Enlarge (credit: Getty Images)

The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

Spraying the Internet

“We’re seeing hits to the specific endpoint that exposes sensitive information, which would be considered exploitation,” Glenn Thorpe, senior director of security research & detection engineering at Greynoise, said in an interview on Mastodon. “At the moment, we’ve seen 13 IPs that are hitting our unadvertised sensors, which indicates that they are pretty much spraying it across the internet to see what hits.”

Enlarge / Nineteenth-century naturalist and solicitor Morton Allport, based in Hobart, built a scientific reputation by exchanging the remains of Tasmanian Aboriginal people and Tasmanian tigers for honors from elite societies. (credit: Allport Library and Museum of Fine Arts, State Library of Tasmania)

When Australian naturalist and solicitor Morton Allport died in 1878, one obituary lauded the man as “the most foremost scientist in the colony,” as evidenced by his position as vice president of the Royal Society of Tasmania (RST) at the time of his death, among many other international honors. But according to a new paper published in the journal Archives of Natural History, Allport’s stellar reputation was based less on his scholarly merit than on his practice of sending valuable specimens of Tasmanian tigers (thylacines) and aboriginal remains to European collectors in exchange for scientific accolades. Allport admits as much in his own letters, preserved in the State Library of Tasmania, as well as to directing grave-robbing efforts to obtain those human remains.

“Early British settlers considered both thylacines and Tasmanian Aboriginal people to be a hindrance to colonial development, and the response was institutionalised violence with the intended goal of eradicating both,” said the paper’s author, Jack Ashby, assistant director of the University Museum of Zoology at Cambridge in England. “Allport’s letters show he invested heavily in developing his scientific reputation—particularly in gaining recognition from scientific societies—by supplying human and animal remains from Tasmania in a quid pro quo arrangement, rather than through his own scientific endeavors.”

Thylacines have been extinct since 1936, but they were once the largest marsupial carnivores of the modern era. Europeans first settled in Tasmania in 1803 and viewed the tigers as a threat, blaming the animals for killing their sheep. The settlers didn’t view the Aboriginal population much more favorably, and there were inevitable conflicts from the settlers displacing the aborigines and from the increased competition for food.  In 1830, a farming corporation placed the first bounties on thylacines, with the government instituting its own bounty in 1888. (Ashby writes that the true sheep killers were the dogs the settlers bred to hunt kangaroos.).

Enlarge / The Ekobot autonomous weeding robot roving around an onion field in Sweden. (credit: Ekobot AB)

Anybody who has pulled weeds in a garden knows that it’s a tedious task. Scale it up to farm-sized jobs, and it becomes a nightmare. The most efficient industrial alternative, herbicides, have potentially devastating side effects for people, animals, and the environment. So a Swedish company named Ekobot AB has introduced a wheeled robot that can autonomously recognize and pluck weeds from the ground rapidly using metal fingers.

The four-wheeled Ekobot WEAI robot is battery-powered and can operate 10–12 hours a day on one charge. It weighs 600 kg (about 1322 pounds) and has a top speed of 5 km/h (2.5 mph). It’s tuned for weeding fields full of onions, beetroots, carrots, or similar vegetables, and it can cover about 10 hectares (about 24.7 acres) in a day. It navigates using GPS RTK and contains safety sensors and vision systems to prevent it from unintentionally bumping into objects or people.

To pinpoint plants it needs to pluck, the Ekobot uses an AI-powered machine vision system trained to identify weeds as it rolls above the farm field. Once the weeds are within its sights, the robot uses a series of metal fingers to quickly dig up and push weeds out of the dirt. Ekobot claims that in trials, its weed-plucking robot allowed farmers to grow onions with 70 percent fewer pesticides. The weed recognition system is key because it keeps the robot from accidentally digging up crops by mistake.

Enlarge (credit: dem10 | E+)

“You are charging attendees money and they might be making their purchasing decision based on the list of speakers shown to them on the conference website,” wrote former Google developer advocate Kelsey Hightower in a post on the social media platform X confirming that he can no longer participate. “This is misleading at best.”

On Monday, Sizovs confirmed that the conference, DevTernity—which sold tickets for as much as $870 a pop and anticipated 1,300 attendees—was cancelled.

Enlarge (credit: Aurich Lawson | Getty Images)

Pity the poor car dealers. After making record profits in the wake of the pandemic and the collapse of just-in-time inventory chains, they’re now complaining that selling electric vehicles is too hard. Almost 4,000 dealers from around the United States have sent an open letter to President Joe Biden calling for the government to slow down its plan to increase EV adoption between now and 2032.

