longer periods of time — typically 20-to-30-year averages — rather than single-year data points. But even when based on longer-term averages, the world has still warmed by around 1.3°C.

But you’ll also notice, in the chart, that temperatures haven’t increased linearly. There are spikes and dips along the long-run trend.

Many of these short-term fluctuations are caused by “ENSO” — the El Niño-Southern Oscillation — a natural climate cycle caused by changes in wind patterns and sea surface temperatures in the Pacific Ocean.

While it’s caused by patterns in the Pacific Ocean and most strongly affects countries in the tropics, it also impacts global temperatures and climate.

There are two key phases of this cycle: the La Niña phase, which tends to cause cooler global temperatures, and the El Niño phase, which brings hotter conditions. The world cycles between El Niño and La Niña phases every two to seven years. There are also “neutral” periods between these phases where the world is not in either extreme.

The zig-zag trend of global temperatures becomes understandable when you are taking the phases of the ENSO cycles into account. In the chart below, we see the data on global temperatures, but the line is now colored by the ENSO phase at that time.

The El Niño (warm phase) is shown in orange and red, and the La Niña (cold phase) is shown in blue.

You can see that temperatures often reach a short-term peak during warm El Niño years before falling back slightly as the world moves into La Niña years, shown in blue.

What’s striking is that global temperatures during recent La Niña years were warmer than El Niño years just a few decades before. “Cold years” today are hotter than “hot years” not too long ago.

Source: “Cool” years are now hotter than the “warm” years of the past: tracking global temperatures through El Niño and La Niña – Our World in Data

Lenovo has a convertable T series laptop – with mouse dot

[…] The ThinkPad T14s 2-in-1 is by far the most interesting of the bunch, with a new convertible body that’s similar to Lenovo’s Yoga laptops, and supports the magnetic Yoga Pen stylus. The laptop comes with up to a 14-inch, 400-nit WUXGA touch display, and inside, you can get up to a Intel Core Ultra 7 H or U 200 series chip, 64GB of LPDDR5x RAM and 1TB of storage. If you’re looking for an option without a 360-degree hinge, the ThinkPad T14s Gen 6 and ThinkPad T14 Gen 6 will also now come with either Intel Core Ultra or AMD Ryzen AI Pro chips, up to 32GB of RAM and up to 2TB of storage.

The lightweight ThinkPad X13 Gen 6.
Lenovo

Lenovo describes the new ThinkPad X13 Gen 6 as “one of the lightest ThinkPad designs ever,” at only 2.05 lbs, but that light weight doesn’t mean the laptop misses out on the latest internals. The X13 Gen 6 comes with either a Intel Core Ultra or AMD Ryzen AI Pro chip, up to 64GB of LPDDR5x RAM and your choice of a 41Wh or 54.7Wh battery. The new ThinkPad can also support Wi-Fi 7 and an optional 5G connection, if you want to take it on the go.

[…]

Source: Lenovo is updating its ThinkPad lineup with new chips and form factors at MWC 2025

The Lenovo Solar PC Concept feels like a device whose time has come

You might be surprised to learn that the first laptop with built-in solar panels is nearly 15 years old. But to me, the bigger shock is that with all the recent advancements in photovoltaic cells, manufacturers haven’t revisited this idea more often. But at MWC 2025, Lenovo is changing that with its Yoga Solar PC Concept.

Weighing 2.6 pounds and measuring less than 0.6 inches thick, the Yoga Solar PC Concept is essentially the same size as a standard 14-inch clamshell. And because its underlying design isn’t all that different from Lenovo’s standard Yoga family, it doesn’t skimp on specs either. It features an OLED display, up to 32GB of RAM, a decent-sized 50.2 WHr battery and even a 2MP IR webcam for use with Windows Hello.

However, all those components aren’t nearly as important as the solar cells embedded in its lid. Lenovo says the panels use Back Contact Cell technology so that its mounting brackets and gridlines can be placed on the rear of the cells. This allows the panels to offer up to 24 percent solar energy conversion, which is pretty good as that matches the efficiency you get from many high-end home solar systems. Furthermore, the PC also supports Dynamic Solar Tracking to automatically adjust the cells’ settings to maximize the amount of energy they can gather.

