Show 17 Sat 09:21 Anandtech [1]

09:21 Test Driving SPECviewperf 2020: A Look At The Latest In Workstation GPU Benchmarks

Over the years, the Standard Performance Evaluation Corporation's SPECviewperf benchmark has become the industry standard for workstation GPU benchmarking. Owing to the fact that, unlike video games, there's little concept of a "standard" workload for CAD, content creation, and visual data analysis tools, as well as the sheer complexity of these applications, there is an ongoing need for a standardized multi-application benchmark. This is both to offer a wider, holistic view of GPU performance under workstation applications, and even more fundamental than that, to provide a proper apples-to-apples testing environment.

With the previous release of SPECviewperf dating back to 2013, the benchmark has been due for a refresh - and that has finally arrived this week with the release of SPECviewperf 2020. An incremental update over SPECviewperf 13, the 2020 version makes some important changes including support for 4K resolutions, as well as updating the workload traces.

Meanwhile, with a few systems already setup for other needs, we decided to take a quick test drive of the new version of the SPECviewperf, giving us a better look at what's new along with an idea of where performance lies with the updated benchmark workloads.

Hide

Show 17 Sat 08:51 Slashdot [1]

08:51 New Benchmark Shows iPhones Throttle So Hard They Lose Their Edge Over Android
MojoKid writes: Apple has repeatedly asserted its dominance in terms of performance versus competitive mobile platforms. And it has been historically true that, in cross-platform benchmarks, iPhones generally can beat out Android phones in both CPU and GPU (graphics) performance. However, a new benchmark recently released from trusted benchmark suite developer UL Benchmarks sheds light on what could be the iPhone's Achilles' Heel in terms of performance, or more specifically, performance over extended duration. The new benchmark, 3DMark WildLife, employs Apple's Metal API for rendering and Vulkan on Android devices. In testing at HotHardware, for basic single-run tests, again iPhones trounce anything Android, including flagship devices like the Samsung Galaxy S20 Ultra, ASUS ROG Phone 3 and OnePlus 8. However, in the extended duration WildLife Stress Test, which loops the single test over and over for 20 minutes, the current flagship iPhone 11 Pro and A13 Bionic's performance craters essentially to Snapdragon 865/865+ performance levels, while Android phones like the OnePlus 8 maintain 99+% of their performance. Though this is just one gaming benchmark test that employs the latest graphics technologies and APIs, it's interesting to see that perhaps Apple's focus on tuning for quick bursty workloads (and maybe benchmark optimization too?) falls flat if the current class of top-end iPhone is pushed continuously.

Read more of this story
Hide

Show 17 Sat 08:40 ArsTechnica [1]

08:40 Cruise will soon hit San Francisco with no hands on the wheel
GM subsidiary wins approval from California to offer driverless passenger service.
Hide

Show 17 Sat 05:51 Slashdot [1]

05:51 Japan Decides To Release Treated Fukushima Water Into the Sea
hcs_$reboot shares a report from CBS News: Japan will release more than a million tons of treated radioactive water from the stricken Fukushima nuclear plant into the sea in a decades-long operation, reports said Friday, despite strong opposition from environmentalists, local fishermen and farmers. The release of the water, which has been filtered to reduce radioactivity, is likely to start in 2022 at the earliest. The decision ends years of debate over how to dispose of the liquid that includes water used to cool the power station after it was hit by a massive tsunami in 2011. A government panel said earlier this year that releasing the water into the sea or evaporating it were both "realistic options." The treated water is currently kept in a thousand huge tanks at the Fukushima Daiichi site, where reactors went into meltdown nearly a decade ago after the earthquake-triggered tsunami. Plant operator TEPCO is building more tanks, but all will be full by mid-2022.

Read more of this story
Hide

Show 17 Sat 05:21 HackerNews [13]

Show 17 Sat 02:51 Slashdot [1]

02:51 US Surpasses 8 Million Coronavirus Cases
An anonymous reader quotes a report from CNET: America surpassed 8 million cases of the novel coronavirus on Friday, according to data compiled by Johns Hopkins University. The grim milestone that puts the U.S. ahead of every other country in terms of total cases. Over 218,000 coronavirus deaths have been reported in the U.S. as well, again setting a record that represents about 20% of total deaths worldwide. COVID-19, the illness caused by the coronavirus, has rapidly spread across the globe, infecting nearly 40 million and killing over 1.1 million. Beside the U.S., India has the highest number of cases, at almost 7.4 million, while some countries like New Zealand have all but eliminated COVID-19 with the number of active infections now at zero.

Read more of this story
Hide

Show 17 Sat 01:21 HackerNews [11]

Show 16 Fri 23:51 Slashdot [2]

23:51 Billionaire CEO of Software Company Indicted For Alleged $2 Billion Tax Evasion Schemes
The billionaire chief executive of Ohio-based Reynolds and Reynolds Co, Robert Brockman, has been indicted on charges of tax evasion and wire fraud conducted over "decades." ZDNet reports: The scheme, in which roughly $2 billion was hidden away in offshore accounts and through money laundering, took place between 1999 and 2019, the US Department of Justice (DoJ) said on Thursday. According to the indictment (.PDF), the resident of both Houston, Texas, and Pitkin County, Colorado allegedly used a "web" of offshore organizations in Bermuda and Nevis to hide the profits he made from investments in private equity funds. Brockman squirreled away his capital gains and also tampered with the evidence of his alleged activities, prosecutors say, by methods including backdating records and using "encrypted communications and code words" to communicate with co-conspirators, including the phrases "Permit," "King," and "Redfish." A ranch, luxury home, and yacht were among the purchases apparently made with non-taxed income. US prosecutors also say that between 2008 and 2010, Brockman used a third-party entity to purchase $67.8 million in debt securities from the software company. As CEO, the executive is not permitted to do so without full disclosure as it can have an impact on share prices and trading; however, Brockman allegedly did so without informing sellers. As a result, approximately $2 billion in income was kept hidden from the US Internal Revenue Service (IRS). In addition, US prosecutors allege that investors in the software firm's debt securities were also defrauded. A federal grand jury in San Francisco, California has issued a 39-count indictment, including seven counts of tax evasion, 20 counts of wire fraud, money laundering, evidence tampering, and destruction of evidence.

Read more of this story

23:51 Xbox's Phil Spencer Hints At Exclusivity Potential For Bethesda Games
In an interview with Kotaku, Xbox boss Phil Spencer said that Microsoft doesn't need to ship future Bethesda games on PlayStation in order to recoup the $7.5 billion it spent acquiring Bethesda's parent company, Zenimax Media, last month. Spencer also explained that the deal wasn't specifically signed to take games away from the platform. Pure Xbox reports: "This deal was not done to take games away from another player base like that. Nowhere in the documentation that we put together was: 'How do we keep other players from playing these games?' We want more people to be able to play games, not fewer people to be able to go play games. But I'll also say in the model -- I'm just answering directly the question that you had -- when I think about where people are going to be playing and the number of devices that we had, and we have xCloud and PC and Game Pass and our console base, I don't have to go ship those games on any other platform other than the platforms that we support in order to kind of make the deal work for us. Whatever that means." Previously, Spencer noted to Yahoo Finance that the Xbox community should feel the Bethesda acquisition is a "huge investment in the experiences they are going to have in the Xbox ecosystem," and he wants that ecosystem to "absolutely be the best place to play, and we think game availability is absolutely part of that." However, the Xbox boss has also confirmed that decisions on whether games will be exclusive to Xbox will ultimately be made on a "case-by-case basis", so it might still be a while before we know more.

Read more of this story
Hide

Show 16 Fri 23:00 ArsTechnica [3]

23:00 How the Trump admin devastated the CDC�and continues to cripple it
From missteps to blatant political interference, CDC's fall is a national tragedy.

23:00 Google Chat goes free in 2021, while Hangouts loses features this month
Google Hangouts is going to die, but first it's going to be picked apart.

23:00 A La Niña winter is on the way for the US
September was record warmest for the globe as US extremes continue.
Hide

Show 16 Fri 22:21 Slashdot [3]

22:21 San Francisco Apartment Rents Crater Up To 31%, Most in US
San Francisco's sky-high apartment rents are falling fast. From a report: The median monthly rate for a studio in the city tumbled 31% in September from a year earlier to $2,285, compared with a 0.5% decline nationally, according to data released Tuesday by Realtor.com. One-bedroom rents in San Francisco fell 24% and two-bedrooms were down 21%, to $2,873 and $3,931 a month, respectively. The figures underscore how the pandemic has roiled property markets and changed renter preferences. With companies allowing employees to work from home, people have fled cramped and costly urban areas in droves, seeking extra room in the suburbs or cheaper cities. Tech firms, in particular, have told staff they should expect to work remotely well into next year -- and may be able to do so permanently. "Renters are likely heading to more-affordable areas where they can get more space at a cheaper price," Danielle Hale, Realtor.com's chief economist, said in a statement. "The future of rents in many of these cities will depend on whether companies require employees to work from the office or continue to allow remote work."

Read more of this story

22:21 Nikola Stock Falls 14 Percent After CEO Downplays Badger Truck Plans
An anonymous reader quotes a report from Ars Technica: Nikola CEO Mark Russell downplayed the company's Badger pickup truck in comments to the Financial Times on Thursday. "The Badger was an interesting and exciting project to some shareholders, but our institutional shareholders are mostly focused on the business plan," Russell said. "Our core business plan since before we became publicly listed always focused on heavy trucks and hydrogen infrastructure." Russell's comments were published after markets closed on Thursday. Nikola's stock price plunged on Friday morning and is currently down about 14 percent for the day. Negotiations with General Motors to design and build the truck have dragged on weeks longer than expected. Nikola and GM announced a wide-ranging partnership on September 8. It envisioned GM not only building the Badger but also supplying the batteries and fuel cells that power the trucks. Under the deal, GM would also supply hydrogen fuel-cell technology for Nikola's semi trucks outside the European market. Nikola was supposed to give GM $2 billion worth of stock to license GM's technology, reimburse GM to build out a Badger factory, and then pay GM on a cost-plus basis to assemble the Badger. The value of Nikola's stock soared immediately after the September 8 announcement, but it then tanked after a short-selling firm revealed that Nikola CEO Trevor Milton had lied when he said Nikola's first truck, the Nikola One, was fully functional. Nikola has admitted that a promotional video showed the truck rolling down a hill, not traveling under its own power. The price decline has made GM's expected $2 billion stake in Nikola worth much less.

Read more of this story

22:21 Google Is Beginning the Forced Migration From Hangouts To Chat Next Year
Google will officially transition users from Google Hangouts to Google Chat starting next year. The Verge reports: As part of the change, Chat, a messaging service previously only available to customers who pay for Google Workspace (the recent rebranding of G Suite), will become a free service that's available inside of Gmail and in a standalone app. And some Hangouts features will be going away ahead of its disappearance. The transition from Hangouts to Chat will begin sometime in the first half of 2021, when Google will offer tools to help automatically bring your Hangouts conversations, contacts, and chat history to Chat, according to a blog post. It's unclear what steps will be required for that migration, but Google says it will share guidance at some point. The switch from Hangouts to Chat will take place gradually, and there will be a period of time when both messaging services are still available. Eventually, all free users and Workspace customers will be moved over to Chat. Once that's done, then Chat will fully replace Hangouts. As for why you'd want to upgrade from Hangouts to Chat before you're forced to, there are both carrots and sticks. On the plus side, Google says Chat not only offers features like direct and group conversations you might be familiar with from Hangouts, but it can also let you more easily plan and collaborate with others. Google also announced that it is planning to remove some specific Hangouts features, such as the ability to manage texts and phone calls from Hangouts. They're also planning to remove Google Voice support from Hangouts early next year, as well as no longer letting you call phone numbers from Hangouts.

Read more of this story
Hide

Show 16 Fri 21:27 AndroidAuthority [7]

21:27 Samsung could push up Galaxy S30 launch (Update: New evidence supports rumor)
Update: News evidence suggests an even earlier launch than originally anticipated.

