“Nvidia transitions fully” sounds like real commitment, a burn-the-boats call. “Towards open-source GPU,” yes, evoking the company’s “first step” announcement a little over two years ago, so this must be progress, right? But, back up a word here, then finish: “GPU kernel modules.”
So, Nvidia has “achieved equivalent or better application performance with our open-source GPU kernel modules,” and added some new capabilities to them. And now most of Nvidia’s modern GPUs will default to using open source GPU kernel modules, starting with driver release R560, with dual GPL and MIT licensing. But Nvidia has moved most of its proprietary functions into a proprietary, closed-source firmware blob. The parts of Nvidia’s GPUs that interact with the broader Linux system are open, but the user-space drivers and firmware are none of your or the OSS community’s business.
Is it better than what existed before? Certainly. AMD and Intel have maintained open source GPU drivers, in both the kernel and user space, for years, though also with proprietary firmware. This brings Nvidia a bit closer to the Linux community and allows for community debugging and contribution. There’s no indication that Nvidia aims to go further with its open source moves, however, and its modules remain outside the main kernel, packaged up for users to install themselves.
Not all GPUs will be able to use the open source drivers: a number of chips from the Maxwell, Pascal, and Volta lines; GPUs from the Turing, Ampere, Ada Lovelace, and Hopper architectures are recommended to switch to the open bits; and Grace Hopper and Blackwell units must do so.
As noted by Hector Martin, a developer on the Asahi Linux distribution, at the time of the first announcement, this shift makes it easier to sandbox closed-source code while using Nvidia hardware. But the net amount of closed-off code is about the same as before.
Nvidia’s blog post has details on how to integrate its open kernel modules onto various systems, including CUDA setups.
Enlarge / Get ready to repeat this ~25-second slice of Mario over and over… and over… and over.
If you’ve ever seen a record-breaking video game speedrun or watched a Games Done Quick marathon, you may have entertained fantasies that you, too, could put up some decent times on your favorite old games. Sure, it would probably take a bit of practice, but what these speedrunners are doing doesn’t look that difficult, does it? How hard can it be to press a few buttons with good timing for a few minutes?
After spending a few weeks with Nintendo World Championships: NES Edition, I no longer think that way. The game’s bite-size chunks of classic Nintendo games highlight the level of precision needed for even a few minutes of speedrunning perfection, not to mention the tedium of practicing the same in-game motions dozens of times to build up the needed muscle memory. In the process, I gained a newfound respect for the skill displayed by the best speedrunners and found a fresh way to experience some classic NES games that I felt I knew backward and forward.
Gotta go fast
While Nintendo World Championships draws its name from a series of competitions dating back to 1990, it draws its inspiration much more directly from the more recent rise of the online speedrunning community. Thus, the game’s main single-player mode is named “Speedrun,” tasking players with putting up the fastest times in 150 mini-challenges spread across 13 different Nintendo-developed NES titles.
Enlarge/ Really? Get the Morph Ball? That’s all you want me to do here?
Nintendo
The earliest of these many unlockable challenges seem almost insultingly easy on their face—collecting the first Super Mushroom in Super Mario Bros. or collecting the sword in The Legend of Zelda, for instance. When you first dive in, you may be more than a little bemused to find yourself showered with in-game rewards for spending just a few seconds completing such basic tasks.
But then you look at how much time that challenge took you—which is thrown up in huge numbers on the screen—alongside an even bigger letter grade. The “A” you got for collecting that Mushroom might seem pretty good, at first, but you know you could do better if you didn’t miss the item box with your first few jumps. So you quickly restart the challenge (and breathe deep through a helpful three-second countdown) and trim off half a second on your second attempt, earning an “A+” for your efforts.
If you are a certain type of player, you might say, “Alright, that’s good enough,” rather than repeating this cycle yet again (if so, I’d argue this game is not for you). But if you’re a different type of gamer, the mere knowledge that you could achieve an S rank with some combination of strategy and execution will propel you through entire minutes of repeated attempts, looking to optimize the perfect few seconds of button presses.
