iain.davidson100 has added a photo to the pool:
WinRuWorld has added a photo to the pool:
Mullet Creek is located on the New South Wales Central Coast.
I know the definition of creek to be a small, shallow body of flowing water. I've never been able to correlate this with the naming of the enormous tributary that feeds the mighty Hawkesbury River.
I learned that the construction of the railway line between Hawkesbury and Woy Woy in New South Wales began in 1883 at a time when railway construction was at its peak. It was the final stage in the railway line connecting Sydney and Newcastle - and I love this most beautiful part of the journey.
Mullet refers to Australia's famous sea mullet, highly abundant in the estuarine and coastal waters of New South Wales. Massive annual migrations or 'mullet runs' made the fish a vital food source.
As the rail line runs right next to the creek, it gives the impression of actually being on the water.
Nestled near the Woy Woy Tunnel, the creek is famously adjacent to Wondabyne Railway Station, the only train station in Australia with no road access.
© All rights reserved
An anonymous reader quotes a report from Ars Technica: Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other Chromium-based browsers. The proof-of-concept code exploits the Browser Fetch programming interface, a standard that allows long videos and other large files to be downloaded in the background. An attacker can use the exploit to create a connection for monitoring some aspects of a user's browser usage and as a proxy for viewing sites and launching denial-of-service attacks. Depending on the browser, the connections either reopen or remain open even after it or the device running it has rebooted.
The unfixed vulnerability can be exploited by any website a user visits. In effect, a compromise amounts to a limited backdoor that makes a device part of a limited botnet. The capabilities are limited to the same things a browser can do, such as visit malicious sites, provide anonymous proxy browsing by others, enable proxied DDoS attacks, and monitor user activity. Nonetheless, the exploit could allow an attacker to wrangle thousands, possibly millions, of devices into a network. Once a separate vulnerability becomes available, the attacker could use it to then compromise all those devices.
"The dangerous part here is that you can just have a lot of different browsers together that you can in the future run something on that you figure out," said Lyra Rebane, the independent researcher who discovered the vulnerability and privately reported it to Google in late 2022 in an interview. He said using the exploit code Google prematurely published would be "pretty easy," although scaling it to wrangle large numbers of devices into a single network would require more work. In the thread of Rebane's disclosure to Google, two developers said in separate responses that it was a "serious vulnerability." Its severity was rated S1, the second-highest classification.
Since its reporting 29 months ago, the vulnerability remained unknown except to Chromium developers. Then on Wednesday morning, it was published to the Chromium bug tracker. Rebane initially assumed the vulnerability was finally fixed. Shortly thereafter, he learned that, in fact, it remained unpatched. While Google removed the post, it remains available on archival sites, along with the exploit code. Google representatives didn't immediately respond to an email asking how and why it published the vulnerability and if or when a fix would become available. The exploit works by abusing Chromium's Browser Fetch API to open a service worker that remains persistently active. A malicious website can trigger it through JavaScript, creating a connection that can be used "for monitoring some aspects of a user's browser usage and as a proxy for viewing sites and launching denial-of-service attacks," reports Ars.
Depending on the browser, those connections "either reopen or remain open even after it or the device running it has rebooted," effectively turning the device into part of a "limited botnet."
The unfixed vulnerability can be exploited by any website a user visits. In effect, a compromise amounts to a limited backdoor that makes a device part of a limited botnet. The capabilities are limited to the same things a browser can do, such as visit malicious sites, provide anonymous proxy browsing by others, enable proxied DDoS attacks, and monitor user activity. Nonetheless, the exploit could allow an attacker to wrangle thousands, possibly millions, of devices into a network. Once a separate vulnerability becomes available, the attacker could use it to then compromise all those devices.
"The dangerous part here is that you can just have a lot of different browsers together that you can in the future run something on that you figure out," said Lyra Rebane, the independent researcher who discovered the vulnerability and privately reported it to Google in late 2022 in an interview. He said using the exploit code Google prematurely published would be "pretty easy," although scaling it to wrangle large numbers of devices into a single network would require more work. In the thread of Rebane's disclosure to Google, two developers said in separate responses that it was a "serious vulnerability." Its severity was rated S1, the second-highest classification.
Since its reporting 29 months ago, the vulnerability remained unknown except to Chromium developers. Then on Wednesday morning, it was published to the Chromium bug tracker. Rebane initially assumed the vulnerability was finally fixed. Shortly thereafter, he learned that, in fact, it remained unpatched. While Google removed the post, it remains available on archival sites, along with the exploit code. Google representatives didn't immediately respond to an email asking how and why it published the vulnerability and if or when a fix would become available. The exploit works by abusing Chromium's Browser Fetch API to open a service worker that remains persistently active. A malicious website can trigger it through JavaScript, creating a connection that can be used "for monitoring some aspects of a user's browser usage and as a proxy for viewing sites and launching denial-of-service attacks," reports Ars.
Depending on the browser, those connections "either reopen or remain open even after it or the device running it has rebooted," effectively turning the device into part of a "limited botnet."
Read more of this story at Slashdot.
