Next: 00:02 Req#30232 HN Q Help Generated 21 Sun 22:53 Size: 246K Articles: 347 Next
If you want to see or try CRiSP, visit http://www.crispeditor.co.uk and try one of the longest established and functional editors on the web! Or subscribe to http://crtags.blogspot.com for a blog on technical articles and joy of computing (sometimes!).
22:52 Black Hole Photo Used Supercomputers and Cloud Computing To Prove Einstein Right
An anonymous reader quotes The Next Web: As stunning and ground-breaking as it is, the EHT project is not just about taking on a challenge. It's an unprecedented test of whether Einstein's ideas about the very nature of space and time hold up in extreme circumstances, and looks closer than ever before at the role of black holes in the universe. To cut a long story short: Einstein was right.... His general theory of relativity has passed two serious tests from the universe's most extreme conditions in the last few years. Here, Einstein's theory predicted the observations from M87 with unerring accuracy, and is seemingly the correct description of the nature of space, time, and gravity. The measurements of the speeds of matter around the center of the black hole are consistent with being near the speed of light. The advanced computing research center at the University of Texas at Austin says the data for the photo "was collected during a 2017 global campaign, after decades of scientific, engineering, and computational research and preparation." And their own facility played a role in the finished photo, according to an article shared by aarondubrow: Helping to lay the groundwork for the black hole imaging, and providing the theoretical underpinnings that enabled the researchers to interpret the mass, underlying structure, and orientations of the black hole and its environment, were supercomputers at The University of Texas at Austin's Texas Advanced Computing Center (TACC) -- Stampede1, Stampede2 and Jetstream -- all three of which were supported by grants from the National Science Foundation (NSF), which also provided key funding for the EHT... "We are doing finite difference, three-dimensional simulations with not just gas dynamics, but also magnetic fields," said Harvard University professor and EHT researcher Ramesh Narayan. "That includes radiation and what is called two-temperature physics in a general relativistic framework. For these, we really do need the TACC's Stampede system with lots of cores and lots of hours.... The simulations are computationally very expensive and supercomputers are definitely needed...." Alongside the simulation and modeling effort, another group of researchers from the University of Arizona (UA) were using Jetstream -- a large-scale cloud environment for research located both at TACC and Indiana University -- to develop cloud-based data analysis pipelines that proved crucial for combining huge amounts of data taken from the geographically-distributed observatories, and sharing the data with researchers around the world. "New technologies such as cloud computing are essential to support international collaborations like this," said Chi-kwan Chan, leader of the EHT Computations and Software Working Group and an assistant astronomer at UA. "The production run was actually carried out on Google Cloud, but much of the early development was on Jetstream. Without Jetstream, it is unclear that we would have a cloud-based pipeline at all."
22:52 Why Modern C++ Still Isn't As Safe As Memory-Safe Languages Like Rust and Swift
21:21 Red Hat Takes Over Maintenance of OpenJDK 8 and OpenJDK 11 From Oracle
"Red Hat is taking over maintenance responsibilities for OpenJDK 8 and OpenJDK 11 from Oracle," reports InfoWorld: Red Hat will now oversee bug fixes and security patches for the two older releases, which serve as the basis for two long-term support releases of Java. Red Hat's updates will feed into releases of Java from Oracle, Red Hat, and other providers... Previously, Red Hat led the OpenJDK 6 and OpenJDK 7 projects. Red Hat is not taking over OpenJDK 9 or OpenJDK 10, which were short-term releases with a six-month support window.
21:02 Picking the best security camera for your needs
By Rachel Cericola This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commission. Read the full blog on picking the best securi...
21:02 France launches government chat app after fixing last-minute flaw
France made good on its promise to launch a secure government-only chat app -- although it almost didn't turn out that way. The country has introduced a beta version of Tchap, a messaging app that helps officials communicate with each other through...
19:51 Linux 5.2 Will Introduce The Fieldbus Subsystem
"The new Fieldbus system has been deemed ready to be released into the staging area of the Linux kernel," writes jwhyche (Slashdot reader #6,192). Phoronix reports: This newest subsystem for the Linux kernel benefits industrial systems. Fieldbus is a set of network protocols for real-time distributed control of automated industrial systems. Fieldbus is used for connecting different systems/components/instruments within industrial environments. Fieldbus is used for connecting facilities ranging from manufacturing plants up to nuclear energy facilities. The Fieldbus specification has been around for decades while now seeing a formal subsystem within the Linux kernel. The subsystem allows for devices to exchange data over a Fieldbus whether it be Profinet, FLNet, or one of the other implementations. The subsystem provides a generic framework for exposing switches, lights, actuators, motors, and other hardware... The Linux kernel's Fieldbus subsystem has gone through over ten rounds of public revisions in recent months and has been deemed ready to premiere with Linux 5.2 [which] should debut in July.
19:51 Bluecherry Open Sources Its Entire Linux Surveillance Server
"Big changes are here," writes the official blog for Bluecherry: In 2010 we released our multi-port MPEG4 video capture card with an open source driver (solo6x10) and in 2011 updated the driver to support our multi-port H.264 capture cards. Later, this open source driver was later added into the mainline Linux kernel. In 2013 we released our multi-platform surveillance application client with an open source (GPL) license. We are proud to announce that Effective April 18, 2019 we have released the entire Bluecherry software application open source with a GPL license. An anonymous reader writes: This includes the Linux based server application and the Windows / Linux / OS X client. Bluecherry's GitHub repo is now open for public viewing.
18:21 Historic 'Summit' with the Creators of Python, Java, TypeScript, and Perl
18:02 SpaceX Crew Dragon capsule suffers 'anomaly' in testing
SpaceX's dreams of crewed spaceflight appear to have faced a setback. The company and the US Air Force's 45th Space Wing have confirmed to Florida Today that a Crew Dragon capsule suffered an "anomaly" during a static test fire at Cape Canaveral. Mos...
18:02 Tesla starts selling inventory Model 3 cars on its website
Tesla is giving potential buyers the chance to get Model 3 deliveries within days instead of weeks. As first reported by Electrek, the automaker has made its inventory Model 3 vehicles available for browsing online. The inventory section used to disp...
16:51 Southwest Airlines Says They'll Purchase 'Hundreds' More Boeing 737 Max Aircraft
Inc. magazine describes as "stunning" announcement from Southwest Airlines, "by far the biggest 737 Max customer in the United States, with 34 of the planes among its fleet, and plans for many more. " Speaking at a chamber of commerce event in Dallas, Southwest chairman and CEO Gary Kelly said Southwest has no plans to abandon the 737 Max. In fact, he said it will purchase "hundreds" more 737 Max aircraft. "It's a very good airplane, but Boeing has acknowledged that they've got some things they need to address with the software in that airplane," Kelly said, according to the Dallas Business Journal. "It seems like it's a relatively straight-forward modification. We're obviously anxious to get the airplane back in service." That's it: all-in on the 737 Max. Or at least close to it... By flying just one aircraft, Southwest knows that almost any of its pilots can fly any of its planes. Its scheduling and maintenance tasks become a lot easier than for airlines with multiple types of aircraft. But it also means that ultimately, Southwest's brand and its overall success are tied up with Boeing and the 737 in a way that few other airlines are. Marketwatch adds that in fact, major airlines "are hungry for fuel-efficient single-aisle aircraft such as the Max, and there's a long backlog for the jet's closest competitor, Airbus SE, analysts at Oxford Economics said in a note Thursday. "That will shield Boeing from a mass cancellation of orders," the analysts said.
16:51 More Than 23 Million People Use the Password '123456'
Bearhouse shares a new study from the UK's "National Cyber Security Centre," which advises the public on computer security, about the world's most-frequently cracked passwords. It's probably no surprise to the Slashdot readership: people use bad passwords. A recent study of publicly-available "hacked" accounts -- by the UK National Cyber Security Centre -- reveals "123456" was top, followed by the much more secure "123456789" and hard-to-guess "qwerty". If you're a soccer (football) fan, then try "Liverpool" or "Chelsea" -- they'll work in more than half a million cases. Finally, for musicians, Metallica gets beaten down by 50cent, 140k to 190k respectively. The most common fictional names used as passwords were "superman" (333,139 users), "naruto" (242,749), "tigger" (237,290), "pokemon" (226,947), and "batman" (203,116). The organization recommends instead choosing three random words as a password -- and also checking "password blacklists" that show passwords that have already been found in past data breaches. (Developers and sysadmins are also advised to implement these checks as part of their rules for which user passwords will be allowed.) The organization also released a file from the "Have I Been Pwned" site containing the top 100,000 passwords. So what are the top ten most-frequently used passwords? 123456123456789qwertypassword11111112345678abc1231234567password112345
15:21 Fortnite World Cup: More than 1,200 Accounts Banned For Cheating
"Epic Games gave bans to more than 1,200 Fortnite accounts and revoked cash prizes that more than 200 players had won following Epic's investigations of cheating in the first week of Fortnite's World Cup Online Open," reports Polygon: That cheater (whom Epic did not name) used the cheat software during the tournament's semifinals. The account involved had played "for less than five minutes" before being discovered and banned, Epic said. The great majority of the other accounts sanctioned received two-week bans for their misconduct. Of them, 196 players forfeited their winnings after they were caught circumventing region locks to play in several regions. Epic said that will change the prize payouts for others in the tournament, but their improved finishes won't be reflected on Fortnite's in-game leaderboard. Nine prize winners lost their money for sharing accounts, and one winner's earnings were vacated for teaming. Epic Games said it has added a "real-time teaming detection algorithm" to its competitive play. Teaming, in which players in a solo mode work cooperatively and create a competitive disadvantage for others, can get players banned even in competitive non-tournament play.
15:02 Nintendo Game Boy at 30: As fun as it ever was
Today marks the 30th anniversary of the Game Boy's release in Japan. Three decades ago, the portable gaming landscape would change forever. Whether you owned a Game Boy or not, it's likely something you're familiar with. The legacy reaches far beyond...
15:02 Sri Lanka temporarily bans social media after terrorist bombings
Extremist violence has once again prompted Sri Lanka to put a halt to social media in the country. The government has instituted a "temporary" ban on social networks, including Facebook, WhatsApp and Viber, after a string of apparently coordinated b...
15:02 After Math: Move fast and break laws
While the world held its collective breath this week ahead of Special Counsel Mueller's damning report on the current administration's conduct, the tech industry went ahead and let out all the bad news it had been holding onto for just such a moment....
I would rather think that immutable and append only are not file permissions and therefore it might be sensible to treat them differently.
And, I rather like that behavior of Gnome these days, it means I can do basic exploration in the GUI, and if I want to muck around with my command line tools or services that don't speak that layer, I can just access them as normal filesystems.
14:27 Deal: 8 ways to become a certified SEO specialist
Every big website needs SEO experts. Get trained and certified with this eight-part bundle for just $30.
14:27 Black Shark 2 review: Taking another bite from gamers' wallets
The Black Shark 2, which is a significant upgrade compared to the original, seeks to steal marketshare from Asus ROG Phone and the Razer Phone 2.
14:25 âNaturalâ bottled water has natural arsenic contamination, testing finds
Investigation also raises questions about testing and regulations.
14:25 Happy 30th B-Day, Game Boy: Here are six reasons why you're #1
From the archives: April 21 marks the 30th anniversary of the original Nintendo Game Boy.
14:25 Hannah TV adaptation sacrifices magic of original film for typical teen angst
But strong finale sets up what could be a much more interesting second season.
14:25 Mazda brings a new diesel CX-5 SUV to the USâbut why?
Mazda worked with US regulators to ensure this one complies with the rules.