Despite our robust economy, the US trails both Europe and China in terms of EV adoption. More and more car buyers are opting to go fully electric each year, although even a record 2023 will fail to see EV uptake reach double-digit percentages.

Mindful of the fact that transportation accounts for the largest segment of US carbon emissions and that our car-centric society encourages driving, the US Department of Energy published a proposed rule in April that would alter the way the government calculates each automaker’s corporate average fuel efficiency. If adopted, the new rule would require OEMs to sell many more EVs to avoid large fines. This is in addition to an earlier goal from the White House that calls for one in two new cars sold in 2030 to be EVs.

Enlarge / Amazon boxes sit at a United States Postal Service facility in Fairfax, Virginia, on Tuesday, May 19, 2020. (credit: Getty Images | Bloomberg)

Similar complaints have been made elsewhere, but reports suggest the problems are particularly severe in Bemidji, Minnesota, where carriers recently held early morning protests before their shifts began. A Bemidji Pioneer article on November 15 said that “rural mail carriers stood outside of the Bemidji Post Office before sunrise Monday and Tuesday carrying signs and protesting what they describe as unsustainable working conditions and the prioritization of Amazon deliveries over actual mail.”

The US Postal Service has been delivering Amazon packages for years, but this month’s protest reportedly came in response to local implementation of a new agreement with Amazon at the beginning of November.

Enlarge (credit: Google Drive)

Did Google Drive lose some people’s data? That’s the question swirling around the Internet right now as Google announces it’s investigating “sync issues” for Google Drive for desktop. On Monday The Register spotted a trending post on the Google Drive forums where a user claimed that months of Drive data suddenly disappeared, and their files went back to a state from May 2023. A few other users chimed in with the same issue, the worst of which says: “This is going to cause me major issues if I cannot get the files back. It’s all my work for the last 1-2 years. All my business work, all my personal files. Everything, just vanished. It must be 100’s of files suddenly gone.”

Google has a post up on the Google Drive help forums more or less acknowledging the issue. The post, titled “Drive for desktop (v84.0.0.0 – 84.0.4.0) Sync Issue,” says, “We’re investigating reports of an issue impacting a limited subset of Drive for desktop users and will follow up with more updates.” Google adds an ominous list of things to not do in the meantime like:

• Do not click “Disconnect account” within Drive for desktop
• Do not delete or move the app data folder:
  • Windows: %USERPROFILE%AppDataLocalGoogleDriveFS
  • macOS: ~/Library/Application Support/Google/DriveFS 
• Optional: If you have room on your hard drive, we recommend making a copy of the app data folder.

Those instructions sound like they are aimed at preserving whatever possible file cache would exist on your computer. The description of this being a “sync” issue doesn’t really make a ton of sense, since no matter what, the Drive web interface should show all your files and let you download them. If the problem is uploading, you should still have your local files.

Enlarge / Conscience do cost, as a certain fictional denizen of Baltimore’s East Side once said. (credit: Larian Studios)

One of the best things about playing Baldur’s Gate 3 (BG3) is the way that it simulates the feeling of having an actual Dungeon Master overseeing your session. The second-person narration, the dice rolls, and even the willingness to say “Yes” to your quirkiest ideas all add to the impression that there’s some conscious intelligence on the other side.

But consciousness can sometimes be a curse, and a recent patch to BG3 introduce burdensome complexity into the game’s thinking. Essentially, the game was suffering from lag and slowdowns as players progressed because the game’s decision engine couldn’t stop assessing previous instances where a party member had gotten away with theft, murder, or other nefarious deeds.

The performance issues have affected some players ever since Patch 4, released on Nov. 2 with more than 1,000 changes. One of those changes was a seemingly small-scope, situational bit: “Scrying Eyes in Moonrise Towers will now only react to theft and vandalism if they see the crime being committed.” The floating orbs in that area were, apparently, ignoring players’ best attempts at sneaking, invisibility, or other cover-ups.

Enlarge / Just some of the prizes you can win in this year’s charity drive sweepstakes. (credit: Kyle Orland)

Every year since 2007, we’ve encouraged readers to give to Penny Arcade’s Child’s Play charity, which provides toys and games to kids being treated in hospitals around the world. In recent years, we’ve added the Electronic Frontier Foundation to our charity push, aiding in their efforts to defend Internet freedom. This year, as always, we’re providing some extra incentive for those donations by offering donors a chance to win pieces of our big pile of vendor-provided swag. We can’t keep it, and we don’t want it clogging up our offices, so it’s now yours to win.