The fact that Nintendo doesn’t reveal the specific timing cutoffs for the different letter grades is equal parts frustrating and subtly encouraging, here. There were plenty of challenges where I felt I played as optimally as I could only to be greeted with a mere “A++” rank next to my new best time. The S rank’s mere existence often inspired me to redouble my efforts and look for new ways to trim even more time off my personal best.
Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devices.
The Cisco Smart Software Manager On-Prem resides inside the customer premises and provides a dashboard for managing licenses for all Cisco gear in use. It’s used by customers who can’t or don’t want to manage licenses in the cloud, as is more common.
In a bulletin, Cisco warns that the product contains a vulnerability that allows hackers to change any account’s password. The severity of the vulnerability, tracked as CVE-2024-20419, is rated 10, the maximum score.
“This vulnerability is due to improper implementation of the password-change process,” the Cisco bulletin stated. “An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.”
There are no workarounds available to mitigate the threat.
It’s unclear precisely what an attacker can do after gaining administrative control over the device. One possibility is that the web user interface and application programming interface the attacker gains administrative control over make it possible to pivot to other Cisco devices connected to the same network and, from there, steal data, encrypt files, or perform similar actions. Cisco representatives didn’t immediately respond to an email. This post will be updated if a response comes later.
A security update linked to the bulletin fixes the vulnerability. Cisco said it isn’t aware of any evidence that the vulnerability is being actively exploited.
On Wednesday, researchers reported that they had developed a drone they’re calling the CoulombFly, which is capable of self-powered hovering for as long as the Sun is shining. The drone, which is shaped like no aerial vehicle you’ve ever seen before, combines solar cells, a voltage converter, and an electrostatic motor to drive a helicopter-like propeller—with all components having been optimized for a balance of efficiency and light weight.
Before people get excited about buying one, the list of caveats is extensive. There’s no onboard control hardware, and the drone isn’t capable of directed flight anyway, meaning it would drift on the breeze if ever set loose outdoors. Lots of the components appear quite fragile, as well. However, the design can be miniaturized, and the researchers built a version that weighs only 9 milligrams.
Built around a motor
One key to this development was the researchers’ recognition that most drones use electromagnetic motors, which involve lots of metal coils that add significant weight to any system. So, the team behind the work decided to focus on developing a lightweight electrostatic motor. These rely on charge attraction and repulsion to power the motor, as opposed to magnetic interactions.
The motor the researchers developed is quite large relative to the size of the drone. It consists of an inner ring of stationary charged plates called the stator. These plates are composed of a thin carbon-fiber plate covered in aluminum foil. When in operation, neighboring plates have opposite charges. A ring of 64 rotating plates surrounds that.
The motor starts operating when the plates in the outer ring are charged. Since one of the nearby plates on the stator will be guaranteed to have the opposite charge, the pull will start the rotating ring turning. When the plates of the stator and rotor reach their closest approach, thin wires will make contact, allowing charges to transfer between them. This ensures that the stator and rotor plates now have the same charge, converting the attraction to a repulsion. This keeps the rotor moving, and guarantees that the rotor’s plate now has the opposite charge from the next stator plate down the line.
These systems typically require very little in the way of amperage to operate. But they do require a large voltage difference between the plates (something we’ll come back to).
When hooked up to a 10-centimeter, eight-bladed propeller, the system could produce a maximum lift of 5.8 grams. This gave the researchers clear weight targets when designing the remaining components.
Ready to hover
The solar power cells were made of a thin film of gallium arsenide, which is far more expensive than other photovoltaic materials, but offers a higher efficiency (30 percent conversion compared to numbers that are typically in the mid-20s). This tends to provide the opposite of what the system needs: reasonable current at a relatively low voltage. So, the system also needed a high-voltage power converter.