13:51 A Secret Server For the Dead MMO 'City of Heroes' Has Players In an Uproar
eatmorekix quotes Vice: In 2012, Paragon Studios announced it was shutting down City of Heroes, a massively multiplayer online game where a community of players created their own superheroes, went on adventures together, and formed lasting friendships. The news was crushing to the game's devoted community because they could no longer play and hang out in the virtual space they loved, and today, years after the game's shutdown, the community is in an uproar again. As Massivelyop first reported, a group of City of Heroes players called the Secret Cabal of Reverse Engineers (SCORE) had created their own, private server where they could continue to play the game for the last six years, but kept it relatively secret. "I like the rest of you have been lied to," Reddit user avoca wrote in a thread titled "BE ANGRY" on the City of Heroes subreddit. "I have been told City of Heroes has been shutdown. Today, I learn I have been mistaken. For all of these years, City of Heroes has lived on. In secret. For every passing day and every withdrawal symptom, a person is playing on this secret server, and they are gaining xp, leveling up, performing task forces and forming supergroups." In 2004 the game's lead designer answered questions from Slashdot's reader. 15 years, a member of the emulator team tells Massivelyop that they'd tried to keep their City of Heroes server a secret for over six years because they were worried about getting a cease and desist notice from the game's publishers.
13:51 How Facebook Mis-Captioned the Launch of a NASA Supply Rocket
An anonymous reader quotes Ars Technica: An Antares rocket built by Northrop Grumman launched on Wednesday afternoon, boosting a Cygnus spacecraft with 3.4 tons of cargo toward the International Space Station. The launch from Wallops Island, Virginia, went flawlessly, and the spacecraft arrived at the station on Friday. However, when NASA's International Space Station program posted the launch video to its Facebook page on Thursday, there was a problem. Apparently the agency's caption service hadn't gotten to this video clip yet, so viewers with captions enabled were treated not just to the glory of a rocket launch, but the glory of Facebook's automatically generated crazywords... Some of the captions are just hilariously bad. For example, when the announcer triumphantly declares, "And we have liftoff of the Antares NG-11 mission to the ISS," the automatically generated caption service helpfully says, "And we have liftoff of the guitarist G 11 mission to the ice sets." There's more examples in the photos at the top of their article -- for example, a caption stating that the uncrewed launch "had a phenomenal displaced people at 60 seconds," and translating the phrase "TVC is nominal" to "phenomenal." While the lift-off announcer does use what may be unfamiliar names for the rockets, along with other technical jargon, the article points out that YouTube's auto-captioning of the same launch "seemed to have no problem with those bits of space argot."
12:02 Austria draft law would require real names for internet comments
It's not just China that wants to reduce anonymity online. Austria's government has introduced a draft law that would require you to provide your real name and address to larger sites before commenting. You could still use a nickname in public, but...
10:51 Did Google Sabotage Firefox and IE?
09:35 A mystery agent is doxing Iran's hackers and dumping their code
Iran seems to be getting its own taste of a Shadow Brokers-style leak of secrets.
09:02 AI generates non-stop stream of death metal
There's a limit to the volume of death metal humans can reproduce -- their fingers and vocal chords can only handle so much. Thanks to technology, however, you'll never have to go short. CJ Carr and Zack Zukowski recently launched a YouTube channel...
07:51 Bitcoin Couldn't Hide Russia's Operatives From Mueller's Investigation
"Russian operatives used cryptocurrency at almost every stage in their online efforts to interfere in the 2016 U.S. presidential election, according to Special Counsel Robert Mueller's final report on his investigation." So says CNN, adding that "Systems used in the hacking of the Democratic Party were paid for using Bitcoin, as were online hosting services that supported websites which published hacked materials and were used in the targeting of disinformation at American voters." The Russian operatives (a.k.a. the Fancy Bear team) withdrew funds from both the CEX.io and BTC-e.com cryptocurrency exchanges to fund domain purchases, server rentals, and VPN services, reports Draconi, Slashdot reader #38,078. He's correlated the Mueller report with the Bitcoin blockchain addresses referenced (indirectly) in two indictments brought by America's Department of Justice -- one for interference in the 2016 U.S. Presidential Election, and one for the public leak of Olympic drug-testing results -- and shared the results of his investigation with CNN. CNN reports: Russian agents, including those from the GRU, Russia's military intelligence agency, had sought to, as the Mueller indictment of GRU agents last July outlined, "capitalize on the perceived anonymity of cryptocurrencies." But while Bitcoin allowed Russians to "avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds," according to the same indictment, it wasn't enough to evade Mueller's investigation. Tim Cotten, a blockchain developer and security researcher who has done extensive work in tracking Russian Bitcoin accounts unearthed by Mueller's team, noted in an interview with CNN Business that trading Bitcoins on exchanges usually requires users to set up Bitcoin wallets that are tied to an email address. Federal investigators were able to access at least some of the email accounts used in the operation, which, Cotten says, would have made tracing Bitcoin transactions a lot easier. Investigators' access to the "the other side of the blockchain equation," as he described it, was important because, "Rather than having to search the blockchain for clues, they already had all of the receipts demonstrating which accounts were under the GRU's control." The Russians used stolen and false identities in setting up some of these accounts, according to Mueller's team, but had used some of the same accounts to purchase servers and website domains involved in the hacking of the Democratic Party and the publishing of the hacked materials, Mueller's indictment outlines. That, Cotten said, would have made it easier for investigators to tie the case together. "The purchase trails are fully exposed in the Bitcoin blockchain as funds are used, consolidated, and deposited into secondary online wallets such as SpectroCoin.com and Xapo.com," Cotten writes on his site. "Anyone can follow along and trace the payment chains to see exactly how the Russians were spending their money, when, and on what."
04:51 'Pi VizuWall' Is a Beowulf Cluster Built With Raspberry Pi's
Why would someone build their own Beowulf cluster -- a high-performance parallel computing prototype -- using 12 Raspberry Pi boards? It's using the standard Beowulf cluster architecture found in about 88% of the world's largest parallel computing systems, with an MPI (Message Passing Interface) system that distributes the load over all the nodes. Matt Trask, a long-time computer engineer now completing his undergraduate degree at Florida Atlantic University, explains how it grew out of his work on "virtual mainframes": In the world of parallel supercomputers (branded 'high-performance computing', or HPC), system manufacturers are motivated to sell their HPC products to industry, but industry has pushed back due to what they call the "Ninja Gap". MPI programming is hard. It is usually not learned until the programmer is in grad school at the earliest, and given that it takes a couple of years to achieve mastery of any particular discipline, most of the proficient MPI programmers are PhDs. And this, is the Ninja Gap -- industry understands that the academic system cannot and will not be able to generate enough 'ninjas' to meet the needs of industry if industry were to adopt HPC technology. As part of my research into parallel computing systems, I have studied the process of learning to program with MPI and have found that almost all current practitioners are self-taught, coming from disciplines other than computer science. Actual undergraduate CS programs rarely offer MPI programming. Thus my motivation for building a low-cost cluster system with Raspberry Pis, in order to drive down the entry-level costs. This parallel computing system, with a cost of under $1000, could be deployed at any college or community college rather than just at elite research institutions, as is done [for parallel computing systems] today. The system is entirely open source, using only standard Raspberry Pi 3B+ boards and Raspbian Linux. The version of MPI that is used is called MPICH, another open-source technology that is readily available. But there's an added visual flourish, explains long-time Slashdot reader iamacat. "To visualize computing, each node is equipped with a servo motor to position itself according to its current load -- lying flat when fully idle, standing up 90 degrees when fully utilized." Its data comes from the /proc filesystem, and the necessary hinges for this prototype were all generated with a 3D printer. "The first lesson is to use CNC'd aluminum for the motor housings instead of 3D-printed plastic," writes Trask. "We've seen some minor distortion of the printed plastic from the heat generated in the servos."
04:27 OpenSSH 8.0 released
A slash on the source directory does change rsync's behaviour, but that has nothing to do with whether the destination exists. The behaviours are orthogonal, here is a matrix:
when dst doesn't exist
rsync -a src/ dst --> creates dst, copies contents of src into dst
rsync -a src dst --> creates dst, copies src into dst
when dst exists
rsync -a src/ dst --> copies contents of src into dst
rsync -a src dst --> copies src into dst
I do remember being surprised by this when I first used rsync, but the man page is fairly clear about it; I'm curious to hear if what behaviour you might find less surprising, while retaining the ability to copy either a directory or its contents (without using shell wildcards or the like)?
As for security guarantees, wouldn't something like SElinux be more appropriate, fine grained and auditable than this mechanism? That said, I have no idea if SElinux or similar behave sanely if policy is changed while files are already opened or memory mapped...
Why is it stupid?
03:02 Epic banned over 1,200 'Fortnite' World Cup players for cheating
You'd think that an event as high stakes as the Fortnite World Cup would have participants on their best behavior, but that's apparently not the case. Epic has revealed that it banned more than 1,200 accounts for some form of cheating during the fir...
03:02 'Crackdown 3' lets you team up with friends in Wrecking Zone
Crackdown 3's signature Wrecking Zone mode should now be decidedly livelier. After a brief round of testing, Sumo and Microsoft have released an update that adds Squad support to the destroy-everything multiplayer feature. If you have Crackdown-lov...