21:27 Samsung Galaxy Note 9 update: One UI 2.5 is now hitting 2018 flagship
Update: One UI 2.5 is being pushed out to some Galaxy Note 9 devices in one market.

21:27 Google Pixel 5 vs Samsung Galaxy S20 FE camera shootout: battle for your $700
Got $700 to spend on a great camera phone? Two of the best options are the Google Pixel 5 vs Samsung Galaxy S20 FE.

21:27 OnePlus co-founder Carl Pei is officially leaving the company
He announced it on the OnePlus forums.

21:27 Google Pixel 5 vs OnePlus 8T camera shootout: Does a flagship chip matter?
Find out which phone wins in our Google Pixel 5 vs OnePlus 8T camera shootout!

21:27 This week in Apple: iPhone 12 launch, yeah, but there was some other stuff too
Yes, all eyes were on the iPhone 12 series launch this week, but there was some other stuff you may have missed.

21:27 Samsung Galaxy Fit 2 now available with claims of three-week battery life
It comes in two colors: Black and Scarlet, the latter of which looks a lot more like pink or maybe salmon to us.
Hide

Show 16 Fri 21:21 HackerNews [14]

Show 16 Fri 20:51 Slashdot [4]

20:51 Boeing 737 Max Judged Safe To Fly By Europe's Aviation Regulator
schwit1 shares a report from Bloomberg: Europe's top aviation regulator said he's satisfied that changes to Boeing Co.'s 737 Max have made the plane safe enough to return to the region's skies before 2020 is out, even as a further upgrade his agency demanded won't be ready for up to two years. After test flights conducted in September, EASA is performing final document reviews ahead of a draft airworthiness directive it expects to issue next month, said Patrick Ky, executive director of the European Union Aviation Safety Agency. That will be followed by four weeks of public comment, while the development of a so-called synthetic sensor to add redundancy will take 20 to 24 months, he said. The software-based solution will be required on the larger 737 Max 10 variant before its debut targeted for 2022, and retrofitted onto other versions.

Read more of this story

20:51 Elon Musk's Las Vegas Loop Might Only Carry a Fraction of the Passengers It Promised
The Boring Company's Las Vegas Convention Center loop "will not be able to move anywhere near the number of people LVCC wants, and that TBC agreed to," reports TechCrunch. The LVCC wanted transit that could move up to 4,400 people every hour between exhibition halls and parking lots on the Los Vegas Strip. According to planning files reviewed by TechCrunch, "the system might only be able to transport 1,200 people an hour -- around a quarter of its promised capacity." From the report: Fire regulations peg the occupant capacity in the load and unload zones of one of the Loop's three stations at just 800 passengers an hour. If the other stations have similar limitations, the system might only be able to transport 1,200 people an hour -- around a quarter of its promised capacity. If TBC misses its performance target by such a margin, Musk's company will not receive more than $13 million of its construction budget -- and will face millions more in penalty charges once the system becomes operational. So what is stopping TBC from transporting as many people as both it and the LVCC wants? There are national fire safety rules for underground transit systems that specify alarms, sprinklers, emergency exits and a maximum occupant load, to avoid overcrowding in the event of a fire. Building plans submitted by The Boring Company include a fire code analysis for one of the Loop's above-ground stations. The above screenshot from the plans notes that the area where passengers get into and out of the Tesla cars has a peak occupancy load of 100 people every 7.5 minutes, equivalent to 800 passengers an hour. Even if the other stations had higher limits, this would limit the system's hourly capacity to about 1,200 people. The plans do not show any turnstiles or barriers to limit entry. Even without the safety restrictions, the Loop may struggle to hit its capacity goals. Each of the 10 bays at the Loop's stations must handle hundreds of passengers an hour, corresponding to perhaps 100 or more arrivals and departures, depending on how many people each car is carrying. That leaves little time to load and unload people and luggage, let alone make the 0.8-mile journey and occasionally recharge.

Read more of this story

19:21 Google Says it Mitigated a 2.54 Tbps DDoS Attack in 2017, Largest Known To Date
The Google Cloud team revealed today a previously undisclosed DDoS attack that targeted Google service back in September 2017 and which clocked at 2.54 Tbps, making it the largest DDoS attack recorded to date. From a report: In a separate report published at the same time, the Google Threat Threat Analysis Group (TAG), the Google security team that analyzes high-end threat groups, said the attack was carried out by a state-sponsored threat actor. TAG researchers said the attack came from China, having originated from within the network of four Chinese internet service providers (ASNs 4134, 4837, 58453, and 9394). Damian Menscher, a Security Reliability Engineer for Google Cloud, said the 2.54 Tbps peak was "the culmination of a six-month campaign" that utilized multiple methods of attacks to hammer Google's server infrastructure.

Read more of this story

19:21 A Disturbing Twinkie That Has, So Far, Defied Science
Apparently Twinkies aren't immortal. After discovering that his 8-year-old Twinkies "tasted like old sock," biologist Colin Purrington sent them to a pair of scientists -- Brian Lovett and Matt Kasson from West Virginia University in Morgantown -- to study the kind of fungus growing on them. An anonymous reader shares the report from NPR: The researchers immediately thought some kind of fungus was involved in attacking the 8-year-old Twinkies, because they've studied fungi that kill insects and dry them out in a similar way. Plus, the reddish blotch on one Twinkie seemed to have a growth pattern that's typical of fungi. [...] They noticed that the wrapping on the mummified Twinkie seemed to be sucked inward, suggesting that the fungus got in before the package was sealed and, while the fungus was consuming the Twinkie, it was using up more air or oxygen than it was putting out. "You end up with a vacuum," Lovett says. "And very well that vacuum may have halted the fungus's ability to continue to grow. We just have the snapshot of what we were sent, but who knows if this process occurred five years ago and he just only noticed it now." A quick examination with a magnifying scope revealed fungal sporulation on both the marred and mummified Twinkies, again suggesting the involvement of fungi. The researchers used a bone marrow biopsy tool to sort of drill through the tough outer layer of the gray, mummified Twinkie. "We certainly hit the marrow of the Twinkie and quickly realized that there was still some cream filling on the inside," Kasson says. From the Twinkie marked with just a dark circle of mold, they were able to grow up a species of Cladosporium. "Cladosporium is one of the most common, airborne, indoor molds worldwide," says Kasson, who cautions that they haven't done a DNA analysis to confirm the species. So far, however, no fungi have grown from the sample taken out of the mummified Twinkie. "It may be that we don't have any living spores despite this wonderful, rare event that we've witnessed," Lovett says. "Spores certainly die, and depending on the fungus, they can die very quickly." They're not giving up, though. They'll fill lab dishes with all kinds of sweet concoctions to try to coax something back to life from the mysterious Twinkie mummy.

Read more of this story
Hide

Show 16 Fri 18:10 ArsTechnica [8]

18:10 PlayStation 5 UI revealed: �Activity� shortcuts, picture-in-picture
Déjà vu for Xbox's long-deceased "Snap" feature. Will media apps benefit?

18:10 Popeye would approve: Spinach could hold key to renewable fuel cell catalysts
Scientists found the nanosheets catalyzed oxygen-reduction reactions.

18:10 Twitter abruptly changes hacked-materials policy after blocking Biden story
Twitter to allow posting of hacked materials unless directly shared by hackers.

18:10 Red Bull could quit F1 if new engine rules don't happen
Red Bull wants an engine freeze, Renault wants parity first, Ferrari says no way.

18:10 Grab leftover Prime Day deals on AirPods Pro, Roku streamers, and more
Dealmaster also has new deals on Dell monitors, Bluetooth speakers, and more.

18:10 iPhone 12, iPhone 12 Pro, and iPad Air orders have begun
Two iPhones models are coming later, though.

18:10 Nikola stock falls 14 percent after CEO downplays Badger truck plans
�Core business plan� is �heavy trucks and hydrogen infrastructure,� CEO says.

18:10 Hackers are using a severe Windows bug to backdoor unpatched servers
Attackers are spraying the Internet to backdoor unpatched Active Directory systems.
Hide

Show 16 Fri 17:51 Slashdot [2]

17:51 Group Files 'Largest FOIA of All Time'
Reclaim the Records -- a group of activist genealogists, historians, journalists, teachers -- has filed what may be the largest Freedom Of Information Act Request of all time. The group wants the National Archives and Records Administration (NARA) to release billions of digital images and their associated metadata to the public. From a report: NARA is a government agency that preserves and archives the American government's historical records. It's also supposed to increase public access to those records. To accomplish that goal, NARA partnered with private companies such as genealogical website Ancestory.com to digitize and upload census records, immigration records, and other historical documents. Digitizing these records is a massive task, one NARA likely couldn't accomplish on its own. In exchange for its help, NARA granted the private companies limited exclusivity to the records. That means that billions of documents related to America's history are behind paywalls on sites like Ancestry, FamilySearch, and Fold3. According to the agreements, the sites were supposed to open up their digitized archive to the public after an exclusivity period of 3 - 5 years. "In practice, this simply hasn't happened," Reclaim the Records said in a blog post announcing the FOIA. "NARA has never actually posted online the vast majority of these records that were digitized through their partnership program, not to their Catalog nor indeed anywhere else where the public might be able to freely access and download the now-digital records. This remains the case today, even when the embargo periods for many of these record sets have been expired for more than a decade, sometimes two decades." Most of these are stored behind Ancestry.com's paywall, in part because Ancestry purchased several of the other sites that NARA had made deals with when they were still independent.

Read more of this story

17:51 You Can Now Install Microsoft Windows Calculator on Linux
An anonymous reader shares a report: Earlier, Microsoft released the source for Windows Calculator. And now, that calculator app has been ported to Linux by Uno Platform. Best of all, it's insanely easy to install as it is packaged in Snap format. "The good folks in the Uno Platform community have ported the open-source Windows Calculator to Linux. And they've done it quicker than Microsoft could bring their browser to Linux. The calculator is published in the snapstore and can be downloaded right away," explains Rhys Davies, Product Manager, Canonical.

Read more of this story
Hide

Show 16 Fri 17:21 HackerNews [9]

Show 16 Fri 16:21 Slashdot [3]

16:21 Uber on the Hunt For Strategic Alternatives for Uber Elevate
Uber is seeking strategic alternatives for its Uber Elevate business, including strategic partnerships or a partial sale, Axios reported Friday, citing multiple sources. From the report: This reflects Uber CEO Dara Khosrowshahi's obsession with achieving profitability, as evidenced by partial sales of Uber's money-losing freight and self-driving units. Uber Elevate's goal is to develop a network of self-driving taxis, with its website suggesting a launch year of 2023.

Read more of this story

16:21 France and the Netherlands Call For Tough EU Powers To Curb Big Tech
France and the Netherlands have proposed stricter EU rules to oversee large technology firms, such as Alphabet, Facebook and Amazon. From a report: In a joint document, seen by CNBC and due to be sent to the European Commission, the EU's executive arm, the two countries suggested that an EU authority should be able to control the market position of these large tech platforms. "Our common ambition is to design a framework that will be efficient enough to address the economic footprint of such actors on the European economy and to be able to 'break them open,'" Cedric O, the secretary of state for digital transition in France, said in a statement. "Access to data, to services, interoperability ... these are efficient tools that we should be able to use, with a tailor-made approach, in order to tackle market foreclosure and ensure freedom of choice for consumers," he added. The EU, arguably at the forefront of regulation in this space, has intensified talks regarding Big Tech and the competitive landscape over the last 12 months. In addition to pursuing anti-trust investigations on some of the largest firms, the Commission is also working on data protection rules.

Read more of this story

16:21 British Airways Fined $26 Million Over Data Breach
British Airways has been fined $26m by the Information Commissioner's Office (ICO) for a data breach which affected more than 400,000 customers. From a report: The breach took place in 2018 and affected both personal and credit card data. The fine is considerably smaller than the $236m that the ICO originally said it intended to issue back in 2019. It said "the economic impact of Covid-19" had been taken into account. However, it is still the largest penalty issued by the ICO to date. The incident took place when BA's systems were compromised by its attackers, and then modified to harvest customers' details as they were input. It was two months before BA was made aware of it by a security researcher, and then notified the ICO.