Here, the researchers sacrificed efficiency for low weight, arranging a bunch of voltage converters in series to create a system that weighs just 1.13 grams, but steps the voltage up from 4.5 V all the way to 9.0 kV. But it does so with a power conversion efficiency of just 24 percent.
The resulting CoulombFly is dominated by the large cylindrical motor, which is topped by the propeller. Suspended below that is a platform with the solar cells on one side, balanced out by the long, thin power converter on the other.
Meet the CoulombFly.
To test their system, the researchers simply opened a window on a sunny day in Beijing. Starting at noon, the drone took off and hovered for over an hour, and all indications are that it would have continued to do so for as long as the sunlight provided enough power.
The total system required just over half a watt of power to stay aloft. Given a total mass of 4 grams, that works out to a lift-to-power efficiency of 7.6 grams per watt. But a lot of that power is lost during the voltage conversion. If you focus on the motor alone, it only requires 0.14 watts, giving it a lift-to-power efficiency of over 30 grams per watt.
The researchers provide a long list of things they could do to optimize the design, including increasing the motor’s torque and propeller’s lift, placing the solar cells on structural components, and boosting the efficiency of the voltage converter. But one thing they don’t have to optimize is the vehicle’s size since they already built a miniaturized version that’s only 8 millimeters high and weighs just 9 milligrams but is able to generate a milliwatt of power that turns its propeller at over 15,000 rpm.
Again, all this is done without any onboard control circuitry or the hardware needed to move the machine anywhere—they’re basically flying these in cages to keep them from wandering off on the breeze. But there seems to be enough leeway in the weight that some additional hardware should be possible, especially if they manage some of the potential optimizations they mentioned.
Enlarge/ Researchers have developed soft, stretchable “jelly batteries” that could be used for wearable devices or soft robotics.
University of Cambridge
Inspired by the electric shock capabilities of electric eels, scientists have developed a soft, stretchable “jelly” battery ideal for wearable devices or soft robotics, according to a new paper published in the journal Science Advances. With further testing in living organisms, the batteries might even be useful as brain implants for targeted drug delivery to treat epilepsy, among other conditions.
As previously reported, the electric eel produces its signature electric discharges—both low and high voltages, depending on the purpose for discharging—via three pairs of abdominal organs composed of modified muscle cells called electrocytes, located symmetrically along both sides of the eel. The brain sends a signal to the electrocytes, opening ion channels and briefly reversing the polarity. The difference in electric potential then generates a current, much like a battery with stacked plates.
Vanderbilt University biologist and neuroscientist Kenneth Catania is one of the most prominent scientists studying electric eels these days. He has found that the creatures can vary the degree of voltage in their electrical discharges, using lower voltages for hunting purposes and higher voltages to stun and kill prey. Those higher voltages are also useful for tracking potential prey, akin to how bats use echolocation. One species, Volta’s electric eel (Electrophorus voltai), can produce a discharge of up to 860 volts. In theory, if 10 such eels discharged at the same time, they could produce up to 8,600 volts of electricity—sufficient to power 100 light bulbs.
Mimicking Mother Nature
For soft robotics or wearable electronics applications, soft and stretchy devices with tissue-like electronic properties are required. However, “It’s difficult to design a material that is both highly stretchable and highly conductive since those two properties are normally at odds with one another,” said co-author Stephen O’Neill of the University of Cambridge. “Typically, conductivity decreases when a material is stretched.” So he and his colleagues decided to model their jelly battery design on the layered structure of the electric eel’s electrocytes. Whereas conventional electronics employ rigid materials with electrons to carry the charges, this battery would use ions as charge carriers, like the electric eels.
Enlarge/ The self-healing jelly batteries can stretch to over 10 times their original length without affecting their conductivity.
University of Cambridge
Hydrogels—3D polymer networks composed of 60 percent water—were the obvious choice since they confer the ability to precisely control mechanical properties and can mimic human skin. They are usually made of neutrally charged polymers, but O’Neill et al. added a charge to their polymers, altering the salt component to make them sticky enough to squish together into multiple layers. This builds up a larger energy potential.