This is not fine. A white-hat researcher examined 30 financial apps, looking for information security issues—worryingly, all but one of them were insecure. The failures were mind-numbingly familiar, and dead easy to find. It's as if the industry has learned nothing and is walking around with a sign on its back, saying, "Rob me." https://techbeacon.com/security/fintech-fiddles-home-burns-97-apps-found-insecure
"Ankle monitor" and Fitbit/AppleWatch are becoming indistinguishable in the new world of Chinese/Uber/AirBnB-style Social Credit Systems. Three excellent 11-16 minute videos of Big Tech's version of Social Credit Systems in action. Well done, with high production values. This dystopian world is no longer "far into the future", but already here. https://www.sscqueens.org/news/launch-of-screening-surveillance https://www.sscqueens.org/projects/screening-surveillance https://www.youtube.com/channel/UCpEmA7HemoLdu-bZsr63y-Q Blaxites https://www.sscqueens.org/projects/screening-surveillance/blaxites https://www.youtube.com/watch?v=yfVNDuWGZTs Blaxites Published on Apr 9, 2019 Jai's celebratory social media post affects her access to vital medication. Her attempts to circumvent the system leads to even more dire consequences. Written by: Nehal El-Hadi Directed by: Josh Lyon https://www.sscqueens.org/projects/screening-surveillance/frames https://www.youtube.com/watch?v=jfJX8HaGy6s Frames Published on Apr 9, 2019 A smart city tracks and analyzes a woman walking through the city. Things she does are interpreted and logged by the city system, but are they drawing an accurate picture of the woman? Written by: Madeline Ashby Directed by: Farhad Pakdel https://www.sscqueens.org/projects/screening-surveillance/a-model-employee https://www.youtube.com/watch?v=kBeggSzwKQ4 A Model Employee Published on Mar 29, 2019 To keep her day job at a local restaurant, Neeta, an aspiring DJ, has to wear a tracking wristband. As it tracks her life outside of work, she tries to fool the system, but a new device upgrade means trouble. Written by: Tim Maughan Directed by: Leila Khalilzadeh
EXCERPT: Facebook has admitted to `unintentionally' uploading the address books of 1.5 million users without consent, and says it will delete the collected data and notify those affected. https://www.theguardian.com/technology/facebook The discovery follows criticism of Facebook by security experts for a feature that asked new users for their email password as part of the sign-up process. As well as exposing users to potential security breaches, those who provided passwords found that, immediately after their email was verified, the site began importing contacts without asking for permission. Facebook has now admitted it was wrong to do so, and said the upload was inadvertent. “Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,'' the company said. “When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account, We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.'' The issue was first noticed in early April, when the Daily Beast reported on Facebook's practice of asking for email passwords to verify new users. The feature, which allows Facebook to automatically log in to a webmail account to effectively click the link on an email verification itself, was apparently intended to smooth the workflow for signing up for a new account. https://www.thedailybeast.com/beyond-sketchy-facebook-demanding-some-new-users-email-passwords But security experts said the practice was `beyond sketchy', noting that it gave Facebook access to a large amount of personal data and may have led to users adopting unsafe practices around password confidentiality. The company was “practically fishing for passwords you are not supposed to know,'' according to cybersecurity tweeter e-sushi who first raised concern about the feature, which Facebook says has existed since 2016... https://twitter.com/originalesushi?lang=en https://www.theguardian.com/technology/2019/apr/18/facebook-uploaded-email-contacts-of-15m-users-without-consent
https://www.npr.org/2019/04/12/711779130/as-china-hacked-u-s-businesses-turned-a-blind-eye "Technology theft and other unfair business practices originating from China are costing the American economy more than $57 billion a year, White House officials believe, and they expect that figure to grow. "Yet an investigation by NPR and the PBS television show Frontline into why three successive administrations failed to stop cyberhacking from China found an unlikely obstacle for the government—the victims themselves." Why do for-profit organizations, possessing vast stores of valuable intellectual property, apparently accept and anticipate theft of this content? Because the PRC marketplace is "too big" to ignore. US businesses display a remarkable, and convenient, myopia when it suits their primary objective: capture and realize revenue. Corporations are inured to theft and breach, exhausted by defense against the inevitable. Businesses budget for theft losses and pay insurance premiums as an operational expense. No longer is an eyelash of concern raised. These expenses are considered leakage. (See the movie classic "Casino."). Business continuity is the objective. When pushed against the wall (if revenue capture is threatened by 'unfavorable or unfair' competition), business can prevail upon political governance to embargo foreign-products, or savage their competitor's product capabilities like HuaWei 5G per http://catless.ncl.ac.uk/Risks/31/16#subj19 A calculated brand outrage assault and reputation sabotage campaign can tip procurement scales against certain suppliers. Given visible product defect escape and zero-day density reports (as noted in RISKS-31.16 and elsewhere), how do data breach and IP theft incidents arising from deployed gear (be they domestic or foreign), constitute a favorable outcome for dependent end-users and businesses? Whether the PRC or the US/EU "wins the contest" for most rapacious and effective data breach and IP theft exploitation capabilities is immaterial to governments. International economic dominance—hegemony—appears to motivate PRC IP theft and intrusion frequency: Become the world's largest economy and bask in the bragging rights limelight by any conceivable means. The US/EU apparently do not enlist their intelligence services for this purpose, at least as vigorously engaged or as visibly compared to the #2 global economy. Risks: Exhausted business strategies and weak operational practices that rely on government intervention to rebalance the marketplace. Insufficient or ineffective safeguards applied to suppress IP Internet theft, intrusions, and digital data exfiltration.
On Friday night, Microsoft sent notification emails to an unknown number of its individual email users—across Outlook, MSN, and Hotmail—warning them about a data breach. Between January 1 and March 28 of this year, hackers used a set of stolen credentials for a Microsoft customer support platform to access account data like email addresses in messages, message subject lines, and folder names inside accounts. By Sunday, it acknowledged that the problem was actually much worse. After tech news site Motherboard showed Microsoft evidence from a source that the scope of the incident was more extensive, the company revised its initial statement, saying instead that for about 6 percent of users who received a notification, hackers could also access the text of their messages and any attachments. Microsoft had previously denied to TechCrunch that full email messages were affected. https://www.wired.com/story/microsoft-email-hack-outlook-hotmail-customer-support/
[Once again, I had to carefully check the date on this article to make sure that it wasn't April 1st!] As much as I applaud the zeal of all the newly converted, I'm far too cynical to believe a word of Brad Smith, given the *second* article about Microsoft, below. Perhaps St. Augustine's prayer is more appropriate for Microsoft: "Please God, make me good, but not just yet". My prayer for Microsoft: "May the Farce be with you!" * (* See below.) https://www.reuters.com/article/us-microsoft-ai/microsoft-turned-down-facial-recognition-sales-on-human-rights-concerns-idUSKCN1RS2FV Microsoft turned down facial-recognition sales on human rights concerns Joseph Menn April 16, 2019 / 11:33 PM / Updated a day ago PALO ALTO (Reuters) - Microsoft Corp recently rejected a California law enforcement agency's request to install facial recognition technology in officers' cars and body cameras due to human rights concerns, company President Brad Smith said on Tuesday. Microsoft concluded it would lead to innocent women and minorities being disproportionately held for questioning because the artificial intelligence has been trained on mostly white and male pictures. AI has more cases of mistaken identity with women and minorities, multiple research projects have found. "Anytime they pulled anyone over, they wanted to run a face scan" against a database of suspects, Smith said without naming the agency. After thinking through the uneven impact, "we said this technology is not your answer." Speaking at a Stanford University conference on "human-centered artificial intelligence," Smith said Microsoft had also declined a deal to install facial recognition on cameras blanketing the capital city of an unnamed country that the nonprofit Freedom House had deemed not free. Smith said it would have suppressed freedom of assembly there. On the other hand, Microsoft did agree to provide the technology to an American prison, after the company concluded that the environment would be limited and that it would improve safety inside the unnamed institution. Smith explained the decisions as part of a commitment to human rights that he said was increasingly critical as rapid technological advances empower governments to conduct blanket surveillance, deploy autonomous weapons and take other steps that might prove impossible to reverse. Microsoft said in December it would be open about shortcomings in its facial recognition and asked customers to be transparent about how they intended to use it, while stopping short of ruling out sales to police. Smith has called for greater regulation of facial recognition and other uses of artificial intelligence, and he warned Tuesday that without that, companies amassing the most data might win the race to develop the best AI in a "race to the bottom." He shared the stage with the United Nations High Commissioner for Human Rights, Michelle Bachelet, who urged tech companies to refrain from building new tools without weighing their impact. "Please embody the human rights approach when you are developing technology," said Bachelet, a former president of Chile. Microsoft spokesman Frank Shaw declined to name the prospective customers the company turned down. Reporting by Joseph Menn; Editing by Greg Mitchell and Lisa Shumaker https://www.nextgov.com/emerging-tech/2019/04/microsoft-unveils-two-secret-data-centers-built-classified-government-data/156376/ Frank Konkel, 17 Apr 2019 Microsoft Unveils Two Secret Data Centers Built for Classified Government Data ... Microsoft's announcement is part of the company's plan to compete with Amazon--the only company cleared to host the CIA and Defense Department's secret and top secret classified data--and comes as both companies compete for a $10 billion military cloud contract called *JEDI*. ...
The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the Internet's cybersecurity that experts have warned about for years: DNS hijacking, a technique that meddles with the fundamental address book of the Internet. Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains—the suffixes like .co.uk or .ru that end a foreign web address -- putting all the traffic of every domain in multiple countries at risk. The hackers' victims include telecoms, Internet service providers, and domain registrars responsible for implementing the domain name system. But the majority of the victims and the ultimate targets, Cisco believes, were a collection of mostly governmental organizations, including ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa. By corrupting the Internet's directory system, hackers were able to silently use "man in the middle" attacks to intercept all Internet data from email to web traffic sent to those victim organizations. https://www.wired.com/story/sea-turtle-dns-hijacking/
Samsung's Galaxy Fold is already breaking. Reviewers who got the device are seeing flickering screens. Some think because a protective film was removed. But CNBC's unit is also broken and we did not remove the film. Samsung's $2,000 folding phone is breaking for some users after two days https://www.cnbc.com/2019/04/17/samsung-galaxy-fold-screen-breaking-and-flickering.html Gadget gimmick for its own sake? I use two PC monitors for Windows but don't have windows span their border—bezels would be intrusive. I can't see using this phone with a single app spanning the displays and am skeptical about people paying that much for two separate screens—if it even operates that way. Surprise, the hinge is a likely failure point.
The Associated Press has learned that the mysterious man (who said his name was Lucas Lambert) spent several months last year investigating critics of Kaspersky Lab, organizing at least four meetings with cybersecurity experts in London and New York. https://apnews.com/a3144f4ef5ab4588af7aba789e9892ed
https://arstechnica.com/information-technology/2019/04/dhs-fbi-say-election-systems-in-50-states-were-targeted-in-2016 *A joint intelligence bulletin (JIB) has been issued by the Department of Homeland Security and Federal Bureau of Investigation to state and local authorities regarding Russian hacking activities during the 2016 presidential election. While the bulletin contains no new technical information, it is the first official report to confirm that the Russian reconnaissance and hacking efforts in advance of the election went well beyond the 21 states confirmed in previous reports.*
https://www.washingtonpost.com/technology/2019/04/15/computerized-youtube-fact-checking-tool-goes-very-wrong-flaming-notre-dame-it-somehow-sees-sept-tragedy "If the algorithm saw a video of tall structures engulfed in smoke and inferred that it was related to the attack on the World Trade Center, that speaks well of the state of the art in video system understanding, that it would see the similarity to 9/11. There was a point where that would have been impossible. "But the algorithms lack the comprehension of human context or common sense, making them woefully unprepared for news events. YouTube, he said, is poorly equipped to fix such problems now and probably will remain so for years to come. "'They have to depend on these algorithms, but they all have sorts of failure modes. And they can't fly under the radar anymore,' Domingos said. 'It's not just whack-a-mole. It's a losing game.'" Risk: Brand outrage incidence frequency multiplies with business accumulation of technical debt.
Robert Wright byline, behind paywalls as: 1) "Fallible machines, fallible humans," via https://www.straitstimes.com/opinion/fallible-machines-fallible-humans retrieved on 17APR2019; 2) "Autonomous machines: industry grapples with Boeing lessons" via https://www.ft.com/content/f96478e0-59e0-11e9-939a-341f5ada9d40 The cited news articles discuss technology-dependent systems (medical infusion pumps, aircraft, industrial robotic manufacturing) and their dependency on human engagement to monitor activity. Today's AI cannot independently comprehend context: they can match patterns, but cannot rationalize the recognized pattern in a way that emulates a human's mind. No machine can be programmed today to process contextual awareness and independently act to preserve and protect human life during an emergency. An organization or individual expecting this outcome apparently believes that science fiction is real. They must be disabused of this fallacy. In the FT and Straits Times articles, Mark Sujan of University of Warwick asks, "How do we ensure that the system knows enough about the world within which it's operation? That's a complex thing." As noted by Don Norman (see http://catless.ncl.ac.uk/Risks/12/48#subj7.1 for example), "The real RISK in computer system design is NOT human error. It is designers who are content to blame human error and thereby wash their hands of responsibility." Demonstrating system behavior when subjected to erroneous or negative input stimulus can reveal more about system safety-readiness and resilience than demonstration of behavior under nominal stimulus conditions. Anomalous system states, in a simulator, can instruct and refine operational readiness. Successful and effective system operation depends on informed, trained, and engaged human oversight. Safety critical system operators must possess perspicacity. Clear indicators of anomalous behavior, and insightful operator reaction to them, are essential to ensure a safe outcome.