Read more of this story
Hide

Show 16 Fri 15:24 lwn.net-comments [9]

15:24 BleedingTooth: critical kernel Bluetooth vulnerability

I got this now on Fedora 32:

Changelogs for kernel-5.8.15-201.fc32.x86_64, kernel-core-5.8.15-201.fc32.x86_64, kernel-devel-5.8.15-201.fc32.x86_64, kernel-modules-5.8.15-201.fc32.x86_64, kernel-modules-extra-5.8.15-201.fc32.x86_64
* to loka 15 00.00.00 2020 Justin M. Forbes <...> - 5.8.15-201
- Fix BleedingTooth CVE-2020-12351 CVE-2020-12352 (rhbz 1886521 1888439 1886529 1888440)

* ke loka 14 00.00.00 2020 Justin M. Forbes <...> - 5.8.15-200
- Linux v5.8.15
- Fix CVE-2020-16119 (rhbz 1886374 1888083)

* ke loka 07 00.00.00 2020 Justin M. Forbes <...> - 5.8.14-200
- Linux v5.8.14

15:24 BleedingTooth: critical kernel Bluetooth vulnerability

> it's easy to spend money until something succeeds

And yet quite often Google gives up. Well, sometimes it gives up after it succeeds ...

15:24 An open letter to Apache OpenOffice

Blame Oracle, perhaps, for dog in the manger tactics. As successors in title to Sun Microsystems, they chose deliberately to pass OpenOffice to the Apache Foundation, knowing full well that an incompatible licence would make life more difficult for LibreOffice, despite requests at the time to allow a merger or licence compatibility. That's similar to the problems with Sun's CDDL, all the OpenSolaris derivatives problems with licensing and, indeed, the spat with Google over Java. At this point, it's not explicable by incompetence, unfamiliarity with or lack of understanding of FLOSS licence dynamics: it does feel more like malice or spite.

15:24 Collabora Online moves out of The Document Foundation

Indeed. Consider cases of using the code without a (direct) technological purpose. Creating wrapping paper for a gift with your favorite driver's code printed on it. Creating a collage of Linux code into a print or puzzle. Are these derived works? Could be, but any exhaustive list someone tried to make would likely have missed these cases.

15:24 Tags are stored in separate physical memory
I expect it to be in physical memory: Why would you tag memory that is not physically backed? Well, actually there is quite a bit of virtual memory that is never used and is only ever backed by the same zero-filled page; do you need such unused memory to have tags already before use?

For physical RAM, I expect that it uses some bits that you get with ECC memory (you only need 8 SECDED ECC bits for 128bits (16 bytes) of payload, leaving 8 bits for other purposes.

For virtual memory backed by mass storage, some systems have mass storage with larger sectors to accomodate meta-data, but this mass storage is rare and therefore expensive. It may be cheaper to provide enough ECC RAM that you don't need swap space.

15:24 BleedingTooth: critical kernel Bluetooth vulnerability

Exactly. Google has its own interests in mind. Corporate backing can provide healthy support for projects. That said, just because a corporation is involved doesn't mean it cares about the ecosystem or the interests of its users.

15:24 Further analysis of PyPI typosquatting

Crowd sourcing sounds good on paper when people have a lot of 'free' time where they enjoy reviewing tidbits of other people's code. However what tends to happen is that most people who would like to do it at one point have other things that take up their time or just get tired of it quickly as it is dealing with prickly people. Instead the people who stick around are people paid to 'review', and the groups with the largest interest to get code reviewed are the criminal groups who can pay people to 'review' things just not in the interest of everyone else.

In the end it isn't as much 'who watches the watchmen?' as much as 'who pays the watchmen.'

15:24 Further analysis of PyPI typosquatting

Web of trust - it's hard enough with a thousand people who more or less know each other and can vouch for each other's code - and then you get people who can't use GPG.
Congratulations, you've just re-invented Debian - only without the minimal barrier of competency and (relative) agreement on common values :(

15:24 Tags are stored in separate physical memory

It does need a bus protocol that can transport it, so new interconnects and a memory controller that can receive and respond to it as the endpoint.

A "seperate PA space" isn't really "separate physical memory" in the sense that you don't need a *dedicated* memory controller or a particular SRAM block, for example, for MTE alone.

It's no different to, for example, the logical separation Secure vs Non-Secure memory. In theory, Secure 0x8000 and Non-Secure 0x8000 are two seperate PA spaces - the two numerical addresses aren't the same address. In practical reality, it's a "n+1th bit" of addressing, and the underlying memory technology (the cells or gates storing the information) are the same one for each address.

Most modern DRAM controllers have a TrustZone address space controller built in (or something broadly similar) which can effectively allow or deny access to particular regions of RAM based on the security state. It's just an address range, and the differentiator between being secure or non-secure read or write in the system being a single bit. So you can have 4GB of RAM and 2GB of it be Secure and 2GB of it be Non-Secure, but they're on the same 32Gbit DRAM die.. or separate 16Gbit ones, or striped across them, whatever you like.

Where that memory 'lives' is up to that system, maybe the top MBs will be partitioned off by the memory controller and interconnect for the tag space, and the tag management instructions will essentially be putting data in there. Your OS will be none the wiser except that it may be told that it only has 7.xGB available 'Normal' physical memory (which we already see since we can have software carve-outs for secure firmware or other purposes). It's not really an architectural question in the CPU sense, more of a thing for memory controller vendors to describe how they want to make it happen.

Hide

Show 16 Fri 14:51 Slashdot [2]

14:51 Coinbase's New 'Direction' Is Censorship, Leaked Audio Reveals
An anonymous reader shares a report: Brian Armstrong, CEO of cryptocurrency exchange Coinbase, revealed in a late September blog post that the company would prohibit employees from debating political or social issues, deeming this a "distraction" from the company's mission. Armstrong doubled down on his position during a virtual all-hands held on October 1, billed as an "AMA" (for "ask me anything"), from which Motherboard obtained audio. The AMA was meant to further explain the company's new "apolitical" direction for those who might consider accepting a severance package that was offered to any employee who felt "uncomfortable." Executives also explained when and where dissent would be appropriate, and explained why they required employees to delete specific political Slack messages. This, at a company that works with cryptocurrencies intended to replace government banking systems in order to create a more free world. During the meeting, Armstrong claimed there is a "silent majority" at Coinbase that agreed with his decision but feared reprisal from colleagues. Armstrong and Coinbase leadership, however, failed to soothe fears that this policy would police employees if they voiced opinions that did not align with Armstrong or this "silent majority." One former Coinbase employee who left the company after the AMA and to whom Motherboard provided anonymity due to fear of industry reprisal said that these assurances were insufficient and workers feared surveillance and censorship. These fears are not unfounded. Emile Choi, Coinbase's chief operating officer, explained that at least two employees were asked to delete Slack posts, and that HR head L.J. Brock "proactively reached out to employees to explain why their posts would be taken down. He had a very productive conversation with both of them and they understood the context," she said. One employee asked if Coinbase leadership thought that this was "taking away employee power to start a discussion except with 300 character questions" in an AMA format. "It seems like Coinbase is stunting internal discussion." Choi said that the entire executive team was aligned on Armstrong's post and policy, and that the new "culture is focused on what unites us and what we face in the world, which is building toward our mission," Choi said. "The goal was not intended to be harsh, it wasn't intended to land in a way where people felt they were being policed."

Read more of this story

14:51 Uber is Hiring Hundreds of Engineers in India To Cut Costs
Uber said it is working to hire 225 engineers in India, strengthening its tech team in the key overseas market months after it eliminated thousands of jobs globally. From a report: The move comes as several high-profile engineers have left Uber India in recent months to join Google and Amazon, among other tech giants. A senior engineer who recently left Uber told TechCrunch that many of his peers had lost confidence in Uber's future prospects in the country. [...] In July, news outlet The Information described Uber chief executive Dara Khosrowshahi's plan to move engineering roles to India as a cost-saving measure. The report said Khosrowshahi's plan had sparked internal debates. Thuan Pham, Uber's longtime chief technology officer, who left the company earlier this year, reportedly cautioned that hiring more engineers so quickly in India would "require accepting lower-quality candidates." Further reading: Nearly 70,000 Tech Startup Employees Have Lost Their Jobs Since March (July 2020).

Read more of this story
Hide

Show 16 Fri 13:31 DailyWTF [1]

13:31 Error'd: Try a Different Address

"Aldi doesn't deliver to a ...computer memory address!? Ok, that sounds fair," wrote Oisin.

"When you order pictures from this photography studio, you find that what sets them apart from other studios is group photography and not web site design," Stephen D. wrote.

John H. writes, "To be honest, I'm a little bit surprised. I figured for sure that it would have been a 50/50 split between meat and booze."

"I was just trying to perform a trivial merge using GVim, but then ṕ̵̡̛̃̍̊͊̌̉h̸̢̦̭̟̿̉̔̔͛̋̓̑̉́͌͊̒̕͜'̸̛̃̿̐́́͑̒͛̕͠�͎̹̦͔̳͎̹͎̥̻̺̦̳͈̞̋̑n̸̨̛͉̥̻̘̣̞̉́͂̌͋́̾͗͠g̵̣̫̯̈̈́̕l̷�̊͆̂͒͐͝͝�͍̳͚̻̺̔́͘͜͝ư̷�̯̬̜̱̭̳̞͇̠̄̎͗͝į̴̗̺͓̣̘͚̯̳͕̠̗̮̄͛͌̍̈́͌͊͌̓̈́͌̌͝ ̵̼̼̥͍̙̋̇͂͋͐͐͂m̶̥̭͍͕͍̑̏g̸̡͖̜̜̭͈͖͇̦͍͉͚̎͜ͅl̵�̡͉̜̂̎́͐̑̑͑̍̚ŵ̴̡͚̝̣̬̭̥̙͎̻̽͝'̸̼̩̑́̄͆̾͆̿́̕ṅ̶̛̯͍̰͒́̂̎ǎ̶̍͌͆͌̈̓͛̚͝͠�͇̬̲͕͍̻̞̫̻͕͈͔̌̿f̸͎͖̰̖̫̪͎̄̈̓̏́̐̄̈̒́̈̾̔̕h̶͊�̧̠̺̯̦̪͓̜͙̬͎̳̭̌͂͆́̾̑̾͝ ̶͊̈́͊͗͒͋̊͊�̣̘̟͛̉͝G̶̛͐�̧̙̜̗̖̼̺͓͐͒V̸̢̙̰̟̙͚̗͖̆̈̇̓͘͠͝͝i̶̛̹̳̍͂́͝͝͝m̶̛͈͈̹̯͕̗͐̂͊̇̃̃͌̌̓̄̔̆͘ ̸̢̛̣͓̪͚̘͚̰͖͐́͜R̸͍͈͚̻͕̗̻͉͙͆͌͐͒̓͒̐̓̑̊͒͝'̴̧͚͔̫̼̺͔͎̖͈̞͙͆͆l̷͍̠̄͂̆̒͊̔ẏ̶̢̮͓̄͆́̉̈́̑͗̉͠ͅe̴�̡̧̝͙̖̹͓̤̼̻͓̬͚̰̅̋́̑̾͘͜h̷̳͇̖͔̤͇̦̹̮̐̏͛̊͐͒͐ ̷̧͚̔̉̍͆͌̓͗̓̐̐͘w̸̤̝̪͎͇̩̤̳͒̏̒̎̈́̉͗̈́̚̚͝m̴̋̎͗͆̒̕�̼̦̩͉̜̳͓͔̟̭͇̜̰̬̍̍̇̔͋͝͝ͅê̸̢̡̢̝͓̟̭̞͍̞͈̖̠̲̬̒̐̎̿̇̍́̂͒̏̉͘͠r̸̬̉̈́͆̌͆̈̉ǧ̴̢̙͚͓͇͖͔̩̣͕̞̚e̸̡̢̩̠͙͖̺̥͉̦̟̩͐͘'̵̈�̡̢̧̟͇̭̲̳͕̻̜͇̘̬̙̓́̄̒̔̒̕͘͠n̶̢̛͎̹̮̻̼̳̜͖̲̂̇̅̾̄̐̊̇̓̒̒̍͘a̸̟̞̗̻͕̘̳͔̿̌͑̌̎̈̊̓͊̊͋͜g̷�̢̮̟̠͖̞̤͖̘̻̞̄̓͌̾́̉̏͑͐͜l̵̪̫̝̐̃ ̸͂̔̂�̾̚�̮̤̱͇f̵̥͌̂̒̐̚h̷̡̤̮͇̥̖̼̙́̌̕ͅt̴�̛̋̋͐̍̅̕͝�̧̞̦̩͚̝̦̮͎͕̹̖̰͛̕̚͘͠ȁ̸̖̝͈͎̤͇̽͛́̄͆͒̃̓̏͐͊͒̔̌g̸̜̠͉̝̱̳͔̭̦͇̱̘̺͋ͅͅn̶̦̥͈̻͍̠̂̔̊́̑͆̉̈́͝," wrote Ivan.

