Douglas Adams was Right. Science Journal Proves 42 Is the Address of the Universe

Slashdot reader Informativity writes: First published in Jan. ’21, a new publication entitled Measurement Quantization affirms the #42 is the address of our universe (Appx. AC), a distinguishing feature of our construct that ultimately answers the question to life, the universe and everything – from a physicist’s point-of-view. Importantly, the International Journal of Geometric Methods in Modern Physics – is a top-tier journal indexed to NASA’s Astronomical Data System (ADS), the after peer review version of arXiv.org. With just over 500 equations, the paper resolves a comprehensive physical description of dark energy, dark matter, discrete gravity, and unification. Resolving over 30 outstanding problems in modern physics, the paper derives the physical constants from first principles, demonstrates the physical significance of Planck’s units, resolves discrete versions of SR and GR, derives the equivalence principle, presents a parameter free description of early universe events, discovers a new form of length contraction not related to Einstein’s relativity and identifies the discrete state of our universe – 42. Forty-two is what defines our universe from any other version of a universe. It also determines the rate of expansion and the ground state orbital of an atom, thus reducing the number of stable universes as we understand them to just a few. So, while Douglas Adams may have just been randomly picking numbers when writing Hitchhiker’s Guide to the Galaxy, perhaps we also live in a universe that likes to humor itself.

Read more of this story at Slashdot.

Seagate Announces Dual-Actuator MACH.2 Drive – and Star Wars, Black Panther Themed Drives

An anonymous reader writes that Seagate Technology has launched its second generation dual actuator MACH.2 series hard drives. “Computing power, storage capacities, and storage performance: all must continue moving forward in order for technology innovators to solve humanity’s greatest challenges,” boasts Seagate’s page for the drives:

MACH.2 is the world’s first multi-actuator hard drive technology, containing two independent actuators that transfer data concurrently. MACH.2 solves the need for increased performance by enabling parallelism of data flows in and out of a single hard drive. By allowing the data center host computer to request and receive data from two areas of the drive simultaneously, MACH.2 doubles the IOPS performance of each individual hard drive…. MACH.2 provides up to 2x performance — with two independent actuators and data paths, it enables concurrent I/O streams to and from the host.
Seagate claims it offers “optimal latency” by improving sequential peformance to double data transfer rates over single-actuator drives.
And in other news, Seagate is selling hard drives with commemorative Star Wars themes, including the Mandalorian drive, the Grogu drive, and the Boba Fett drive. (It’s in addition to Seagate’s officially licensed external drive for God of War Ragnarök — optimised for PS4 and PS5, delivering “the ability to play PS4 games directly from the drive.”) Seagate also made drives commemorating Marvel’s Avengers and Spider-Man, and now has new drives for Marvel’s Black Panther: Wakanda Forever .

Read more of this story at Slashdot.

Aaron Swartz Day Commemorated With International Hackathon

Long-time Slashdot reader destinyland shares this announcement from the EFF’s DeepLinks blog:

This weekend, EFF is celebrating the life and work of programmer, activist, and entrepreneur Aaron Swartz by participating in the 2022 Aaron Swartz Day and Hackathon. This year, the event will be held in person at the Internet Archive in San Francisco on Nov. 12 and Nov. 13. It will also be livestreamed; links to the livestream will be posted each morning.

Those interested in attending in-person or remotely can register for the event here.

Aaron Swartz was a digital rights champion who believed deeply in keeping the internet open. His life was cut short in 2013, after federal prosecutors charged him under the Computer Fraud and Abuse Act (CFAA) for systematically downloading academic journal articles from the online database JSTOR. Facing the prospect of a long and unjust sentence, Aaron died by suicide at the age of 26….

Those interested in working on projects in Aaron’s honor can also contribute to the annual hackathon, which this year includes several projects: SecureDrop, Bad Apple, the Disability Technology Project (Sat. only), and EFF’s own Atlas of Surveillance. In addition to the hackathon in San Francisco, there will also be concurrent hackathons in Ecuador, Argentina, and Brazil. For more information on the hackathon and for a full list of speakers, check out the official page for the 2022 Aaron Swartz Day and Hackathon.
Speakers this year include Chelsea Manning and Cory Doctorow, as well as Internet Archive founder Brewster Kahle, EFF executive director Cindy Cohn, and Creative Commons co-founder Lisa Rein.

Read more of this story at Slashdot.

Prosecutors Seek 15-Year Prison Sentence for Theranos’ Elizabeth Homes, $800M Restitution

“Federal prosecutors are asking a judge to sentence Elizabeth Holmes to 15 years in prison,” reports the Guardian, “and require the Theranos founder to pay $800m in restitution, according to court documents filed on Friday.”

A jury found Holmes guilty in January of four counts of investor fraud and conspiracy. Her sentencing is scheduled for 18 November, and she faces a maximum 20 years in prison. Prosecutors argued that “considering the extensiveness of Holmes’s fraud”, their recommended sentencing would “reflect the seriousness of the offenses, provide for just punishment for the offenses, and deter Holmes and others”.

