If you have Spotify's soon-to-be-bricked Car Thing, there are a few ways you can give it a new lease on life. YouTuber Dammit Jeff has showcased modifications to Car Thing that makes the device useful as a desktop music controller, customizable shortcut tool, or a simple digital clock. Ars Technica's Kevin Purdy reports: Spotify had previously posted the code for its uboot and kernel to GitHub, under the very unassuming name "spsgsb" and with no announcement (as discovered by Josh Hendrickson). Jeff has one idea why the streaming giant might not have made much noise about it: "The truth is, this thing isn't really great at running anything." It has half a gigabyte of memory, 4GB of internal storage, and a "really crappy processor" (Amlogic S905D2 SoC) and is mostly good for controlling music.

How do you get in? The SoC has a built-in USB "burning mode," allowing for a connected computer, running the right toolkit, to open up root access and overwrite its firmware. Jeff has quite a few issues getting connected (check his video description for some guidance), but it's "drag and drop" once you're in. Jeff runs through a few of the most popular options for a repurposed Car Thing:

- DeskThing, which largely makes Spotify desk-friendly, but adds a tiny app store for weather (including Jeff's own WeatherWave), clocks, and alternate music controls
- GlanceThing, which keeps the music controls but also provides some Stream-Deck-like app-launching shortcuts for your main computer.
- Nocturne, currently invite-only, is a wholly redesigned Spotify interface that restores all its Spotify functionality.

Renew Home says they're building a "virtual power plant" in Texas by "enabling homes to easily reduce and shift the timing of energy use." Thursday they announced a 10-year project distributing hundreds of thousands of smart thermostats to customers of Texas-based power utility NRG Energy, starting next spring. (Bloomberg calls them "AI-enabled thermostats that use Alphabet Inc.'s Google Cloud technology.") The ultimate goal? "Create a nearly 1-gigawatt, AI-powered virtual power plant" — equivalent to 1.9 million solar panels, enough to power about 200,000 homes during peak demand.

One NRG executive touted the move as "cutting-edge, AI-driven solutions that will bolster grid resilience and contribute to a more sustainable future." [Residential virtual power plants] work by aggregating numerous, small-scale distributed energy resources like HVAC systems controlled by smart thermostats and home batteries and coordinating them to balance supply and demand... NRG, in partnership with Renew Home, plans to offer Vivint and Nest smart thermostats, including professional installation, at no cost to eligible customers across NRG's retail electricity providers and plans. These advanced thermostats make subtle automatic HVAC adjustments to help customers shift their energy use to times when electricity is less constrained, less expensive, and cleaner... Over time, the parties expect to add devices like batteries and electric vehicles to the virtual power plant, expanding energy savings opportunities for customers...

Through the use of Google Cloud's data, analytics, and AI technology, NRG will be able to do things like better predict weather conditions, forecast wind and solar generation output, and create predictive pricing models, allowing for more efficient production and ultimately ensuring the home energy experience is seamless for customers.
Google Cloud will also offer "its AI and machine learning to determine the best time to cool or heat homes," reports Bloomberg, "based on a household's energy usage patterns and ambient temperatures."

It was less than a year ago that Renew Home was formed when Google spun off the load-shifting service for its "Google Nest" thermostats, which merged with load-shift management startup OhmConnect. Bloomberg describes this week's announcement as "Three of the biggest names in US home energy automation... coming together to offer some relief to the beleaguered Texas electrical grid."

But they point out that 1 gigawatt is roughly 1% of the record summer demand seen in Texas this year. Still, "The entire industry has been built to serve the peak load on the hottest day of the year," said Rasesh Patel, president of NRG's consumer unit. "This allows us to be a lot more smarter about demand in shaving the peak."

When a volcano erupted in 1980 about 70 miles from Portland, "lava incinerated anything living for miles around," remembers an announcement from the University of California at Riverside. But "As an experiment, scientists later dropped gophers onto parts of the scorched mountain for only 24 hours.

"The benefits from that single day were undeniable — and still visible 40 years later." Once the blistering blast of ash and debris cooled, scientists theorized that, by digging up beneficial bacteria and fungi, gophers might be able to help regenerate lost plant and animal life on the mountain. Two years after the eruption, they tested this theory. "They're often considered pests, but we thought they would take old soil, move it to the surface, and that would be where recovery would occur," said UC Riverside microbiologist Michael Allen.

