fidzu : geek

A security researcher says evidence suggests the U.S. military has been using an obscure GPS message field for nearly 20 years to broadcast encrypted key-distribution data, effectively turning GPS satellites into a global "numbers station." The hidden-looking 176-bit messages appear tied to the Pentagon's Over-the-Air Distribution system for remotely updating cryptographic keys, meaning ordinary GPS receivers may have been receiving the traffic all along without anyone outside the military noticing. The findings have been detailed by Steven Murdoch, an information security expert, in a new article in Inside GNSS. 404 Media reports: [...] From the beginning, he suspected that the subframe field contained encrypted transmissions because the data was so random. "Random data is actually very unusual to get in nature," Murdoch said. "If you see it, either it's been carefully designed to be random -- but then, why is someone sending out random data? -- or it's encrypted data. I thought encrypted data is by far the most likely explanation." He returned to the subframe on and off over the years, and solicited guesses about its content on Stack Exchange in 2023. Ahmed Kamruddin, a master's student at UCL, developed the project further in 2025. Then, this year, Murdoch put the last pieces of the puzzle together over several weeks by analyzing open archive Global Navigation Satellite System (GNSS) recordings collected since 2007 and kept by GFZ Helmholtz Centre for Geosciences. This dataset included more than 12 million observations of Subframe 4, Page 17, yielding 3,994 unique 176-bit messages. Within this corpus, Murdoch pinpointed key-repeating "sentinels" including a pattern that appeared in February 2010 and was broadcast on and off across dozens of satellites for more than a decade. Murdoch discovered that this particular sentinel was transmitted by all 31 operational satellites within a window of a few hours on May 26, 2011, potentially heralding the activation of a new operational system. He confirmed that this timeline coincided with the rollout of the military's Over-the-Air Distribution (OTAD) and the Over-the-Air Rekeying (OTAR) by cross-referencing declassified documents, including a 2015 presentation about the dates of the operation. "There was a perfect match between the timeline and that presentation and the change points that were automatically identified from the data," Murdoch said. "That was the smoking gun that made me think: This is what it's for." These automated systems replaced the cumbersome manual distribution of cryptographic keying material, allowing military GPS receivers around the world to be rekeyed remotely through satellite broadcasts rather than through onsite procedures. For the next 11 years, this expansive rekeying operation was overlooked in public GPS data. In 2022, the system entered a new phase, according to Murdoch's analysis. The shift was characterized by a slowing in the message rotation rate. Later, in December 2023, broadcasts carrying a distinctive "TEXT" prefix emerged then gradually spread across the constellation. Murdoch isn't sure what explains the recent transition, though it could be a possible modernization of the infrastructure or the introduction of a new protocol. But to him, the bigger takeaway is that the signals were always available for anyone willing to take a closer look, a discovery that suggests that there could be more revelations hidden for the cryptographically curious among us. "Every receiver in the world decodes Subframe 4, Page 17," Murdoch said in his new article. "Almost none of them have ever looked at it. The lesson generalizes: There is more to learn from the bytes already arriving at our antennas than from the bytes we wish were specified differently. The data are publicly available. The signal is overhead, twice a day, every day."

Read more of this story at Slashdot.

05 Jun 2026 11:00pm GMT

In the end, the three companies involved all point the finger at each other.

05 Jun 2026 10:36pm GMT

Ahead of its upcoming IPO, SpaceX announced that Google will pay the company $920 million per month for access to roughly 110,000 Nvidia GPUs and related compute infrastructure. Google says the agreement is short-term "bridge capacity" to meet stronger-than-expected demand for Gemini Enterprise, while SpaceX is using deals like this and its Anthropic contract to bolster its pitch for a historic public offering. TechCrunch reports: The deal is similar in length and scope to the one SpaceX announced with Anthropic in late May. As part of that deal, Anthropic agreed to pay SpaceX $1.25 billion per month through 2029 to rent all the available compute from its Colossus 1 data center near Memphis, Tennessee that xAI -- now part of SpaceX -- originally built for its own artificial intelligence efforts. Google's deal appears to be paying for roughly half the amount of compute that Anthropic has access to at Colossus 1. SpaceX didn't say which specific data center Google would be using. CEO Elon Musk has previously suggested his company would reserve the Colossus 2 data center for xAI. Anthropic was significantly limited in its compute capacity prior to its deal with SpaceX, raising usage limits on the same day the deal was announced. Google is in a very different position, with some estimates naming it as the world's largest single owner of AI compute. [...] Also like the Anthropic deal, the agreement with Google includes a cancellation clause. Both SpaceX and Google have the option to terminate the agreement with 90 days notice after December 31, 2026. Google's access to the data center will ramp up "through September at a reduced fee," according to the filing. "If we fail to deliver access to the committed amount of GPUs by September 30, 2026, then following a one-month grace period, Google may immediately terminate the agreement or accept the number of GPUs provided" with a reduction in the monthly fees, it reads.

Read more of this story at Slashdot.

05 Jun 2026 10:00pm GMT

Seller of the Sound Blaster Katana V2X doesn't consider the behavior a vulnerability.

