Mozilla Is Ending Support For Its Firefox Password Manager Sync App

Mozilla announced last week via a support article that its Firefox Lockwise password manager app will reach end-of-life on December 13th. The final release versions are 1.8.1 (iOS) and 4.0.3 (Android) and will no longer be available to download or reinstall after that date. The Verge reports: What started in 2018 as a small experimental mobile app called Lockbox ended up bringing a way to access saved passwords and perform autofills on iOS, Android, and desktop devices to a small but enthusiastic following of Firefox fans. The app was also later adapted as a Firefox extension. It seemed like it was apt to stick around for the long run.

The support article recommends that users continue accessing passwords using the native Firefox browsers on desktop and mobile. In an added note on the support site, Mozilla suggests that later in December, the Firefox iOS app will gain the ability to manage Firefox passwords systemwide. The note alludes to Mozilla adopting the features of Lockwise and eventually integrating them into the Firefox browser apps natively on all platforms.

Read more of this story at Slashdot.

New Windows Zero-Day With Public Exploit Lets You Become An Admin

A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. BleepingComputer reports: As part of the November 2021 Patch Tuesday, Microsoft fixed a ‘Windows Installer Elevation of Privilege Vulnerability’ vulnerability tracked as CVE-2021-41379. This vulnerability was discovered by security researcher Abdelhamid Naceri, who found a bypass to the patch and a more powerful new zero-day privilege elevation vulnerability after examining Microsoft’s fix. Yesterday, Naceri published a working proof-of-concept exploit for the new zero-day on GitHub, explaining that it works on all supported versions of Windows.

“This variant was discovered during the analysis of CVE-2021-41379 patch. the bug was not fixed correctly, however, instead of dropping the bypass,” explains Naceri in his writeup. “I have chosen to actually drop this variant as it is more powerful than the original one.” Furthermore, Naceri explained that while it is possible to configure group policies to prevent ‘Standard’ users from performing MSI installer operations, his zero-day bypasses this policy and will work anyway. BleepingComputer tested Naceri’s ‘InstallerFileTakeOver’ exploit, and it only took a few seconds to gain SYSTEM privileges from a test account with ‘Standard’ privileges, as demonstrated in [this video]. When BleepingComputer asked Naceri why he publicly disclosed the zero-day vulnerability, we were told he did it out of frustration over Microsoft’s decreasing payouts in their bug bounty program. A Microsoft spokesperson said in a statement: “We are aware of the disclosure and will do what is necessary to keep our customers safe and protected. An attacker using the methods described must already have access and the ability to run code on a target victim’s machine.”

Naceri recommends users wait for Microsoft to release a security patch, as attempting to patch the binary will likely break the installer.

Read more of this story at Slashdot.

Rare Einstein Manuscript Set To Fetch Millions

A rare manuscript by theoretical physicist Albert Einstein goes under the hammer in Paris on Tuesday, with auctioneers aiming for a stratospheric price tag. Phys.Org reports: The manuscript, containing preparatory work for Einstein’s key achievement the theory of relativity, is estimated at between two and three million euros (2.3-3.4 million), according to Christie’s which is hosting the sale on behalf of the Aguttes auction house. “This is without a doubt the most valuable Einstein manuscript ever to come to auction,” Christie’s said in a statement.

The 54-page document was handwritten in 1913 and 1914 in Zurich, Switzerland, by Einstein and his colleague and confidant, Swiss engineer Michele Besso. Christie’s said it was thanks to Besso that the manuscript was preserved for posterity. This was “almost like a miracle” since the German-born genius himself would have been unlikely to hold on to what he considered to be a simple working document, Christie’s said. Today, the paper offers “a fascinating plunge into the the mind of the 20th century’s greatest scientist,” it said.

Read more of this story at Slashdot.