Robert M. writes, "Look, considering how 2020 is going, 'Invalid Date' could be really any day coming up. Listen - I just want to know, is this before or after Christmas, because like it or not, I still have to do holiday shopping."

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

Hide

Show 16 Fri 13:21 HackerNews [18]

Show 16 Fri 13:21 Slashdot [2]

13:21 Developer Says AWS Forked His Project and Launched It As Its Own Service
Tim Nolet, founder and chief technology officer of Checkly, tweeted on Friday: Oh @awscloud I really do love you! But next time you fork my OS project and present it as your new service, give the maintainers a short "nice job, kids" or something. Not necessary as per the APLv2 license, but still, ya know?

Read more of this story

13:21 Has Apple Abandoned CUPS, Linux's Widely Used Open-Source Printing System? Seems So
The official public repository for CUPS, an Apple open-source project widely used for printing on Linux, is all-but dormant since the lead developer left Apple at the end of 2019. From a report: Apple adopted CUPS for Mac OS X in 2002, and hired its author Michael Sweet in 2007, with Cupertino also acquiring the CUPS source code. Sweet continued to work on printing technology at Apple, including CUPS, until December 2019 when he left to start a new company. Asked at the time about the future of CUPS, he said: "CUPS is still owned and maintained by Apple. There are two other engineers still in the printing team that are responsible for CUPS development, and it will continue to have new bug fix releases (at least) for the foreseeable future." Despite this statement, Linux watcher Michael Larabel noted earlier this week that "the open-source CUPS code-base is now at a stand-still. There was just one commit to the CUPS Git repository for all of 2020." This contrasts with 355 commits in 2019, when Sweet still worked at Apple, and 348 the previous year. We asked Apple about its plans for CUPS and have yet to hear back.

Read more of this story
Hide

Show 16 Fri 13:20 ArsTechnica [5]

13:20 Rocket Report: Sweden invests in launch site, SLS hotfire test in a month
Also, China has launched its 30th rocket of the year.

13:20 Surface Duo review�Orphaned Windows hardware makes a poor Android device
Microsoft's first Android phone has a lot of problems.

13:20 Thousands of infected IoT devices used in for-profit anonymity service
Interplanetary Storm uses P2P networking, mostly in devices running Android.

13:20 Gaming chairs or work from home chairs? Ars tests two under $500
Really good office chairs are expensive�gaming chairs are easier on the budget.

13:20 This is what �war in space� probably would look like in the near future
�Any conflict in space will be much slower and more deliberate.�
Hide

Show 16 Fri 11:51 Slashdot [1]

11:51 Chilling Report Suggests 1 Out of 5 Countries Could Be Headed For Ecosystem Collapse
An anonymous reader quotes a report from ScienceAlert: A new insurance index from the Swiss Re Institute has found just over half of all global GDP -- nearly 42 trillion US dollars -- is dependent on goods and services provided by the natural world. In many places around the world, however, that sturdy foundation is turning to sand. The report, referred to as the Biodiversity and Ecosystem Services Index, shows a fifth of the world's countries currently stand on fragile ecological ground, with more than a third of their land disrupted by human activity. That's 39 countries with ecosystems that could be at risk of collapse, largely due to widespread declines in biodiversity, whether that be from deforestation, farming, mining, run-off, invasive species, or a decline in pollinators. The index was designed to give governments and businesses a benchmark for the state of local ecosystems important to their economies, in the hope that the data can help inform relevant insurance solutions for communities at risk. Developing nations in the index with large agricultural sectors -- like Kenya, Vietnam, Pakistan, Indonesia, and Nigeria -- are particularly at risk due to their GDP's reliance on natural resources, but "densely populated and economically important regions" such as Southeast Asia, Europe, and America are also exposed to risk despite their economic diversification. Among the top of the rankings sit Australia and South Africa, which are also among the world's largest economies, and are both also dealing with water scarcity, pollination, and coastal protection issues. "For all 195 nations, researchers assessed the state of 10 'ecosystem services,' such as intact habitat, air quality, water security, soil fertility, coastal protection, erosion, and timber provision," the report adds. "Nearly a third of the countries -- exactly 60 in total -- were found to have ecosystems in a fragile state on more than 20 percent of their land. Only 41 countries had intact ecosystems covering the same expanse of land." "This index doesn't necessarily mean these ecosystems or the economies that rely on them are doomed, but if we keep tracking the way we are, human activity could very well lead to tipping points and abrupt ecosystem collapse."

Read more of this story
Hide

Show 16 Fri 09:27 Risks [34]

09:27 Re: Apple marches to a different beat

Thanks to Steve and everyone else who replied to my message.

As best I can determine, my problem started with the 'Catalina' MacOS
upgrade. I never had a problem with the clock prior to this upgrade.

Apparently, the Catalina upgrade turned *off* automatic time sync'ing for
me, thus allowing a slow clock drift over a number of months which resulted
in a several minute discrepancy.

Thanks to several replies, I turned automatic time sync'ing back on,
and everything is working again.

09:27 Re: Botched Excel import may have caused loss of 15,841 UK COVID-19 cases

The "dumbed-down" reports of this in British mainstream media, including that quoted by Thomas Dzubin, did not expose the basic issue ... which was that Public Health England (PHE) was apparently using Excel 2003 (or earlier). Office 2003 went out of support in Spring 2014, but it was (reportedly) only in July this year that PHE identified a need to upgrade.

09:27 Re: Risks of Excel

Risk of Spreadsheets

In view of the recent RISKS entries about Excel, I was mildly amused to
learn that the Covid 19 Aerosol Transmission model recently published by the
Max Planck institute is an Excel spreadsheet.
https://www.mpic.de/4747065/risk-calculation For an academic paper Excel is
probably appropriate.

However after thinking a bit I was no longer amused. I believe that many of
the (unpublished) models used by epidemiologists and policymakers probably
also use Excel spreadsheets.

There is a real risk of bad decisions resulting from errors in large
complicated spreadsheets, which could have serious consequences.

The other risk is that an application will in the future be used in an
application for which it was not intended and is not suitable.

09:27 Re: Why cars are more "fragile": more technology has reduced robustness

A few years ago, a motoring journalist commented that there seems to be an
'unholy alliance' between governments and car makers; they want to show how
much they want to save our lives and save the planet so they add these
costly features for improved safety, fuel economy, and lower emissions.
Governments like this because it shows how caring and compassionate they
are, and car makers like this because it allows them to control the repair
business. And making cars difficult to repair probably earns more tax $$$$s
for selling new ones.

One example that comes to mind is the power steering on my car, made in
1988, which uses the traditional hydraulic pump and steering box. Works
fine, but the slight snag is poor energy efficiency. Modern cars use
electric power steering, with an electric motor and tons of complicated
electronics. Much better energy efficiency as the assistance only works
when it's needed, *and* the amount of assistance can be varied to suit the
driver's taste (fingertip-light to sports car) with a dashboard control.
Downside is that it's (reportedly) not a repairable item, with replacements
(if still available) allegedly $1,000 or so + labour + cost of recalibrating
the computers. The factory manual for my car gives instructions for
rebuilding the steering pump and box on my kitchen table (not that I'd
actually want to do this). The *real* reason for electric power steering is
that it can be integrated with the (mandated) braking-stability control,
which detects the steering-wheel angle and compares the actual car's turning
movement with a yaw sensor, then distributes the braking force accordingly
to reduce the chance of a skid. That's apart from 'lane-assist' and similar
collision-avoidance features, of course. Dunno how these things are checked
at vehicle inspection times ("MoT" in UK)—presumably heavily dependent on
self-diagnostics?

As the original poster said, it's not clear what the future holds. Many of
these 'fragile' features, like the CAN bus mentioned, are legal requirements
in a lot of countries so car buyers can't just choose to avoid them, and
it's likely that running older cars will become more difficult over time; I
believe that in mainland Europe there are often restrictions on using
'historic' vehicles, typically by selecting required days per year with a
scratch card. Some British cities are proposing low-emission schemes and
reduction of traffic with varying degrees of aggression—in London there's
the daily congestion charge for all vehicles in the central area, with a
hefty supplementary charge for those not meeting the latest emission
standards.

09:27 To my friends and colleagues in the U.S.: Be careful out there.

Oh, my colleagues and only friends, especially in the US--you are under
threat. You are in danger. You are at risk. Please be careful.

Possibly it is because I put myself through uni working in a hospital and
even an isolation ward. Perhaps it is because I just finished writing a
book on "Cybersecurity Lessons from CoVID-19." I am, perhaps, more
sensitized to the topic, and I have, possibly, been keeping too close an eye
on the numbers. But I suspect you may be heading for trouble.

Maybe not you, personally, but, maybe. You, my colleagues and friends, are
professionals, and live and work in environments that are probably not at
greatest risk. But infectious diseases do not pay attention to rent levels.
And possibly someone that you know and love is at greater risk.

I live in BC. We've been very fortunate. We were at high risk due to
levels of international travel, but we were randomly lucky in regard to
things like the dates of spring school vacation, and having the world's
greatest chief medical health officer. March and April were really hard,
and then we seemed to get things under control.

But, in pandemics, things may not be as they "seem." Recently we have had a
surge in cases in BC. Every pandemic in history has had a second wave, and
generally worse than the first. Unfortunately, there isn't a good pattern
for second waves, other than that they exist; and the only way to know when
you've had it is after it's over. Our recent surge, in BC, may be our
second wave. Or, our second wave may still be to come. But four other
provinces in Canada have also had surges. Europe is having a surge. And,
despite having the highest rates both absolutely and per capita, there are
indications that the US may be heading for a surge as well. The predictions
of 400,000 deaths by January may be conservative.

Everybody is tired of the pandemic. And the fact that there is so much we
don't know about it makes it much harder to get people to pay attention. We
do not like uncertainty. We dislike it so much that when things are
uncertain we ignore them. We have only known of the existence of this class
of virus for sixty years. We have had only one experience with a disease
from this class of virus, and that was limited and short-lived. This type
of virus defies our models of spread from better-known disease vectors.
Getting a disease from many viruses confers life- long protection, but this
one seems to be able to re-infect some people, sometimes within months. We
are learning as we go, and it's hard to keep up. And, unfortunately, as we
go, and as we learn, some people are dying, and others are getting very
sick. Sometimes for a long time.

We are working on a vaccine. At least 150 vaccines, in fact. A handful are
under last stage trials. Two of those trials have been halted, hopefully
temporarily, because of possible problems that have come to light during the
trials. This is common, and it is the purpose of trials to find those
problems. This time around it is making news only because people are so
desperate for the vaccines.

But, even when we find a vaccine (hopefully more than one), we then have to
manufacture (carefully, and with due attention to contamination) billions of
doses, and then figure out how everyone is going to get "shot." Many people
are thinking we will have a vaccine by the beginning of the new year. I
rather suspect that it will be June before enough people have been
vaccinated to provide real protection.

