Air Industry Trends Safer, But ‘Flukish’ Second Crash Led Boeing to Mishandled Media Storm, WSJ Argues

There’s actually “a global trend toward increased air safety,” notes a Wall Street Journal columnist.

And even in the case of the two fatal Boeing crashes five years ago, he stresses that they were “were two different crashes,” with the second happening only “after Boeing and the FAA issued emergency directives instructing pilots how to compensate for Boeing’s poorly designed flight control software.

“The story should have ended after the first crash except the second set of pilots behaved in unexpected, unpredictable ways, flying a flyable Ethiopian Airlines jet into the ground.”

Boeing is guilty of designing a fallible system and placing an undue burden on pilots. The evidence strongly suggests, however, that the Ethiopian crew was never required to master the simple remedy despite the global furor occasioned by the first crash. To boot, they committed an additional error by overspeeding the aircraft in defiance of aural, visual and stick-shaker warnings against doing so. It got almost no coverage, but on the same day the Ethiopian government issued its final findings on the accident in late 2022, the U.S. National Transportation Safety Board, in what it called an “unusual step,” issued its own “comment” rebuking the Ethiopian report for “inaccurate” statements, for ignoring the crew’s role, for ignoring how readily the accident should have been avoided.

So the Wall Street Journal columnist challenges whether profit incentives played any role in Boeing’s troubles:

In reality, the global industry was reorganized largely along competitive profit-and-loss lines after the 1970s, and yet this coincided with enormous increases in safety, notwithstanding the sausage factory elements occasionally on display (witness the little-reported parking of hundreds of Airbus planes over a faulty new engine).

The point here isn’t blame but to note that 100,000 repetitions likely wouldn’t reproduce the flukish second MAX crash and everything that followed from it. Rather than surfacing Boeing’s deeply hidden problems, it seems the second crash gave birth to them. The subsequent 20-month grounding and production shutdown, combined with Covid, cost Boeing thousands of skilled workers. The pressure of its duopoly competition with Airbus plus customers clamoring for their backordered planes made management unwisely desperate to restart production. January’s nonfatal door-plug blowout of an Alaska Airlines 737 appears to have been a one-off when Boeing workers failed to reinstall the plug properly after removing it to fix faulty fuselage rivets. Not a one-off, apparently, are faulty rivets as Boeing has strained to hire new staff and resume production of half-finished planes.

Boeing will sort out its troubles eventually by applying the oldest of manufacturing insights: Training, repetition, standardization and careful documentation are the way to error-free complex manufacturing.
As he sees it, “The second MAX crash caught Boeing up in a disorienting global media and political storm that it didn’t know how to handle and, indeed, has handled fairly badly.”

Read more of this story at Slashdot.

”Tetris Reversed’? Alexey Pajitnov Shows Footage From Rediscovered Prototype for ‘Tetris’ Sequel

Tetris creator Alexey Pajitnov and others spoke at the Game Developers Conference about Tetris Reversed, reports VentureBeat — and told the story of “a lost prototype of a Tetris game that was never published.”

But little did Pajitnov know that an engineer in charge of the game, Vedran Klanac, had kept a copy of it. Through the help of intermediaries, he showed it to Pajitnov and the two shared their memories of what happened to the lost game…

Pajitnov has lived in the U.S. since 1991, where he has been involved in the development of games such as Pandora’s Box and worked with companies such as Microsoft and WildSnake Software… Klanac is the CEO of Ocean Media, and he is originally from Zagreb, Croatia. He was an aerospace engineer who started his career in the games industry with Croteam where he built the physics engine for Serious Sam 2.
Since 2006, he has been running Ocean Media, a game publishing company with a focus on consoles. During the last 20 years, he was involved in production as a programmer and executive producer in more than 200 projects. And it turns out he was the programmer who created the Tetris Reversed code based on instructions from Pajitnov, who had passed them on through a middleman. In 2011, programmer Vedran Klanac went to the NLGD Festival of Games in Utrecht, The Netherlands. He listened to a talk on a charitable effort from Martin de Ronde, a cofounder of game studio Guerrilla Games. Klanac said in an interview with GamesBeat that he listened to De Ronde’s talk and offered to help. De Ronde came back months later saying he had an agreement with Pajitnov about creating a new prototype for a Tetris game.

De Ronde asked if Klanac if he wanted to make Tetris Reversed by Pajitnov.