Lenovo says this means the Yoga Solar PC can generate enough juice to play an hour of videos after only 20 minutes in the sun. But what might be more impressive is that even when the laptop is indoors, it can still harvest power from as little as 0.3 watts of light to help top off its battery. Finally, to help you understand how much power it’s gathering, Lenovo created a bespoke app to track how much light the panels absorb.

Unfortunately, Lenovo doesn’t have any plans to turn this concept into a full commercial device

[…]

Source: The Lenovo Solar PC Concept feels like a device whose time has come

PeerAuth – easy way to authenticate a real person

Machine learning has become more and more powerful, to the point where a bad actor can take a photo and a voice recording of someone you know, and forge a complete video recording. See the “OmniHuman-1” model developed by ByteDance:

 

Bad actors can now digitally impersonate someone you love, and trick you into doing things like paying a ransom.

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.

This is how it works:

  1. Two people, Person A and Person B, sit in front of the same computer and open this page;
  2. They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”;
  3. The page will generate two TOTP QR codes, one for Alice and one for Bob;
  4. Alice and Bob scan the respective QR code into a TOTP mobile app (such as Authy or Google Authenticator) on their respective mobile phones;
  5. In the future, when Alice speaks with Bob over the phone or over video call, and wants to verify the identity of Bob, Alice asks Bob to provide the 6-digit TOTP code from the mobile app. If the code matches what Alice has on her own phone, then Alice has more confidence that she is speaking with the real Bob.

Note that this depends on both Alice’s and Bob’s phones being secure. If somebody steals Bob’s phone and manages to bypass the fingerprint or PIN or facial recognition of Bob’s phone, then all bets are off.

Discussion on Hacker News

Source code of this page on GitHub

Source: PeerAuth

Blue Ghost, a Private U.S. Spacecraft, Successfully Lands on the Moon

Blue Ghost, a NASA-funded lunar lander built and operated by the private U.S. company Firefly Aerospace, has successfully touched down on the moon.

After 45 days in space—and a pulse-pounding semi-autonomous hour-long descent to its landing site—at 3:35 A.M. EST three of the boxy, car-sized spacecraft’s four footpad-tipped legs crunched into the surface of Mare Crisium, a vast and ancient impact basin filled with frozen lava on the moon’s northeastern near side. This marks the second time the U.S. has soft-landed on the moon since the crewed Apollo 17 mission of 1972; the first occurred just over a year ago when another robotic commercial mission, the Odysseus lander from the company Intuitive Machines, made moonfall lopsided but intact in a crater near the lunar south pole.

[…]

Now that it’s on the moon, Blue Ghost is set to spend about two weeks performing a series of scientific and technological studies using a suite of ten experiments provided by NASA as part of the space agency’s Commercial Lunar Payload Services (CLPS) public-private partnership initiative. CLPS is NASA’s effort to save costs by enlisting more than a dozen U.S. firms to ferry cargo and science experiments to the moon, and is tied to the space agency’s ambitious Artemis program meant to return astronauts there later this decade.

[…]

The initiative has funded all three U.S. commercial lunar landing attempts to date, having earmarked up to $2.8 billion for missions through 2028. And its next installment—Intuitive Machines’s Athena lander—is already enroute. Scheduled for a March 6 landing, Athena will target the flat-topped lunar mountain of Mons Mouton just 160 kilometers from the lunar south pole, where it’s planned to function for about ten days.

If all goes well, on March 14 both Blue Ghost and Athena will witness a lunar eclipse as Earth’s shadow briefly passes across the moon. Two days after that, the lunar night will fall, plunging the surface into two weeks of darkness and cold to which both landers will likely succumb.

In the meantime, yet another commercial lunar lander—Resilience, built by the Japanese company ispace—will be preparing for its own appointment with destiny, a landing projected for May at a site called Mare Frigoris in the moon’s far north. This would be ispace’s second lunar landing attempt, after its first mission crashed in 2023.

Resilience, also called HAKUTO-R Mission 2, launched to the moon alongside Blue Ghost on a SpaceX Falcon 9 rocket in late February. But unlike other landers the Japanese mission is taking a more leisurely, fuel-saving trajectory to reach its lunar destination. Tallying in Blue Ghost as well, the trio of spacecraft marked the first time in history that three landers were simultaneously bound for the moon.