They were right. But the scientists did not expect the benefits of this experiment would still be visible in the soil today, in 2024. A paper out this week in the journal Frontiers in Microbiomes details an enduring change in the communities of fungi and bacteria where gophers had been, versus nearby land where they were never introduced. "In the 1980s, we were just testing the short-term reaction," said Allen. "Who would have predicted you could toss a gopher in for a day and see a residual effect 40 years later?"

In 1983, Allen and Utah State University's James McMahon helicoptered to an area where the lava had turned the land into collapsing slabs of porous pumice. At that time, there were only about a dozen plants that had learned to live on these slabs. A few seeds had been dropped by birds, but the resulting seedlings struggled. After scientists dropped a few local gophers on two pumice plots for a day, the land exploded again with new life. Six years post-experiment, there were 40,000 plants thriving on the gopher plots. The untouched land remained mostly barren.
All this was possible because of what isn't always visible to the naked eye. Mycorrhizal fungi penetrate into plant root cells to exchange nutrients and resources. They can help protect plants from pathogens in the soil, and critically, by providing nutrients in barren places, they help plants establish themselves and survive.
Mycorrhizal fungi also helped an old-growth forest survive, accoridng to the researchers — even after volcano ash had caused them to drop their needles...

The Free Software Foundation turns forty on October 4, 2025 "and we will end our thirties on a high note!" they announced this week: We wish we were celebrating the achievement of software freedom for all computer users, but we're not there yet. Until our mission becomes reality and we can retire, instead, we are celebrating forty years of activism, and all that we have achieved.

Since our founding in 1985, we laid out many stepping stones on the road to software freedom, and we're eager to continue building the road ahead. We will celebrate our fortieth in the spirit of bringing the international free software community together, discussing what we can do next to make the world freer, and celebrating how far we've come. We're aiming for a libre planet! Sounds familiar? Instead of hosting one LibrePlanet conference in 2025, we're planning a jam-packed anniversary year, filled with several new and exciting activities!

We'll begin the anniversary year with an unprecedented memorabilia auction, starting as a silent auction on March 17, and culminating in a virtual live auction on March 23. By moving out of the FSF office, we got to sort through all the fun and historically important memorabilia and selected the best ones. This is your chance to get your very own personal souvenir of the FSF, from original GNU art to a famous katana and the very same VT220 that was standing on the FSF's front desk, and which people used to display ASCII art or to play free software games.

Let's claim the month of May as libre planet (or libre local) month! We're inviting free software supporters like you anywhere in the world, to organize an in-person community meetup in your area to bring people together. We're setting up a small fund for these local gatherings, can send stickers, flyers, ideas and tips, and you can invite an FSF staff member to give a talk or workshop during your event and of course, we'll help promote it...

Then, on the actual birthday of the FSF on October 4, 2025, there will be a big celebration in Boston, MA, and the entire free software community is invited... These are just some of the big ticket items we have worked out, but there is more! Keep an eye out on the FSF's pages, we'll be posting exact information on everything upcoming.
They're looking for volunteers — and they also suggest organizing a community meetup in your area. Plus, there's also an FSF Anniversary Logo Contest. "We would like to source the fortieth anniversary logo design directly from a free software supporter. Everyone is welcome to submit a design (or even multiple designs) no matter your previous experience in design."

The winning design "will be chosen by the community and ultimately immortalized in the history of the FSF," according to the announcement — displayed on the FSF homepage, printed on all celebration materials, "and possibly even stamped on some merchandise." But of course, the contest's requirements include respecting everyone's freedoms: - The logo must be produced using exclusively free software editing tools, such as GIMP, Krita, or Inkscape;

- Any fonts used in the design must be under the SIL Open Font license or another free license...
"The final logo will be released under CC BY, attributed to the FSF."

Sodium-ion batteries are cheaper than lithium-ion batteries — and they're also more environmentally friendly. And "In the past few years, sodium-ion battery production has increased in the United States," reports the Washington Post, with a new factory planned to manufacture them "in the same way as lithium-ion batteries, just with different ingredients. Instead of using expensive materials like lithium, nickel and cobalt, these will be made of sodium, iron and manganese..." Last month, sodium-ion battery manufacturer Natron Energy announced it would open a "gigafactory" in North Carolina that would produce 24 gigawatt hours of batteries annually, enough energy to charge 24,000 electric vehicles. But sodium-ion batteries are still early in their development compared with lithium-ion, and they have yet to hit the market on a massive scale.