The structures that support the Dulles Airport Metro station's glass wall are cracked and lack proper reinforcement. Keith Couch, project director for CRC, downplayed the problems at the Dulles station, saying that officials are working to find a solution. He said the fact that the problems were discovered before the project was completed is a sign that the company's quality control program is working. CRC's inspections and quality control have come under criticism as the project's problems have mounted. Project executive director Charles Stark characterized the issues at the Dulles station as a "workmanship problem." https://www.washingtonpost.com/local/trafficandcommuting/contractor-identifies-new-problems-with-phase-2-of-the-silver-line/2019/04/11/df412180-5a2a-11e9-a00e-050dc7b82693_story.html "QC is working" to detect workmanship problems. "workmanship" appears in article once, as does "improve"—but referring to schedule, not workmanship. The risk? Nothing changing.
"...the system reported that a missile had been launched from the United States, followed by up to five more. Petrov judged the reports to be a false alarm, and his decision to disobey orders, against Soviet military protocol, is credited with having prevented an erroneous retaliatory nuclear attack on the United States and its NATO allies that could have resulted in large-scale nuclear war. Investigation later confirmed that the Soviet satellite warning system had indeed malfunctioned." https://en.wikipedia.org/wiki/1983_Soviet_nuclear_false_alarm_incident https://en.wikipedia.org/wiki/Stanislav_Petrov [In RISKS-3.39, 18 Aug 1986, we had a "Nuclear false alarm" item, contributed by Robert Stroud. That case triggered nuclear attack sirens in Edinburgh. PGN]
02:27 AA 300 JFK-LAX incident
On 10 Apr 2019, an American Airlines Airbus A321 jet `nearly crashed' during takeoff at JFK. The wing apparently scraped the ground and hit a sign and light pole during takeoff, bending the wing. "We were banking, uncontrolled bank 45 degrees to the left," a pilot could be heard saying on the air traffic control audio of the incident. It was evidently an `uncommanded roll to the left', with no explanation yet as to the cause. Although the plane did manage to take off, it then returned to JFK 28 minutes later. https://www.cbsnews.com/news/american-airlines-flight-300-jfk-close-call-appears-worse-than-first-reported/
02:27 The Game Boy helped me become who I am today, even if I never had one
Even if I never previously owned one, the original Nintendo Game Boy helped shape my future.
02:27 5 Android apps you shouldn't miss this week - Android Apps Weekly
In the 289th Android Apps Weekly, we talk about Facebook moving messenger back to the main app, Forza coming to mobile and more apps and games news!
02:27 We asked, you told us: Oppo Reno's shark fin selfie camera is neat, but is a no-go
People aren't necessarily against the design, they're just not fans of moving parts on smartphones.
02:27 Anker's highly rated smartphone accessories are up to 40% off on Amazon
Save $5 to $40 on everything from USB-C cables to power banks.
02:27 Deal: The $100 Bluetooth 5 AirTaps are under $40 today
At just $36.99, the Bluetooth 5.0 AirTaps and charging case are a stylish alternative to AirPods.
01:51 'How the Boeing 737 Max Disaster Looks to a Software Developer'
Slashdot reader omfglearntoplay shared this article from IEEE's Spectrum. In "How the Boeing 737 Max Disaster Looks to a Software Developer," pilot (and software executive) Gregory Travis argues Boeing tried to avoid costly hardware changes to their 737s with a flawed software fix -- specifically, the Maneuvering Characteristics Augmentation System (or MCAS): It is astounding that no one who wrote the MCAS software for the 737 Max seems even to have raised the possibility of using multiple inputs, including the opposite angle-of-attack sensor, in the computer's determination of an impending stall. As a lifetime member of the software development fraternity, I don't know what toxic combination of inexperience, hubris, or lack of cultural understanding led to this mistake. But I do know that it's indicative of a much deeper problem. The people who wrote the code for the original MCAS system were obviously terribly far out of their league and did not know it. So Boeing produced a dynamically unstable airframe, the 737 Max. That is big strike No. 1. Boeing then tried to mask the 737's dynamic instability with a software system. Big strike No. 2. Finally, the software relied on systems known for their propensity to fail (angle-of-attack indicators) and did not appear to include even rudimentary provisions to cross-check the outputs of the angle-of-attack sensor against other sensors, or even the other angle-of-attack sensor. Big strike No. 3... None of the above should have passed muster. None of the above should have passed the "OK" pencil of the most junior engineering staff... That's not a big strike. That's a political, social, economic, and technical sin... The 737 Max saga teaches us not only about the limits of technology and the risks of complexity, it teaches us about our real priorities. Today, safety doesn't come first -- money comes first, and safety's only utility in that regard is in helping to keep the money coming. The problem is getting worse because our devices are increasingly dominated by something that's all too easy to manipulate: software.... I believe the relative ease -- not to mention the lack of tangible cost -- of software updates has created a cultural laziness within the software engineering community. Moreover, because more and more of the hardware that we create is monitored and controlled by software, that cultural laziness is now creeping into hardware engineering -- like building airliners. Less thought is now given to getting a design correct and simple up front because it's so easy to fix what you didn't get right later. The article also points out that "not letting the pilot regain control by pulling back on the column was an explicit design decision. Because if the pilots could pull up the nose when MCAS said it should go down, why have MCAS at all? "MCAS is implemented in the flight management computer, even at times when the autopilot is turned off, when the pilots think they are flying the plane."
00:02 Mental health apps are sharing data without proper disclosure
It's important for health apps to keep your data under lock and key, but it's not clear that's the case for some mental health apps. A study of 36 mental health apps (not named in the public release) has revealed that 29 of them were sharing data for...
00:02 PayPal and GoFundMe cut off donations to militia detaining migrants
Crowdfunding and payment companies are no strangers to cutting off access to organizations that violate their policies, but their latest move could be more contentious than usual. PayPal and GoFundMe have confirmed to BuzzFeed News that they've shut...
23:55 SpaceX's Crew Dragon spacecraft had an anomaly during tests Saturday
No one was injured, fortunately.
22:51 Smoke 'Seen For Miles' as SpaceX Crew Dragon Suffers Anomaly at Cape Canaveral
An anonymous reader quotes Florida Today: A SpaceX Crew Dragon capsule suffered an anomaly during a routine test fire at Cape Canaveral Air Force Station Saturday afternoon, the 45th Space Wing confirmed today. "On April 20, 2019, an anomaly occurred at Cape Canaveral Air Force Station during the Dragon 2 static test fire," Wing Spokesman Jim Williams told FLORIDA TODAY. "The anomaly was contained and there were no injuries." SpaceX's Crew Dragon, also referred to as Dragon 2, is designed to take humans to the International Space Station and successfully flew for the first time in March. The company was planning to launch a crewed version of the spacecraft no earlier than July, but was also planning an in-flight abort test, or a demonstration of its life-saving abort capabilities, sometime before then. That reporter has now also tweeted an official statement from SpaceX. "Earlier today, SpaceX conducted a series of engine tests on a Crew Dragon test vehicle on our test stand at Landing Zone 1 in Cape Canaveral. The initial tests completed successfully but the final test resulted in an anomaly on the test stand. "Ensuring that our systems meet rigorous safety standards and detecting anomalies like this prior to flight are the main reasons why we test. Our teams are investigating and working closely with our NASA partners."
22:51 'Some Cheers, A Few Sneers For Google's URL Solution For AMP'
The Verge explains what all the commotion is about: AMP stands for "Accelerated Mobile Pages," and you've probably noticed that those pages load super quickly and usually look much simpler than regular webpages. You may have also noticed that the URL at the top of your browser started with "www.google.com/somethingorother" instead of with the webpage you thought you were visiting. Google is trying to fix that by announcing support for something called "Signed Exchanges." What it should mean is that when you click on one of those links, your URL will be the original, correct URL for the story. Cloudflare is joining Google in supporting the standard for customers who use its services. In order for this thing to work, every step in the chain of technologies involved in loading the AMP format has to support Signed Exchanges, including your browser, the search engine, and the website that published the link. Right now, that means the URL will be fixed only when a Chrome browser loads a Google search link to a published article that has implemented support. Mozilla'a official position on signed exchanges is they're "harmful," arguing in a 51-page position paper that there's both security and privacy considerations. Pierre Far, a former Google employee, posted on Twitter that the change "breaks many assumptions about how the web works," and that in addition, "Google is acting too quickly. Other browsers and internet stakeholders have well-founded concerns, and the correct mechanism to address them is the standardization process. Google skipped all that. Naughty." Jeffrey Yaskin, from Chrome's web platform team, even acknowledged that criticism with a tweet of his own. "I think it's fair to say we're pushing it. The question is our motives, which I claim is to improve the web rather than to 'all your base' it, but I would say that either way." Search Engine Land cited both tweets, and shared some concerns of their own. "The compromise we have to consider before getting on board with Signed HTTP Exchanges is whether we're willing to allow a third party to serve up our content without users being able to tell the difference. "If we, as digital marketers, want to influence the conventions of our future work environment, we'll have to decide if the gains are enough to disrupt long-standing assumptions of how websites are delivered. If so, we'll also have to cede the ability to judge user intent over to Google and swallow the fact that it skipped over the standardization process to implement a process that one of its own created."
21:21 Erlang Creator Joe Armstrong Has Died
Rogers Cadenhead (Slashdot reader #4,482) writes: Joe Armstrong, the computer scientist best known as one of the creators of the Erlang programming language, died Saturday. Erlang Solutions founder Francesco Cesarini shared the news on Twitter and said, "His work has laid the foundation which will be used by generations to come. RIP @joeerl, thank you for inspiring us all." Erlang was created by Armstrong, Robert Virding and Mike Williams at the Ericsson telecom company in 1986 and became open source 12 years later. It is known for functional programming, immutable data, code hot-swapping and systems that require insanely high levels of availability. In another Tweet, Cesarini asks people to share their own memories of Armstrong -- " funny, enlightening or plain silly." And Ulf Wiger, who describes himself as an Erlang old-timer, remembered giving a talk about how to avoid projects dominated by mediocrity. "I used Joe as an example of a 'brilliant developer, but hard to fit into a regular project.'" Joe had replied, "I am very EASY to fit into regular projects! It's just that so few projects are regular..."
21:02 Have robots roll your joints and infuse your budder this High Stoner Holiday
Ugh, when did getting stoned become so much work? Back in my day, there was one kind of weed: whatever strain your dealer had in stock. And there were only three ways to enjoy it: through a perforated apple, rolled up in a crude approximation of a jo...
21:02 Netflix might have more BeyoncĂ© specials planned after 'Homecoming'
Homecoming, Beyoncé's behind-the-scenes Coachella documentary, might be just the beginning of a series of Queen Bey projects on Netflix. According to Variety, the streaming giant has inked a $60 million three-project deal with the singer. It's...
19:51 An Interstellar Meteor May Have Hit Earth
Two Harvard researchers believe a small meteor that struck earth in 2014 was from another solar system, saying it's "like getting a message in a bottle from a distant location." CNN reports: Dr. Abraham Loeb, the chair of the Department of Astronomy at Harvard University, and his co-author Amir Siraj, studied the velocity of objects entering the Earth's atmosphere, which can be used to predict whether the object was traveling in relation to our sun's orbit... Of the three fastest objects on record, the fastest was clearly bound to our sun. The third-fastest couldn't be clearly categorized. But the second-fastest, Loeb says, bore all the hallmarks of being literally out of this solar system. "At this speed, it takes tens of thousands of years for a object to move from one star to another," he says. Since they don't know exactly where it originated, they can't say exactly how old it is, but it could be downright ancient. "To cross the galaxy it would take hundreds of millions of years." Of all of the possibilities wrapped up in this relatively small object, perhaps the most exciting is the idea that, theoretically, interstellar objects could carry life from other solar systems. "Most importantly, there is a possibility that life could be transferred between stars," Loeb says. "In principle, life could survive in the core of a rock. Either bacteria, or tardigrades (a microscopic, water-dwelling animal); they can survive harsh conditions in space and arrive right to us..." [A]lthough the object detailed in this paper is the first recorded interstellar meteor to hit Earth, the study estimates such objects enter earth's atmosphere every ten years or so, which means there could be a million different interstellar objects floating around our solar system, just waiting to be examined.