The stickiness of the hydrogels comes from the reversible bonds that form between the different layers, thanks to barrel-shaped molecules that act a bit like “molecular handcuffs,” per the authors. So, the jelly batteries can stretch without separating the layers and without any loss of conductivity. Furthermore, “We can customize the mechanical properties of the hydrogels so they match human tissue,” said co-author Oren Scherman. “Since they contain no rigid components such as metal, a hydrogel implant would be much less likely to be rejected by the body or cause the build-up of scar tissue.” That makes them promising for future biomedical applications.
Another stretchy battery
Enlarge/ This lithium-ion battery has entirely stretchable components and stable charging and discharging capacity over time.
Shi Wang et al., ACS Energy Letters, 2024
In related research, a new paper published in the journal ACS Energy Letters described the fabrication of a lithium-ion battery with stretchable components, including an electrolyte layer that can expand by 5,000 percent. The battery can retain its charge storage capacity after nearly 70 charge/discharge cycles. Rather than using a liquid electrolyte, a team of Chinese scientists incorporated the electrolyte into a polymer layer fused between two flexible electrode films.
The electrodes consisted of a thin film of conductive paste embedded with silver nanowires, carbon black, and lithium-based cathode or anode materials onto a plate. They applied a layer of flexible polydimethylsiloxane (used in contact lenses) on top of the paste, followed by a lithium salt, highly conductive liquid, and stretchy polymer ingredients. When zapped with light, all those components formed a solid rubber-like stretchy layer that could still transport lithium ions. This was topped with another electrode film, and the entire device was then sealed in a protective coating. This battery had a roughly six times higher average charge capacity at a fast-charging rate than a similar device with a traditional liquid electrolyte.
Video streaming providers have a big churn problem. While many streaming companies are not profitable yet, the entire industry is grappling with high and fast cancellation rates.
Users who sign up for streaming services only to cancel a few months later, likely because they watched what they wanted to already or are trying to save money, has created huge churn concerns for streaming companies. Those companies are largely responding with packages that bundle their services with other services, including rival streaming platforms. But with streaming subscribers already pushed to their financial limits, it’s time for streaming providers to earn their keep, not piggyback on others.
This week, media research firm Hub Entertainment Research published its 2024 Monetization of Video report with findings from June interviews of 1,600 TV viewers ages 16 to 74. The respondents reportedly each watch at least one hour of TV weekly, and the sample is “US census balanced,” per Hub. When Hub asked respondents if they will “still have/use” their video streaming services a year from now, 85 percent of those using ad-free services said they definitely or probably will, compared to 74 percent of subscribers of streaming services with ads. Further suggesting that ad-free subscription tiers garner more loyalty, 15 percent of ad-free subscribers said they “might/might not” or “probably/definitely won’t” have their subscription next year versus 26 percent of ad subscribers.
Hub Entertainment Research
“Those paying extra for ad-free services say they are more likely to keep that service than cheaper ad-supported plans,” the report says. “The act of paying more potentially increases perceived loyalty to that expense.”
Streaming providers charge less for subscriptions that show commercials because they’re able to make up the lost revenue through ad sales. Streaming firms like Netflix say they get higher monthly average revenue per user (ARPU) from ad subscribers than those who pay more for commercial-free plans. Despite the lower prices, Hub’s research found that 25 percent of respondents associate “excellent” value with paid streaming video on demand (SVOD) services with ads compared to 22 percent who think the same of SVOD without ads.
Churn troubles
Hub’s report also highlighted high streaming cancellation rates, noting that 50 percent of respondents “sign up, cancel, then re-subscribe to the same service.” Earlier this month Ampere Analysis also detailed high churn rates, saying that 42 percent of US streaming subscribers “regularly subscribe, cancel, and resubscribe” (Ampere said it examined “anonymized subscription receipt data from a panel of 3 million opted-in US email users” between February and March 2024 for its survey).