Rooftop Solar Helps Send South Australia Grid To Zero Demand In World’s First

South Australia on Sunday became the first gigawatt scale grid in the world to reach zero demand when the combined output of rooftop solar and other small non-scheduled generators exceeded all the local customer load requirements. Renew Economy reports: The landmark event was observed by several energy analysts, including at Watt Clarity and NEMLog, where Geoff Eldridge noted that a number of measures for South Australia demand notched up record minimums for system normal conditions. It was later confirmed by the Australian Energy Market Operator, which noted that “scheduled” demand — local demand minus the output of rooftop solar and small unscheduled generators such as small solar farms and bio-energy — fell to minus 38MW in a five minute period at 1235pm (grid time, or AEST).

Minimum demand is now possibly the biggest challenge for market operators like AEMO, because under current market settings it needs to have a certain amount of synchronous generation to maintain system strength and grid stability. It does this by running a minimum amount of gas generation, and through the recent commissioning of spinning machines called synchronous condensers that do not burn fuel. It also needs a link to a neighboring grid, in this case Victoria, so it can export surplus production.

Read more of this story at Slashdot.

Rolls-Royce’s All-Electric Airplane Reached a Record 387.4 MPH Top Speed

Rolls-Royce has announced that its all-electric plane, dubbed the “Spirit of Innovation,” is the fastest of its kind in the world after it reached a maximum speed of 387.4 mph (623 k/h) in recent flight tests. Gizmodo reports: In a recent news release, the company, not to be mistaken for the car company owned by BMW, claimed that the Spirit of Innovation set three new world records earlier this week. On flight tests carried out on Nov. 16, Rolls-Royce said its aircraft reached a top speed of 345.4 mph (555.9 km/h) over 1.8 miles (3 kilometers), exceeding the current record by 132 mph (213 k/h). It broke another record in a subsequent 9.3-mile (15 kilometer) flight, during which it reached 330 mph (532.1 km/h), surpassing the current record by 182 mph (292.8 km/h).

The Spirit of Innovation didn’t stop there, though. Rolls-Royce affirms that it smashed another record when it reached 9,842.5 feet (3,000 meters) in 202 seconds, beating the current record by 60 seconds. In the company’s view, it also took the title of the world’s fastest all-electric vehicle when it reached a maximum speed of 387.4 mph (623 km/h) during its flight tests. The company’s aircraft is powered by a 400kW electric powertrain and “the most power-dense propulsion battery pack ever assembled in aerospace.” “Following the world’s focus on the need for action at COP26, this is another milestone that will help make ‘jet zero’ a reality and supports our ambitions to deliver the technology breakthroughs society needs to decarbonize transport across air, land and sea,” CEO Warren East said in the news release.

Read more of this story at Slashdot.

‘Spider-Man: No Way Home’ Trailer Remade With Footage From the 1990’s Cartoon

Long-time Slashdot reader destinyland writes: This week Marvel released an epic three-minute trailer hyping December’s releases of Spider-Man: No Way Home. “It comes after the initial trailer, which focused on the movie’s multiversal villains, broke YouTube records over the summer,” CNET reported Tuesday (racking up 355.5 million views in its first 24 hours).

But then one more universe collided…

Basically, some internet wise guys re-edited the trailer, splicing its audio over clips from the Fox Kids’ 1994 cartoon series Spider-Man. (Opening credits here.) “This has no right being this good,” argues CNET — especially since the actual movie’s trailer arrived “amidst a ludicrous amount of fanfare and hype.”

But it’s all oddly appropriate, since CNET notes the upcoming movie features five sinister villains from nearly 20 years of Spider-Man movies, reaching back to the Tobey Maguire and Andrew Garfield era (“likely spurred on by the events of the Disney Plus Loki series.”)
So maybe it’s fitting that it was also invaded by the television cartoon universe…

Read more of this story at Slashdot.

Intel’s Expensive New Plan to Upgrade Its Chip Technology – and US Manufacturing

America’s push to manufacturer more products domestically gets an in-depth look from CNET — including a new Intel chip factory outside of Phoenix.