19:51 The CIA Accuses Huawei Of Being Secretly Funded By China's State Intelligence
"U.S. intelligence has accused Huawei Technologies of being funded by Chinese state security, The Times said on Saturday." Long-time Slashdot reader hackingbear shares a story from Reuters: The CIA accused Huawei of receiving funding from China's National Security Commission, the People's Liberation Army and a third branch of the Chinese state intelligence network, the British newspaper reported, citing a source. Earlier this year, U.S. intelligence shared its claims with other members of the Five Eyes intelligence-sharing group, which includes Britain, Australia, Canada and New Zealand, according to the report... The accusation comes at a time of trade tensions between Washington and Beijing and amid concerns in the United States that Huawei's equipment could be used for espionage. The company has said the concerns are unfounded... top educational institutions in the West have recently severed ties with Huawei to avoid losing federal funding.
19:05 You're not getting enough sleepâand it's killing you
A neuroscientist captivates the audience at TED 2019.
18:27 OpenSSH 8.0 released
I could easily construct a high-confidence system that relied on the audit framework to tell me when someone is playing with the immutable bit without the overhead of logging on every write attempt to the file in question, for example. Then, I can rely on the immutable bit (with some restrictions) as I make an assertion that a file does not, shall not change.
I can see use cases in antivirus frameworks, configuration management frameworks, logging and auditing frameworks, and so on. Effectively, any system where demonstrable, positive control over a system accessible to untrusted individuals.
It's not a magic bullet, but a useful armor layer.
2. Root checks for open descriptors on A, terminates User's process.
3. The parent process of P notes abnormal termination, re-launches P, which re-opens A.
4. Root sets immutable bit on A, but... too late, the file isn't immutable for User.
Or, just take the system down to single-user, to make sure *nobody* has access except Root; set the immutable bit(s) in question; then return to multi-user.
The current implementation of immutable (and append-only) files forces a sysadmin to choose between guaranteed behavior and uptime, a choice that the sysadmin's boss might not (will not) understand.
18:27 OpenSSH 8.0 released
Why didn't you just try it? It's not like this requires a complex setup.
Yes, a trailing slash "src/" in the rsync source means "src/*". It's not the most intuitive syntax but it's a useful feature.
That wasn't the point though, the point was: run the same "cp -r" command twice and it can give different results the second time on Linux. Run the same command on macOS and it can behave differently again. None of that craziness with rsync.
18:21 Canada Civil Liberties Group Argues Toronto Shouldn't Be 'Google's Lab Rat'
"A civil liberties group in Canada is suing three tiers of government over potential privacy issues posed by Sidewalk Labs's plan to develop a 12-acre smart city in Toronto, which will be approved or denied later this summer," reports Fast Company. The fight centers around a taxpayer-funded organization jointly created by the federal, provincial, and municipal governments: The Canadian Civil Liberties Association claims that Waterfront Toronto, let alone Sidewalk Labs, doesn't have the jurisdiction to make rules about people's privacy. The government "sold out our constitutional rights to freedom from surveillance and sold it to the global surveillance mammoth of behavioral data collection: Google," said Michael Bryant, the executive director and general counsel of the CCLA, in a press conference.... "Our job at the Canadian Civil Liberties Association is to say to all three levels of government that Canadians should not be Google's lab rat. This lab needs to be shut down and reset...." Ann Cavoukian, the former Information and Privacy Commissioner for the Canadian province of Ontario who joined the project early, quit in October 2018. The reason? Sidewalk Labs had decided not to require that all data collected by third parties in the development be instantly de-identified at the source, which would mean that sensitive data like people's faces or license plates could still potentially be used for corporate profit. "I knew the smart city of privacy wasn't going to happen," she says. "That's why I resigned: I said, I can't go along with it...." "If I was still involved, I'd want more decentralized models of data where the individual could truly retain control of the data," she says, citing a new, privacy-centric model from the web's father, Tim Berners-Lee, to decentralize the web and take back control from the corporations that run it. In a statement Sidewalk Labs said they favor a data trust run by an independent third party partnering with the government to benefit the community and "spur innovation and investment" while protecting privacy. "Sidewalk Labs fully supports a robust and healthy discussion regarding privacy, data ownership, and governance. But this debate must be rooted in fact, not fiction and fear-mongering." But the CCLA's web site argues that unlawful surveillance "is wrong whether done by data profiteers or the state." The article also quotes their general counsel's complaint that the government has "outsourced our privacy rights and the supervision of our privacy rights and our surveillance to the very company that's doing the surveillance."
18:02 Recommended Reading: Coachella was built for YouTube
Coachella 2019 review: A festival built for YouTube Paul A. Thompson, Pitchfork For years, Coachella's opening weekend has been a huge event for YouTube. A weekend's worth of livestreams don't deliver all of the acts to your living room, but the s...
18:02 CIA claims Huawei is funded by Chinese state security
The US has rattled its saber more than once trying to deter countries from using Huawei technology, but it hasn't publicly disclosed much of what it's worried about. You might have a better insight after today, though. A source speaking to The Time...
16:51 America Reports Its First Cases of A Fungus Resistant To All Major Drugs
An anonymous reader quotes the New York Times: About 90 percent of C. auris strains are resistant to at least one drug, and 30 percent are resistant to two or more of the three major classes of antifungal drugs. However, on Tuesday, the C.D.C. confirmed that it has learned in the last month of the first known cases in the United States of so-called "pan-resistant" C. auris -- a strain resistant to all major antifungals, said Dr. Tom Chiller, head of the agency's fungal division, in an interview. Such cases have been seen in several countries, including India and South Africa, but the two new cases, from New York State, have not been reported previously. Dr. Chiller said that it appeared that, in each case, the germ evolved during treatment and became pan-resistant, confirming a fear that the infection will continue to develop more effective defenses. "It's happening and it's going to happen," Dr. Chiller said. "That's why we need to remain vigilant and rapidly identify and control these infections." It often has been hard to gather details about the path of C. auris because hospitals and nursing homes have been unwilling to publicly disclose outbreaks or discuss cases, creating a culture of secrecy around the infection. States have kept confidential the locations of hospitals where outbreaks have occurred, citing patient confidentiality and a risk of unnecessarily scaring the public. In an interview with CBS News, the reporter stressed that while this was a serious issue, especially in hospitals, it's not yet a threat to the general public: "The people who are susceptible are people with weakened immune systems, the infirm, older folks in hospitals," Matt Richtel said. "So let me put the finest possible point on this: the general public walking down the street [is] not going to be felled by this. You're not gonna get it walking to Walmart. You're not going to get it in your house."
16:51 Corporate Surveillance: When Employers Collect Data on Their Workers
An anonymous reader quotes CNBC: The emergence of sensor and other technologies that let businesses track, listen to and even watch employees while on company time is raising concern about corporate levels of surveillance... Earlier this year, Amazon received a patent for an ultrasonic bracelet that can detect a warehouse worker's location and monitor their interaction with inventory bins by using ultrasonic sound pulses. The system can track when and where workers put in or remove items from the bins. An Amazon spokesperson said the company has "no plans to introduce this technology" but that, if implemented in the future, could free up associates' hands, which now hold scanners to check and fulfill orders. Walmart last year patented a system that lets the retail giant listen in on workers and customers. The system can track employee "performance metrics" and ensure that employees are performing their jobs efficiently and correctly by listening for sounds such as rustling of bags or beeps of scanners at the checkout line and can determine the number of items placed in bags and number of bags. Sensors can also capture sounds from guests talking while in line and determine whether employees are greeting guests. Walmart spokesman Kory Lundberg said the company doesn't have any immediate plans to implement the system. Logistics company UPS has been using sensors in their delivery trucks to track usage to make sure drivers are wearing seat belts and maintenance is up to date. Companies are also starting to analyze digital data, such as emails and calendar info, in the hopes of squeezing more productivity out of their workers. Microsoft's Workplace Analytics lets employers monitor data such as time spent on email, meeting time or time spent working after hours. Several enterprises, including Freddie Mac and CBRE, have tested the system. A senior staff attorney for the EFF argues that new consumer privacy laws may not apply to employees. The article also cites a recent survey by Accenture in which 62% of executives "said their companies are using new technologies to collect data on people -- from the quality of work to safety and well-being" -- even though "fewer than a third said they feel confident they are using the data responsibly." Yet the leader of Accenture's talent and organization practice argues that workforce data "could boost revenue by 6.4%. This has encouraged workers to be open to responsible use of data, but they want to know that they will get benefits and return on their time."
15:21 New Device Treats Childhood ADHD With Electric Pulses To Their Foreheads While They Sleep
An anonymous reader quotes CNN: The first medical device to treat childhood attention deficit hyperactivity disorder, or ADHD, was OK'd Friday by the U.S. Food and Drug Administration. Designated for children ages 7 to 12 who are not currently on medication for the disorder, the device delivers a low-level electrical pulse to the parts of the brain responsible for ADHD symptoms.... The pocket-sized device is connected by wire to a small adhesive patch placed on the child's forehead above the eyebrows. Designed to be used at home while sleeping, it delivers a "tingling" electrical stimulation to branches of the cranial nerve that delivers sensations from the face to the brain. A clinical trial of 62 children showed that the Monarch external Trigeminal Nerve Stimulation System increases activity in the regions of the brain that regulate attention, emotion and behavior, all key components of ADHD. Compared to a placebo, children using the device had statistically significant improvement in their ADHD symptoms, the FDA said, although it could take up to four weeks to see improvement. Authors of the clinical trial called for additional research to examine if the response to treatment will last over time, and its potential impact on brain development with prolonged use.... The device was previously approved for the treatment of epilepsy and depression in Europe and Canada. Studies at UCLA found the stimulation decreased seizure activity by inhibiting overactive neurons in one section of the brain, while stimulating blood flow in the areas that control mood, attention and executive function. CNN reports that the manufacturer's web site says the device costs around $1,000 -- and is not covered by insurance. The FDA added that common side effects could include headache, teeth clenching, and trouble sleeping (as well as fatigue and sleepiness).
15:02 Hitting the Books: How calculus is helping unravel DNA's secrets
Welcome to Hitting the Books. With less than one in five Americans reading just for fun these days, we've done the hard work for you by scouring the internet for the most interesting, thought provoking books on science and technology we can find and...
14:27 Master your camera with this $19 photography training
Go from fully automatic to fully manual shooting with this CPD-certified photography masterclass.
14:27 Samsung Galaxy A70 hands-on: The A-series grows up
The Samsung Galaxy A70 packs a gigantic 6.7-inch display, huge battery, and a pretty reasonable price point.
14:27 Pop quiz: The biggest and most engaging tech stories of 2019 (so far)
The questions in this quiz revolve around popular events of 2019 including the launch of Samsung's foldable phone and the announcement of Google Stadia.
14:27 Converting speech to text: How to create a simple dictation app
There are countless Android apps that make use of speech recognition â why not follow suit and add this feature to your own app?
14:27 Eufy Lumos Smart Bulbs review: Tunable and dimmable smart lighting
Looking for install smart lighting? Our Anker Eufy Lumos Smart Bulbs review examines a dimmable and tunable model from Anker.
14:21 Weekend stable kernel updates
The 5.0.9, 4.19.36, 4.14.113, and 4.9.170 stable kernel updates have all been released. These moderately large updates contain yet another set of important fixes.