US and Taiwanese presidents have not spoken directly since Washington shifted diplomatic recognition to Beijing from Taipei in 1979
US President Donald Trump said on Wednesday he would speak with Taiwan’s President Lai Ching-te, an unprecedented move for a US leader that could roil US relations with China.
US and Taiwanese presidents have not spoken directly since Washington shifted diplomatic recognition to Beijing from Taipei in 1979.
Continue reading...Surveillance that misses a haemorrhagic fever or fails to consider endemic risks at a departure port will be blind to something far more dangerous
Two rare disease outbreaks within two weeks – Andes hantavirus and Bundibugyo Ebola – have caused deaths and triggered costly international responses. Together they expose a gap not in our ability to respond, but in our willingness to anticipate, prevent and use precaution.
The hantavirus outbreak on a cruise expedition in the south Atlantic played out slowly. Three weeks passed between the death of one passenger on 11 April and the linkage to hantavirus on 2 May. In that time, passengers onboard the MV Hondius continued their itinerary, having been advised that the man had probably died of natural causes. They toured remote islands and ate together at the same tables. More than 30 passengers disembarked at St Helena and flew in different directions.
Continue reading...Everlee Wihongi was detained at Los Angeles airport on 10 April after she had returned to US from a family trip
There have been numerous disturbing moments during New Zealander Everlee Wihongi’s ongoing detention in US Immigration and Customs Enforcement (ICE), but there is one that stands out, her mother says.
When detainees are transferred between facilities they are required to remove their assigned uniforms and put on the clothes they wore the day they were detained, Betty Wihongi, tells the Guardian from Wisconsin, her home of nearly 30 years.
Continue reading...
Already the planet's largest supplier of GPUs, Nvidia now intends to conquer the CPU market. “We have visibility to nearly $20 billion in total CPU revenue this year, setting us up to become the world’s leading CPU supplier,” Nvidia CFO Colette Kress said during the company’s Q1 2027 earnings call on Wednesday. Nvidia is no stranger to CPUs having announced its first Arm datacenter chip, codenamed Grace, back in 2021. However until recently the company integrated most of these parts into GPU systems that users almost always deployed in AI datacenters and supercomputers. That changed in February when Nvidia revealed Meta was among the first hyperscalers now deploying standalone Grace CPU Superchips in its datacenters to power a variety of workloads including the Social Network’s AI agents. At its GTC conference in March, Nvidia officially expanded its CPU line up to include a standalone Vera CPU system. Each chip features 88 custom Olympus Arm cores with support for simultaneous multi-threading (SMT) — that’s Hyperthreading in Intel speak — along with confidential computing capabilities. Nvidia can equi[ each chip with up to 1.5 TB of LPDDR5x SOCAMM memory, which offers higher memory bandwidth at up to 1.2 TB/s and uses little power (which is why it's often used in laptops). “Vera will deliver up to 1.5x faster performance per core, 2x performance per watt, and 4x density per rack compared to x86-based alternatives,” Kress claimed. Nvidia’s reference designs pack up to two Vera CPUs onto a single board and via high-speed NVLink interconnects. Nvidia’s Vera is also paired in a 2:1 ratio of Rubin GPUs to CPUs in its most powerful rack-scale AI compute platforms. Since the chip was detailed this spring, Kress claims nearly every major hyperscaler and system builder plans to deploy the chips. This week, several top AI labs and hyperscalers, including Anthropic, OpenAI, Oracle, and SpaceX took delivery of Nvidia’s first Vera-based systems. “Vera CPU opens a brand new $200 billion TAM for Nvidia, a market we have never addressed before,” she said. While Nvidia is expanding its addressable market to include standalone CPUs, it should be noted that much like the company’s Ethernet networking products, they’re designed primarily with AI and HPC applications in mind. The chips can’t replace x86 processors in every application, yet. Kress’ comments come as Nvidia caps off a strong end to the first quarter of its 2027 fiscal year. The GPU giant raked in $58.3 billion in profits on $81.6 billion in revenue for the quarter, the latter of which grew 85 percent YoY and 20 percent from the prior quarter. Kress attributed the sequential jump to an “inflection in inference demand.” The quarter saw Nvidia change how it breaks out revenues. The company’s business units have now been organized into a datacenter group which includes cloud, hyperscale, neocloud and enterprise sales, plus an edge group, which serves as a catchall for gaming, robotics, automotive, and vRAN products. Datacenter revenues accounted for the vast majority of revenues, at $75.2 billion. Of that $38 billion came from hyperscaler and public cloud customers, while neocloud, industrial, and enterprise customers paid the remaining $37 billion. Edge sales accounted for a mere $6.4 billion, with the company citing demand for Blackwell-based workstation gear as a key driver. Looking ahead to Q2, Nvidia forecast revenue will hit $91 billion plus or minus two percent. That prediction assumed no datacenter sales in China. Nvidia has been trying for months to reignite its GPU business in the Middle Kingdom since Uncle Sam gave the company the green light to sell its aging H200 processors to Chinese customers for the first time ever back in December. Despite receiving approval from the Trump administration and receiving billions of dollars worth of orders, shipments remain stuck in Beijing’s red tape. ®