“As the SVOD market in the US has become increasingly saturated, new subscribers are harder to find, which makes retention all the more important,” said Daniel Monaghan, research manager at Ampere Analysis, said in a statement accompanying the findings.
Streaming providers have largely adopted bundling to combat high cancellation rates, with the idea being that people are less likely to pull the plug on one service if it’s tied to others. In Hub’s report, 37 percent of respondents said they’re “less likely to cancel and then resubscribe to a bundle of multiple services compared to an individual service.”
Bundles also carry price savings, a key driver for streaming subscriptions. Per Hub’s report and following a slew of streaming price hikes, people are approaching the limit of what they’re willing to spend on streaming subscriptions:
Hub Entertainment Research
But streaming services could better prove their value if they went beyond pricing and tried building loyalty through improved selection and features.
Enlarge/ The Lucid Air was already the most efficient EV on sale in the US, but for model year 2025 it goes even farther on a single charge.
Lucid
Lucid has just revealed the details of its model-year 2025 updates, and among the tweaks to its handsome electric sedan is an impressive bump in range efficiency. The entry-level Lucid Air Pure, which starts at $69,900, can now travel 420 miles on a single charge of its 84 kWh battery. That equates to 5 miles/kWh (12.4 kWh/100 km), making the Air Pure the most efficient electric vehicle for sale today.
The range bump is mostly thanks to Lucid making a heat pump standard across the range, after first adding one to the ultra-powerful, ultra-expensive Air Sapphire.
Lucid has also upgraded the computer hardware that oversees the Air’s various subsystems. The automaker says it has tripled processing power and doubled the system’s memory, which should translate to faster and better infotainment. And Lucid has made its advanced driver assistance system standard across the lineup, too.
While the Air Pure might be the first production EV being sold to reach 5 miles/kWh, it isn’t the longest-range Lucid Air for sale. That remains the $110,900 Grand Touring, which can go 512 miles (824 km) on a single charge. The 2025 Lucid Air Touring, which slots between them, has a range of 406 miles (654 km) and starts at $78,900.
While still a relative minnow compared to Rivian, Lucid has been on something of an upward trajectory of late. Price cuts have undoubtedly helped it have a record Q2, delivering 2,394 cars for its best three months so far.
Who did this math?
In addition to claiming 5 miles/kWh for the Air Pure, Lucid also notes in its press release that it has achieved “a record 146 MPGe rating” for the car.
Lucid’s model-year 2025 data isn’t in the EPA’s online fuel economy database yet, so Ars can’t check the slightly more detailed information there (which should break out the MPGe figure into city, highway, and combined figures), but 146 MPGe is only equivalent to 4.3 miles/kWh; 5 miles/kWh is 169 MPGe.
We asked Lucid about the difference, and the company told Ars that with EVs, losses in the charging process from resistance in the cables and from heating the battery make a difference.
“The reason we don’t love MPGe is that batteries are the real expense for EVs—not electricity. If you can be more energy efficient when actually driving, you can reduce the capacity of the battery pack in the vehicles you build—reducing cost, reducing weight, and reducing the natural resources you need per vehicle. On the other hand, it’s nice to minimize energy lost during charging, but if you get only 2.5 mi/kWh on the road, you still are stuck with the big expensive battery pack,” Lucid told Ars.
(This does not change the fact that MPGe is derived by multiplying miles/kWh by 33.7, the amount of energy in a gallon of gasoline, but when the EPA calculates that number it includes charging losses.)
Despite the incongruent math, the 2025 Air Pure still beats the 2024 model, which makes do with a combined 140 MPGe and 410 miles of range, according to the EPA.
Enlarge/ Porsche has doubled the number of Macan EV models it offers, with the Macan 4S (pictured) and an entry-level Macan. This one also wears an optional off-road kit.
Porsche
The first deliveries of Porsche’s new Macan EV are still a few weeks away, but today the automaker announced it is already expanding that lineup. When the car broke cover in January, we were shown a pair of variants: the all-wheel drive Macan 4, and the powerful Macan Turbo. The two new versions slot around those cars—there’s a rear-wheel drive, single-motor Macan as the new entry-level car, and a Macan 4S that fills the gap between the two already-revealed cars.