ASRock has introduced a new Mini-ITX motherboard based on Intel’s Whiskey Lake-U SoCs, which is aimed at embedded applications. The IMB-1216 mainboard is designed for applications like panel PCs, point-of-sales systems, kiosks, and digital signage, but can be used for regular low-power PCs in a Mini-ITX form-factor.
ASUS is certainly not new to Chrome OS-based PCs. But throughout its history with Chromebooks, Chromeboxes, and other Chrome OS devices, the company has positioned them as entry level solutions. However, as Google and some of its partners are experimenting with more premium Chrome OS-powered devices, ASUS cannot stand still. To that end, the company has started to sell its Chromebook Flip C434, a premium Chrome OS 2-in-1.
As the era of Mini LED backlighting takes off in earnest, Acer has become another major supplier of displays to announce a monitor incorporating the tech. The ConceptD CM7321K is a high-end PC monitor that will be aimed at graphics and video professionals who need a wide color gamut, a high contrast ratio, a very high luminance, and a Delta E<1 color accuracy.
The emergence of 3D TLC flash has enabled a new class of budget-friendly bus-powered external SSDs. Flash memory has also seen a recent drop in prices, and this has made high-capacity drives affordable. These aspects have allowed vendors to introduce 2TB external SSDs at price points suitable for the mainstream market. Today, we take a comprehensive at two such drives - the LaCie Portable SSD, and the Western Digital My Passport SSD.
T-Mobile has officially launched its Money checking account for all US T-Mobile customers, following its soft launch back in November 2018. Some of what T-Mobile offers exclusively to its customers is noteworthy, especially if you're serious about gaining interest on your cash. On balances up to $3,000, you'll accrue an attractive 4 percent APY (annual percentage yield), so long as you're depositing at least $200 into the T-Mobile Money account each month. That kind of perk is usually reserved for savings accounts, and T-Mobile's competitive 4 percent rate could help your money grow more quickly than some. There's also no minimum balance requirement for a Money account and no fee to keep it open.
T-Mobile Money can sync up with Apple...
The Samsung Galaxy Fold doesn't release until April 26th, but if you've been eagerly awaiting a glimpse under the hood, a pre-production version of the folding phone has already been disassembled and laid out piece by piece in photos. These were originally hosted on microblogging site Weibo, though the originals have since been removed.
Something that shouldn't be much of a surprise: it takes a lot of parts to build a foldable phone. They're all arranged in a manner that looks quite difficult to repair, though that likely comes down to the Fold being a first-generation product, which you might not guess when you're holding the Fold's sleek exterior.
These photos are our clearest look yet at what makes this ambitious, flawed, and very...
We've been following Russia's YotaPhone since 2012, but it seems like the saga of the power-sipping E Ink-backed dual-screen handset has come to an end. Yota Devices is bankrupt, reports Cnews.ru and Liliputing, pointing to a liquidation notice published in the Cayman Islands Gazette (PDF).
According to Russian media reports, it was a lawsuit that eventually wound up bankrupting the company. Yota's manufacturer for the first two YotaPhones, Hi-P Singapore, sued for $126 million back in 2015 because YotaPhone reportedly refused to take delivery (and presumably pay for) the minimum number of phones it agreed to order. (In 2016, The Financial Times reported that the first two YotaPhones only sold around...
You can't fix something by ignoring it
There's a new diversity of species.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
14:15 The hydrogen fuel strategy behind Nikola's truck dream
Water electrolysis, not methane reformation, will drive heavy-duty refueling plan.
14:15 These are the best new vehicles of the 2019 New York International Auto Show
American auto shows are in decline, but we still found a few things to excite.
14:15 Review: The indestructible humanity ofÂ A Boy and His Dog at the End of the World
C.A. Fletcher's novel explores how loyalty remains even after society falls.
14:15 Review: Santa Clarita Diet S3 blends slapstick, satire with genuine heart
Series closes S3 on a cliffhanger amidst uncertainty about its renewal by Netflix
13:51 'Incognito Mode' Isn't Really Private. Try Browser Compartmentalization
tedlistens writes: One of the most common techniques people think can help hide their activity is the use of an "incognito" mode in a browser," writes Michael Grothaus at Fast Company. But "despite what most people assume, incognito modes are primarily built to block traces of your online activity being left on your computer -- not the web. Just because you are using incognito mode, that doesn't mean your ISP and sites like Google, Facebook, and Amazon can't track your activity." However, there's still a way to brew your own, safer "incognito mode." It's called browser compartmentalization. Grothaus writes: "The technique sees users using two or even three browsers on the same computer. However, instead of switching between browsers at random, users of browser compartmentalization dedicate one browser to one type of internet activity, and another browser to another type of internet activity. Specifically, the article recommends one browser for sites you need to log into, and another for random web surfing and any web searches. "By splitting up your web activity between two browsers, you'll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to." It recommends choosing a privacy-focused browser like Brave, Firefox, Apple's Safari, or Microsoft's Edge. "As for Chrome: It's made by Google, whose sole aim is to know everything you do online, so it's probably best to stay away from Chrome if you value your privacy." The article is part of a series titled "The Privacy Divide," which explores "misconceptions, disparities, and paradoxes that have developed around our privacy and its broader impacts on society."
12:21 26 States Now Ban Or Restrict Community Broadband, Report Finds
An anonymous reader quotes a report from Motherboard: A new report has found that 26 states now either restrict or outright prohibit towns and cities from building their own broadband networks. Quite often the laws are directly written by the telecom sector, and in some instances ban towns and cities from building their own broadband networks -- even if the local ISP refuses to provide service. The full report by BroadbandNow, a consumer-focused company that tracks US broadband availability, indicates the total number of state restrictions on community broadband has jumped from 20 such restrictions since the group's last report in 2018. BroadbandNow's report looks at each state's restrictions individually, and found that while some states simply banned community broadband outright (a notable assault on voters' democratic rights), others impose clever but onerous restrictions on precisely how a local network can be funded, who they can partner with, or how quickly (and where) they're allowed to grow. In Tennessee, for example, state laws allow publicly-owned electric utilities to provide broadband, "but limits that service provision to within their electric service areas." Such restrictions have made it hard for EPB -- the highest rated ISP in America last year according to Consumer Reports -- to expand service into new areas.
12:02 The next frontier for cannabis vapes: mood-specific formulas
"In New York, my bicycle messenger really had two types of cannabis. It was either green or brown." Michael Ray is the CEO of Bloom Farms, a California-based cannabis company that specializes in vape cartridges and CBD tinctures. Ray's reflecting on...
12:02 The Morning After: Cracking open the Galaxy Fold
Hey, good morning! You look fabulous. Welcome to your weekend! It's time to take a peek inside Samsung's Galaxy Fold and consider what the future of console gaming will look like under the Xbox or PlayStation banner. Also, consumer BBM is going away...
09:21 Bacteria Use Viruses To Differentiate Themselves From Their Competitors, Study Finds
schwit1 shares a report from UPI: Normally, bacteria and viruses are enemies, but new research suggests a viral infection can offer bacteria some benefits -- chiefly, the ability to distinguish friend from foe. Scientists discovered the phenomenon after observing a stark demarcation line between two strains of the bacteria Escherichia coli K-12, but no such divide between identical clones. The related rivals steered clear of one another, while the identical strains swam toward one another. To find out why, scientists surveyed 4,296 single-gene knockouts in the genome of Escherichia coli K-12. Researchers determined only one mutation caused the demarcation line to disappear. The mutation involved a gene that is used in viral replication. According to their analysis, the virus-related proteins produced by the gene allow for bacterial self-recognition. Scientists were also able erase the demarcation line by silencing the bacteriophage genomes that have weaved their way into the bacteria's genome. These leftover viral genes don't produce active phage particles, nor do they rupture host cells. When scientists exposed bacteria to a related virus, the old viral genes were activated and began producing phage particles for the new virus. Experiments showed the virus doesn't attack its host cells. Instead, the virus attacks other bacteria cells that don't carry the virus. The host helps the virus reproduce, and the virus takes out the bacteria's competitors. The new study has been published in the journal Cell Reports.
09:02 SiriusXM's Essential streaming service doesn't need car satellite radios
SiriusXM is hoping to carve a place for itself on your phones and smart speakers. The company mostly associated with in-vehicle entertainment has launched a purely online streaming service called SiriusXM Essential. It'll set you back $8 a month -- w...
08:27 OpenSSH 8.0 released
As long as "scp file.tgz user@host:" continues to work, I really don't care one bit if it's handled by the scp, sftp, or some other secure protocol under the covers.
For version 9, keep the same exact scp command line syntax and make the underlying protocol sftp by default. Add a command line option to explicitly request the scp protocol for anyone who really must have it. I would bet most people don't care how the bits travel the wire.
(You can compare the different meanings of âconst' or âreadonly' in languages like C++, Java and C# for another example of how an object can be read-only for you, or have a positive guarantee that it won't be mutated while you hold a reference to it. Locking in database systems is another place where you have to separate the two meanings.)
You may be right that in practice it makes little difference. Immutable files are a specialized feature. But if you're going to have them at all, surely they should be implemented properly. A guarantee of immutability isn't worth much unless it holds all of the time.
08:27 Tracking pages from get_user_pages()
That is done now, but the mappings in question aren't affected by it. Devices don't care about protections in page-table entries.
If RubyGems switched to a model where you gave it the VCS tag, and then it used that to build the distributed artifacts itself, then that would already get the main guarantee, without any reproducible builds infrastructure. This is strictly simpler than your proposal, since you also require that RubyGems build the artifacts itself.
Once you have that, adding reproducible builds on top would add some value: it would let third-parties validate that the RubyGems build infrastructure hasn't been compromised. This would certainly be a nice capability to have, but it's not really the first priority. (Everyone who downloads from RubyGems already trusts the RubyGems infrastructure in lots of ways!)
Unless you, of course, turn off the immutable bit.
I'm quite honestly having trouble finding it hard to understand the use case where the immutable files provide any sort of useful guarantee.
08:27 OpenSSH 8.0 released
I don't remember the last time I used "cp" to perform a recursive copy... locally.
For process management, all the terrible problems that make the APIs impossible to use safely are totally self-inflicted. And probably the worst of those is the choice to use signals!
If we're kvetching about kernel API misdesigns, "non-blocking read from stdin" should also be on the list, probably just below SIGCHLD. The problem is: how do you do a non-blocking read from stdin, like you might want to in an async system like node? You might think "well, just use fcntl on fd 0 to set O_NONBLOCK", but since the O_NONBLOCK flag is stored on the file descript*ion*, this also affects any other processes that might have copies of that fd. Obviously O_NONBLOCK should have been a file-descriptor flag, like O_CLOEXEC, but file-descriptor flags didn't exist when O_NONBLOCK was created, so that's not how it works. Therefore, you can't safely set O_NONBLOCK on stdin without possibly breaking other random programs. djb has some cogent commentary: https://cr.yp.to/unix/nonblock.html
There are some obscure hacks for specific cases: https://github.com/python-trio/trio/issues/174#issuecomme...
Or really *really* obscure hacks: https://gist.github.com/njsmith/235d0355f0e3d647beb858765...
But fundamentally this is an obvious, common problem that simply can't be solved on popular Unixes.
(Probably the obvious solution for Linux at this point would be to add a RWF_NONBLOCK flag to preadv2/pwritev2, as per djb's suggestion.)
08:27 OpenSSH 8.0 released
cp -r src/ dst/
cp -r src/ dst/
... does something different the second time on Linux (not on macOS).
Running the same rsync command twice never does something different the second time, that's crazy.