CNET calls it a fork in the road “after squandering its lead because of a half decade of problems modernizing its manufacturing…”

With “a decade of bad decisions, this doesn’t get fixed overnight,” says Pat Gelsinger, Intel’s new chief executive, in an interview. “But the bottom is behind us and the slope is starting to feel increasingly strong….” More fabs are on the way, too. In an enormous empty patch of dirt at its existing Arizona site, Intel has just begun building fabs 52 and 62 at a total cost of $20 billion, set to make Intel’s most advanced chips, starting in 2024. Later this year, it hopes to announce the U.S. location for its third major manufacturing complex, a 1,000-acre site costing about $100 billion. The spending commitment makes this year’s $3.5 billion upgrade to its New Mexico fab look cheap. The goal is to restore the U.S. share of chip manufacturing, which has slid from 37% in 1990 to 12% today. “Over the decade in front of us, we should be striving to bring the U.S. to 30% of worldwide semiconductor manufacturing,” Gelsinger says…

But returning Intel to its glory days — and anchoring a resurgent U.S. electronics business in the process — is much easier said than done. Making chips profitably means running fabs at maximum capacity to pay off the gargantuan investments required to stay at the leading edge. A company that can’t keep pace gets squeezed out, like IBM in 2014 or Global Foundries in 2018. To catch up after its delays, Intel now plans to upgrade its manufacturing five times in the next four years, a breakneck pace by industry standards. “This new roadmap that they announced is really aggressive,” says Linley Group analyst Linley Gwennap. “I don’t have any idea how they are going to accomplish all of that….”

Gelsinger has a tech-first recovery plan. He’s pledged to accelerate manufacturing upgrades to match the technology of TSMC and Samsung by 2024 and surpass them in 2025. He’s opening Intel’s fabs to other companies that need chips built through its new Intel Foundry Services (IFS). And he’s relying on other foundries, including TSMC, for about a quarter of Intel’s near-term chipmaking needs to keep its chips more competitive during the upgrades. This three-pronged strategy is called IDM (integrated design and manufacturing) 2.0. That’s a new take on Intel’s philosophy of both designing and making chips. It’s more ambitious than the future some had expected, in which Intel would sell its factories and join the ranks of “fabless” chip designers like Nvidia, AMD and Qualcomm that rely on others for manufacturing…

Shareholders may not like Gelsinger’s spending-heavy strategy, but one community really does: Intel’s engineers… Gelsigner told the board that Intel is done with stock buybacks, a financial move in which a company uses its cash to buy stock and thereby increase its price. “We’re investing in factories,” he told me. “That’s going to be the use of our cash….”

“We cannot recall the last time Intel put so many stakes in the ground,” said BMO Capital Markets analyst Ambrish Srivastava in a July research report after Intel announced its schedule.

Intel will even outpace Moore’s law, Gelsinger tells CNET — more than doubling the transistor count on processors every two years. “I believe that you’re going to see from 2025 to 2035 a very healthy period for Moore’s Law-like behavior.”

Although that still brings some risk to Intel’s investments if they have to pass the costs on to customer, a Linley Group analyst points out to CNET. “Moore’s Law is not going to end when we can’t build smaller transistors. It’s going to end when somebody says I don’t want to pay for smaller transistors.”

Read more of this story at Slashdot.

Cryptographers Aren’t Happy With How You’re Using the Word ‘Crypto’

Cryptographers are upset that “crypto” sometimes now refers to cryptocurrency, reports the Guardian:

This lexical shift has weighed heavily on cryptographers, who, over the past few years, have repeated the rallying cry “Crypto means cryptography” on social media. T-shirts and hoodies trumpet the phrase and variations on it; there’s a website dedicated solely to clarifying the issue. “‘Crypto’ for decades has been used as shorthand and as a prefix for things related to cryptography,” said Amie Stepanovich, executive director of Silicon Flatirons Center at the University of Colorado Law School and creator of the pro-cryptography T-shirts, which have become a hit at conferences. “In fact, in the term cryptocurrency, the prefix crypto refers back to cryptography….”

[T]here remains an internecine feud among the tech savvy about the word. As Parker Higgins of the Freedom of the Press Foundation, who has spent years involved in cryptography activism, pointed out, the cryptography crowd is by nature deeply invested in precision — after all, designing and cracking codes is an endeavor in which, if you get things “a little wrong, it can blow the whole thing up….”