"It's unlikely sodium-ion could displace lithium-ion anytime soon," said Keith Beers, polymer science and materials chemistry principal engineer at technical consultancy firm Exponent... The biggest limitation of sodium-ion batteries is their weight. Sodium weighs nearly three times as much as lithium, and it cannot store the same amount of energy. As a result, sodium-ion batteries tend to be larger. Jens Peters, an economics professor at the University of Alcalá in Madrid, said the energy density could be improved over time in sodium-ion batteries. But, he added, "what we found out so far in our assessments is that it is not a game changer."

Sodium-ion batteries are touted to be the environmentally friendly alternative to their lithium-ion counterparts, thanks to their raw materials. Sodium, iron and manganese are all abundant elements on the planet, so they require less energy to extract and cost less... Sodium-ion batteries also last longer than lithium-ion ones because they can withstand more charge cycles, said Wendell Brooks, co-CEO of Natron Energy. "Our product can have millions of cycles," said Brooks, "where lithium-ion would have three to five thousand cycles and wear out a lot faster...." Sodium-ion batteries aren't the best fit for smartphones or electric vehicles, which need to store lots of energy. However, one advantage is their low cost. And they could be a good candidate in situations where the size of the battery isn't a concern, like energy storage. "When something is built out to support grid or backup storage, it doesn't need to be very dense. It's staying put," Beers said.
Natron will invest nearly $1.4 billion in the factory "to meet the rapidly expanding demand for critical power, industrial and grid energy storage solutions," according to their announcement.

"Natron's high-performance sodium-ion batteries outperform lithium-ion batteries in power density and recharging speed, do not require lithium, cobalt, copper, or nickel, and are non-flammable... Natron's batteries are the only UL-listed sodium-ion batteries on the market today, and will be delivered to a wide range of customer end markets in the industrial power space, including data centers, mobility, EV fast charging, microgrids, and telecom, among others."

An anonymous reader quotes a report from Ars Technica: Anthropic has announced a partnership with Palantir and Amazon Web Services to bring its Claude AI models to unspecified US intelligence and defense agencies. Claude, a family of AI language models similar to those that power ChatGPT, will work within Palantir's platform using AWS hosting to process and analyze data. But some critics have called out the deal as contradictory to Anthropic's widely-publicized "AI safety" aims. On X, former Google co-head of AI ethics Timnit Gebru wrote of Anthropic's new deal with Palantir, "Look at how they care so much about 'existential risks to humanity.'"

The partnership makes Claude available within Palantir's Impact Level 6 environment (IL6), a defense-accredited system that handles data critical to national security up to the "secret" classification level. This move follows a broader trend of AI companies seeking defense contracts, with Meta offering its Llama models to defense partners and OpenAI pursuing closer ties with the Defense Department. In a press release, the companies outlined three main tasks for Claude in defense and intelligence settings: performing operations on large volumes of complex data at high speeds, identifying patterns and trends within that data, and streamlining document review and preparation.

While the partnership announcement suggests broad potential for AI-powered intelligence analysis, it states that human officials will retain their decision-making authority in these operations. As a reference point for the technology's capabilities, Palantir reported that one (unnamed) American insurance company used 78 AI agents powered by their platform and Claude to reduce an underwriting process from two weeks to three hours. The new collaboration builds on Anthropic's earlier integration of Claude into AWS GovCloud, a service built for government cloud computing. Anthropic, which recently began operations in Europe, has been seeking funding at a valuation up to $40 billion. The company has raised $7.6 billion, with Amazon as its primary investor.

An anonymous reader quotes a report from Oregon Live: Intel told employees this week that it will bring back free coffee and tea at its work sites, one of many benefits the chipmaker eliminated last summer as it sought to slash $10 billion from its annual budget. "Although Intel still faces cost challenges, we understand that small comforts play a significant role in our daily routines," Intel wrote on its internal messaging forum, called Circuit. "We know this is a small step, but we hope it is a meaningful one in supporting our workplace culture." Intel declined comment. The company did not resume offering free fruit, another perk eliminated last summer. Employees say privately that morale has been devastated by Intel's poor financial performance and by cutbacks aimed at returning the business to profitability.