In the meantime, as Dr. Bonnie Henry has said, the future is in your hands,
and you must continue to wash them. Strict isolation is not absolutely
necessary, and, as Poe pointed out in "The Masque of the Red Death," not
guaranteed. Nothing, in fact, is guaranteed. Defence in depth and layered
defence is mandatory. Physical distancing is primary. Keeping groups;
*all* groups, *all* meetings, *all* parties; small and to a minimum is
primary. Washing your hands, constantly, is vital. Wearing a mask, if you
must be in public or with others, is not magic and will not save you, but
reduces (not eliminates) the risk of close contact. Follow the World Health
Organization's Five Heroic Acts. (Speaking of the which, the integrity of
advice is not only changing, but is under attack. Stick to the advice of
those who know what they are talking about. Listen to experts like Bonnie
Henry or Fauci, not Barrington and his gang of homeopaths.) Activities with
heavy breathing and in large groups, like contact sports or choirs, are very
dangerous. (Orgies are *definitely* contraindicated.)
https://www.who.int/campaigns/connecting-the-world-to-combat-
coronavirus/safehands-challenge/5-heroic-acts

Be kind. Be calm. Be safe. Be careful. This is not forever, but it is
for now.

09:27 Interview techniques and the "don't know" answer

While I'm not an expert on interviewing techniques, one of the pointers I do
know is that when you ask a subject about something they should know about,
and they have no idea or opinion, they are lying to you. Or, at the very
least, trying to hide something. For example, I am a security maven. If
you were to ask me how I would go about breaking into something, I should
have at least half a dozen ideas to try, right off the top of my head. If I
said I had no idea how I would approach breaking into whatever you were
interested in, it's probably a good bet that I am already well along in my
plan to actually break into it, and don't want to give the game away.

As another example, if you are questioning, say, a judge, about appointment
to a higher office, and you know that the judge under investigation clerked
for a higher court judge, and you ask the judge under investigation about
the higher court judges opinion that a case should have been decided
otherwise, and the judge under investigation says that [he or] she doesn't
want to give an opinion off the top of her head, she's lying. Well, she's
either lying or completely incompetent, or trying, very seriously, to
mislead you, or avoid answering. It's her job to have an opinion. And it
wouldn't be off the top of her head: she worked with the higher court judge
and probably had something to do with writing the dissenting opinion. It's
her job, it's her background, and there is no reason for her to avoid
answering the question, in great detail.

Unless [he or] she's lying.

09:27 Onions too sexy for Facebook

An ad for onions was rejected by Facebook's automatic censor because the
onions were presented "in a sexually suggestive manner".

Full story at: https://www.bbc.com/news/54467384

 [This is a case of onion routing, in that the onion ads were routed. It
 should really make you want to cry. PGN]

09:27 Continuous glucose monitoring/insulin dosing systems

The National Diabetes Statistics Report, 2020, yields "Estimates of Diabetes
and Its Burden in the United States." The summary (pg. 3) states for
calendar year 2018:
https://www.cdc.gov/diabetes/pdfs/data/statistics/national-diabetes-statistics-report.pdf,

* 34.2 million people of all ages—or 10.5% of the US population—had
 diabetes.

* 34.1 million adults aged 18 years or older—or 13.0% of all U.S. adults
 —had diabetes (Table 1a; Table 1b).

* 7.3 million adults aged 18 years or older who met laboratory criteria for
 diabetes were not aware of or did not report having diabetes (undiagnosed
 diabetes, Table 1b). This number represents 2.8% of all US adults (Table
 1a) and 21.4% of all US adults with diabetes.

Page 15 summarizes health care costs:

The total direct and indirect estimated costs of diagnosed diabetes in the
United States in 2017 was US$ 327B.

Invoking https://catless.ncl.ac.uk/Risks/search?query=glucose reveals 10
prior posts from AUG2005 through APR2020 that discuss device/system safety,
and document patient quality of life impact.

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4667344/ (retrieved on
12OCT2020) summarizes continuous glucose monitor (CGM) and Insulin Dosing
(ID) device patient usage experience in the US and Germany. This limited
study does not provide device deployment estimates per 100,000 population
diagnosed with diabetes.

https://www.americanactionforum.org/research/understanding-the-insulin-market/
(retrieved on 14OCT) indicates that 8.3M patients in the US require insulin
to treat a diabetic condition. Patient insulin dependence is likely to
determine CGM/ID device eligibility. Given the National Diabetes Report, the
number of deployed devices is likely large (greater than 100,000) with
anticipated growth.

Refer to
https://www.niddk.nih.gov/health-information/diabetes/overview/managing-diabetes/continuous-glucose-monitoring
(retrieved on 12OCT2020) for an illustration and description of the major
device components used in an CGM.

The FDA's Total Product Lifecycle (TPLC) reporting system collates device
problems for integrated glucose monitor and insulin dosing devices. There
are four FDA allocated product codes: QFG, OZQ, OZP and OZO categorizing
these devices for certification and reporting purposes.

This risks submission summarizes TPLC tabulations for devices assigned to
product codes OZO and OZP. These product codes appear to possess the highest
density of CGM/ID device problems and medical device reports (MDRs). MDRs
usually originate from patient-device interactions that yield injury,
malfunction, death, or other significant events that merit MDR submission to
FDA's MAUDE utility.

For OZO, from 01JAN2015 to 30SEP2020
(https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=727&min_report_year=2015),
the Top-10 TPLC Device Problems (in CSV format):

Device Problems,MDRs with this Device Problem,Events in those MDRs
Device Displays Incorrect Message,49762,49762
Adverse Event Without Identified Device or Use Problem,28727,28727
Patient Device Interaction Problem,27400,27400
Obstruction of Flow,16925,16925
No Display/Image,16613,16613
Pumping Stopped,13318,13318
No Apparent Adverse Event,11854,11854
Mechanical Problem,10551,10551
Device Difficult to Program or Calibrate,10441,10441
Power Problem,10175,10175

The same report yields medical device reports (MDR) originating with
patients. Here's the Top-10:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs
No Consequences Or Impact To Patient,130842,130842
Hyperglycemia,73219,73219
No Known Impact Or Consequence To Patient,42242,42242
Hypoglycemia,22639,22639
Diabetic Ketoacidosis,5174,5174
Vomiting,1671,1671
Nausea,1583,1583
Death,881,881
Blood Loss,854,854
Loss of consciousness,770,770

For OZP, from 01JAN2015 to 30SEP2020
(https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=727&min_report_year=2015),
the Top-10 TPLC Device Problems (in CSV format):

Device Problems,MDRs with this Device Problem,Events in those MDRs
Patient Device Interaction Problem,47719,47719
Adverse Event Without Identified Device or Use Problem,31499,31499
No Apparent Adverse Event,20789,20789
Power Problem,11452,11452
Connection Problem,11060,11060
No Display/Image,10546,10546
Appropriate Term/Code Not Available,9079,9079
Device Alarm System,7415,7415
Mechanical Problem,6354,6354
Device Difficult to Program or Calibrate,6024,6024
Moisture or Humidity Problem,5974,5974

The same report yields medical device reports (MDR) originating with
patients. Here's the Top-10:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs:
No Consequences Or Impact To Patient,95530,95530
Hyperglycemia,36555,36555
Hypoglycemia,15859,15859
Diabetic Ketoacidosis,2550,2550
Blood Loss,1999,1999
Nausea,1142,1142
Vomiting,940,940
Abdominal Pain,447,447
Dyspnea,355,355
No Known Impact Or Consequence To Patient,332,332

09:27 Wearable tattoo: Scientists print sensors directly onto skin without heat

Engineers have developed a way to print biometric sensors onto skin, like a
non-permanent tattoo, without the use of heat.

In addition to being more comfortable and less intrusive than today's
wearable devices, the technology—described Monday *in the journal ACS
Applied Materials and Interfaces*
<https://pubs.acs.org/doi/10.1021/acsami.0c11479>—can also collect more
precise biometric measurements.

"In this article, we report a simple yet universally applicable fabrication
technique with the use of a novel sintering aid layer to enable direct
printing for on-body sensors," first author Ling Zhang, researcher in the
Harbin Institute of Technology in China, said in a news release.

Zhang and lead researcher Huanyu "Larry" Cheng, professor of engineering
science and mechanics at Penn State University, previously fabricated
flexible printed circuit boards for wearable devices. [...]
https://www.upi.com/Science_News/2020/10/12/Wearable-tattoo-Scientists-print-sensors-directly-onto-skin-without-heat/8371602507160/

09:27 International Statement: End-To-End Encryption and Public Safety

Department of Justice
Office of Public Affairs
FOR IMMEDIATE RELEASE
Sunday, October 11, 2020
International Statement: End-To-End Encryption and Public Safety

We, the undersigned, support strong encryption, which plays a crucial role
in protecting personal data, privacy, intellectual property, trade secrets
and cyber security. It also serves a vital purpose in repressive states to
protect journalists, human rights defenders and other vulnerable people, as
stated in the 2017 resolution of the UN Human Rights Council[1]
<https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftn2>
On 3 October 2019 NCMEC published a statement on this issue, stating that:
“If end-to-end encryption is implemented without a solution in place to
safeguard children, NCMEC estimates that more than half of its CyberTipline
reports will vanish.'' [3]
<https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftn3>
And on 11 December 2019, the United States and European Union (EU) issued a
joint statement making clear that while encryption is important for
protecting cyber security and privacy: “the use of warrant-proof encryption
by terrorists and other criminals =93 including those who engage in online
child sexual exploitation =93 compromises the ability of law enforcement
agencies to protect victims and the public at large.''[4]
<https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftn4>

*RESPONSE*

In light of these threats, there is increasing consensus across governments
and international institutions that action must be taken: while encryption
is vital and privacy and cyber security must be protected, that should not
come at the expense of wholly precluding law enforcement, and the tech
industry itself, from being able to act against the most serious illegal
content and activity online.

In July 2019, the governments of the United Kingdom, United States,
Australia, New Zealand and Canada issued a communique, concluding that:
“tech companies should include mechanisms in the design of their encrypted
products and services whereby governments, acting with appropriate legal
authority, can gain access to data in a readable and usable format. Those
companies should also embed the safety of their users in their system
designs, enabling them to take action against illegal content.''[5]
<https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftn5>
On 8 October 2019, the Council of the EU adopted its conclusions on
combating child sexual abuse, stating: “The Council urges the industry to
ensure lawful access for law enforcement and other competent authorities to
digital evidence, including when encrypted or hosted on IT servers located
abroad, without prohibiting or weakening encryption and in full respect of
privacy and fair trial guarantees consistent with applicable law.''[6]
<https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftn6>

The WePROTECT Global Alliance, NCMEC and a coalition of more than 100 child
protection organisations and experts from around the world have all called
for action to ensure that measures to increase privacy =93 including
end-to-end encryption =93 should not come at the expense of children's safety
[7]
<https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftn7>
.

*CONCLUSION*

We are committed to working with industry to develop reasonable proposals
that will allow technology companies and governments to protect the public
and their privacy, defend cyber security and human rights and support
technological innovation. While this statement focuses on the challenges
posed by end-to-end encryption, that commitment applies across the range of
encrypted services available, including device encryption, custom encrypted
applications and encryption across integrated platforms. We reiterate that
data protection, respect for privacy and the importance of encryption as
technology changes and global Internet standards are developed remain at
the forefront of each state's legal framework. However, we challenge the
assertion that public safety cannot be protected without compromising
privacy or cyber security. We strongly believe that approaches protecting
each of these important values are possible and strive to work with
industry to collaborate on mutually agreeable solutions.