This year’s swag pile is full of high-value geek goodies. We have 40 prizes valued at over $2,500 total, including gaming hardware and accessories, collectibles, books, apparel, and more. In 2022, Ars readers raised over $31,500 for charity, contributing to a total haul of more than $465,000 since 2007. We want to raise even more this year, and we can do it if readers dig deep.

Enlarge (credit: Microsoft)

Windows XP was an actively supported Microsoft product for 13 years, including five years where it was the newest version available and another three years where it was vastly more popular than its successor. That longevity—plus Microsoft’s total domination of personal computing in the pre-iPhone, pre-Android world—helped make its default wallpaper one of the most recognizable images on the planet.

Microsoft is returning to the Bliss hill once again with this year’s entry in its now-traditional ugly retro-computing sweater series. Blue hemming at the bottom and on the sleeves evokes Windows XP’s bright-blue taskbar, and in case people don’t immediately recognize Bliss as “a computer thing,” there’s also a giant mouse pointer hovering over it.

Past ugly sweaters have included a Minesweeper motif, MS Paint, the Windows logo, and the immortal Clippy. Microsoft’s ugly sweater site also has wallpapers and a few other retro Easter eggs for people with some time on their hands.

Enlarge / The VW plant in Wolfsburg, Germany. (credit: Volkswagen)

The Volkswagen passenger car brand looks set to lay off workers, according to a report in Reuters. The news organization saw a post on VW’s intranet quoting CEO Thomas Schaffer, who blamed low productivity and high costs for the impending cuts.

“With many of our pre-existing structures, processes and high costs, we are no longer competitive as the Volkswagen brand,” Schaffer said at a staff meeting.

VW accounts for the highest volume among the different brands owned by VW Group but is much less profitable than either Audi or Porsche. In June, VW Group announced a $10.9 billion (10 billion euro) cost-cutting plan for the namesake brand.

Enlarge / It’s not a Razer device unless it’s posed next to a bunch of custom RGB lighting, right? In great news, the Razer Kishi V2 includes zero glaring lights, which we prefer here at Ars Technica. (credit: Razer)

Sure, you could also pack a dedicated handheld gaming device like the Lenovo Legion Go, Valve Steam Deck, or Nintendo Switch—but that’s just another piece of gear you’ll need to remember to charge and pack into your gear bag each day. Gaming on a mobile phone brings convenience and eliminates the need for a separate, standalone device, and with mobile silicon getting faster every year—especially on the iOS side, where this year’s iPhone 15 gets you ray tracing—you’re getting rich graphics in a pocket-friendly form factor.

Backbone One mobile gaming controller, Playstation edition (USB-C 2nd gen)

The Backbone One gaming controller. (credit: Simon Nguyen)

The Backbone One mobile gaming controller is a solid accessory. The buttons are crisp and satisfying to press, and they provide console controller-like responses. While playing a game (in my case, Chrono Trigger for iOS), the D-pad allows for easy maneuvering and doesn’t munge inputs together like some cheap controllers do. A removable piece also allows the Backbone One to fit a phone with or without a case, which is a nice addition. (We tried out the USB-C version of the controller for this guide, although it also supports Lightning devices.)

Enlarge / Image of a planet-forming disk, with gaps in between higher-density areas. (credit: ALMA(ESO/NAOJ/NRAO); C. Brogan, B. Saxton)

Where do planets come from? The entire process can get complicated. Planetary embryos sometimes run into obstacles to growth that leave them as asteroids or naked planetary cores. But at least one question about planetary formation has finally been answered—how they get their water.

For decades, planetary formation theories kept suggesting that planets receive water from ice-covered fragments of rock that form in the frigid outer reaches of protoplanetary disks, where light and heat from the emerging system’s star lacks the intensity to melt the ice. As friction from the gas and dust of the disk moves these pebbles inward toward the star, they bring water and other ices to planets after crossing the snow line, where things warm up enough that the ice sublimates and releases huge amounts of water vapor. This was all hypothesized until now.

NASA’s James Webb Telescope has now observed groundbreaking evidence of these ideas as it imaged four young protoplanetary disks.The telescope used its Medium-Resolution Spectrometer (MRS) of Webb’s Mid-Infrared Instrument (MIRI) to gather this data, because it is especially sensitive to water vapor. Webb found that in two of these disks, massive amounts of cold water vapor appeared past the snow line, confirming that ice sublimating from frozen pebbles can indeed deliver water to planets like ours.