[...] Christy Pambianchi, Intel's chief people officer, told employees that Intel had been spending $100 million annually on free and discounted food and beverages and couldn't afford to keep doing that. "Until we get into a better financial health position, we need to be suspending those," Pambianchi said, according to an account of the meeting reviewed by The Oregonian/OregonLive. By Wednesday the company had reversed itself, committing to keep its employees caffeinated. In August, Intel announced plans to lay off over 16,000 employees, representing more than 15% of its global workforce. Its stock dropped to a 50-year low following the announcement. Starting November 8, Nvidia will replace the chipmaker on the Dow Jones Industrial Average.

Ars Technica's Eric Berger reports: When Chinese space officials unveiled the design for the country's first super heavy lift rocket nearly a decade ago, it looked like a fairly conventional booster. The rocket was fully expendable, with three stages and solid motors strapped onto its sides. Since then, the Asian country has been revising the design of this rocket, named Long March 9, in response to the development of reusable rockets by SpaceX. As of two years ago, China had recalibrated the design to have a reusable first stage. Now, based on information released at a major airshow in Zhuhai, China, the design has morphed again. And this time, the plan for the Long March 9 rocket looks almost exactly like a clone of SpaceX's Starship rocket.

Based on its latest specifications, the Long March 9 rocket will have a fully reusable first stage powered by 30 YF-215 engines, which are full-flow staged combustion engines fueled by methane and liquid oxygen, each with a thrust of approximately 200 tons. By way of comparison, Starship's first stage is powered by 33 Raptor engines, also fueled with methane and liquid oxygen, each with a thrust of about 280 tons. The new specifications also include a fully reusable configuration of the rocket, with an upper stage that looks eerily similar to Starship's second stage, complete with flaps in a similar location. According to a presentation at the airshow, China intends to fly this vehicle for the first time in 2033, nearly a decade from now. Last week, Chinese space startup Cosmoleap announced plans to develop a fully reusable "Leap" rocket with the next few years. "An animated video that accompanied the funding announcement indicated that the company seeks to emulate the tower catch-with-chopsticks methodology that SpaceX successfully employed during Starship's fifth flight test last month," reports Ars.

The Federal Energy Regulatory Commission (FERC) blocked Amazon's bid to access more power from the Susquehanna nuclear plant for its Pennsylvania data center, citing grid reliability and consumer cost concerns. The Hill reports: In a 2-1 decision, the FERC found the regional grid operator, PJM Interconnection, failed to prove that the changes to the transmission agreement with Susquehanna power plant were necessary. The regulator's two Republican commissioners, Mark Christie and Lindsay See, outvoted Democratic chair Willie Phillips. The chair's two fellow Democratic commissioners, David Rosner and Judy Chang, sat out the vote. "Co-location arrangements of the type presented here present an array of complicated, nuanced and multifaceted issues, which collectively could have huge ramifications for both grid reliability and consumer costs," Christie wrote in a concurring statement.

In a dissenting statement, Phillips argued the deal with Amazon "represents a 'first of its kind' co-located load configuration" and that Friday's decision is a "step backward for both electric reliability and national security." "We are on the cusp of a new phase in the energy transition, one that is characterized as much by soaring energy demand, due in large part to AI, as it is by rapid changes in the resource mix," Phillips wrote.

Amazon purchased a 960-megawatt data center next to the Susquehanna power plant for $650 million earlier this year. Following the announcement, PJM sought to increase the amount of power running directly to the co-located data center. However, the move faced pushback from regional utilities, including Exelon and American Electric Power (AEP).

GitHub released its annual "State of the Octoverse" report this week. And while "Systems programming languages, like Rust, are also on the rise... Python, JavaScript, TypeScript, and Java remain the most widely used languages on GitHub."

In fact, "In 2024, Python overtook JavaScript as the most popular language on GitHub." They also report usage of Jupyter Notebooks "skyrocketed" with a 92% jump in usage, which along with Python's rise seems to underscore "the surge in data science and machine learning on GitHub..." We're also seeing increased interest in AI agents and smaller models that require less computational power, reflecting a shift across the industry as more people focus on new use cases for AI... While the United States leads in contributions to generative AI projects on GitHub, we see more absolute activity outside the United States. In 2024, there was a 59% surge in the number of contributions to generative AI projects on GitHub and a 98% increase in the number of projects overall — and many of those contributions came from places like India, Germany, Japan, and Singapore...

Notable growth is occurring in India, which is expected to have the world's largest developer population on GitHub by 2028, as well as across Africa and Latin America... [W]e have seen greater growth outside the United States every year since 2013 — and that trend has sped up over the past few years.
Last year they'd projected India would have the most developers on GitHub #1 by 2027, but now believe it will happen a year later. This year's top 10?

