US Nuclear Power Plants Contain Dangerous Counterfeit Parts, Report Finds

At least some nuclear power plants in the US contain counterfeit parts that could pose significant risks, an investigation by the inspector general’s office of the Nuclear Regulatory Commission has found. Those parts “present nuclear safety and security concerns that could have serious consequences,” says the resulting report (PDF) published on February 9th. The Verge reports: The investigation was conducted after unnamed individuals alleged that “most, if not all,” nuclear plants in the US have fake or faulty parts. The inspector general’s office uncovered problems with counterfeit parts at a few different plants as part of its investigation. The report also says that the DOE had separately flagged 100 “incidents” involving counterfeit parts just last year. It’s a problem that the US will have to crack down on if it moves forward with plans to include nuclear power in its transition to clean energy. Without greater oversight at the NRC, the report warns, the risk of counterfeit parts going unnoticed in the nation’s nuclear power plants could rise.

As part of its inquiry, the inspector general’s office looked for parts that are illegally altered to look like legitimate products, parts that are “intentionally misrepresented to deceive,” and parts that don’t meet product specifications. It sampled four power plants across the US and found evidence of counterfeit parts at one of those plants in the midwest. It also points to nuclear power plants in the Northeast, separate from those it sampled, where a “well-placed NRC principal” found that counterfeit parts were involved in two separate component failures.

The NRC might be underestimating the prevalence of counterfeit parts, the report warns, because the regulatory agency doesn’t have a robust system in place for tracking problematic parts. It only requires plants to report counterfeits in extraordinary circumstances, like if they lead to an emergency shutdown of a reactor. The report also notes that the NRC hasn’t thoroughly investigated all counterfeit allegations. There were 55 nuclear power plants operating in the US as of September 2021, and the inspector general’s office sampled just four for its report. NRC Public Affairs Officer Scott Burnell told The Verge in an email that “nothing in the report suggests an immediate safety concern. The NRC’s office of the Executive Director for Operations is thoroughly reviewing the report and will direct the agency’s program offices to take appropriate action.”

Read more of this story at Slashdot.

Intel’s Pay-As-You-Go CPU Feature Gets Launch Window

Intel’s mysterious Software Defined Silicon (SDSi) mechanism for adding features to Xeon CPUs will be officially supported in Linux 5.18, the next major release of the operating system. Tom’s Hardware reports: SDSi allows users to add features to their CPU after they’ve already purchased it. Formal SDSi support means that the technology is coming to Intel’s Xeon processors that will be released rather shortly, implying Sapphire Rapids will be the first CPUs with SDSi. Intel started to roll out Linux patches to enable its SDSi functionality in the OS last September. By now, several sets of patches have been released and it looks like they will be added to Linux 5.18, which is due this Spring. Hans de Goede, a long-time Linux developer who works at Red Hat on a wide array of hardware enablement related projects, claims that SDSi will land in Linux 5.18 if no problems emerge, reports Phoronix. “Assuming no major issues are found, the plan definitely is to get this in before the 5.18 merge window,” said de Goede.

Intel Software Defined Silicon (SDSi) is a mechanism for activating additional silicon features in already produced and deployed server CPUs using the software. While formal support for the functionality is coming to Linux 5.18 and is set to be available this spring, Intel hasn’t disclosed what exactly it plans to enable using its pay-as-you-go CPU upgrade model. We don’t know how it works and what it enables, but we can make some educated guesses. […]

Read more of this story at Slashdot.

Samsung Held An Event In the Metaverse. And It Didn’t Quite Go To Plan

Samsung held a launch event for its new Galaxy smartphones in a metaverse this week but many people struggled to gain access as they encountered technical difficulties. CNBC reports: The South Korean tech giant hosted the event Wednesday on Decentraland, a cryptocurrency-focused virtual world that users can create, explore and trade in. Decentraland, one of many metaverse efforts, is accessed via a desktop browser. Users create an avatar which they can then navigate around the blockchain-powered virtual world using a mouse and keyboard — something that isn’t exactly intuitive for non-gamers. The event specifically took place in Samsung 837X, a virtual building that Samsung has built on Decentraland that’s designed to be a replica of its flagship New York experience center. Samsung 837X is there all the time but there just happened to be an event inside the building’s “Connectivity Theatre” on Wednesday. But CNBC, and many others, struggled to find the 837X building and when we did many of us were unable to gain access to it.

When an avatar is first created on Decentraland, it lands in a sort of atrium where clouds appear to be gliding across the floor. There’s a round pool in the middle that has a worrying vortex in the center. Our avatar was soon surrounded by around 20 others. A chat box in the bottom left-hand corner of the screen was full of messages like “help” and “I hate this game.” One user named claireinnit#87fa, boldly claimed “we’re in the —-in future.” On the opposite side of the intimidating pool, three large boards read “classics, events and crowd.” An ad for Samsung 837X hang on the “crowd” board. Once clicked (easier said than done), you’re then given the option to “jump in.” After jumping in, you’re transported to Samsung’s little world on Decentraland and you can see the 837X building. There’s a pizza store next door, but not much else.