Deep, Dusty Science—Plus a Lunar Sunset

Blue Ghost’s ten NASA payloads include an experiment to gather and analyze samples of lunar soil, investigations of how hazardous moon dust sticks to—and can be cleared from—various materials, a camera to study space weather and another to monitor the dust kicked-up by the spacecraft’s landing, and more. A retroreflector carried onboard will serve as a target for lasers beamed from Earth, allowing determination of the Earth-moon distance to sub-millimeter precision. And another instrument will seek to detect and use GPS signals from Earth-orbiting satellites as a proof-of-principle for future lunar navigation.

The lander’s farthest-reaching experiments, however, may be those that study the moon’s innards to illuminate new chapters of its 4.5-billion-year-history. According to NASA scientists, Mare Crisium is a region that may be more representative of the moon’s average composition than any site studied by the Apollo astronauts.

One of these inward-looking instruments, dubbed LISTER (short for Lunar Instrumentation for Subsurface Thermal Exploration with Rapidity), is a drill capable of reaching a record-setting 3 meters beneath the lunar surface to measure heat flowing up from within—deep enough to give scientists a better idea of how exactly the moon cooled from a ball of molten rock to the cold, inert world we know today. Another, called the Lunar Magnetotelluric Sounder (LMS), will place electrodes across a roughly 700-square-meter swath of terrain. Its measurements of subtle electric and magnetic currents coursing through the moon can probe more than a thousand kilometers into the interior—two-thirds of the way to the lunar center. Scientists hope that the fresh view of our satellite’s inner composition and structure may also shed light on the deep evolution of other rocky worlds such as Venus, Mars and even Earth.

Blue Ghost can endure the frigid lunar night for several hours, but its most poignant final feat on the moon is planned to occur before night falls, during the lunar sunset. Twilight unfolds slowly on the moon, and as the sun slips behind the lunar limb, its light scatters off dust lofted by electrostatic charges and micrometeoroid impacts in the near-vacuum conditions. This creates something called lunar horizon glow, a phenomenon most notably observed by NASA astronaut Eugene Cernan during Apollo 17, the final mission of the Apollo program. Before it passes into darkness, Blue Ghost will beam its high-definition view of the glow back to Earth, offering a fleeting glimpse of this beautiful and rarely seen lunar wonder.

Source: Blue Ghost, a Private U.S. Spacecraft, Successfully Lands on the Moon | Scientific American

27-Year-Old VB4 EXE turned into Python in minutes (with Claude) – AI-Assisted reverse engineering

Reddit post detailing how someone took a 27-year-old visual basic EXE file, fed it to Claude 3.7, and watched as it reverse-engineered the program and rewrote it in Python.

It was an old Visual Basic 4 program they had written in 1997. Running a VB4 exe in 2024 can be a real yak-shaving compatibility nightmare, chasing down outdated DLLs and messy workarounds. So! OP decided to upload the exe to Claude 3.7 with this request:

“Can you tell me how to get this file running? It’d be nice to convert it to Python.”

Claude 3.7 analyzed the binary, extracted the VB ‘tokens’ (VB is not a fully-machine-code-compiled language which makes this task a lot easier than something from C/C++), identified UI elements, and even extracted sound files. Then, it generated a complete Python equivalent using Pygame.

According to the author, the code worked on the first try and the entire process took less than five minutes – they link to the LLM chat log for proof.

Totally makes sense that this would work, this seems like the first public/viral example of uploading an EXE like this though – we never even thought of doing such a thing!

Old business applications and games could be modernized without needing the original source code (is Delphi also semi-compiled?). Tools like Claude might make decompilation and software archaeology a lot easier: proprietary binaries from dead platforms could get a new life in open-source too…

Archive.org could add a LLM to do this on the fly… interesting times! – Link.

Source: 27-Year-Old EXE becomes Python in minutes (with Claude) – AI-Assisted reverse engineering « Adafruit Industries – Makers, hackers, artists, designers and engineers!

A Nasal Spray for Concussions Shows Early Promise

The best treatment for a hard knock on the head might someday involve a quick sniff of a nasal spray. Researchers have found early evidence in mice that an antibody-based treatment delivered up the nose can reduce the brain damage caused by concussions and more serious traumatic injuries.