1. United States
2. India
3. China
4. Brazil
5. United Kingdom
6. Russia
7. Germany
8. Indonesia
9. Japan
10. Canada

Interestingly, the UK's population ranks #21 among countries of the world, while Germany ranks #19, and Canada ranks #36.)

GitHub's announcement argues the rise of non-English, high-population regions "is notable given that it is happening at the same time as the proliferation of generative AI tools, which are increasingly enabling developers to engage with code in their natural language." And they offer one more data point: GitHub's For Good First Issue is a curated list of Digital Public Goods that need contributors, connecting those projects with people who want to address a societal challenge and promote sustainable development...

Significantly, 34% of contributors to the top 10 For Good Issue projects... made their first contribution after signing up for GitHub Copilot.
There's now 518 million projects on GitHub — with a year-over-year growth of 25%...

Our bodies divest themselves of 60 billion cells every day through a natural process called "apoptosis". So Stanford medicine researchers are developing a new approach to cancer therapy that could "trick cancer cells into disposing of themselves," according to announcement from Stanford's medical school: Their method accomplishes this by artificially bringing together two proteins in such a way that the new compound switches on a set of cell death genes... One of these proteins, BCL6, when mutated, drives the blood cancer known as diffuse large cell B-cell lymphoma... [It] sits on DNA near apoptosis-promoting genes and keeps them switched off, helping the cancer cells retain their signature immortality.

The researchers developed a molecule that tethers BCL6 to a protein known as CDK9, which acts as an enzyme that catalyzes gene activation, in this case, switching on the set of apoptosis genes that BCL6 normally keeps off. "The idea is, Can you turn a cancer dependency into a cancer-killing signal?" asked Nathanael Gray, PhD, co-senior author with Crabtree, the Krishnan-Shah Family Professor and a chemical and systems biology professor. "You take something that the cancer is addicted to for its survival and you flip the script and make that be the very thing that kills it...."

When the team tested the molecule in diffuse large cell B-cell lymphoma cells in the lab, they found that it indeed killed the cancer cells with high potency. They also tested the molecule in healthy mice and found no obvious toxic side effects, even though the molecule killed off a specific category of of the animals' healthy B cells, a kind of immune cell, which also depend on BCL6. They're now testing the compound in mice with diffuse large B-cell lymphoma to gauge its ability to kill cancer in a living animal. Because the technique relies on the cells' natural supply of BCL6 and CDK9 proteins, it seems to be very specific for the lymphoma cells — the BCL6 protein is found only in this kind of lymphoma cell and in one specific kind of B cell. The researchers tested the molecule in 859 different kinds of cancer cells in the lab; the chimeric compound killed only diffuse large cell B-cell lymphoma cells.
Scientists have been trying to shut down cancer-driving proteins, one of the researchers says, but instead, "we're trying to use them to turn signaling on that, we hope, will prove beneficial for treatment."

The two researchers have co-founded the biotech startup Shenandoah Therapeutics, which "aims to further test this molecule and a similar, previously developed molecule," according to the article, "in hopes of gathering enough pre-clinical data to support launching clinical trials of the compounds.

"They also plan to build similar molecules that could target other cancer-driving proteins..."

Zoox, an Amazon-owned autonomous vehicle company, is set to roll out dozens of its purpose-built robotaxis in San Francisco and Las Vegas, starting with employee rides in San Francisco's SoMa neighborhood and the Las Vegas Strip. "We have achieved that internal safety readiness" required to launch the service, said co-founder and CTO Jesse Levinson on the TechCrunch Disrupt 2024 stage. TechCrunch reports: The announcement comes a decade after Zoox was founded and four years since it was acquired by Amazon and unveiled its purpose-built robotaxi. In that time, the nascent autonomous vehicle industry has gone through the full hype cycle that led to multi-billion-dollar valuations and later a wave of shutdowns and consolidation. "We still exist," Levinson said, in a nod to the tumult the industry has gone through in recent years.

Levinson said Zoox is going to take a "measured approach" to rolling out its robotaxi service, and noted that his company has been working closely with local and federal safety regulators. "I can say that in the next few weeks, we're actually going to have a couple dozen Zoox robotaxis across our Foster City, San Francisco and Las Vegas, geofences that will expand several fold over the next year," he said. "And then, you know, 2026 is when we're going to really start cranking out production vehicles at very large scale."