*SIGNATORIES*

Rt Hon Priti Patel MP, United Kingdom Secretary of State for the Home
Department

William P. Barr, Attorney General of the United States

The Hon Peter Dutton MP, Australian Minister for Home Affairs

Hon Andrew Little MP, Minister of Justice, Minister Responsible for the
GCSB, Minister Responsible for the NZSIS

The Honourable Bill Blair, Minister of Public Safety and Emergency
Preparedness

India
Japan

*11 October 2020*

[1]
<https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftnref1>

https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftnref2>
WePROTECT
Global Alliance, *2019 Global Threat Assessment*, available online at: <
https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftnref3>
 https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftnref4>

https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftnref5>

https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftnref6>
 https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety#_ftnref7>

http://www2.paconsulting.com/rs/526-HZE-833/images/WePROTECT 2019 Global Threat Assessment (FINAL).pdf?_ga=3D2.109176709.1865852339.1591953966-1877278557.1591953966,
http://www.missingkids.org/blog/2019/post-update/end-to-end-encryption,
https://www.nspcc.org.uk/globalassets/documents/policy/letter-to-mark-zuckerberg-february-2020.pdf

https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety

09:27 'I Feel Like I Have Dementia': Brain Fog Plagues Covid Survivors

* The condition is affecting thousands of patients, impeding their ability
to work and function in daily life.*
https://www.nytimes.com/2020/10/11/health/covid-survivors.html

09:27 Updated Eusprig page

Ever seen a report on an out of date website and think "oops thats my job"?
So, I updated this page, please refresh to read it :)

http://www.eusprig.org/horror-stories.htm

My own analysis of the sorry tale is at
https://sysmod.wordpress.com/2020/10/13/uk-covid-19-track-trace-excel-snafu-uncontrolled-spreadsheets-lead-to-data-loss/

09:27 Herd immunity letter signed by fake experts including 'Dr Johnny Bananas

9 Oct 2020

An open letter that made headlines calling for a herd immunity approach to
Covid-19 lists a number of apparently fake names among its expert
signatories, including Dr Johnny Bananas and Professor Cominic Dummings.

The Great Barrington declaration, which was said to have been signed by more
than 15,000 scientists and medical practitioners around the world, was found
by Sky News to contain numerous false names, as well as those of several
homeopaths. [...]

https://www.theguardian.com/world/2020/oct/09/herd-immunity-letter-signed-fake-experts-dr-johnny-bananas-covid

09:27 A prison video visitation service exposed private calls between inmates and their attorneys

Fearing the spread of coronavirus, jails and prisons remain on
lockdown. Visitors are unable to see their loved ones serving time, forcing
friends and families to use prohibitively expensive video visitation
services that often don't work.

But now the security and privacy of these systems are under scrutiny after
one St Louis-based prison video visitation provider had a security lapse
that exposed thousands of phone calls between inmates and their families,
but also calls with their attorneys that were supposed to be protected by
attorney-client privilege. [...]

https://techcrunch.com/2020/10/10/prison-visitation-homewav-leak/

09:27 Fairfax County Schools Employee Data Leaked On Dark Web: Report

https://patch.com/virginia/vienna/fairfax-county-schools-employee-data-leaked-dark-web-report

09:27 Watch out for this green dot on your iPhone -- it means someone is watching

IF you've ever panicked that an app might be watching through your iPhone's
camera, Apple has got you covered.

The latest iPhone update adds a new "warning dot" that alerts you whenever
your microphone or camera is activated.

https://www.the-sun.com/lifestyle/tech/1595314/iphone-green-dot-orange-camera-microphone-notification-ios-14/

The risks? Not running current iOS, not noticing little dots on screen.

09:27 Indian Police Accuse Popular TV Station of Ratings Fraud

But this week, police officials in Mumbai accused Republic TV and two
smaller channels of rigging the ratings system by paying poor people the
equivalent of a few dollars a month to tune into the station and leave their
televisions on. In some cases, police officials said, people being bribed to
watch the English-language channel did not speak English and were annoyed to
tie up their television sets with programming that they couldn't even
understand. [...]

https://www.nytimes.com/2020/10/09/world/asia/india-republic-tv-ratings.html

09:27 Apple's T2 security chip has an unfixable flaw

Checkm8 vulnerability used to jailbreak iPhones hits Macs as well.

by Lily Hay Newman, wired.com
Oct 10, 2020

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

In general, the jailbreak community hasn't paid as much attention to macOS
and OS X as it has iOS, because they don't have the same restrictions and
walled gardens that are built into Apple's mobile ecosystem. But the T2
chip, launched in 2017, created some limitations and mysteries. Apple added
the chip as a trusted mechanism for securing high-value features like
encrypted data storage, Touch ID, and Activation Lock, which works with
Apple's "Find My" services. But the T2 also contains a vulnerability, known
as Checkm8, that jailbreakers have already been exploiting in Apple's A5
through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group
that developed the tool for iOS, has released support for T2 bypass. [...]

https://arstechnica.com/information-technology/2020/10/apples-t2-security-chip-has-an-unfixable-flaw/
https://www.wired.com/story/apple-t2-chip-unfixable-flaw-jailbreak-mac/

09:27 Hacking a Coffee Maker

[Excerpted from Bruce's CRYPTO-GRAM, 15 Oct 2020 by PGN[

[2020.09.29]
[https://www.schneier.com/blog/archives/2020/09/hacking-a-coffee-maker.html]
As expected, IoT devices are filled with vulnerabilities
[https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/]:

As a thought experiment, Martin Hron, a researcher at security company Avast
reverse-engineered one of the older coffee makers to see what kinds of hacks
he could do with it. After just a week of effort, the unqualified answer
was: quite a lot. Specifically, he could trigger the coffee maker to turn on
the burner, dispense water, spin the bean grinder, and display a ransom
message, all while beeping repeatedly. Oh, and by the way, the only way to
stop the chaos was to unplug the power cord. [...]

In any event, Hron said the ransom attack is just the beginning of what an
attacker could do. With more work, he believes, an attacker could program a
coffee maker—and possibly other appliances made by Smarter—to attack
the router, computers, or other devices connected to the same network. And
the attacker could probably do it with no overt sign anything was amiss.

 [No surprise. This is just one more example of the risks related to the
 Internet of Things, and of course to the Things Themselves. PGN]

09:27 Israel cyber watchdog rests on the sabbath

https://www.israeldefense.co.il/he/node/45782">https://www.israeldefense.co.il/he/node/45782
 (In Hebrew; does not appear in the English-language version)

The Israel Lands Administration (a governmental department) has setup a
cyber war-room

SOC/SIEM for cyber support in cases of problems or the need to escalate
issues to suppliers (rough translation) The centre will supply support 24
hours Sunday to Thursday, half-day on Friday, and none on Saturday.

Do not waste your time attacking the Lands Adminstration sites on weekdays.

09:27 SpaceX Is Building a Military Rocket to Ship Weapons Anywhere in the World in 1 hour

Fresh Delivery

SpaceX and the Pentagon just signed a contract to jointly develop a new
rocket that can launch into space and deliver up to 80 tons of cargo and
weaponry anywhere in the world — in just one hour.

Tests on the rocket are expected to begin as early as next year, *Business
Insider
<https://www.businessinsider.com/musks-spacex-partners-us-military-to-deliver-weapons-by-rockets-2020-10>reports
<https://www.businessinsider.com/musks-spacex-partners-us-military-to-deliver-weapons-by-rockets-2020-10>*.
It's expected to shuttle weapons around the world 15 times faster than
existing aircraft, like the US C-17 Globemaster.

“Think about moving the equivalent of a C-17 payload anywhere on the globe
in less than an hour,'' General Stephen Lyons, head of US Transportation
Command said at a Wednesday conference
<https://www.ndtahq.com/events/fall-meeting/>. Military Contractor

The new contract is further evidence that SpaceX is leaning hard into
military partnerships. Earlier this week, the private space company won a
contract with the military's Space Development Agency to *manufacture four
missile-tracking satellites*.
<https://futurism.com/the-byte/pentagon-commissioned-spacex-build-missile-tracking-satellites>

Prior to that, the *Army approached SpaceX*
<https://futurism.com/the-byte/us-military-access-spacex-satellite-constellation>
about turning its constellation of Starlink broadband satellites into a new
military navigation network, and Space Force officials let slip earlier this
year that they were *already working closely*
<https://futurism.com/the-byte/space-force-elon-musk> with SpaceX after
awarding the company a contract *in August*, *BI* reports. History Rhymes
<https://www.businessinsider.com/spacex-wins-space-force-rocket-launch-nssl-agreement-40-percent-2020-8>

The new weapon delivery system resembles a militarized version of something
that SpaceX CEO proposed *back in 2017*
<https://techcrunch.com/2017/09/28/spacex-plans-to-use-spaceships-for-earth-passenger-transit/>,
when he talked about passenger space travel.

Back then, Musk proposed launching passengers into space and then quickly
landing them back down closer to their destination. The new plan is highly
similar, just with weapons rather than people.

READ MORE: The US military and Elon Musk are planning a 7,500 mph rocket
that can deliver weapons anywhere in the world in an hour
<https://www.businessinsider.com/musks-spacex-partners-us-military-to-deliver-weapons-by-rockets-2020-10>
 [*Business Insider*]

More on SpaceX: *The US Military Wants Access to SpaceX's Satellite
Constellation
<https://futurism.com/the-byte/us-military-access-spacex-satellite-constellation>*

https://futurism.com/the-byte/spacex-building-military-rocket-to-ship-weapons-anywhere-world

09:27 The Man Who Speaks Softly -- and Commands a Big Cyber Army

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US
military how to launch pervasive cyberattacks. And he did it all without you
noticing.

https://www.wired.com/story/general-paul-nakasone-cyber-command-nsa/

09:27 Fifth of countries at risk of ecosystem collapse, analysis finds

Trillions of dollars of GDP depend on biodiversity, according to Swiss
report

One-fifth of the world's countries are at risk of their ecosystems
collapsing because of the destruction of wildlife and their habitats,
according to an analysis by the insurance firm Swiss Re.

Natural services such as food, clean water and air, and flood protection
have already been damaged by human activity.

More than half of global GDP—$42tn - depends on high-functioning
biodiversity, according to the report, but the risk of tipping points is
growing.

Countries including Australia, Israel and South Africa rank near the top of
Swiss Re's index of risk to biodiversity and ecosystem services, with
India, Spain and Belgium also highlighted. Countries with fragile
ecosystems and large farming sectors, such as Pakistan and Nigeria, are
also flagged up.

Countries including Brazil and Indonesia had large areas of intact
ecosystems but had a strong economic dependence on natural resources, which
showed the importance of protecting their wild places, Swiss Re said.

“CA staggering fifth of countries globally are at risk of their ecosystems
collapsing due to a decline in biodiversity and related beneficial
services,'' said Swiss Re, one of the world's biggest reinsurers and a
linchpin of the global insurance industry.

“If the ecosystem service decline goes on [in countries at risk], you would
see then scarcities unfolding even more strongly, up to tipping points,''
said Oliver Schelske, lead author of the research.

Jeffrey Bohn, Swiss Re's chief research officer, said: “This is the first
index to our knowledge that pulls together indicators of biodiversity and
ecosystems to cross-compare around the world, and then specifically link
back to the economies of those locations.''

The index was designed to help insurers assess ecosystem risks when setting
premiums for businesses but Bohn said it could have a wider use as it
“allows businesses and governments to factor biodiversity and ecosystems
into their economic decision-making.''

The UN revealed in September that the world's governments failed to meet a
single target to stem biodiversity losses in the last decade, while leading
scientists warned in 2019 that humans were in jeopardy from the
accelerating decline of the Earth's natural life-support systems. More than
60 national leaders recently pledged to end the destruction.

The Swiss Re index is built on 10 key ecosystem services identified by the
world's scientists and uses scientific data to map the state of these
services at a resolution of one square kilometre across the world's land.
The services include provision of clean water and air, food, timber,
pollination, fertile soil, erosion control, and coastal protection, as well
as a measure of habitat intactness.

Those countries with more than 30% of their area found to have fragile
ecosystems were deemed to be at risk of those ecosystems collapsing. Just
one in seven countries had intact ecosystems covering more than 30% of
their country area.