06:21 Robot News Presenter Causes a Stir On Russian TV
Russia state news channel Rossiya 24 has introduced a robot presenter for some of its bulletins. The BBC reports that the robot, named Alex, "has already caused a stir, with some viewers complaining about his appearance and accusing him of peddling political propaganda." From the report: The robot was developed by Promobot in the city of Perm. His silicon head is modeled on the face of the company's co-founder Alexei Yuzhakov. At the moment, the robot anchor can only move his facial features and neck. However, the final robot will have fully mobile limbs as well. Production of the robot began in 2017 and should be fully complete later this year, according to Promobot. It said Alex had cost more than one million roubles ($15,600) to develop and that it had received orders for 12 more humanoids. Rossiya 24 said its newest presenter was of Russian origin with "software and almost all of its components produced inside the country." Alex has delivered a number of bulletins for the channel, presenting news items about agriculture, a nuclear technology forum and micro-finance. Most observers think on-air Alex is a temporary stunt to inject some fun and promote innovative Russian technology in TV news.
03:21 Hacker Dumps Thousands of Sensitive Mexican Embassy Documents Online
An anonymous reader quotes a report from TechCrunch: A hacker stole thousands of documents from Mexico's embassy in Guatemala and posted them online. The hacker, who goes by the online handle @0x55Taylor, tweeted a link to the data earlier this week. The data is no longer available for download after the cloud host pulled the data offline, but the hacker shared the document dump with TechCrunch to verify its contents. The hacker told TechCrunch in a message: "A vulnerable server in Guatemala related to the Mexican embassy was compromised and I downloaded all the documents and databases." He said he contacted Mexican officials but he was ignored. More than 4,800 documents were stolen, most of which related to the inner workings of the Mexican embassy in the Guatemalan capital, including its consular activities, such as recognizing births and deaths, dealing with Mexican citizens who have been incarcerated or jailed and the issuing of travel documents. We found more than a thousand highly sensitive identity documents of primarily Mexican citizens and diplomats -- including scans of passports, visas, birth certificates and more -- but also some Guatemalan citizens. Several documents contained scans of the front and back of payment cards. The stolen data also included dozens of letters granting diplomatic rights, privileges and immunities to embassy staff.
03:02 Amazon asks delivery drivers to verify their identities with selfies
Amazon is asking its delivery drivers to take selfies so it can verify their identities using facial recognition. The rules apply to drivers in the Amazon Flex program, through which they make deliveries with their own cars as independent contractors...
03:02 Galaxy Fold teardown gives us a look at its complicated deisgn
This teardown is no precision iFixit job, but if you just want to see what parts and pixie dust are holding Samsung's Galaxy Fold together, some images from an apparently now-deleted Weibo post can help. Not surprisingly for a first-gen new device, t...
02:27 Nice Lock app brings Samsung Good Lock features to phones in blocked regions
Don't live in an area where Good Lock is supported? Now you have an unofficial workaround.
02:27 The Samsung Galaxy Fold doesn't need to beat the Huawei Mate X to market
Some early Galaxy Fold units have failed. It may be a sign that Samsung is moving too fast to launch its foldable phone before the Huawei Mate X.
02:27 Alexa-enabled devices now get free ad-supported Amazon Music
The feature is available beginning today in the U.S., with support in other countries presumably to follow.
02:27 Price drop! Save 25% off this convenient charging hub
The ChargeHub X5 Elite charges all your devices at once and declutters your space.
02:27 Snapchat not working? Here's everything you can do to fix it!
Snapchat not working? Fix your Snapchat without losing any missed snaps!
02:27 Google tries to fend off man-in-the-middle attacks with a clever workaround
The change goes into effect in June.
02:27 HP announces first 15-inch Chromebook, with backlit keys and number pad
It has pretty typical Chromebook specs and starts at $449.
02:27 Deal: Get a Samsung Galaxy S9 for $275 if you switch to Cricket
Assuming you're not porting your number from AT&T, this deal is a no-brainer.
01:51 West Virginia Will Allow 'Blockchain Voting' In the 2020 Election
Military voters stationed overseas will be able to cast their votes for the 2020 presidential election via a mobile app that uses a private blockchain. MIT Technology Review reports: Donald Kersey, West Virginia's elections director, tells the cryto news website LongHash that he believes the app, created by a startup called Voatz, can enhance participation by overseas voters. Turnout among this group is very low, in part because the process of receiving a ballot and securely returning it on time is often not straightforward. This is the rationale behind the decision by a number of states to allow overseas military voters to return their ballots via e-mail. West Virginia apparently is of the mind that Voatz's private blockchain will make this kind of online voting more secure. The state first piloted the program during the 2018 midterms. Though Kersey admits there's no telling for certain whether the app can be compromised, West Virginia is undeterred, especially given the "really good response rate" officials saw during the midterms last year. "We are not saying mobile voting is the best solution to the problem, we are not saying that blockchain technology is the best solution to storage of security data," Kersey tells LongHash. "What we are saying though is that it's better than what we have."
00:21 NYC Subway Denies Using 'Real-Time Face Recognition Screens' in Times Square
The New York Metropolitan Transportation Authority has denied suggestions that it's putting facial recognition cameras in the subway, saying that a trick designed to scare fare-dodgers was misinterpreted. From a report: "There is no capability to recognize or identify individuals and absolutely no plan" to do so with NYC subway cameras, says MTA spokesperson Maxwell Young. Young was responding to a photo taken in the Times Square subway station by New York Times analyst Alice Fung, which shows a prominently placed monitor with the words "RECORDING IN PROGRESS" and "Please Pay Your Fare" superimposed on a video feed. "Hey @MTA, who are you sharing the recordings with?" Fung asked. The monitor featured the name Wisenet, a security company that prominently advertises facial recognition capabilities, and the video feed traced squares around subjects' faces. [...] Young says that the recordings aren't being monitored to identify individuals in the footage, though. "There is absolutely no facial recognition component to these cameras, no facial recognition software, or anything else that could be used to automatically identify people in any way, and we have no plans to add facial recognition software to these cameras in the future," he tells The Verge. "These cameras are purely for the purpose of deterring fare evasion -- if you see yourself on a monitor, you're less likely to evade the fare."
00:21 Unexpected Protection Added To Microsoft Edge Subverts IE Security
Dan Goodin writes via Ars Technica: A researcher has uncovered strange and unexpected behavior in Windows 10 that allows remote attackers to steal data stored on hard drives when a user opens a malicious file downloaded with the Edge browser. The threat partially surfaced last week when a different researcher, John Page, reported what he called a flaw in Internet Explorer. Page claimed that when using the file manager to open a maliciously crafted MHT file, the browser uploaded one or more files to a remote server. According to Page, the vulnerability affected the most recent version of IE, version 11, running on Windows 7, Windows 10, and Windows Server 2012 R2 with all security updates installed. (It's no longer clear whether any OS other than Windows 10 is affected, at least for some users. More about that in a moment.) [I]n Page's post was a video demonstration of the proof-of-concept exploit Page created. It shows a booby-trapped MHT file triggering an upload of the host computer's system.ini file to a remote server. Page's video shows the file being downloaded with Edge. "This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information," Page wrote. "Example, a request for 'c:\Python27\NEWS.txt' can return version information for that program."
00:21 Should Vendors Start Adding Physical On/Off Switches To Devices That Can Spy On Us?
Larry Sanger, American internet project developer and co-founder of Wikipedia, argues in a blog post that vendors must start adding physical on/off switches to webcams, smartphone cameras/mics, and other devices that spy on us. He writes: Have you ever noticed that your webcam doesn't have an "off" switch? I looked on Amazon, and I couldn't find any webcams for sale that had a simple on/off switch. When I thought I found one, but it turned out just to have a light that turns on when the camera is in use, and off when not -- not a physical switch you can press or slide. The "clever" solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I've used tape, which works fine. But a cover doesn't cover up the microphone, which could be turned on without your knowledge. [...] It's almost as if the vendors of common, must-have devices want to make it possible to spy on us. An enterprising journalist should ask why they don't make such switches. They certainly have deliberately made it hard for us to stop being spied upon -- even though we're their customers. Think about that. We're their bread and butter, and we're increasingly and rightly concerned about our security. Yet they keep selling us these insecure devices. That's just weird, isn't it? What the hell is going on? [...] If your webcam, or your phone, or any other device with an Internet-connected camera or microphone (think about how many you own) has ever been hacked, these [hardware vendors like Logitech and Apple and large software vendors like Skype and Snapchat] are partly to blame if it was always-on by design. They have a duty to worry about how their products make their users less secure. They haven't been doing this duty. Sanger goes on to urge consumers to care more about our privacy and security, and demand that vendors give us an off switch. "I think we consumers should demand that webcams, smart phones, smart speakers, and laptop cameras and microphones -- and any other devices with cameras and microphones that are connected to the Internet -- be built with hardware 'off' switches that make it impossible for the camera and microphone to be operated," writes Sanger. Do you agree?
00:02 Rivian turned down GM investment so it could build EVs for others
Reports emerged last week that GM would not join Amazon in investing in electric vehicle startup Rivian, and now we have a little more clarity on why talks broke down. It seems GM wanted some exclusivity, but Rivian plans to build vehicles for other...
00:02 Hacker posts over 4,000 sensitive documents from Mexican embassy
Thousands of documents containing sensitive information belonging to Mexico's embassy in Guatemala were leaked online this week by a hacker. The stolen cache contained more than 4,800 files related to the embassy's activities including its dealings w...
23:45 Reverse review bomb? AC: Unity draws praise for Notre Dame preservation
Average Steam user score shifts from "Mixed" to "Very Positive" in recent days.
23:45 Marcus Hutchins, slayer of WannaCry worm, pleads guilty to malware charges
Hutchins once proclaimed his innocence. Now he admits he created the Kronos bank trojan.
22:51 AI is Helping Old Video Games Look Like New
Classic video games are getting a makeover. But it's not big-name game developers making the improvements: it's independent modders. From a report: The technique being used is known as "AI upscaling." In essence, you feed an algorithm a low-resolution image, and, based on training data it's seen, it spits out a version that looks the same but has more pixels in it. Upscaling, as a general technique, has been around for a long time, but the use of AI has drastically improved the speed and quality of results. "It was like witchcraft," says Daniel Trolie, a teacher and student from Norway who used AI to update the visuals of 2002 RPG classic The Elder Scrolls III: Morrowind. "[It] looked like I just downloaded a hi-res texture pack from [game developers] Bethesda themselves." Trolie is a moderator at the r/GameUpscale subreddit where, along with specialist forums and chat apps like Discord, fans share tips and tricks on how to best use these AI tools. Browsing these forums, it's apparent that the modding process is a lot like restoring old furniture or works of art. It's a job for skilled craftspeople, requiring patience and knowledge. Not every game is a good fit for upscaling, and not every upscaling algorithm produces similar results. Modders have to pick the right tool for the job before putting in hundreds of hours of work to polish the final results. It's a labor of love, not a quick fix.
22:51 Netflix Is Experimenting With a 'Random Episode' Feature For TV Shows
Netflix has begun testing a shuffle button with some users of its Android app. "Spotted by one our tipsters, the Android app (specifically v7.6.0 build 19 34157) offered to randomly select something to watch," reports Android Police. "And in the playback controls, there's a shuffle icon with a 'Random Episode' label." From the report: It's unclear at this point whether this is just an experiment or if we'll see this roll out to a wider batch of people soon. For now, if you don't have this, you're stuck with picking something on your own.
It's generally considered unfriendly to panic ... we tend to prefer BUG_ON() which just kills the task.
> can anyone suggest when it would be useful to have 2^32 or more references to a page?
I don't think it's ever useful to have 2^32 actual references to a page. The four ranges are really there to help the system behave well in the presence of an attack.