Holmes’s lawyer argued in documents filed on Thursday that the ex-Theranos boss should not be sentenced to prison at all and, at most, should receive 18 months of house arrest. The court filings argued that Holmes had been made a “caricature to be mocked and vilified” by the media over the years, though she is a caring mother and friend.

“Ms Holmes is no danger to the public,” Holmes’s lawyer said in the court documents. “She has no criminal history, has a perfect pretrial services compliance record, and is described by the people who know her repeatedly as a gentle and loving person who tries to do the right thing.”

Read more of this story at Slashdot.

How Close Was America’s FBI to Deploying Pegasus Spyware?

In a statement in February, America’s Federal Bureau of Investigation “confirmed that it obtained NSO Group’s powerful Pegasus spyware” back in 2019, reported the Guardian. At the time the FBI added that “There was no operational use in support of any investigation, the FBI procured a limited licence for product testing and evaluation only.”

“But dozens of internal F.B.I. documents and court records tell a different story,” the New York Times reported today:
The documents, produced in response to a Freedom of Information Act lawsuit brought by The New York Times against the bureau, show that F.B.I. officials made a push in late 2020 and the first half of 2021 to deploy the hacking tools — made by the Israeli spyware firm NSO — in its own criminal investigations. The officials developed advanced plans to brief the bureau’s leadership, and drew up guidelines for federal prosecutors about how the F.B.I.’s use of hacking tools would need to be disclosed during criminal proceedings. It is unclear how the bureau was contemplating using Pegasus, and whether it was considering hacking the phones of American citizens, foreigners or both. In January, The Times revealed that F.B.I. officials had also tested the NSO tool Phantom, a version of Pegasus capable of hacking phones with U.S. numbers.

The F.B.I. eventually decided not to deploy Pegasus in criminal investigations in July 2021, amid a flurry of stories about how the hacking tool had been abused by governments across the globe. But the documents offer a glimpse at how the U.S. government — over two presidential administrations — wrestled with the promise and peril of a powerful cyberweapon. And, despite the F.B.I. decision not to use Pegasus, court documents indicate the bureau remains interested in potentially using spyware in future investigations. “Just because the F.B.I. ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals,” stated a legal brief submitted on behalf of the F.B.I. late last month….

The specifics of why the bureau chose not to use Pegasus remain a mystery, but American officials have said that it was in large part because of mounting negative publicity about how the tool had been used by governments around the world.

The Times also notes two responses to their latest report. U.S. Senator Ron Wyden complained the FBI’s earlier testimony about Pegasus was incomplete and misleading, and that the agency “owes Americans a clear explanation as to whether the future operational use of NSO tools is still on the table.”

But an F.B.I. spokeswoman said “the director’s testimony was accurate when given and remains true today — there has been no operational use of the NSO product to support any FBI investigation.”

Thanks to long-time Slashdot reader crazyvas for suggesting the story.

Read more of this story at Slashdot.

NSA Urges Organizations To Shift To Memory Safe Programming Languages

In an press release published earlier today, the National Security Agency (NSA) says it will be making a strategic shift to memory safe programming languages. The agency is advising organizations explore such changes themselves by utilizing languages such as C#, Go, Java, Ruby, or Swift. From the report: The “Software Memory Safety” Cybersecurity Information Sheet (PDF) highlights how malicious cyber actors can exploit poor memory management issues to access sensitive information, promulgate unauthorized code execution, and cause other negative impacts. “Memory management issues have been exploited for decades and are still entirely too common today,” said Neal Ziring, Cybersecurity Technical Director. “We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors.”

Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program’s performance over time, and program crashes. NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations. The full report is available here (PDF).

Read more of this story at Slashdot.

Wired Hails Rust as ‘the Viral Secure Programming Language That’s Taking Over Tech’

A new article from Wired calls Rust “the ‘viral’ secure programming language that’s taking over tech.”
“Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough….”

[A] growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way. By design, developers can’t accidentally create the most common types of exploitable security vulnerabilities when they’re coding in Rust, a distinction that could make a huge difference in the daily patch parade and ultimately the world’s baseline cybersecurity….

[B]ecause Rust produces more secure code [than C] and, crucially, doesn’t worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. Microsoft, Google, and Amazon Web Services have all been utilizing Rust since 2019, and the three companies formed the nonprofit Rust Foundation with Mozilla and Huawei in 2020 to sustain and grow the language. And after a couple of years of intensive work, the Linux kernel took its first steps last month to implement Rust support. “It’s going viral as a language,” says Dave Kleidermacher, vice president of engineering for Android security and privacy. “We’ve been investing in Rust on Android and across Google, and so many engineers are like, ‘How do I start doing this? This is great’….”