05 Jun 2026 9:00pm GMT

Bitcoin briefly fell below $60,000 on Friday, "extending its weekly loss to nearly 20% and threatening to fall below $59,000," reports CoinDesk. Crypto was also hit by a 40%-plus plunge in Zcash after Shielded Labs disclosed a years-old bug that could have allowed undetected counterfeit ZEC creation. From the report: Now, with stocks in plunge mode -- the Nasdaq down nearly 4% on Friday -- bitcoin finds itself perfectly correlated. "Short term, Bitcoin feels like swallowing broken glass," wrote Jeff Swanson Friday. "The chart goes up. It goes down. It makes grown men cry into their Robinhood accounts and CNBC anchors smugly declare the funeral, for the eleventh time." "Here's what uncomfortable people don't understand: the discomfort is the yield. Every paper-handed panic seller is handing their future to someone with a longer time horizon and a colder storage device." [...] Earlier, Shielded Labs, a nonprofit developer on the privacy token system, disclosed a critical vulnerability in Zcash's (ZEC) Orchard privacy pool that could have threatened the integrity of the token's supply. The vulnerability, if exploited, could have allowed an attacker to create an unlimited number of counterfeit ZEC tokens, completely undetected. "Think of it as someone secretly gaining access to the Federal Reserve's dollar printing press, except in this case, even the Fed wouldn't be able to tell these extra dollars were printed," wrote Omkar Godbole. Importantly, the vulnerability was discovered with help from Anthropic's recently released Opus 4.8 AI model, raising difficult questions for the entire crypto industry. More to come on that. ZEC is now down 42% over the past 24 hours. On Wednesday, the Zcash Foundation said: "The vulnerability was caught before any known exploitation occurred. There is no evidence of unauthorized value creation. Zcash's turnstile mechanism (which tracks the total ZEC balance across all value pools) confirmed that the total supply remained intact throughout. User privacy was not affected. Sapling and transparent transactions continued operating normally throughout the incident."

Read more of this story at Slashdot.

05 Jun 2026 9:00pm GMT

The reactor, from a startup called Antares, isn't ready to generate power yet.

05 Jun 2026 7:23pm GMT

RISC-V has been in the "promising" phase for a long time now, especially for general purpose computing, never really breaking through into the mainstream in any measurable way. While I think that breakthrough is still relatively far away, we now do have newer RISC-V SoCs on the market supporting the RVA23 baseline RISC-V profile. One of them is the SpacemiT Key Stone KЗ, which promises to deliver a massive performance increase over previous RISC-V offerings. It's exactly this chip that's finding its way into complete, turnkey mini PC solutions, like this one from a company called Firefly. The base model comes with 8GB of LDDPR5 RAM and 128GB of storage, at a price of about €300 or so (there's also a 32GB/128GB model at well over €600). This is the first time I'm looking at a complete RISC-V solution where I feel like it might actually make for a good moment to jump in for us enthusiasts. No, the performance won't rival anything Intel or AMD has to offer, but it seems capable enough for a lot of day-to-day tasks, and I'm curious to see just how far along the Linux world is when it comes to RISC-V support. It's not part of our current set of fundraiser incentives, but if you'd like to see this RISC-V mini PC reviewed here on OSNews, you can always donate and add a note that you specifically want to see such a review (so I can gauge interest not just from our few commenters, but also from the more than 99% of our readers who only lurk). As always, you can donate through Ko-Fi, or, if you're European, via a SEPA direct bank transfer (Name: Thom Holwerda - IBAN: SE08 8000 0820 1684 4657 8414 - BIC: SWEDSESS).

05 Jun 2026 3:49pm GMT

I've mentioned it before, but Chris Siebenmann is basically the Raymond Chen of the UNIX world, and today he's filling that role perfectly once again. I recently read Simon Tatham's Nitpicking the shell history scene in Tron: Legacy, where one thing that surprised Tatham was the film using 'login -n root' to become root instead of 'su'. This surprised me because I found that perfectly ordinary, and this turns up both a bit of Unix history and a difference between modern Unixes. Plain 'su' can let you become another user, including root, but what it explicitly doesn't do by default is create a new login shell for that user. If you do 'su root', the new root shell normally inherits most of your environment, your current directory, and so on. Sometimes this is what you want and sometimes you really want a new login environment, and originally in Unix how you got the latter was to run 'login' from your existing shell session (and this meant that login was setuid root, like su). ↫ Chris Siebenmann Unsurprisingly, this distinction has persisted to this day in various UNIX-like operating systems, but in different ways. Some maintain the explicit distinction, while others have more or less standardised on using su for both use cases. It's an interesting bit of UNIX archeology.

05 Jun 2026 12:57pm GMT

Roku, the company that makes TV boxes and sells ad space based on your usage patterns, has released its remote control operating system as open source - and by remote control I don't mean robot stuff or whatever, but actual remote controls, the thing you use to control your TV or whatever from the couch. Roku has announced the official availability of Roku LT OS - a lightweight, highly deterministic open-source operating system that is already used in our industry-changing Roku remote controls. In addition to high-performance automotive platforms, Roku LT OS is designed to be accessible to the broader developer community. The operating system ships with native support for the ESP32 platform, a highly popular SoC among hobbyists and makers. Because ESP32 development boards are widely available online for just a few dollars, developers can get started with Roku LT OS with minimal hardware investment. ↫ Roku's developers blog As far as I can tell, this operating system is entirely new and not based on Linux or something else, but the available documentation is light on details so I can't make much more out of it. Regardless, it's nice to have another open source embedded operating system.

04 Jun 2026 6:21pm GMT

Good morning from JetBrains Berlin office!

01 Jun 2026 12:00am GMT

Just trying to answer one simple question: What if the terminal was 3D?

11 May 2026 12:00am GMT

Break the pattern today or the loop will repeat tomorrow.

18 Apr 2026 12:00am GMT