Scientists at Mass General Brigham conducted the study, published Thursday in Nature Neuroscience. In brain-injured mice, the experimental spray appeared to improve the brain’s natural acute healing process while also reducing damaging inflammation later on. The findings could lead to a genuine prophylactic against the long-term impacts of traumatic brain injuries and other conditions like stroke, the researchers say.

[…]

Foralumab, developed by the company Tiziana Life Sciences, targets a specific group of proteins that interact with the brain’s immune cells, called CD3. This suppression of CD3, the team’s earlier work has suggested, increases the activity of certain immune cells known as regulatory T cells (Treg). As the name implies, these cells help regulate the brain’s immune response to make sure it doesn’t go haywire.

[…]

n their latest mice study, the researchers found that foralumab—via the increased activity of Treg cells—improved aspects of the brain’s immediate healing from a traumatic injury. The dosed mice’s microglia (the brain’s unique first line of immune defense) became better at eating and cleaning up after damaged cells, for instance. Afterward, the drug also appeared to prevent microglia from becoming chronically inflamed, As a result, relative to mice in a control group, mice treated with foralumab up to three days post-injury experienced greater improvements in their motor function and coordination.

[…]

Source: A Nasal Spray for Concussions Shows Early Promise

This Gesture Sensor Is Precise, Cheap, Well-Hidden

In today’s “futuristic tech you can get for $5”, [RealCorebb] shows us a gesture sensor, one of the sci-fi kind. He was doing a desktop clock build, and wanted to add gesture control to it – without any holes that a typical optical sensor needs. After some searching, he’s found Microchip’s MGC3130, a gesture sensing chip that works with “E-fields”, more precise than the usual ones, almost as cheap, and with a lovely twist.

The coolest part about this chip is that it needs no case openings. The 3130 can work even behind obstructions like a 3D-printed case. You do need a PCB the size of a laptop touchpad, however — unlike the optical sensors easy to find from the usual online marketplaces. Still, if you have a spot, this is a perfect gesture-sensing solution. [RealCorebb] shows it off to us in the demo video.

This PCB design is available as gerbers+bom+schematic PDF. You can still order one from the files in the repo.  Also, you need to use Microchip’s tools to program your preferred gestures into the chip. Still, it pays off, thanks to the chip’s reasonably low price and on-chip gesture processing. And, [RealCorebb] provides all the explanations you could need, has Arduino examples for us, links all the software, and even provides some Python scripts! Touch-sensitive technology has been getting more and more steam in hacker circles – for instance, check out this open-source 3D-printed trackpad.

 

Source: This Gesture Sensor Is Precise, Cheap, Well-Hidden

Mozilla updates updated TOS for Firefox and is now more confusing but does not look private

On Wednesday we shared that we’re introducing a new Terms of Use (TOU) and Privacy Notice for Firefox. Since then, we’ve been listening to some of our community’s concerns with parts of the TOU, specifically about licensing. Our intent was just to be as clear as possible about how we make Firefox work, but in doing so we also created some confusion and concern. With that in mind, we’re updating the language to more clearly reflect the limited scope of how Mozilla interacts with user data.

Here’s what the new language will say:

You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content. 

In addition, we’ve removed the reference to the Acceptable Use Policy because it seems to be causing more confusion than clarity.

Privacy FAQ

We also updated our Privacy FAQ to better address legal minutia around terms like “sells.” While we’re not reverting the FAQ, we want to provide more detail about why we made the change in the first place.

TL;DR Mozilla doesn’t sell data about you (in the way that most people think about “selling data”), and we don’t buy data about you. We changed our language because some jurisdictions define “sell” more broadly than most people would usually understand that word. Firefox has built-in privacy and security features, plus options that let you fine-tune your data settings.

 


 

The reason we’ve stepped away from making blanket claims that “We never sell your data” is because, in some places, the LEGAL definition of “sale of data” is broad and evolving. As an example, the California Consumer Privacy Act (CCPA) defines “sale” as the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration.”

[…]

Source: An update on our Terms of Use

So this legal definition rhymes with what I would expect “sell” to mean. Don’t transfer my data to a third party – even better, don’t collect my data at all.