By writing new software in Rust instead, even amateur programmers can be confident that they haven’t introduced any memory-safety bugs into their code…. These types of vulnerabilities aren’t just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate memory-safety vulnerabilities is significant….

“Yes, it’s a lot of work, it will be a lot of work, but the tech industry has how many trillions of dollars, plus how many talented programmers? We have the resources,” says Josh Aas, executive director of the Internet Security Research Group, which runs the memory-safety initiative Prossimo as well as the free certificate authority Let’s Encrypt. “Problems that are merely a lot of work are great.”

Here’s how Dan Lorenc, CEO of the software supply-chain security company Chainguard, explains it to Wired. “Over the decades that people have been writing code in memory-unsafe languages, we’ve tried to improve and build better tooling and teach people how to not make these mistakes, but there are just limits to how much telling people to try harder can actually work.

“So you need a new technology that just makes that entire class of vulnerabilities impossible, and that’s what Rust is finally bringing to the table.”

Read more of this story at Slashdot.

Stack Overflow CEO Shares Plans for Certification Programs, Opinions on No-Code Programming

“We serve about 100 million monthly visitors worldwide,” says the CEO of Stack Overflow, “making us one of the most popular websites in the world. I think we are in the top 50 of all websites in the world by traffic.”

In a new interview, he says the site’s been accessed about 50 billion times over the past 14 years — and then shares his thoughts on the notion that programmers could be replaced by no-code, low-code, or AI-driven pair programming:

A: Over the years, there have many, many tools, trying to democratize software development. That’s a very positive thing. I actually love the fact that programming is becoming easier to do with these onramps. I was speaking at Salesforce recently, and they’ve got people in sales organizations writing workflows, and that’s low code. You’ve got all these folks who are not software engineers that are creating their own automations and applications.

However, there is this trade-off. If you’re making software easier to build, you’re sacrificing things like customizability and a deeper understanding of how this code actually works. Back in the day, you might remember Microsoft FrontPage [an early HTML web page editor] as an example of that. You were limited to certain basic things, but you could get web work done. So similarly, these tools will work for general use cases. But, if they do that, without learning the fundamental principles of code, they will inevitably have some sort of a limit. For example, having to fix something that broke, I think they’re going to be really dumbfounded.

Still, I think it’s important, and I’m a believer. It’s a great way to get people engaged, excited, and started. But you got to know what you’re building. Access to sites like Stack Overflow help, but with more people learning as they’re building, it’s essential to make learning resources accessible at every stage of their journey….

Q: Is Stack Overflow considering any kind of certification? Particularly, as you just mentioned, since it’s so easy now for people to step in and start programming. But then there’s that big step from “Yes, I got it to work,” but now “I have to maintain it for users using it in ways I never dreamed of.”

A: “It’s very much part of our vision for our company. We see Stack Overflow going from collective knowledge to collective learning. Having all the information is fine and dandy, but are you learning? Now, that we’re part of Prosus’s edtech division, we’re very much looking forward to offering educational opportunities. Just as today, we can get knowledge to developers at the right place and time, we think we can deliver learning at just the right place and time. We believe we can make a huge impact with education and by potentially getting into the certification game.

Q: Some of the open-source nonprofits are moving into education as well. The Linux Foundation, in particular, has been moving here with the LF Training and Certification programs. Are you exploring that?

A: This is very much part of our vision….

Stack Overflow’s CEO adds that the site’s hot topics now include blockchain, machine learning, but especially technical cloud questions, “rising probably about 50% year over year over the past 10 years…. Related to this is an increase in interest in containerization and cloud-native services.”

Read more of this story at Slashdot.

Kaspersky To Kill Its VPN Service In Russia Next Week

Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022. BleepingComputer reports: As the Moscow-based company informed on its Russian blog earlier this week, the shutdown of the VPN service will be staged, so that impact on customers remains minimal. Purchases of the paid version of Kaspersky Secure Connection will remain available on both the official website and mobile app stores until December 2022. Customers with active subscriptions will continue to enjoy the product’s VPN service until the end of the paid period, which cannot go beyond the end of 2023 (one-year subscription).
Russian-based users of the free version of Kaspersky Secure Connection will not be able to continue using the product after November 15, 2022, so they will have to seek alternatives. BleepingComputer emailed Kaspersky questions regarding its decision to stop offering VPN products in Russia, but a spokesperson has declined to provide more information. Russia’s telecommunications watchdog, Roskomnadzor, announced VPN bans in June 2021 and then again in December 2021. “The reason for banning 15 VPNs in the country was because their vendors refused to connect their services to the FGIS database, which would apply government-imposed censorship in VPN connections, and would also make user traffic and identity subject to state scrutiny,” reports BleepingComputer.

“Ever-increasing controls are strangling VPN usage in Russia. On Tuesday, the Ministry of Digital Transformation requested all state-owned companies to declare what VPN products they use, for what purposes, and in what locations.”

Read more of this story at Slashdot.

BlockFi Pauses Withdrawals In Wake of FTX Collapse