CNBC immediately noticed a large line of people at the main entrance to the 837X building. People were struggling to get in. Some users were getting their avatars to jump on other people’s heads as they clambered to the front of the queue but it didn’t help. The doors wouldn’t open and the chatbox was again full of pleas for help. A rumor circulated that a YouTuber had managed to find a way in, while a CNET journalist wrote on Twitter that they had managed to gain access by switching to the “ATHENA” server. It wasn’t immediately obvious how to do this. “Many people were unable to actually enter Samsung 837X before the event started,” wrote CNET’s Russell Holly. […] After around 30 minutes of trying to access Samsung’s building in the metaverse, CNBC gave up and went back to the real world.

Read more of this story at Slashdot.

TikTok Shares Your Data More Than Any Other Social Media App, Study Says

According to a recent study published by mobile marketing company URL Genius, YouTube and TikTok track users’ personal data more than any other social media apps. However, while YouTube mostly collects your personal data for its own purposes to serve you more relevant ads, TikTok mostly allows third-party trackers to collect your data — “and from there, it’s hard to say what happens with it,” reports CNBC. From the report: With third-party trackers, it’s essentially impossible to know who’s tracking your data or what information they’re collecting, from which posts you interact with — and how long you spend on each one — to your physical location and any other personal information you share with the app. As the study noted, third-party trackers can track your activity on other sites even after you leave the app.

To conduct the study, URL Genius used the Record App Activity feature from Apple’s iOS to count how many different domains track a user’s activity across 10 different social media apps — YouTube, TikTok, Twitter, Telegram, LinkedIn, Instagram, Facebook, Snapchat, Messenger and Whatsapp — over the course of one visit, before you even log into your account. YouTube and TikTok topped the other apps with 14 network contacts apiece, significantly higher than the study’s average number of six network contacts per app. Those numbers are all probably higher for users who are logged into accounts on those apps, the study noted.

Ten of YouTube’s trackers were first-party network contacts, meaning the platform was tracking user activity for its own purposes. Four of the contacts were from third-party domains, meaning the social platform was allowing a handful of mystery outside parties to collect information and track user activity. For TikTok, the results were even more mysterious: 13 of the 14 network contacts on the popular social media app were from third parties. The third-party tracking still happened even when users didn’t opt into allowing tracking in each app’s settings, according to the study. “Consumers are currently unable to see what data is shared with third-party networks, or how their data will be used,” the report’s authors wrote.

Read more of this story at Slashdot.

Douglas Trumbull, VFX Whiz For ‘Blade Runner’, ‘2001’ and Others, Dies At 79

Douglas Trumbull, the visual effects mastermind behind Blade Runner, Close Encounter of the Third Kind, 2001: A Space Odyssey and numerous others, died on Monday at age 79. His daughter Amy Trumbull announced the news on Facebook, writing that her father’s death followed a “two-year battle” with cancer, a brain tumor and stroke. Engadget reports: Trumbull was born on April 8, 1942 in Los Angeles, the son of a mechanical engineer and artist. His father worked on the special effects for films including The Wizard of Oz and Star Wars: A New Hope. The younger Trumbull worked as an illustrator and airbrush artist in Hollywood for many years. His career really took off after he cold-called Stanley Kubrick, a conversation which led to a job working on 2001: A Space Odyssey.

One of his most significant contributions to 2001 was creating the film’s Star Gate, a ground-breaking scene where astronaut Dave Bowman hurtles through an illuminated tunnel transcending space and time. In order to meet Kubrick’s high aesthetic standards for the shot, Trumbull essentially designed a way to turn the film camera inside-out. Trumbull’s ad hoc technique “was completely breaking the concept of what a camera is supposed to do,” he said during a lecture at TIFF. Trumbull earned visual effects Oscar nominations for his work on Close Encounters, Star Trek: The Motion Picture and Blade Runner. He also received the President’s Award from the American Society of Cinematographers in 1996.

Later in his career, Trumbull voiced distaste over the impact of computers on visual effects, decrying the cheapening and flattening impact of the new era of CGI. […] He spent the last years of his life working on a new super-immersive film format he dubbed MAGI, which he believed would improve the experience of watching a film in theaters. But Trumbull struggled to draw the interest of today’s film industry.

Read more of this story at Slashdot.

ExpressVPN Offering $100,000 To First Person Who Hacks Its Servers

ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems. Bleeping Computer reports: Today, ExpressVPN announced that they are now offering a $100,000 bug bounty for critical vulnerabilities in their in-house technology, TrustedServer. “This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN,” the company shared in an email to BleepingComputer. The new $100,000 one-time bounty is offered with the following conditions:

– The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive the $100,000 bounty. This one-time bonus is valid until the prize has been claimed.
– The one-time $100,000 bounty is only eligible for vulnerabilities in ExpressVPN’s VPN Server.
– Activities should remain in scope to the TrustedServer platform. If unsure that your testing is considered in-scope, please reach out to support@bugcrowd.com to confirm first.

ExpressVPN also invites security researchers to uncover possible ways to leak the actual IP address of clients and monitor user traffic. The bug bounty program is run through BugCrowd, which offers a safe harbor for researchers who attempt to breach ExpressVPN’s servers as part of the program.

Read more of this story at Slashdot.