Category: Technica Aquarius

Enlarge (credit: Getty Images)

Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open-source filesharing server app.

The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

Spraying the Internet

“We’re seeing hits to the specific endpoint that exposes sensitive information, which would be considered exploitation,” Glenn Thorpe, senior director of security research & detection engineering at Greynoise, said in an interview on Mastodon. “At the moment, we’ve seen 13 IPs that are hitting our unadvertised sensors, which indicates that they are pretty much spraying it across the internet to see what hits.”

Enlarge / Nineteenth-century naturalist and solicitor Morton Allport, based in Hobart, built a scientific reputation by exchanging the remains of Tasmanian Aboriginal people and Tasmanian tigers for honors from elite societies. (credit: Allport Library and Museum of Fine Arts, State Library of Tasmania)

When Australian naturalist and solicitor Morton Allport died in 1878, one obituary lauded the man as “the most foremost scientist in the colony,” as evidenced by his position as vice president of the Royal Society of Tasmania (RST) at the time of his death, among many other international honors. But according to a new paper published in the journal Archives of Natural History, Allport’s stellar reputation was based less on his scholarly merit than on his practice of sending valuable specimens of Tasmanian tigers (thylacines) and aboriginal remains to European collectors in exchange for scientific accolades. Allport admits as much in his own letters, preserved in the State Library of Tasmania, as well as to directing grave-robbing efforts to obtain those human remains.

“Early British settlers considered both thylacines and Tasmanian Aboriginal people to be a hindrance to colonial development, and the response was institutionalised violence with the intended goal of eradicating both,” said the paper’s author, Jack Ashby, assistant director of the University Museum of Zoology at Cambridge in England. “Allport’s letters show he invested heavily in developing his scientific reputation—particularly in gaining recognition from scientific societies—by supplying human and animal remains from Tasmania in a quid pro quo arrangement, rather than through his own scientific endeavors.”

Thylacines have been extinct since 1936, but they were once the largest marsupial carnivores of the modern era. Europeans first settled in Tasmania in 1803 and viewed the tigers as a threat, blaming the animals for killing their sheep. The settlers didn’t view the Aboriginal population much more favorably, and there were inevitable conflicts from the settlers displacing the aborigines and from the increased competition for food.  In 1830, a farming corporation placed the first bounties on thylacines, with the government instituting its own bounty in 1888. (Ashby writes that the true sheep killers were the dogs the settlers bred to hunt kangaroos.).

Enlarge / The Ekobot autonomous weeding robot roving around an onion field in Sweden. (credit: Ekobot AB)

Anybody who has pulled weeds in a garden knows that it’s a tedious task. Scale it up to farm-sized jobs, and it becomes a nightmare. The most efficient industrial alternative, herbicides, have potentially devastating side effects for people, animals, and the environment. So a Swedish company named Ekobot AB has introduced a wheeled robot that can autonomously recognize and pluck weeds from the ground rapidly using metal fingers.

The four-wheeled Ekobot WEAI robot is battery-powered and can operate 10–12 hours a day on one charge. It weighs 600 kg (about 1322 pounds) and has a top speed of 5 km/h (2.5 mph). It’s tuned for weeding fields full of onions, beetroots, carrots, or similar vegetables, and it can cover about 10 hectares (about 24.7 acres) in a day. It navigates using GPS RTK and contains safety sensors and vision systems to prevent it from unintentionally bumping into objects or people.

To pinpoint plants it needs to pluck, the Ekobot uses an AI-powered machine vision system trained to identify weeds as it rolls above the farm field. Once the weeds are within its sights, the robot uses a series of metal fingers to quickly dig up and push weeds out of the dirt. Ekobot claims that in trials, its weed-plucking robot allowed farmers to grow onions with 70 percent fewer pesticides. The weed recognition system is key because it keeps the robot from accidentally digging up crops by mistake.

Enlarge (credit: dem10 | E+)

After an event organizer, Eduards Sizovs, was accused of making up fake female speakers to attract high-profile speakers to an online developer conference called DevTernity, several of the event’s top-billed speakers promptly withdrew.

“You are charging attendees money and they might be making their purchasing decision based on the list of speakers shown to them on the conference website,” wrote former Google developer advocate Kelsey Hightower in a post on the social media platform X confirming that he can no longer participate. “This is misleading at best.”

On Monday, Sizovs confirmed that the conference, DevTernity—which sold tickets for as much as $870 a pop and anticipated 1,300 attendees—was cancelled.

Enlarge (credit: Aurich Lawson | Getty Images)

Pity the poor car dealers. After making record profits in the wake of the pandemic and the collapse of just-in-time inventory chains, they’re now complaining that selling electric vehicles is too hard. Almost 4,000 dealers from around the United States have sent an open letter to President Joe Biden calling for the government to slow down its plan to increase EV adoption between now and 2032.

Despite our robust economy, the US trails both Europe and China in terms of EV adoption. More and more car buyers are opting to go fully electric each year, although even a record 2023 will fail to see EV uptake reach double-digit percentages.

Mindful of the fact that transportation accounts for the largest segment of US carbon emissions and that our car-centric society encourages driving, the US Department of Energy published a proposed rule in April that would alter the way the government calculates each automaker’s corporate average fuel efficiency. If adopted, the new rule would require OEMs to sell many more EVs to avoid large fines. This is in addition to an earlier goal from the White House that calls for one in two new cars sold in 2030 to be EVs.

Enlarge / Amazon boxes sit at a United States Postal Service facility in Fairfax, Virginia, on Tuesday, May 19, 2020. (credit: Getty Images | Bloomberg)

Amazon packages are overwhelming mail carriers in Minnesota, causing delays of other mail, according to news reports and complaints from a US senator. Amazon packages are being prioritized ahead of non-Amazon mail, postal workers have said.

Similar complaints have been made elsewhere, but reports suggest the problems are particularly severe in Bemidji, Minnesota, where carriers recently held early morning protests before their shifts began. A Bemidji Pioneer article on November 15 said that “rural mail carriers stood outside of the Bemidji Post Office before sunrise Monday and Tuesday carrying signs and protesting what they describe as unsustainable working conditions and the prioritization of Amazon deliveries over actual mail.”

The US Postal Service has been delivering Amazon packages for years, but this month’s protest reportedly came in response to local implementation of a new agreement with Amazon at the beginning of November.