He also said Zoox will launch an "explorer" program of early riders who will be able to use the robotaxis for free before opening the service up to paying customers. (Rival Waymo operated a similar invite-only early rider program before opening its service to the paying public.) These early riders, or explorers, will gain access to the Zoox vehicles early next year starting with Las Vegas, Levinson said. The Zoox AVs will operate throughout the "most busy 16 hours" of the day, Levinson said, noting that it's "so boring at four in the morning, we don't think we would learn very much."

Comcast says the latest installment of Call of Duty, released on October 25th, resulted in a whopping 19 percent of its overall traffic last week. The ISP says it's the company's "biggest weak in internet history." The Verge reports: It's not really possible to quantify that further, given Comcast didn't provide any specific numbers -- either about how many customers were downloading the game or how big their downloads were. Ranging between 84.4GB for the PlayStation version and 102GB for the PC edition Call of Duty: Black Ops 6 is, in the grand tradition of Call of Duty games, a hefty download. It can be as much as 300GB if players choose to go ahead and download Modern Warfare II and III and all the associated content packs and languages, as Activision explained in June. The announcement underscores "just how restrictive its 1.2TB data cap can be in 2024," notes The Verge. "For any players who did download the whole massive 300GB package, they'll have wiped out a huge chunk of their 1.2TB Xfinity data cap in one fell swoop."

"If they used their internet as normal otherwise, that could put them right up against or even blow past that cap. Given that my family used nearly 800GB last month without any notably large game downloads, it wouldn't be that hard at all."

Phoronix's Michael Larabel reports: CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation. Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH. You can read the security advisory announcement here.

Ars Technica's Stephen Clark reports: For those who follow NASA's human spaceflight program, a burning question for the last year-and-a-half has been what caused the Orion spacecraft's heat shield to crack and chip away during atmospheric reentry on the unpiloted Artemis I test flight in late 2022. Multiple NASA officials said Monday they now know the answer, but they're not telling. Instead, agency officials want to wait until more reviews are done to determine what this means for Artemis II, the Orion spacecraft's first crew mission around the Moon, officially scheduled for launch in September 2025.

"We have gotten to a root cause," said Lakiesha Hawkins, assistant deputy associate administrator for NASA's Moon to Mars program office, in response to a question from Ars on Monday at the Wernher von Braun Space Exploration Symposium. "We are having conversations within the agency to make sure that we have a good understanding of not only what's going on with the heat shield, but also next steps and how that actually applies to the course that we take for Artemis II," she said. "And we'll be in a position to be able to share where we are with that hopefully before the end of the year."

While the space program is far down the list of most voters' priorities, this means a decision and announcement on what will happen with Artemis II won't come until the post-election lame duck period in the waning weeks of the Biden administration, and likely Bill Nelson's tenure as NASA administrator. This is several months later than NASA officials expected to make a decision. The question here is whether NASA managers decide it is safe enough to fly the Orion heat shield as-is on Artemis II, or if it is too risky with people onboard. Artemis II will be a 10-day mission taking its four-person crew on a path around the far side of the Moon, then back to Earth. This will be the first time people travel to such distances since the Apollo program ended more than 50 years ago.

"We passed Berkeley air — just outdoor air — into the material to see how it would perform," says U.C. Berkeley chemistry professor Omar Yaghi, "and it was beautiful.

"It cleaned the air entirely of CO2," Yaghi says in an announcement from the university. "Everything."

SFGate calls it "a discovery that could help potentially mitigate the effects of climate change..." Yaghi's lab has worked on carbon capture since the 1990s and began work on these crystalline structures in 2005. The innovative substance has lots of tiny holes, making it "great for storing gases or liquids, much like a sponge holds water," Yaghi said... While it could take one to two years for the powder to be usable in large-scale applications, Yaghi co-founded Atoco, an Irvine company, to commercialize his research and expand it beyond just carbon capture and storage.
"Capturing carbon from the air just got easier," says the headline on the anouncement from the university, which explains why this technology is crucial: [T]oday's carbon capture technologies work well only for concentrated sources of carbon, such as power plant exhaust. The same methods cannot efficiently capture carbon dioxide from ambient air, where concentrations are hundreds of times lower than in flue gases. Yet direct air capture, or DAC, is being counted on to reverse the rise of CO2 levels, which have reached 426 parts per million, 50% higher than levels before the Industrial Revolution. Without it, according to the Intergovernmental Panel on Climate Change, we won't reach humanity's goal of limiting warming to 1.5 degreesC (2.7 degreesF) above preexisting global averages.