“Strong cryptography is a cornerstone of the way that people talk about privacy and security, and it has been under attack for decades” by governments, law enforcement, and “all sorts of bad actors”, Higgins said. For its defenders, confusion over terminology creates yet another challenge.

Stepanovich acknowledged the challenge of opposing the trend, but said the weight of history is on her side. “The study of crypto has been around for ever,” she said. “The most famous code is known as the Caesar cipher, referring to Julius Caesar. This is not new.” Cryptocurrency, on the other hand, is a relatively recent development, and she is not ready to concede to “a concept that may or may not survive government regulation”.

Read more of this story at Slashdot.

Researcher Argues Data Paints ‘Big Red Flashing Arrow’ Toward Wuhan Market as Covid-19 Origin

CNN reports on researcher Michael Worobey, “who specializes in tracing the genetic evolution of viruses,” who has now found “considerable evidence that the virus arose in an animal, and did not start circulating until the end of 2019.”

One case especially stood out — that of a 41-year-old accountant who allegedly got sick on December 8, 2019 and who had no connection to the market. The case has been cited as evidence the pandemic must not have started at the market.

Worobey found records that showed the man didn’t become ill with Covid-19 until later in December and that his December 8 problem was related to his teeth.

“This is corroborated by hospital records and a scientific paper that reports his COVID-19 onset date as 16 December and date of hospitalization as 22 December,” Worobey wrote in a commentary in the journal Science. That would make a seafood vendor who worked at the market and who got sick December 11, 2019, the earliest documented case, Worobey said.

Other research helped Worobey come up with a map of the earliest cases that clusters them all around the market. “That so many of the more than 100 COVID-19 cases from December with no identified epidemiologic link to Huanan Market nonetheless lived in its direct vicinity is notable and provides compelling evidence that community transmission started at the market,” he wrote. “It tells us that there’s a big red flashing arrow pointing at Huanan Market as the most likely place that the pandemic started,” Worobey told CNN. “The virus didn’t come from some other part of Wuhan and then get to Huanan market. The evidence speaks really quite strongly to the virus starting at the market and then leaking into the neighborhoods around the market….”

The journal Science subjected Worobey’s research to outside scrutiny before publishing it.

Interestingly, Science also published a letter in May in which Worobey had joined 17 other scientists to urge the investigation of both the “natural origin” and “lab leak” theories. But now while he still believes the Chinese government should’ve investigated the lab leak theory, “holy smokes — is there a lot of evidence against it, and in favor of natural origin,” Worobey tells CNN. And he’s now telling the Los Angeles Times that his new research “takes the lab-leak idea almost completely off the table…. So many of the early cases were tied to this one Home Depot-sized building in a city of 11 million people, when there are thousands of other places where it would be more likely for early cases to be linked to if the virus had not started there.”

Or, as he explained his research to the Washington Post, “It becomes almost impossible to explain that pattern if that epidemic didn’t start there.”

A virologist at Texas A&M University who was one of the coronavirus experts giving SARS-CoV-2 its name called Worobey’s research “detailed and compelling,” while a virologist at Tulane University also tells the Post the new research “shows beyond a shadow of a doubt that in fact the Huanan market was the epicenter of the outbreak.”

Read more of this story at Slashdot.

Is ‘The NFT Bay’ Just a Giant Hoax?

Recently Australian developer Geoffrey Huntley announced they’d created a 20-terabyte archive of all NFTs on the Ethereum and Solana blockchains.
But one NFT startup company now says they tried downloading the archive — and discovered most of it was zeroes.

Many of the articles are careful to point out “we have not verified the contents of the torrent,” because of course they couldn’t. A 20TB torrent would take several days to download, necessitating a pretty beefy internet connection and more disk space to store than most people have at their disposal. We at ClubNFT fired up a massive AWS instance with 40TB of EBS disk space to attempt to download this, with a cost estimate of $10k-20k over the next month, as we saw this torrent as potentially an easy way to pre-seed our NFT storage efforts — not many people have these resources to devote to a single news story.