Macan
The entry-level Macan uses the same rear drive unit as the Macan 4 we tested in April. Doing without a front motor means a weight savings of 243 lbs (110 kg) from the front of the car, which should have a positive benefit on handling, even if this will be the slowest Macan in the range.
Slow being a relative term here, for we are discussing both a Porsche and also an electric car. A nominal output of 335 hp (250 kW) is more than sufficient for day-to-day driving, and the motor can overboost to 355 hp (265 kW) and 415 lb-ft (562 Nm) for standing starts in launch mode. Do so, and you can hurl the basic Macan down the road to 60 mph in 5.4 seconds.
The single-motor Macan uses the same 800 V, 100 kWh battery pack as the other models in the range, which can fast-charge at up to 270 kW. Porsche hasn’t released an EPA range estimate for this model yet, but it should be well in excess of the 300-plus miles that range tests have returned for the all-wheel drive Macan 4S.
The rear-wheel drive Taycan was a great EV to drive, and I am prepared to bet the RWD Macan will be too.
Porsche
The entry-level Macan should be eligible for the federal tax credit if you lease one.
Porsche
The Macan will start at $75,300, and Porsche expects deliveries to begin in Q4 2024.
Macan 4S
The all-wheel Macan 4S uses the same front-drive unit as the Macan 4 and Macan S, but it gets a different rear-drive unit with a 600 A silicon carbide inverter. Overall power output is 442 hp (330 kW), but launch control increases that to 509 hp (380 kW) and 578 lb-ft (784 Nm). That drops the 0–60 mph time to 3.9 seconds.
Porsche fits adaptive air suspension as standard to the Macan 4S (as well as the RWD Macan), and rear-axle steering and torque-vectoring is an option for the 4S. Like the Macan, the Macan 4S should start arriving in Q4, with a starting price of $84,900.
The Macan 4S exists for someone who thinks the 4 isn’t quite enough, but the Turbo is just a bit too much.
Porsche
The Macan is quite handsome when you see it in person.
The Macan 4S interior.
Porsche
Off-road mode gives the Macan a little lift.
Porsche
There’s also an off-road package available for people who think their Macan, Macan 4, Macan 4S, or Macan Turbo needs to look a little more rugged. This changes the front bumper to a design that allows for a greater approach angle (17.5 degrees). The air suspension also increases the maximum ride height by 0.4 inches (10 mm). And the new bumper (as well as side skirts, diffuser, and roof rails) can be painted gray, to make them stand out, or body color.
Google’s parent company, Alphabet, is in talks to buy cybersecurity start-up Wiz for about $23 billion, in what would be the largest acquisition in the tech group’s history, according to people familiar with the matter.
Alphabet’s discussions to acquire Wiz are still weeks away from completion, said one person with direct knowledge of the matter, while people briefed about the transaction said there was still a chance the deal would fall apart, with a number of details still needing to be addressed in talks.
If a deal were to be reached it would be a test case for antitrust regulators, which in recent years have been cracking down on tech groups buying out emerging companies in the sector. Alphabet’s last big deal came more than a decade ago with the $12.5 billion acquisition of Motorola Mobility.
The acquisition of Wiz would mark a further big push into cyber security for Alphabet, two years after it acquired Mandiant for $5.4 billion.
New York-headquartered Wiz has raised about $2 billion from investors since its founding four years ago, according to data provider PitchBook. The start-up, led by Israeli founder and former Microsoft executive Assaf Rappaport, was most recently valued at $12 billion. Its backers include venture capital firms Sequoia and Thrive.
Wiz, which counts multinational groups including Salesforce, Mars, and BMW as customers, helps companies secure programs in the cloud. That has led to a surge in revenue as corporations increasingly operate their software and store data online—Wiz has said it has hit about $350 million in annual recurring revenue, a metric often used by software start-ups.