It’s a shame, as Firefox is my preferred browser, it’s not based on Google’s browser. So I am looking at the Zen browser and the Floorp browser now.

Microsoft begins turning off uBlock Origin and other extensions in Edge

If you use the uBlock Origin extension in Google Chrome or Edge, you should probably start looking for alternative browsers or extensions—either way. A few days ago, users noticed that Google had begun disabling uBlock Origin and other Manifest V2-based extensions as part of the migration to Manifest V3. Now, Microsoft Edge appears to be following suit.

The latest Edge Canary version started disabling Manifest V2-based extensions with the following message: “This extension is no longer supported. Microsoft Edge recommends that you remove it.” Although the browser turns off old extensions without asking, you can still make them work by clicking “Manage extension” and toggling it back (you will have to acknowledge another prompt).

uBlock Origin was turned off message in Edge

At this point, it is not entirely clear what is going on. Google started phasing out Manifest V2 extensions in June 2024, and it has a clear roadmap for the process. Microsoft’s documentation, however, still says “TBD,” so the exact dates are not known yet. This leads to some speculating about the situation being one of “unexpected changes” coming from Chromium. Either way, sooner or later, Microsoft will ditch MV2-based extensions, so get ready as we wait for Microsoft to shine some light on its plans.

Another thing worth noting is that the change does not appear to be affecting Edge’s stable release or Beta/Dev Channels. For now, only Canary versions disable uBlock Origin and other MV2 extensions, leaving users a way to toggle them back on.

[…]

Source: Microsoft begins turning off uBlock Origin and other extensions in Edge – Neowin

e-taste allows you to send flavours in VR

[…] This work reports a bio-integrated gustatory interface, “e-Taste,” to address the underrepresented chemical dimension in current VR/AR technologies. This system facilitates remote perception and replication of taste sensations through the coupling of physically separated sensors and actuators with wireless communication modules. By using chemicals representing five basic tastes

[…]

Gustation, an essential component of the human perceptual system, plays a key role in the overall sensory experience and flavor perception. However, the integration of gustation is currently limited or missing in most AR/VR experiences. […]

The actuator uses an EM minipump to deliver concentration-controlled tastant solutions into the oral cavity. Figure 2AOpens in image viewer shows schematic illustration of the EM actuator consisting of a microfluidic channel and a minipump that includes a polydimethylsiloxane (PDMS) liquid chamber, NdFeB permanent magnets, and a coil placed perpendicular to the magnet (32). The design details and fabrication process of the EM actuator are in figs. S2 and S3. The outlet of the liquid chamber connects to the refillable microfluidic channel embedded with tastant-infused gels (fig. S4). The equivalent circuit of the system appears on the right. A bipolar junction transistor (BJT) serves as an “on/off” switch through a pulse width modulation (PWM) base current received from an ESP32 chip microcontroller. The actuation system uses an NPN-type transistor (2N2222), within which electrons serve as the majority charge carriers.

[…]

Liquid flows through the channel during the “on” state and stops temporarily during the “off” state, allowing interaction with the hydrogels with tastants. Adjusting the duty cycle controls the time that the liquid takes to traverse the microfluidic channel, thereby regulating the concentrations of taste chemicals in the resulting solution. A larger interval time (t) between pulses corresponds to a longer period of the liquid contacting the gels, increasing the resulting concentration of tastants in the delivered solutions

[…]

the variations in concentrations of five taste-related chemicals (H+, Mg2+, Na+, glucose, and glutamate) in the resulting solutions

[…]

Field testing involves healthy, consenting volunteers instrumented with devices to examine the human perception dimension of the e-Taste system within envisioned application scenarios in the real world. In the first case, assisted by the e-Taste system, it becomes feasible for individuals to share the taste experience of food remotely (Fig. 5AOpens in image viewer). Figure 5BOpens in image viewer illustrates an example of transmitting the taste of beverage: When a person immerses the sensor patch in a cup of lemonade near the Golden Gate Bridge (San Francisco, CA, USA), the system uploads the captured concentration data to the IoT platform. The actuator located at the campus of The Ohio State University (Columbus, OH, United States) subsequently downloads the data, guiding to replicate a liquid with the same taste profile. For the remote control and instruction, the entire duration includes the latency (0.3 and 1.4 s for the short- and long-range process, respectively; fig. S26), the sensor response time (~10 s), and an optional signal stabilization time after the response reaches the plateau.