Fortunately, we can save you the trouble of downloading the entire torrent — all you need is about 10GB. Download the first 10GB of the torrent, plus the last block, and you can fill in all the rest with zeroes. In other words, it’s empty; and no, Geoff did not actually download all the NFTs. Ironically, Geoff has archived all of the media articles about this and linked them on TheNFTBay’s site, presumably to preserve an immutable record of the spread and success of his campaign — kinda like an NFT…

We were hoping this was real… [I]t is actually rather complicated to correctly download and secure the media for even a single NFT, nevermind trying to do it for every NFT ever made. This is why we were initially skeptical of Geoff’s statements. But even if he had actually downloaded all the NFT media and made it available as a torrent, this would not have solved the problem… a torrent containing all the NFTs does nothing to actually make those NFTs available via IPFS, which is the network they must be present on in order for the NFTs to be visible on marketplaces and galleries….
[A]nd this is a bit in the weeds: in order to reupload an NFT’s media to IPFS, you need more than just the media itself. In order to restore a file to IPFS so it can continue to be located by the original link embedded in the NFT, you must know exactly the settings used when that file was originally uploaded, and potentially even the exact version of the IPFS software used for the upload.

For these reasons and more, ClubNFT is working hard on an actual solution to ensure that everybody’s NFTs can be safely secured by the collectors themselves. We look forward to providing more educational resources on these and other topics, and welcome the attention that others, like Geoff, bring to these important issues.
Their article was shared by Slashdot reader long-time Slashdot reader GradiusCVK (who is one of ClubNFT’s three founders). I’d wondered suspiciously if ClubNFT was a hoax, but if this PR Newswire press release is legit, they’ve raised $3 million in seed funding. (And that does include an investment from Drapen Dragon, co-founded by Tim Draper which shows up on CrunchBase). The International Business Times has also covered ClubNFT, identifying it as a startup whose mission statement is “to build the next generation of NFT solutions to help collectors discover, protect, and share digital assets.”

Co-founder and CEO Jason Bailey said these next-generation tools are in their “discovery” phase, and one of the first set of tools that is designed to provide a backup solution for NFTs will roll out early next year. Speaking to International Business Times, Bailey said, “We are looking at early 2022 to roll out the backup solution. But between now and then we should be feeding (1,500 beta testers) valuable information about their wallets.” Bailey says while doing the beta testing, he realized that there are loopholes in the NFT storage systems and only 40% of the NFTs were actually pointing to the IPFS, while 40% of them were at risk — pointing to private servers.

Here is the problem explained: NFTs are basically a collection of metadata, that define the underlying property that is owned. Just like in the world of internet documents, links point to the art and any details about it that are being stored. But links can break, or die. Many NFTs use a system called InterPlanetary File System, or IPFS, which let you find a piece of content as long as it is hosted somewhere on the IPFS network. Unlike in the world of internet domains, you don’t need to own the domain to really make sure the data is safe. Explaining the problem which the backup tool will address, Bailey said, “When you upload an image to IPFS, it creates a cryptographic hash. And if someone ever stops paying to store that image on IPFS, as long as you have the original image, you can always restore it. That’s why we’re giving people the right to download the image…. [W]e’re going to start with this protection tool solution that will allow people to click a button and download all the assets associated with their NFT collection and their wallet in the exact format that they would need it in to restore it back up to IPFS, should it ever disappear. And we’re not going to charge any money for that.”

The idea, he said, is that collectors should not have to trust any company; rather they can use ClubNFT’s tool, whenever it becomes available, to download the files locally… “One of the things that we’re doing early around that discovery process, we’re building out a tool that looks in your wallet and can see who you collect, and then go a level deeper and see who they collect,” Bailey said. Bailey said that the rest of the tools will process after gathering lessons based on user feedback on the first set of solutions. He, however, seemed positive that the talks of the next set of tools will begin in the Spring of next year as the company has laid a “general roadmap.”

Read more of this story at Slashdot.