A deal would be among the largest acquisitions of a company backed by venture capital.
Wiz declined to comment on the talks, which were first reported by The Wall Street Journal. Google did not immediately respond to a request for comment.
Enlarge/ Having this on the wall, right by your front door, would serve the purpose of informing guests where your priorities lie.
Arduino
I know how to solder, but I do not always want to solder, and I think there are a lot of folks like me. Even if the act itself can be done (and undone, and redone), the friction of hauling out the gear, preparing a space, and fine-motor-skilling a perfect shiny blob can put a halt to one’s tinkering ambitions.
Arduino’s Plug and Make Kit official release video.
Arduino, the building block of many off-hours projects, has put the challenge to you, your kids, or anyone you know who just needs the right kit to fall down a rabbit hole, minus a dangerously hot iron. The Arduino Plug and Make Kit has at its core an Arduino UNO R4 board with Wi-Fi, Bluetooth, and a built-in 12×8 LED matrix display. That board gets screwed into the prime lot on a yellow board, and then you pick from among seven other “Modulino” boards to attach. By “attach,” I mean running one of those little push-in-with-your-fingers cables from the main board to a little board, and maybe daisy-chaining from there. All your boards fit onto the larger base with M3 screws and nuts, and the whole thing is powered by a USB-C cable (with USB A or C on the other end).
The contents of Arduino’s Plug and Make Kit.
The “Modulino” nodes.
The wonderful board for the Arduino experiments.
What can you plug in? A knob, eight LEDs, a proximity sensor, a motion sensor, a simple buzzer/speaker, a temperature/humidity sensor, and three simple buttons. With those things, the newcomer can make a low-key weather station, an 8-bit-style synthesizer, a smart lamp controller, and a few other things (registration required). Of course, those are just the starter projects put together by Arduino; on the web, in the corners of GitHub, and inside the curious mind, there are loads of other things to be built.
There’s a little shell case for the main Arduino board included with the kit, which could help with weather-proofing a bit. But whatever project you make with this kit is going to look like a lightly spiffed-up breadboard object. That can be a great thing. The timer I use to try to keep myself working in 25-minute segments is an Adafruit Circuit Playground Express, programmed to light up in a clock-ish ring and then play the Legend of Zelda “discovery” tune after every sprint. There are lots of timers, even Pomodoro-technique-specific models, that are cheaper, smaller, and purpose-built. But I like my goofy little timer specifically because I can see the guts of it.
Enlarge/ Nissan’s ProPilot Assist was one of two partially automated driving systems to be studied for crash safety improvements.
Nissan
Driver assists that help steer for you on the highway haven’t contributed much to road safety, according to a new study from the Insurance Institute for Highway Safety and the Highway Loss Data Institute. That’s in contrast to other features often bundled together as “advanced driver assistance systems,” or ADAS, many of which have shown a marked reduction in crash and claim rates.
“Everything we’re seeing tells us that partial automation is a convenience feature like power windows or heated seats rather than a safety technology,” said David Harkey, IIHS president.
However, we should note that, as a follow-up to a pair of earlier studies published in 2021, the new research by IIHS and HLDI focused on two older partially automated driving systems, model-year 2017–2019 Nissan Rogues with ProPilot Assist and model year 2013–2017 BMWs with Driving Assistant Plus.
Those earlier studies found plenty of benefits to some ADAS features. Of BMW’s various collision avoidance systems, many reduced the claim frequency for various types of vehicle damage, property liability, and injury claims.
Crash rates
But when IIHS’s senior vice president of research, Jessica Cicchino, analyzed crash rate data for this population of cars, she found that despite an apparent modest reduction, there was no significant difference in lane departure crashes between BMWs equipped with lane departure warning and prevention and cars fitted with both systems plus partial automation, versus cars without any steering assist, after controlling for variables like driver age, gender, model year, and so on.
However, BMWs with lane departure warning and prevention did have significantly fewer lane departure crashes during daylight hours than cars without such systems.