[…]

The result confirms the high accuracy of the system in replicating taste sensations, effectively mimicking the sourness levels encountered in real-world scenarios.[…] demonstrates an accuracy rate of 70%, indicating that testers can distinguish different sour intensities in the liquids generated by the system. Increasing the training time and providing customized concentration categorization based on individual differences could potentially enhance the accuracy for future applications.

[…]

During the mixed taste recognition test, subjects interact with a multichannel e-Taste system in a “digital cup” geometry (movie S4). The experiment uses five food options: lemonade, cake, fried egg, fish soup, and coffee.

[…]

the recognition outcomes when users taste replicated solutions (sample size: 6, accuracy: 86.7%)

[…]

 

Source: A sensor-actuator–coupled gustatory interface chemically connecting virtual and real environments for remote tasting | Science Advances

Payday from hell as several Brit banks report major outages

The UK is full of unhappy workers that are unable to manage their payday cash amid online service outages at a host of major banks.

Downdetector indicates trouble at Lloyds Bank, Halifax, TSB, Nationwide, First Direct, Bank of Scotland, and Barclays, although the latter’s woes appear to have been resolved since the surge of complaints earlier today.

The same can’t be said for the others, however, which all continue to report glitches via their service status pages.

Across the board, the outages seem to be related to web and mobile banking, with the root cause unclear.

[…]

Unlike the other banks whose customers can’t access their online banking platforms, those who use Nationwide can still access their accounts and move money around seamlessly, provided the money is going into other Nationwide accounts under their control.

All affected customers are still able to use their debit and credit cards at ATMs and in shops.

The Financial Conduct Authority (FCA), the UK’s finance regulator, published a post-CrowdStrike report in October, saying it noticed an upward trend of third-party related outages hitting UK banks since the beginning of 2023.

[…]

Today’s outage comes weeks after Barclays suffered a weekend-long service wobble, that reportedly left at least one customer homeless as a result.

Source: Payday from hell as several Brit banks report major outages • The Register

Citigroup erroneously credited client account with $81tn in ‘near miss’ due to really atrocious UI

Citigroup credited a client’s account with $81tn when it meant to send only $280, an error that could hinder the bank’s attempt to persuade regulators that it has fixed long-standing operational issues.
The erroneous internal transfer, which occurred last April and has not been previously reported, was missed by both a payments employee and a second official assigned to check the transaction before it was approved to be processed at the start of business the following day.
A third employee detected a problem with the bank’s account balances, catching the payment 90 minutes after it was posted. The payment was reversed several hours later, according to an internal account of the event seen by the Financial Times and two people familiar with the event.
No funds left Citi, which disclosed the “near miss” to the Federal Reserve and Office of the Comptroller of the Currency, according to another person with knowledge of the matter.
[…]
A total of 10 near misses — incidents when a bank processes the wrong amount but is ultimately able to recover the funds — of $1bn or greater occurred at Citi last year, according to an internal report seen by the FT. The figure was down slightly from 13 the previous year. Citi declined to comment on this broader set of events.
Near misses do not need to be reported to regulators, meaning there is no comprehensive public data on how often these incidents occur across the sector. Several former regulators and bank risk managers said near misses of greater than $1bn were unusual across the US bank industry.
The series of near misses at Citi highlights how the Wall Street bank is struggling to repair its operational troubles nearly five years after it mistakenly sent $900mn to creditors engaged in a contentious battle over the debt of cosmetics group Revlon.
Citi’s mistaken Revlon payout led to the ousting of then-chief executive Michael Corbat, big fines and the imposition of regulatory consent orders requiring it to fix the issues.
[…]
Citi’s $81tn near miss in April was due to an input error and a back-up system with a cumbersome user interface, according to people familiar with the incident.
[…]
Citi’s technology team instructed the payments processing employee to manually input the transactions into a rarely used back-up screen. One quirk of the program was that the amount field came pre-populated with 15 zeros, which the person inputting a transaction needed to delete, something that did not happen.