Enlarge (credit: Getty Images)

The intrusion, by a group tracked under names including “Chimera” and “G0114,” lasted from late 2017 to the beginning of 2020, according to Netherlands-based NCR, which cited “several sources” familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn’t uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

No material damage

NCR cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in “early Q4 2017.” Some of the intrusions lasted as long as three years before coming to light. NCR said the unidentified victim was NXP.

Enlarge / The Downloader app that was suspended from Google Play. (credit: Elias Saba)

App developer Elias Saba has had some bad luck with Digital Millennium Copyright Act (DMCA) takedowns. His Android TV app Downloader, which combines a web browser with a file manager, was suspended by Google Play in May after several Israeli TV companies complained that the app could be used to load a pirate website.

Google reversed that suspension after three weeks. But Downloader has been suspended by Google Play again, and this time the reason is even harder to understand. Based on a vague DMCA notice, it appears that Downloader was suspended simply because it can load the Warner Bros. website.

Downloader is similar to standard web browsers in that it lets users access both legal and illegally shared content. The app can be used for general web surfing and can download files from a website when a user inputs the desired URL. According to Saba, the app itself contains no infringing content, nor does it direct users to infringing content.

Enlarge / Parents with children who are suffering from respiratory diseases are lining up at a children’s hospital in Chongqing, China, on November 23, 2023. (credit: Getty | Costfoto/NurPhoto)

Last week, news stories and a posting on an infectious disease surveillance system raised fears that another novel respiratory pathogen with pandemic potential was mushrooming in northern areas of China—namely Beijing and Liaoning province. The reports referenced “undiagnosed pneumonia” in “clusters” of children, hospitals that were “overwhelmed,” and parents who were questioning whether “authorities were covering up the epidemic.”

But, rather than a sequel to the COVID-19 pandemic, the situation appears to be merely a side effect of it. According to independent experts and the World Health Organization, it’s most likely that China is now experiencing a roaring comeback of a mix of common respiratory infections that were muted during the global health crisis. Many other countries experienced the same surges in the past year or two, including the US. As with the other countries, the wave of infection in China is mostly affecting children, who were less exposed to all sorts of pathogens amid the health restrictions, leaving them more vulnerable to infections now.

The global explosion of COVID-19 transmission and subsequent pandemic health measures severely disrupted common cycles of many infectious diseases worldwide, knocking seasonal respiratory infections like adenoviruses and RSV (respiratory syncytial virus) off their annual cycles. In the US, the 2020-2021 flu season was virtually nonexistent, for instance. But, as the novel coronavirus abated and restrictions lifted, those pathogens vigorously returned. (The US also experienced early and intense peaks of RSV and flu last year.)

Enlarge / Still examples of images animated using Stable Video Diffusion by Stability AI. (credit: Stability AI)

On Tuesday, Stability AI released Stable Video Diffusion, a new free AI research tool that can turn any still image into a short video—with mixed results. It’s an open-weights preview of two AI models that use a technique called image-to-video, and it can run locally on a machine with an Nvidia GPU.

Last year, Stability AI made waves with the release of Stable Diffusion, an “open weights” image synthesis model that kick started a wave of open image synthesis and inspired a large community of hobbyists that have built off the technology with their own custom fine-tunings. Now Stability wants to do the same with AI video synthesis, although the tech is still in its infancy.

Right now, Stable Video Diffusion consists of two models: one that can produce image-to-video synthesis at 14 frames of length (called “SVD”), and another that generates 25 frames (called “SVD-XT”). They can operate at varying speeds from 3 to 30 frames per second, and they output short (typically 2-4 second-long) MP4 video clips at 576×1024 resolution.

Enlarge / DOS_deck is an impressive technical feat, sure. But it’s also a very keen curation of some DOS shareware classics (pun somewhat intended). (credit: DOS_deck/Martin Kool)

DOS_deck seems to get this, providing the most frictionless path to playing classic DOS shareware and abandonware, like Doom, Jazz Jackrabbit, Command & Conquer, and Syndicate, with reconfigured controller support and a simplified interface benevolently looted from the Steam Deck. You can play it in a browser, right now, the one you’re using to read this post.

In fact, I stopped between that last sentence and this one to play a couple levels of Doom in a Chrome browser. And now I’ve taken another punctuation break to play the first level of Syndicate, which moves much faster than I remember. The control schemes are clever, the interface is easy to get used to and move around, and there’s a host of little extras to appreciate, including constant game progress (game state) saving, and linking and setting certain games as favorites.