“Are you kidding me?” Klanac reacted.

The idea is still to survive as long as you can, according to the article — but the entire playfield was accessible. “For the first time in public, they showed the video of the prototype in action,” according to the article, which also records Pajitnov reaction. “When you see the gameplay video, and when you look at the design elements. This is Tetris for like 300 IQ people.”

No word on yet on whether the game will ever be officially published.

Read more of this story at Slashdot.

New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys

“There is a new side channel attack against Apple ‘M’ series CPUs that does not appear to be fixable without a major performance hit,” writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it’s ‘more robust’ against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company’s understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers. The researchers have published a paper (PDF) detailing their work.

Ars Technica’s Dan Goodin also reported on the vulnerability.

Read more of this story at Slashdot.

Database For UK Nurse Registration ‘Completely Unacceptable’

Lindsay Clark reports via The Register: The UK Information Commissioner’s Office has received a complaint detailing the mismanagement of personal data at the Nursing and Midwifery Council (NMC), the regulator that oversees worker registration. Employment as a nurse or midwife depends on enrollment with the NMC in the UK. According to whistleblower evidence seen by The Register, the databases on which the personal information is held lack rudimentary technical standards and practices. The NMC said its data was secure with a high level of quality, allowing it to fulfill its regulatory role, although it was on “a journey of improvement.” But without basic documentation, or the primary keys or foreign keys common in database management, the Microsoft SQL Server databases — holding information about 800,000 registered professionals — are difficult to query and manage, making assurances on governance nearly impossible, the whistleblower told us.

The databases have no version control systems. Important fields for identifying individuals were used inconsistently — for example, containing junk data, test data, or null data. Although the tech team used workarounds to compensate for the lack of basic technical standards, they were ad hoc and known by only a handful of individuals, creating business continuity risks should they leave the organization, according to the whistleblower. Despite having been warned of the issues of basic technical practice internally, the NMC failed to acknowledge the problems. Only after exhausting other avenues did the whistleblower raise concern externally with the ICO and The Register. The NMC stores sensitive data on behalf of the professionals that it registers, including gender, sexual orientation, gender identity, ethnicity and nationality, disability details, marital status, as well as other personal information.

The whistleblower’s complaint claims the NMC falls well short of [the standards required under current UK law for data protection and the EU’s General Data Protection Regulation (GDPR)]. The statement alleges that the NMC’s “data management and data retrieval practices were completely unacceptable.” “There is not even much by way of internal structure of the databases for self-documentation, such as primary keys, foreign keys (with a few honorable exceptions), check constraints and table constraints. Even fields that should not be null are nullable. This is frankly astonishing and not the practice of a mature, professional organization,” the statement says. For example, the databases contain a unique ten-digit number (or PRN) to identify individuals registered to the NMC. However, the fields for PRNs sometimes contain individuals’ names, start with a letter or other invalid data, or are simply null. The whistleblower’s complaint says that the PRN problem, and other database design deficiencies, meant that it was nearly impossible to produce “accurate, correct, business critical reports … because frankly no one knows where the correct data is to be found.” A spokesperson for the NMC said the register was “organized and documented” in the SQL Server database. “For clarity, the register of all our nurses, midwives and nursing practitioners is held within Dynamics 365 which is our system of record. This solution and the data held within it, is secure and well documented. It does not rely on any SQL database. The SQL database referenced by the whistleblower relates to our data warehouse which we are in the process of modernizing as previously shared.”

Read more of this story at Slashdot.

Users Shocked To Find Instagram Limits Political Content By Default

Instagram has been limiting recommended political content by default without notifying users. Ars Technica reports: Instead, Instagram rolled out the change in February, announcing in a blog that the platform doesn’t “want to proactively recommend political content from accounts you don’t follow.” That post confirmed that Meta “won’t proactively recommend content about politics on recommendation surfaces across Instagram and Threads,” so that those platforms can remain “a great experience for everyone.” “This change does not impact posts from accounts people choose to follow; it impacts what the system recommends, and people can control if they want more,” Meta’s spokesperson Dani Lever told Ars. “We have been working for years to show people less political content based on what they told us they want, and what posts they told us are political.”