Source: Citigroup erroneously credited client account with $81tn in ‘near miss’

Ultrathin films are revolutionizing electrical conductivity

What if your electronic devices could adapt on the fly to temperature, pressure, or impact? Thanks to a new breakthrough in downsizing quantum materials, that idea is becoming a reality.

In an article published this month in Applied Physics Express, a multi-institutional research team led by Osaka University announced that they have successfully synthesized an ultrathin vanadium dioxide film on a flexible substrate, in a way that preserves the film’s electrical properties.

Vanadium dioxide is well known in the scientific community for its ability to transition between conductor and insulator phases at nearly room temperature. This phase transition underpins smart and adaptable electronics that can adjust to their environment in real time. But there is a limit to how thin vanadium dioxide films can be, because making a material too small affects its ability to conduct or insulate electricity.

“Ordinarily, when a film is placed on a hard substrate, strong surface forces interfere with the atomic structure of the film and degrade its conductive properties,” explains Boyuan Yu, lead author of the study.

To overcome this limitation, the team prepared their films on two-dimensional hexagonal boron nitride (hBN) crystals; hBN is a highly stable soft material that does not have strong bonds with oxides and thus does not excessively strain the film or spoil its delicate structure.

“The results are truly surprising,” says Hidekazu Tanaka, senior author. “We find that by using this soft substrate, the material structure is very nearly unaffected.”

By performing precise spectroscopy measurements, the team was able to confirm that the phase transition temperature of their vanadium dioxide layers remained essentially unchanged, even at thicknesses as thin as 12 nm.

“This discovery significantly improves our ability to manipulate quantum materials in practical ways,” says Yu. “We have gained a new level of control over the transition process, which means we can now tailor these materials to specific applications like sensors and flexible electronics.”

Given that quantum materials like vanadium dioxide play a crucial role in the design of microsensors and devices, this discovery could pave the way for functional and adaptable electronics that can be attached anywhere. The research team is currently working on such devices, as well as exploring ways to incorporate even thinner films and substrates.

Source: Powering the future — ultrathin films are revolutionizing electrical conductivity | ScienceDaily

Apple’s Find My exploit lets hackers track any Bluetooth device

As explained by the researchers in a blog post, they have essentially found a way to turn any device such as a phone or laptop into an AirTag “without the owner ever realizing it.” After that, hackers could remotely track the location of that device.

[…]

Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using “hundreds” of GPUs to find a key match. The exploit called “nRootTag” has a frightening success rate of 90% and doesn’t require “sophisticated administrator privilege escalation.”

In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person’s flight path by tracking their game console.

“While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this,” said one of the researchers.

Find My coming to South Korea

The researchers informed Apple about the exploit in July 2024 and recommended that the company update its Find My network to better verify Bluetooth devices. Although the company has publicly acknowledged the support of the George Mason team in discovering the exploit, Apple is yet to fix it (and hasn’t provided details of how it will do so). […] For now, they advise users to never allow unnecessary access to the device’s Bluetooth when requested by apps, and of course, always keep their device’s software updated.

Source: Apple’s Find My exploit lets hackers track any Bluetooth device

EA just released source code for a bunch of old Command and Conquer games, and added Steam Workshop support to some more

[…]EA’s announced that it’s releasing the source code for a bunch of old C&C games and—here’s the bit where I, as a man who enjoys modding but is also very lazy, gets excited—adding Steam Workshop support to a few more.

The games getting a source code release are Command & Conquer (Tiberian Dawn), Red Alert, C&C Renegade, and C&C Generals and Zero Hour. They’re being released under the GPL license, meaning folks can mix, match, and redistribute them to their hearts’ content without EA lawyers smashing down the door. You can find them all on EA’s Github page.

As for the Steam Workshop? That’s getting switched on for C&C Renegade, C&C Generals and Zero Hour, C&C 3 Tiberium Wars and Kane’s Wrath, and C&C 4 Tiberium Twilight (they can’t all be winners). EA’s also gone and “updated all the Mission Editor and World Builder tools so you can publish maps directly to the Steam Workshop.”

Plus, it’s putting out a modding support pack that “contains the source Xml, Schema, Script, Shader and Map files for all the games that use the SAGE engine.”

[…]

Source: EA just released source code for a bunch of old Command and Conquer games, and added Steam Workshop support to bangers like C&C 3: Tiberium Wars | PC Gamer