That said, with huge pages, we often increment refcounts by the number of base pages in the huge page. If we supported 1GB THPs, that would be 2^18 references per task. So with 2^14 tasks mapping the same page, we'd overflow in an entirely legitimate manner. Fortunately, we only support 2MB THPs today, so this doesn't yet apply. (hugetlbfs handles refcounts differently from THP)
> (Also, who's Willy?)
Matthew Wilcox. I've been using 'willy' as my online nickname since about 1994.
Some other attributes are also noted to not be implemented yet.
Also, even for chmod(2) isn't it filesystem-dependent what happens to already open file descriptors if a file is made read-only for eg? The manpage notes that NFS may apply that permission immediately to open files, and presumably local filesystems wouldn't.
In practice, though, it seems entirely possible that nobody actually depends on this obscure behavior, so Wong's patch set will fail to destroy everything as advertised.Postulate that the process writing through mmap() knows nothing of the immutable bit, and does not own the file in question. Then the patch is taking an entirely legal pointer dereference and turning it into a segfault. A segfault caused not only by a different process, but by a different user (who cannot call kill(pid, SIGBUS) directly). Maybe that's improbable, but I find it rather frightening all the same.
It could exit in the grandchild, which would cause the grandchild to be reaped by init, but won't have any effect on the child's PID.
It's also inconsistent. You can continue writing to a file through an existing file descriptor after removing write permissions from the file. Why should immutability be any different? And in my limited experience using extended attributes like immutability, the principal use case seems to be making backup and restore procedures more fail-safe. For the security case, that an existing process already had write permissions suggests the ability to revoke after the fact is a niche feature that doesn't contribute much from a systems engineering standpoint.
21:21 French Government Releases In-house IM App To Replace WhatsApp and Telegram Use
A year ago, the French government unveiled its plan to build its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials. That app, named Tchap, is now official for Android handsets and the iPhone. From a report: A web dashboard is also in the works. Only official French government employees can sign-up for an account; however, the French government also open-sourced Tchap's source code on GitHub so other organizations can roll out their own versions of Tchap for internal use as well. Work on the app started in July 2018, and the app itself is based on Riot, a well-known open-source, self-hostable, and secure instant messaging client-server package. The app was officially developed by DINSIC (Interministerial Directorate of Digital and Information System and Communication of the State), under the supervision of ANSSI, France's National Cybersecurity Agency.
21:21 FTC May Hold Zuckerberg Personally Responsible For Facebook Privacy Failures
An anonymous reader quotes a report from Ars Technica: Federal Trade Commission officials are discussing whether to hold Facebook CEO Mark Zuckerberg personally accountable for Facebook's privacy failures, according to reports by The Washington Post and NBC News. Facebook has been trying to protect Zuckerberg from that possibility in negotiations with the FTC, the Post wrote. Federal regulators investigating Facebook are "exploring his past statements on privacy and weighing whether to seek new, heightened oversight of his leadership," the Post reported, citing anonymous sources who are familiar with the FTC discussions. "The discussions about how to hold Zuckerberg accountable for Facebook's data lapses have come in the context of wide-ranging talks between the Federal Trade Commission and Facebook that could settle the government's more than year-old probe," the Post wrote. According to NBC, FTC officials are "discussing whether and how to hold Facebook Chief Executive Mark Zuckerberg personally accountable for the company's history of mismanaging users' private data." However, NBC said its sources "wouldn't elaborate on what measures are specifically under consideration." According to the Post, one idea raised during the probe "could require [Zuckerberg] or other executives to certify the company's privacy practices periodically to the board of directors." But it's not clear how likely the FTC is to target Zuckerberg in a final settlement, and "Facebook has fought fiercely to shield Zuckerberg as part of the negotiations, one of the sources familiar with the probe said," the Post wrote.
21:02 Christchurch shooting videos are still on Facebook over a month later
Current methods for filtering out terrorist content are still quite limited, and a recent discovery makes that all too clear. Motherboard and the Global Intellectual Property Enforcement Center's Eric Feinberg have discovered that variants of the Chr...
21:02 Researchers suggest 100 percent renewable energy isn't very green
In order to keep global temperature rise below 1.5 degrees Celsius, we'll need to rely on renewable energy, electric vehicles (EV) and battery storage. But creating that infrastructure will dramatically increase our need for metals like cobalt and li...
21:02 Syringe 'watch' puts a life-saving allergy shot on your wrist
If you're prone to serious allergic reactions, carrying an epinephrine shot (such as an EpiPen) could be vital. Those shots are often bulky, though, and there's a real chance you could lose yours right before you need it. Students at Rice Universit...
21:02 Sidewalk Labs' street signs alert people to data collection in use
As Sidewalk Labs builds its "smart city" in Toronto, there have been growing concerns that the sensor and camera-laden neighborhood may invade the privacy of citizens. To deal with some of those issues, the subsidiary of Alphabet announced today that...
21:02 'MalwareTech' security researcher pleads guilty
In 2017, Marcus Hutchins went from relatively unknown, to being a worldwide hero, to facing criminal charges all in a span of a few months. After he shut down the rapidly spreading WannaCry malware by finding a killswitch domain in the software, UK t...
21:02 Console gaming is at a crossroads
Sony and Microsoft have been walking the same path for nearly 20 years, when it comes to gaming hardware. Instead of leaves, shiny silver game discs dangle from the trees, while black and white boxes of varying sizes line the underbrush, covered in d...
19:51 Instagram Hides Like Counts In Leaked Design Prototype
Instagram's Android code is hiding a design change that hides the number of likes your posts get. "During this test, only the person who shares a post will see the total number of likes it gets," the company says. TechCrunch reports on the seemingly small design change test and the massive potential impact it'll have on users' well-being: Hiding Like counts could reduce herd mentality, where people just Like what's already got tons of Likes. It could reduce the sense of competition on Instagram, since users won't compare their own counts with those of more popular friends or superstar creators. And it could encourage creators to post what feels most authentic rather than trying to rack up Likes for everyone to see. You can see [in a leaked screenshot] on the left that the Instagram feed post lacks a Like count, but still shows a few faces and a name of other people who've Liked it. Users are alerted that only they will see their post's Like counts, and anyone else won't. Many users delete posts that don't immediately get "enough" Likes or post to their fake "Finstagram" accounts if they don't think they'll be proud of the hearts they collect. Hiding Like counts might get users posting more because they'll be less self-conscious. It appears there's no plan to hide follower counts on user profiles, which are the true measure of popularity, but also serve a purpose of distinguishing great content creators and assessing their worth to marketers. Hiding Likes could just put more of a spotlight on follower and comment counts. And even if users don't see Like counts, they still massively impact the feed's ranking algorithm, so creators will still have to battle for them to be seen.
19:51 Ransomware Attack Knocks The Weather Channel Off the Air
A computer attack knocked the Weather Channel off the air for more than an hour Thursday morning [Editor's note: the link may be paywalled; alternative source], and federal authorities are investigating the incident, WSJ is reporting. From the report: After its broadcast was disrupted, the weather news service sent a tweet saying it had been the victim of "a malicious software attack," adding that federal law-enforcement officials were investigating the matter. A spokesman for the Federal Bureau of Investigation said the incident was a ransomware attack, and the agency was conducting an investigation. Ransomware is an increasingly common form of digital extortion. Criminals install it on computer networks via trickery or hacking, and the software then spreads from computer to computer, locking up systems until a digital ransom is paid.
18:55 Gearbox's Pitchford: Steam may be âa dying storeâ in 5 to 10 years
Borderlands 3 lead says Epic Games Store is a needed monopoly killer.
18:55 The future of high-speed computing may be larger CPUs with optics
Photonic crystals and good fabrication yields high speed optical transistor.
18:55 Facebook fights to âshield Zuckerbergâ from punishment in US privacy probe
Facebook/FTC settlement could include "heightened oversight" of Zuckerberg.
18:55 McAfee joins Sophos, Avira, Avastâthe latest Windows update breaks them all
A range of fixes and workarounds have been published.
18:55 World of Goo is Epic Game Store's next freebieâand all PC owners will get HD update
Free update is coming to other retailers with "no artificial or contractual delay."
18:55 Surprise! Satellites show that thermometers don't lie
If anything, Aqua satellite data actually shows slightly more warming.
18:55 This little electric car is the coolest thing at the NY Auto Show
Genesis has to put its new concept electric car into production.
18:55 New automation features are coming to macOS in Shortcutsâbut not for every app
Screen Time is also headed for macOS 10.15, a report says.
18:21 Notre Dame Official Says 'Computer Glitch' Could Be Fire Culprit
A "computer glitch" may have been behind the fast-spreading fire that ravaged Notre Dame, Associated Press reported Friday, citing the cathedral's rector. From the report: Speaking during a meeting of local business owners, rector Patrick Chauvet did not elaborate on the exact nature of the glitch, adding that "we may find out what happened in two or three months." On Thursday, Paris police investigators said they think an electrical short-circuit most likely caused the fire. French newspaper Le Parisien has reported that a fire alarm went off at Notre Dame shortly after 6 p.m. Monday but a computer bug showed the fire's location in the wrong place. The paper reported the flames may have started at the bottom of the cathedral's giant spire and may have been caused by an electrical problem in an elevator. Chauvet said there were fire alarms throughout the building, which he described as "well protected."
18:21 Google Will Begin To Block Sign-ins From Embedded Browser Frameworks in June
18:21 Utah Bans Police From Searching Digital Data Without a Warrant
An anonymous reader quotes a report from Forbes: In a major win for digital privacy, Utah became the first state in the nation to ban warrantless searches of electronic data. Under the Electronic Information or Data Privacy Act (HB 57), state law enforcement can only access someone's transmitted or stored digital data (including writing, images, and audio) if a court issues a search warrant based on probable cause. Simply put, the act ensures that search engines, email providers, social media, cloud storage, and any other third-party "electronic communications service" or "remote computing service" are fully protected under the Fourth Amendment (and its equivalent in the Utah Constitution). HB 57 also contains provisions that promote government transparency and accountability. In most cases, once agencies execute a warrant, they must then notify owners within 14 days that their data has been searched. Even more critically, HB 57 will prevent the government from using illegally obtained digital data as evidence in court. In a concession to law enforcement, the act will let police obtain location-tracking information or subscriber data without a warrant if there's an "imminent risk" of death, serious physical injury, sexual abuse, livestreamed sexual exploitation, kidnapping, or human trafficking. Backed by the ACLU of Utah and the Libertas Institute, the act went through five different substitute versions before it was finally approved -- without a single vote against it -- last month. HB 57 is slated to take effect in mid-May.
18:02 The best smart doorbell camera
By Rachel Cericola, Jon Chase and Stacey Higginbotham This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commission. Read the fu...
18:02 Apple may bring Siri Shortcuts and Screen Time to macOS
Details on what Apple may have in store for the next major versions of its operating systems are trickling out ahead of June's Worldwide Developers Conference. The latest leaks are linked to macOS 10.15, to which Apple could add some iOS features, su...
18:02 Bots have invaded Instagram comments
The last thing I expected to find on Instagram was someone telling me not to look at their Story if I didn't want to masturbate. But that comment, which I can only assume was intended reverse psychology, wasn't just directed at me. It was left on a p...
18:02 A public database exposed medical records of 150,000 rehab patients
Nearly 150,000 patients who sought treatment at an addiction recovery facility in Pennsylvania had their medical records exposed online. Through the public search engine Shodan, independent researcher Justin Paine found an ElasticSearch database with...
18:02 'When They See Us' recreates the story of the Central Park Five
This spring, Netflix will turn the harrowing story of the Central Park Five into a four-part mini-series, When They See Us. The show takes a closer look at the infamous 1989 case, in which five black teens were coerced into confessing to a crime they...