Among the G20 leading economies, South Africa and Australia were seen as
being most at risk, with China 7th, the US 9th and the UK 16th.

Alexander Pfaff, a professor of public policy, economics and environment at
Duke University in the US, said: “Societies, from local to global, can do
much better when we not only acknowledge the importance of contributions
from nature—as this index is doing—but also take that into account in
our actions, private and public.'' [...]
https://www.theguardian.com/environment/2020/oct/12/fifth-of-nations-at-risk-of-ecosystem-collapse-analysis-finds

09:27 This Ferrari got bricked because someone tried to upgrade it underground, where there's no cell reception. DRM in cars rules.

https://twitter.com/internetofshit/status/1315736960082808832
which leads to
https://old.reddit.com/r/Justrolledintotheshop/comments/j914fh/dude_comes_straight_from_the_dealership_for_a/

09:27 Cruise received a permit from the California DMV to remove human backup drivers from our self-driving cars

https://twitter.com/Cruise/status/1316786478291320834

 [Gives new meaning to Cruise control, or the lack thereof? PGN]

09:27 Car design about to change forever?

Electric vehicles are incredible. Beyond eliminating fossil fuels, they are
whisper quiet, accelerate faster than gasoline cars, and according to *a new
Consumer Reports study*
<https://arstechnica.com/cars/2020/10/owning-an-electric-car-really-does-save-money-consumer-reports-finds/>,
operate with less expensive maintenance over time. But one of the biggest
benefits of EVs that they are *revolutionizing*
<https://www.fastcompany.com/90534847/why-the-car-of-the-future-is-more-like-a-lego-set-than-a-bond-ride>
the way cars are built.

How? As this new video from Israeli startup Ree demonstrates, the EV of
tomorrow is basically just a giant skateboard. With tiny motors placed
inside the wheels, the car can assume any form imaginable; any sort of
seating or storage arrangement can be built right on top of this flat base.

Traditional gas cars were built atop a flat chassis, too. But that chassis
was hardly so self contained. Components like your engine and steering
system are on top. Then the motor propels a complex series of axles under
the car. Of course you have brakes, suspension, cooling systems, gas lines,
and other systems to snake around, too. It all adds up to *30,000 parts*
<https://www.ft.com/content/a2b8cf3a-1e14-11e9-b126-46fc3ad87c65>, newer
startups like *Rivian*
<https://www.fastcompany.com/90406937/amazon-plans-to-have-100000-electric-delivery-vans-on-the-road-by-2030>,
and even *Tesla*
<https://cleantechnica.com/2020/06/19/history-of-electric-cars-using-skateboard-platforms/>.
But Ree's new video, seen here, is the first time I've witnessed the odd
spectacle of these flat chassis whipping around a track with no other
filigree attached. [...]

https://www.fastcompany.com/90562654/car-design-is-about-to-change-forever-this-video-encapsulates-how

09:27 Split-Second `Phantom' Images Can Fool Tesla's Autopilot

*Researchers found they could stop a Tesla by flashing a few frames of a
stop sign for less than half a second on an Internet-connected billboard.*

SAFETY CONCERNS OVER automated driver-assistance systems like Tesla's
usually focus on what the car can't see, like the white side of a truck that
one Tesla confused with a bright sky in 2016, leading to the death of a
driver.
<https://www.wired.com/2016/06/teslas-autopilot-first-deadly-crash/> But one
group of researchers has been focused on what autonomous driving systems
might see that a human driver doesn't—including "phantom" objects and
signs that aren't really there, which could wreak havoc on the road.

Researchers at Israel's Ben Gurion University of the Negev have spent the
last two years experimenting with those "phantom" images to trick
semi-autonomous driving systems <https://www.nassiben.com/phantoms>. They
previously revealed that they could use split-second light projections on
roads to successfully trick Tesla's driver-assistance systems into
automatically stopping without warning when its camera sees spoofed images
of road signs or pedestrians. In new research, they've found they can pull
off the same trick with just a few frames of a road sign injected on a
billboard's video. And they warn that if hackers hijacked an
Internet-connected billboard to carry out the trick, it could be used to
cause traffic jams or even road accidents while leaving little evidence
behind.

"The attacker just shines an image of something on the road or injects a
few frames into a digital billboard, and the car will apply the brakes or
possibly swerve, and that's dangerous," says Yisroel Mirsky, a researcher
for Ben Gurion University and Georgia Tech who worked on the research,
which will be presented next month at the ACM Computer and Communications
Security conference. "The driver won't even notice at all. So somebody's
car will just react, and they won't understand why."

In their first round of research, published earlier this year
<https://arstechnica.com/cars/2020/01/how-a-300-projector-can-fool-teslas-autopilot/>,
the team projected images of human figures onto a road, as well as road
signs onto trees and other surfaces. They found that at night, when the
projections were visible, they could fool both a Tesla Model X running the
HW2.5 Autopilot driver-assistance system—the most recent version available
at the time, now the second-most-recent —and a Mobileye 630 device. They
managed to make a Tesla stop for a phantom pedestrian that appeared for a
fraction of a second, and tricked the Mobileye device into communicating
the incorrect speed limit to the driver with a projected road sign.

In this latest set of experiments, the researchers injected frames of a
phantom stop sign on digital billboards, simulating what they describe as a
scenario in which someone hacked into a roadside billboard to alter its
video. They also upgraded to Tesla's most recent version of Autopilot known
as HW3. They found that they could again trick a Tesla or cause the same
Mobileye device to give the driver mistaken alerts with just a few frames
of altered video. [...]
https://www.wired.com/story/tesla-model-x-autopilot-phantom-images/

 [Richard Stein noted
 Advanced driver-assistance systems found to be susceptible to
 split-second flash phantoms (Techxplore.com)
https://techxplore.com/news/2020-10-advanced-driver-assistance-susceptible-split-second-phantoms.html

09:27 From a small town in North Carolina to big-city hospitals, how software infuses racism into U.S. health care

Casey Ross, StatNews, 13 Oct 2020
https://www.statnews.com/2020/10/13/how-software-infuses-racism-into-us-health-care/

 A STAT investigation found that a common method of using analytics
 software to target medical services to patients who need them most is
 infusing racial bias into decision-making about who should receive
 stepped-up care. While a study published last year documented bias in the
 use of an algorithm in one health system, STAT found the problems arise
 from multiple algorithms used in hospitals across the country. The bias is
 not intentional, but it reinforces deeply rooted inequities in the
 American health care system, effectively walling off low-income Black and
 Hispanic patients from services that less sick white patients routinely
 receive.

09:27 Inside the strange new world of being a deepfake actor

*There's an art to being a performer whose face will never be seen.*

In 2019, two multimedia artists, Francesca Panetta and Halsey Burgund, set
about to pursue a provocative idea. Deepfake video and audio had been
advancing in parallel but had yet to be integrated into a complete
experience. Could they do it in a way that demonstrated the technology's
full potential while educating people about how it could be abused?

To bring the experiment to life, they chose an equally provocative subject:
they would create an *alternative history of the 1969 Apollo moon landing*
<https://moondisaster.org/>. Before the launch, US president Richard
Nixon's speechwriters had prepared two versions of his national address—one
designated “*In Event of Moon Disaster*
<https://www.archives.gov/files/presidential-libraries/events/centennials/nixon/images/exhibit/rn100-6-1-2.pdf>,''
in case things didn't go as planned. The real Nixon, fortunately, never had
to deliver it. But a deepfake Nixon could.

So Panetta, the creative director at MIT's Center for Virtuality, and
Burgund, a fellow at the MIT Open Documentary Lab, partnered up with two AI
companies. *Canny AI* <https://www.cannyai.com/> would handle the deepfake
video, and *Respeecher* <https://www.respeecher.com/> would prepare the
deepfake audio. With all the technical components in place, they just
needed one last thing: an actor who would supply the performance.

“We needed to find somebody who was willing to do this, because it's a
little bit of a weird ask,'' Burgund says. “Somebody who was more flexible
in their thinking about what an actor is and does.''

While deepfakes have now been around for a number of years, deepfake casting
and acting are relatively new. Early deepfake technologies weren't very
good, used primarily in dark corners of the Internet to swap celebrities
into porn videos without their consent. But as deepfakes have grown
increasingly realistic, more and more artists and filmmakers have begun
using them in broadcast-quality productions and TV ads. This means hiring
real actors for one aspect of the performance or another. Some jobs require
an actor to provide `base' footage; others need a voice.

For actors, it opens up exciting creative and professional possibilities.
But it also raises a host of ethical questions. “This is so new that
there's no real process or anything like that,'' Burgund says. “I mean, we
were just sort of making things up and flailing about.'' “Want to become
Nixon?'' [...]
https://www.technologyreview.com/2020/10/09/1009850/ai-deepfake-acting/

09:27 A different way the news is dividing America

https://finance.yahoo.com/news/a-different-way-the-news-is-dividing-america-113945965.html

The 'information haves' subscribe to be informed: they can afford it, and
possess the luxurious volition to ignore or believe the published content.

The 'information have-nots' have no choice. They are routinely
under-informed or misinformed by "pink slime news:" freely accessible robot
news sources or scripted news services that promote divisive propaganda
designed to mislead and compel conflict.

"Pink slime journalism is at its core about two things; getting clicks for a
quick buck, or furthering a political agenda—often the far-right or
foreign state actors, such as the Russians. In many cases these factors are
conflated into a foul, bubbling cauldron of propaganda, salaciousness and
lies."

"Think about the people who pay for the New York Times (NYT) (6.5 million
digital subscribers), the Wall Street Journal, (2.2 million), the Washington
Post, (2 million), the FT (750,000) etc.—and the people who, well,
don't. 'Redlining news and information is basically saying lower
socioeconomic households won't have access because they are unwilling or
unable to pay for information and therefore relegated to a poor news diet,'
says Victor Pickard, professor at the Annenberg School of Communication at
the University of Pennsylvania and author of 'Democracy without Journalism?
Confronting the Misinformation Society' 'It's very dangerous for a
democratic society.'"

Information source redlining reinforces economic dislocation. How can a
society's citizens become globally competitive when so many are denied
affordable or free access to viable and foundational information sources?
These sources help guide daily and long-term decisions governing their
personal health, economic welfare, or loyalty?

The "pink slime information" publication problem appears intractable to
resolve given short-term economic incentives that promote circulation.
These incentives outweigh priorities that government institutions and
programs established to benefit education, and create a functional
democracy.

That citizens of a democracy cannot afford to access viable and factual
information seems unconstitutional, a textbook case of big-tech capitalism
on overdrive (see
https://www.scientificamerican.com/article/big-tech-out-of-control-capitalism-and-the-end-of-civilization/
retrieved on 11OCT2020 by John Horgan).

Suppose there was an legally enforceable tax on pink slime information
publication. The hypothetical "Pink Slime Information Taxation Act"
authorizes government revenue collection from "pink slime publication"
platforms. The taxes subsidizes public education: school districts receive
grants and vouchers that enable students (and families) to access certified
"non-pink slime" information sources.

Does democracy's long-term survival depend on The Pink Slime Information
Detector (see https://en.wikipedia.org/wiki/I_know_it_when_I_see_it)? It
might be only a few keystrokes away from open source release. The "Daily
Planet" headline from 04OCT2027 says it all: "Literature Nobel Prize Winner:
Pink Slime Taxes Taught Me To Write."

09:27 Severed cable takes out Virginia voter site on registration deadline

https://arstechnica.com/tech-policy/2020/10/severed-cable-takes-out-virginia-voter-site-on-registration-deadline/

Contractor installing a sewer line hit an unmarked cable.