The ADAS in Nissan Rogues did significantly lower rear-end and lane departure crash rates, with the greatest benefit being in the cars with the most assists (partial automation as well as forward collision warning, automatic emergency braking, lane departure warning, lane departure prevention) versus Rogues without such systems.
But Cicchino found those effects persisted on surface streets and roads with speed limits lower than 35 mph (56 km/h), speeds at which ProPilot Assist won’t keep centered in a lane unless following another car. That suggests some other factor at work here—possibly the fact that the better-equipped Rogues also had more effective headlights, IIHS says. (This year, IIHS started requiring an automaker to fit all trim levels in a model with the best headlights in order to be eligible for a Top Safety Pick or Top Safety Pick+ rating.)
Not the first time lane-keeping has claimed credit
This isn’t the first time that a different bit of equipment bundled together under a specific trim package or option has confounded attempts to determine the safety of lane-keeping systems. In 2018, the National Highway Traffic Safety Administration told Ars that Tesla misattributed the safety benefit of its Autopilot partially automated driving system when in fact, the safety impact was likely due to automatic emergency braking and forward collision warning.
Testing for the safety of lane-keeping systems is more challenging than other crash-avoidance systems, because it must be actively engaged by the driver as opposed to constantly monitoring for danger, like an imminent forward crash. Not everyone with lane-keeping systems engages them, and even those who do don’t engage them on every journey.
Studies that look at actual telematics data from cars, which would accurately record when such systems are turned on, would help better answer this question, according to the study. And even then, the benefit is likely to be small—only 6 percent of police-reported crashes in the US “were run-off-road or same-direction sideswipes resulting from unintentional lane departures, or rear-ends, that occurred on interstate highways,” Cicchino wrote.
“With no clear evidence that partial automation is preventing crashes, users and regulators alike should not confuse it for a safety feature,” Cicchino said in a press release. “At a minimum, safeguards like those IIHS promotes through its rating program are essential to reduce the risks that drivers will zone out or engage in other distracting activities while partial automation is switched on.”
More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said.
The servers run versions of the Exim mail transfer agent that are vulnerable to a critical vulnerability that came to light 10 days ago. Tracked as CVE-2024-39929 and carrying a severity rating of 9.1 out of 10, the vulnerability makes it trivial for threat actors to bypass protections that normally prevent the sending of attachments that install apps or execute code. Such protections are a first line of defense against malicious emails designed to install malware on end-user devices.
A serious security issue
“I can confirm this bug,” Exim project team member Heiko Schlittermann wrote on a bug-tracking site. “It looks like a serious security issue to me.”
Researchers at security firm Censys said Wednesday that of the more than 6.5 million public-facing SMTP email servers appearing in Internet scans, 4.8 million of them (roughly 74 percent) run Exim. More than 1.5 million of the Exim servers, or roughly 31 percent, are running a vulnerable version of the open-source mail app.
While there are no known reports of active exploitation of the vulnerability, it wouldn’t be surprising to see active targeting, given the ease of attacks and the large number of vulnerable servers. In 2020, one of the world’s most formidable hacking groups—the Kremlin-backed Sandworm—exploited a severe Exim vulnerability tracked as CVE-2019-10149, which allowed them to send emails that executed malicious code that ran with unfettered root system rights. The attacks began in August 2019, two months after the vulnerability came to light. They continued through at least May 2020.
CVE-2024-39929 stems from an error in the way Exim parses multiline headers as specified in RFC 2231. Threat actors can exploit it to bypass extension blocking and deliver executable attachments in emails sent to end users. The vulnerability exists in all Exim versions up to and including 4.97.1. A fix is available in the Release Candidate 3 of Exim 4.98.
Given the requirement that end users must click on an attached executable for the attack to work, this Exim vulnerability isn’t as serious as the one that was exploited starting in 2019. That said, social engineering people remains among the most effective attack methods. Admins should assign a high priority to updating to the latest version.