A new type of absorbing material developed by chemists at the University of California, Berkeley, could help get the world to negative emissions... According to Yaghi, the new material could be substituted easily into carbon capture systems already deployed or being piloted to remove CO2 from refinery emissions and capture atmospheric CO2 for storage underground. UC Berkeley graduate student Zihui Zhou, the paper's first author, said that a mere 200 grams of the material, a bit less than half a pound, can take up as much CO2 in a year — 20 kilograms (44 pounds) — as a tree.
Their research was published this week in the journal Nature.

And it's also interesting that they're using AI, according to the university's announcement: Yaghi is optimistic that artificial intelligence can help speed up the design of even better COFs and MOFs for carbon capture or other purposes, specifically by identifying the chemical conditions required to synthesize their crystalline structures. He is scientific director of a research center at UC Berkeley, the Bakar Institute of Digital Materials for the Planet (BIDMaP), which employs AI to develop cost-efficient, easily deployable versions of MOFs and COFs to help limit and address the impacts of climate change. "We're very, very excited about blending AI with the chemistry that we've been doing," he said.
Another potential use could be for harvesting water from desert air for drinking water, Yaghi told SFGate. But he seems very focused specifically on carbon capture.

"Another thing is that we need a strong determination among officials and industries to make carbon capture a high priority. Things have to change, but I believe that direct carbon capture from air is very doable."

The Register's Laura Dobberstein reports: Huawei formally launched its home-brewed operating system, HarmonyOS NEXT, on Wednesday, marking its official separation from the Android ecosystem. Huawei declared it released and "officially started public beta testing" of the OS for some of its smartphones and tablets that run its own Kirin and Kunpeng chips.

Unlike previous iterations of HarmonyOS, HarmonyOS NEXT no longer supports Android apps. Huawei maintains top Chinese outfits aren't deterred by that. It cited Meituan, Douyin, Taobao, Xiaohongshu, Alipay, and JD.com as among those who have developed native apps for the OS. In case you're not familiar, they're China's top shopping, payment, and social media apps.

Huawei also claimed that at the time of its announcement, over 15,000 HarmonyOS native applications and meta-services were also launched. That's a nice number, but well short of the millions of apps found on the Google Play Store and Apple's App Store. The Chinese tech player also revealed that the operating system has 110 million lines of code and claimed it improves the overall performance of mobile devices running it by 30 percent. It also purportedly increases battery life by 56 minutes and leaves an average of 1.5GB of memory for purposes other than running the OS.

An anonymous reader quotes a report from Ars Technica: Qualcomm has a new chip for flagship phones, and the best part is that it uses an improved version of the Oryon CPU architecture that the Snapdragon X Elite chips brought to Windows PCs earlier this year. The Snapdragon 8 Elite is the follow-up to last year's Snapdragon 8 Gen 3 -- yet another change to the naming convention that Qualcomm uses for its high-end phone chips, though, as usual, the number 8 is still involved. The 8 Elite uses a "brand-new, 2nd-generation Qualcomm Oryon CPU" with clock speeds up to 4.32 GHz, which Qualcomm says will improve performance by about 45 percent compared to the Snapdragon 8 Gen 3.

Rather than a mix of large, medium, and small CPU cores as it has used in the past, the 8 Elite has two "Prime" cores for hitting that high peak clock speed, while the other six are all "Performance" cores that peak at a lower 3.53 GHz. But it doesn't look like Qualcomm is using a mix of different CPU architectures anymore, choosing to distinguish the higher-performing core from the lower-performing ones by clock speed alone. Qualcomm promises a similar 40 percent performance boost from the new Adreno 830 GPU. The chip also includes a marginally improved Snapdragon X80 5G modem, up from an X75 modem in the Snapdragon 8 Gen 3 -- its main improvement appears to be support for additional antennas, for a total of six, but the download speed still tops out at a theoretical 10Gbps. Wi-Fi 7 support appears to be the same as in the 8 Gen 3, but the 8 Elite does support the Bluetooth 6.0 standard, up from Bluetooth 5.4 in the 8 Gen 3.

