Skip to main content

Doomed 'Cannibal' Star Could Explode In a Supernova Visible During Day

1 month ago
"Betelgeuse may have competition for the most exciting star about to go nova near Earth," writes Space.com. "Astronomers have discovered the secret of a strange star system that has baffled them for years, finding it contains a dead star about to erupt after overfeeding on a stellar companion." The supernova explosion of this cosmic cannibal could be as bright as the moon, making it visible with the naked eye over Earth even in broad daylight. The system in question is the double star V Sagittae located around 10,000 light-years from Earth, containing a white dwarf stellar remnant and its victim companion star, which orbit each other roughly twice every Earth day. The new research and the revelation of this white dwarf's imminent catastrophic fate answer questions about V Sagittae that have lingered for 123 years... White dwarfs represent the final stage of stars with masses around that of the sun, occurring when they run out of fuel for nuclear fusion... [W]hite dwarfs that have a stellar companion can get a second lease on life and a more conclusive and explosive end... [T]he stolen stellar material piles up on the surface of the white dwarf until it pushes this stellar remnant past the so-called Chandrasekhar limit of 1.4 solar masses. This is the mass limit that a stellar remnant has to exceed to trigger a supernova... However, this team found something very different and extraordinary happening with the stellar material being stolen by the white dwarf in V Sagittae... This investigation revealed that there is a giant halo of gas comprised of material stolen from the companion star wrapped around both the cannibal white dwarf and its stellar victim... "The white dwarf cannot consume all the mass being transferred from its hot star twin, so it creates this bright cosmic ring," team member Pasi Hakala from the University of Turku said. "The speed at which this doomed stellar system is lurching wildly, likely due to the extreme brightness, is a frantic sign of its imminent, violent end." "The matter accumulating on the white dwarf is likely to produce a nova outburst in the coming years, during which V Sagittae would become visible with the naked eye," Pablo Rodríguez-Gil from Spain's Instituto de Astrofisica de Canarias said. "But when the two stars finally smash into each other and explode, this would be a supernova explosion so bright it'll be visible from Earth even in the daytime." The research was conducted with the Very Large Telescope (four individual telescopes high in the mountains of Chile) — and published last week in the journal Monthly Notices of the Royal Astronomical Society.

Read more of this story at Slashdot.

EditorDavid

There Isn't an AI Bubble - There Are Three

1 month ago
Fast Company ran a contrarian take about AI from entrepreneur/thought leader Faisal Hoque, who argues there's three AI bubbles. The first is a classic speculative bubble, with asset prices soaring above their fundamental values (like the 17th century's Dutch "tulip mania"). "The chances of this not being a bubble are between slim and none..." Second, AI is also arguably in what we might call an infrastructure bubble, with huge amounts being invested in infrastructure without any certainty that it will be used at full capacity in the future. This happened multiple times in the later 1800s, as railroad investors built thousands of miles of unneeded track to serve future demand that never materialized. More recently, it happened in the late '90s with the rollout of huge amount of fiber optic cable in anticipation of internet traffic demand that didn't turn up until decades later. Companies are pouring billions into GPUs, power systems, and cooling infrastructure, betting that demand will eventually justify the capacity. McKinsey analysts talk of a $7 trillion "race to scale data centers" for AI, and just eight projects in 2025 already represent commitments of over $1 trillion in AI infrastructure investment. Will this be like the railroad booms and busts of the late 1800s? It is impossible to say with any kind of certainty, but it is not unreasonable to think so. Third, AI is certainly in a hype bubble, which is where the promise claimed for a new technology exceeds reality, and the discussion around that technology becomes increasingly detached from likely future outcomes. Remember the hype around NFTs? That was a classic hype bubble. And AI has been in a similar moment for a while. All kinds of media — social, print, and web — are filled with AI-related content, while AI boosterism has been the mood music of the corporate world for the last few years. Meanwhile, a recent MIT study reported that 95% of AI pilot projects fail to generate any returns at all. But the article ultimately argues there's lessons in the 1990s dotcom boom: that "a thing can be hyped beyond its actual capabilities while still being important... When valuations correct — and they will — the same pattern will emerge: companies that focus on solving real problems with available technology will extract value before, during, and after the crash." The winners will be companies with systematic approaches to extracting value — adopting mixed portfolios with different time horizons and risk levels, while recognizing organizational friction points for a purposeful (and holistic) integration. "The louder the bubble talk, the more space opens for those willing to take a methodical approach to building value." Thanks to Slashdot reader Tony Isaac for sharing the article.

Read more of this story at Slashdot.

EditorDavid

Self-Replicating Worm Affected Several Hundred NPM Packages, Including CrowdStrike's

1 month ago
The Shai-Hulud malware campaign impacted hundreds of npm packages across multiple maintainers, reports Koi Security, including popular libraries like @ctrl/tinycolor and some packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. Koi Security created a table of packages identified as compromised, promising it's "continuously updated" (and showing the last compromise detected Tuesday). Nearly all of the compromised packages have a status of "removed from NPM". Attackers published malicious versions of @ctrl/tinycolor and other npm packages, injecting a large obfuscated script (bundle.js) that executes automatically during installation. This payload repackages and republishes maintainer projects, enabling the malware to spread laterally across related packages without direct developer involvement. As a result, the compromise quickly scaled beyond its initial entry point, impacting not only widely used open-source libraries but also CrowdStrike's npm packages. The injected script performs credential harvesting and persistence operations. It runs TruffleHog to scan local filesystems and repositories for secrets, including npm tokens, GitHub credentials, and cloud access keys for AWS, GCP, and Azure. It also writes a hidden GitHub Actions workflow file (.github/workflows/shai-hulud-workflow.yml) that exfiltrates secrets during CI/CD runs, ensuring long-term access even after the initial infection. This dual focus on endpoint secret theft and backdoors makes Shai-Hulud one of the most dangerous campaigns ever compared to previous compromises. "The malicious code also attempts to leak data on GitHub by making private repositories public," according to a Tuesday blog post from security systems provider Sysdig: The Sysdig Threat Research Team (TRT) has been monitoring this worm's progress since its discovery. Due to quick response times, the number of new packages being compromised has slowed considerably. No new packages have been seen in several hours at the time... Their blog post concludes "Supply chain attacks are increasing in frequency. It is more important than ever to monitor third-party packages for malicious activity." Some context from Tom's Hardware: To be clear: This campaign is distinct from the incident that we covered on Sept. 9, which saw multiple npm packages with billions of weekly downloads compromised in a bid to steal cryptocurrency. The ecosystem is the same — attackers have clearly realized the GitHub-owned npm package registry for the Node.js ecosystem is a valuable target — but whoever's behind the Shai-Hulud campaign is after more than just some Bitcoin.

Read more of this story at Slashdot.

EditorDavid