To change the setting, users can navigate to Instagram’s menu for “settings and activity” in their profiles, where they can update their “content preferences.” On this menu, “political content” is the last item under a list of “suggested content” controls that allow users to set preferences for what content is recommended in their feeds. There are currently two options for controlling what political content users see. Choosing “don’t limit” means “you might see more political or social topics in your suggested content,” the app says. By default, all users are set to “limit,” which means “you might see less political or social topics.” “This affects suggestions in Explore, Reels, Feed, Recommendations, and Suggested Users,” Instagram’s settings menu explains. “It does not affect content from accounts you follow. This setting also applies to Threads.” “Did [y’all] know Instagram was actively limiting the reach of political content like this?!” an X user named Olayemi Olurin wrote in an X post. “I had no idea ’til I saw this comment and I checked my settings and sho nuff political content was limited.”

“This is actually kinda wild that Instagram defaults everyone to this,” another user wrote. “Obviously political content is toxic but during an election season it’s a little weird to just hide it from everyone?”

Read more of this story at Slashdot.

Windows 11 Notepad Finally Gets Spellcheck and Autocorrect

Microsoft today announced a preview release of Windows Notepad, with built-in spellchecking and an autocorrect feature. BleepingComputer reports: Microsoft says they are rolling out this preview to Insiders in the Windows 11 Canary and Dev channels, but it may take some time before it’s available for everyone. “With this update, Notepad will now highlight misspelled words and provide suggestions so that you can easily identify and correct mistakes,” reads Microsoft’s announcement. “We are also introducing autocorrect which seamlessly fixes common typing mistakes as you type.”

Once installed, Notepad will now show a red squiggly line under misspelled words that, when clicked, shows suggestions on the correct spelling. It’s also possible to ignore words in a single text document or add them to the global dictionary so they are not shown in the future.

Microsoft says that this feature will be turned off for log and source code files. This is because it’s common for non-standard words to be used in these files, triggering multiple spellcheck errors. Users can control this setting globally or for specific file types in the Notepad app’s settings. The autocorrect feature is a bit more seamless, automatically making small changes to grammar and punctuation as you type.

Read more of this story at Slashdot.

Redis To Adopt ‘Source-Available Licensing’ Starting With Next Version

Longtime Slashdot reader jgulla shares an announcement from Redis: Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD). The new source-available licenses allow us to sustainably provide permissive use of our source code.

We’re leading Redis into its next phase of development as a real-time data platform with a unified set of clients, tools, and core Redis product offerings. The Redis source code will continue to be freely available to developers, customers, and partners through Redis Community Edition. Future Redis source-available releases will unify core Redis with Redis Stack, including search, JSON, vector, probabilistic, and time-series data models in one free, easy-to-use package as downloadable software. This will allow anyone to easily use Redis across a variety of contexts, including as a high-performance key/value and document store, a powerful query engine, and a low-latency vector database powering generative AI applications. […]

Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code. These agreements will underpin support for existing integrated solutions and provide full access to forthcoming Redis innovations. In practice, nothing changes for the Redis developer community who will continue to enjoy permissive licensing under the dual license. At the same time, all the Redis client libraries under the responsibility of Redis will remain open source licensed. Redis will continue to support its vast partner ecosystem — including managed service providers and system integrators — with exclusive access to all future releases, updates, and features developed and delivered by Redis through its Partner Program. There is no change for existing Redis Enterprise customers.

Read more of this story at Slashdot.

Apple Launches All-In-One ‘Manuals, Specs, and Downloads’ Website

EPA Sets Strict New Limits On Tailpipe Emissions That Could Boost EV Sector

sinij shares a report from the New York Post: The Biden administration finalized its crackdown on gas cars Wednesday, with the Environmental Protection Agency announcing drastic climate regulations meant to ensure more than two-thirds of passenger cars and light trucks sold by 2032 are electric or hybrid vehicles. The EPA rule imposes strict limits on tailpipe pollution, limits the agency says can be met if 56% of new vehicles sold in the US are electric by eight years from now, along with 13% that are plug-in hybrids or other partially electric cars. That would be a huge increase over current EV sales, which rose to 7.6% of new vehicle sales last year, up from 5.8% in 2022. […] The new rule slows implementation of stricter pollution standards from 2027 through 2029, before ramping up to near the level the EPA preferred by 2032. “Personal car ownership is about to get A LOT more expensive as it will have to carry the costs of deep discounts to entice EV sales,” adds Slashdot reader sinij.

Read more of this story at Slashdot.