Qualcomm says the new chip's CPU features "44% improved power efficiency" and "40% greater power efficiency" for the GPU, which ought to keep power usage in line despite the performance improvements -- these gains are probably attributable to the new 3 nm TSMC manufacturing process, compared to the 4 nm process used for the Snapdragon 8 Gen 3. And no 2024 chip announcement would be complete without some kind of AI mention: Qualcomm's image signal processor is now an "AI ISP," which Qualcomm says "recognizes and enhances virtually anything in the frame, including faces, hair, clothing, objects, backgrounds, and beyond." These capabilities can allow it to remove objects from the background of photos, among other things, using the on-device processing power of the chip's Hexagon neural processing unit (NPU). The NPU is 45 percent faster than the one in the Snapdragon 8 Gen 3. Phones using the Snapdragon 8 Elite should begin appearing in "the coming weeks."

Cybersecurity startup Watchtowr "was founded by hacker-turned-entrepreneur Benjamin Harris," according to a recent press release touting their Fortune 500 customers and $29 million investments from venture capital firms. ("If there's a way to compromise your organization, watchTowr will find it," Harris says in the announcement.)

This week they shared their own research on a Fortinet FortiGate SSLVPN appliance vulnerability (discovered in February by Gwendal Guégniaud of the Fortinet Product Security team — presumably in a static analysis for format string vulnerabilities). "It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild... It's a Format String vulnerability [that] quickly leads to Remote Code Execution via one of many well-studied mechanisms, which we won't reproduce here..."

"Tl;dr SSLVPN appliances are still sUpEr sEcurE," their post begains — but the details are interesting. When trying to test an exploit, Watchtowr discovered instead that FortiGate always closed the connection early, thanks to an exploit mitigation in glibc "intended to hinder clean exploitation of exactly this vulnerability class." Watchtowr hoped to "use this to very easily check if a device is patched — we can simply send a %n, and if the connection aborts, the device is vulnerable. If the connection does not abort, then we know the device has been patched... " But then they discovered "Fortinet added some kind of certificate validation logic in the 7.4 series, meaning that we can't even connect to it (let alone send our payload) without being explicitly permitted by a device administrator." We also checked the 7.0 branch, and here we found things even more interesting, as an unpatched instance would allow us to connect with a self-signed certificate, while a patched machine requires a certificate signed by a configured CA. We did some reversing and determined that the certificate must be explicitly configured by the administrator of the device, which limits exploitation of these machines to the managing FortiManager instance (which already has superuser permissions on the device) or the other component of a high-availability pair. It is not sufficient to present a certificate signed by a public CA, for example...

Fortinet's advice here is simply to update, which is always sound advice, but doesn't really communicate the nuance of this vulnerability... Assuming an organisation is unable to apply the supplied workaround, the urgency of upgrade is largely dictated by the willingness of the target to accept a self-signed certificate. Targets that will do so are open to attack by any host that can access them, while those devices that require a certificate signed by a trusted root are rendered unexploitable in all but the narrowest of cases (because the TLS/SSL ecosystem is just so solid, as we recently demonstrated)...

While it's always a good idea to update to the latest version, the life of a sysadmin is filled with cost-to-benefit analysis, juggling the needs of users with their best interests.... [I]t is somewhat troubling when third parties need to reverse patches to uncover such details.
Thanks to Slashdot reader Mirnotoriety for sharing the article.

Libreboot is a distribution of coreboot "aimed at replacing the proprietary BIOS firmware contained by most computers."

So then what exactly is GNU Boot? Its home page explains... In November 2022, Libreboot began to include non-libre code. We have made repeated efforts to continue collaboration with those developers to help their version of Libreboot remain libre, but that was not successful. Now we've stepped forward to stand up for freedom, ours and that of the wider community, by maintaining our own version — a genuinely libre Libreboot, that after some hurdles gave birth to this project: GNU Boot.
But today, Phoronix writes: While priding itself on being "100% free", last December [GNU Boot] had to drop some motherboard support and CPU code after discovering they were shipping some files that are non-free by their free software standards. Today they announced another mistake in having inadvertently been shipping additional non-free code.

GNU Boot discovered an issue with non-free code affecting not only them but also some of the Linux distributions that pride themselves on being fully free software / 100% open-source. This latest snafu they say is "more problematic" than their prior non-free code discover due to impacting the free software Linux distributions too. The issue at hand though comes down to test data contained within the archive and that containing non-free code in the form of microcode, BIOS bits, and Intel Management Engine firmware.
"We also contacted Replicant..." according to the announcement, "a free Android distro that also ships vboot source code." And in addition, "We had to re-release all the affected tarballs." (Which at this point is three release candidates...)