MORE added by PGN:

https://www.wric.com/news/virginia-news/virginias-state-agency-websites-experiencing-outages/

https://www.oag.state.va.us/media-center/news-releases/1852-october-14-2020-judge-approves-attorney-general-herring-s-agreement-to-extend-voter-registration-deadline

https://www.wric.com/news/virginia-news/calls-mount-to-extend-virginias-voter-registration-deadline-as-online-system-goes-down/

 The RISKS archives are laden with accidental cable cuts. PGN

09:27 Campaigns sidestep Cambridge Analytica crackdown with new methods

"Your early vote has not been recorded," one text message said, with a link
for more information.

Other messages tell voters they are not registered, or offer unverified
information about a political opponent.

Fraudulent messages like these are drawing attention as political campaigns
ramp up data collection and voter targeting using their own technology to
circumvent restrictions imposed by social media platforms following the
Cambridge Analytica scandal.

Facebook barred apps which scraped data on users and their contacts after
revelations about the now-defunct British consulting group. But in
response, President Donald Trump's campaign and some activist groups are
using their own methods.

"What we are seeing is almost more potent than in 2016," said Samuel
Woolley, a University of Texas professor who leads propaganda research at
the school's Center for Media Engagement

Woolley's team, which examined messages such as the above-referenced ones,
found that the Trump mobile app, and to a lesser extent those of Democrat
Joe Biden and other political activist groups, scoop up data to create
profiles to craft personalized, targeted messages by SMS, email or social
media. [...]
https://www.msn.com/en-us/news/world/campaigns-sidestep-cambridge-analytica-crackdown-with-new-methods/ar-BB19TX2S

09:27 Court Orders Seizure of Ransomware Botnet Controls as U.S. Election Nears

Joseph Menn and Chris Bing, Reuters, 12 Oct 2020
via ACM TechNews, 14 Oct 2020

Microsoft on Monday said it had seized via federal court order Internet
Protocol (IP) addresses that had been directing activity on computers
infected with Trickbot malware. Microsoft warned that Trickbot has infected
a number of public government agencies, which could suffer worse damage if
the operators encrypt files or install programs that interfere with voter
registration records or the display and public disclosure of election
results. Microsoft worked with companies including security firm ESET to
disassemble Trickbot installations and trace them to their command IP
addresses, and invoked copyright law to secure the court order. Said
Microsoft's Tom Burt, "Ransomware is one of the largest threats to the
upcoming election."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-277e7x22591cx066339&

09:27 Various election shenanigans

[RISKS readers should not be surprised by these items:]

RUSSIAN BOTNETS:

Microsoft takes down massive hacking operation that could have affected the
election (CNN); Federal judge rejects GA challenge

Microsoft seeks to disrupt Russian criminal botnet it fears could seek to
sow confusion in the presidential election

MS won a court order to seize servers used by the Trickbot botnet, a network
of infected computers that Microsoft says might have been used to lock up
voter-registration systems.

https://www.washingtonpost.com/technology/2020/10/12/microsoft-trickbot-ransomware
https://www.cnn.com/2020/10/12/tech/microsoft-election-ransomware/index.html

RANSOMWARE:

https://www.cnn.com/2020/10/12/tech/microsoft-election-ransomware/index.html

Of course this is ridiculous, but ignores all of the warnings about
connecting any critical system to the Internet.

GEORGIA RULING:

Federal judge rejects challenge to touch-screen voting machines in Georgia

https://www.nytimes.com/live/2020/10/12/us/trump-vs-biden/as-early-voting-begins-in-georgia-a-judge-rejects-a-challenge-to-touch-screen-voting-machines

A federal judge on Sunday night left in place Georgia's new $108 million
touch-screen voting system, rejecting a call by election-integrity
advocates to switch to handwritten paper ballots hours before Georgians
flooded polling sites for the first day of early voting.

At least one local official in Atlanta reported technical glitches, similar
to problems that plagued the machines during primaries earlier this year.

REPUBLICAN-OWNED DROP-BOXES for your ballots:

Private phony drop-boxes that the Republicans are appearing in California
that claim to be "Official Drop Boxes".
https://www.cnn.com/2020/10/12/tech/microsoft-election-ransomware/index.html

California Officials Tell State GOP To Stop Distributing Ballot Drop Boxes
(NPR)
https://www.npr.org/2020/10/12/923119170/california-officials-tell-state-gop-to-stop-distributing-ballot-drop-boxes?utm_medium=RSS&utm_campaign=news

Hide

Show 16 Fri 09:27 AndroidAuthority [6]

09:27 OnePlus 8T vs Samsung Galaxy S20 FE: Which is right for you?
We compare the new OnePlus 8T vs Samsung Galaxy S20 FE, two very affordable but powerful Android smartphones.

09:27 Missed Prime Day? Here are 12 great Amazon deals you can still find
Prime Day may be over, but someone at Amazon HQ forgot to jack some of the prices back up.

09:27 Samsung mocks Apple's lack of charger, but how long until it backpedals?
Samsung previously mocked Apple's lack of a 3.5mm port in videos, only to delete said clips when it dropped the port too.

09:27 OnePlus is making a limited edition Cyberpunk 2077 version of the OnePlus 8T
OnePlus' first gaming partnership will bring a special Cyberpunk 2077 phone on November 9.

09:27 Leak suggests Huawei's first ANC headphones will take aim at Sony and Bose
Looks like Huawei is getting ready for the big leagues in the wireless headset space.

09:27 Xiaomi Mi Smart Speaker could soon arrive in Europe for under €60
Xiaomi could lay down a serious challenge to Google's Nest products at this price.
Hide

Show 16 Fri 09:21 HackerNews [6]

Show 16 Fri 09:21 The-Verge-Mobile [2]

09:21 Verizon pulls misleading ads claiming its 5G service is �necessary' for firefighters
Illustration by Alex Castro / The Verge

Verizon has agreed to pull 5G advertisements claiming its new network was �built for� firefighters and first responders, after the National Advertising Division and the Better Business Bureau began looking into the ads following complaints they were misleading.

The decision, first reported by Ars Technica, follows Verizon's announcement earlier this week that it would be expanding its low-band 5G coverage to tens of millions more customers in the US, in conjunction with the launch of Apple's new 5G-ready iPhone 12 line.

The ads in question, however, predated Verizon's nationwide 5G rollout and began airing first as part of a 5G Super Bowl ad campaign. The campaign touted Verizon's supposedly speedier network technology as purposefully...

09:21 Twitter's massive outage may be over, company says �no evidence' of hack
Illustration by Alex Castro / The Verge

Twitter has been experiencing an outage that began in the early evening on Thursday, with some users reporting problems sending tweets and refreshing their timelines starting shortly after 5:30PM ET. Just after 7PM ET, tweets began to cross our timelines, and things may be returning to normal.

�We have no evidence of a security breach or hack, and we're currently investigating internal causes,� a Twitter spokesperson said in a statement to The Verge. Twitter posted a similar message to its status page and via the @TwitterSupport Twitter account.

Twitter has been down for many of you and we're working to get it back up and running for everyone.

We had some trouble with our internal systems and don't have any evidence of a security...

Continue reading...
Hide

Show 16 Fri 09:21 The-Verge-Android [5]

09:21 Google is beginning the forced migration from Hangouts to Chat next year
Illustration: Alex Castro / The Verge

Google will officially transition users from Google Hangouts to Google Chat starting next year. As part of the change, Chat, a messaging service previously only available to customers who pay for Google Workspace (the recent rebranding of G Suite), will become a free service that's available inside of Gmail and in a standalone app. And some Hangouts features will be going away ahead of its disappearance.

The transition from Hangouts to Chat will begin sometime in the first half of 2021, when Google will offer tools to help automatically bring your Hangouts conversations, contacts, and chat history to Chat, according to a blog post. It's unclear what steps will be required for that migration, but Google says it will share guidance at some...

09:21 Google's new �hum to search' feature can figure out the song that's stuck in your head

Google is adding a new �hum to search� feature to its search tools today that will let you hum (or whistle, or sing) the annoying song that's stuck in your head, and then use machine learning techniques to try to identify it.

The new feature is available today in the Google app on both iOS and Android, or in Google Assistant � just ask Google �What's the song� or tap the newly added �search a song� button, and then hum your earworm. Google will then show you results based on how likely a match it thinks it is, after which you'll be able to tap results to listen to it (just like you would any other song that you looked up in Google search).

Google says that the feature works by using its machine learning models to...

09:21 Google search is getting new AI tools to decipher your terrible spelling
Illustration by Alex Castro / The Verge

Google detailed a host of new improvements at its �Search On� event that it will make to its foundational Google search service in the coming weeks and months. The changes are largely focused on using new AI and machine learning techniques to provide better search results for users. Chief among them: a new spell checking tool that Google promises will help identify even the most poorly spelled queries.

According to Prabhakar Raghavan, Google's head of search, 15 percent of Google search queries each day are ones that Google has never seen before, meaning the company has to constantly work to improve its results.

Part of that is because of poorly spelled queries. According to Cathy Edwards, VP engineering at Google, 1 in...

09:21 Your new Samsung smart TV will soon double as a Google Assistant microphone
Illustration by Alex Castro / The Verge

Google Assistant is now available on newer Samsung smart TVs in the US, the companies announced. The AI helper will be available on Samsung 2020 smart TV models, including the 2020 8K and 4K QLED models, the 2020 Crystal UHD TVs, 2020 Frame and Serif sets, and 2020 Sero and Terrace models. The update will be available in the US first and roll out to more countries soon, according to Google.

Pressing down on the TV's remote control mic will activate Assistant, and users will be able to switch channels, open apps, and adjust the TV's volume with voice commands. The TVs already had voice command settings available that could be controlled with the mic on the remote, but you'll have to tell it you want to use Google Assistant rather than...

09:21 Google is making US voting locations easier to find via search and its Assistant
Google is providing information about voting locations as part of the measures. | Image: Google

Google is adding new election features to its voice assistant, Google Search, and Google Maps, to make it easier for US citizens to find voting locations ahead of the election next month. In Google Search, queries like �early voting locations� and �ballot drop boxes near me� will give details about where you can vote in person or return mail-in ballots, while asking the Google Assistant where to vote will �soon� provide relevant information on your phone, speaker, or smart display, Google says.

Then, once you've found a location, Google says its Maps service can now give you directions to voting or ballot drop box locations, and will provide information about voting hours.

Continue reading...
Hide

Show 16 Fri 09:21 lwn.net [3]

09:21 Security updates for Thursday
Security updates have been issued by Arch Linux (chromium), Debian (httpcomponents-client), Fedora (claws-mail), SUSE (bcm43xx-firmware, crmsh, libqt5-qtimageformats, libqt5-qtsvg, php53, php7, and rubygem-activesupport-4_2), and Ubuntu (php5, php7.0, php7.2, php7.4, python2.7, python3.4, python3.5, python3.6, and vim).

09:21 [$] The Arm64 memory tagging extension in Linux
One of the first features merged for the 5.10 kernel development cycle was support for the Arm v8.5 memory tagging extension [PDF]. By adding a "key" value to pointers, this mechanism enables the automated detection of a wide range of memory-safety issues. The result should be safer and more secure code � once support for the feature shows up in actual hardware.

09:21 linux.conf.au 2021 call for sessions and miniconfs
The 2021 edition of linux.conf.au will be held online on January 23-25, 2021; the call for proposals has gone out with a relatively tight deadline of November 6. "Our theme is 'So what's next?'. We all know we're living through unprecedented change and uncertain times. How can open source play a role in creating, helping and adapting to this ongoing change? What new developments in software and coding can we look forward to in 2021 and beyond?" Since there is no travel involved, this is a rare opportunity for those who have not normally been able to participate in LCA.
Hide

Show 16 Fri 09:21 Anandtech [1]

09:21 The Corsair H150i Elite Capellix AIO Cooler Review: Go Big Or Go Home

Today we are taking a look at the largest member of Corsair's new Elite Capellix AIO cooler family, the H150i Elite Capellix. An upgrade for the renowned H150i Pro RGB, the H150i Elite Capellix features a 400 mm long radiator that holds three 120 mm fans, all the while incorporating improved iCUE integration and more powerful cooling fans.

Hide

Show 16 Fri 08:51 Slashdot [2]

08:51 NASA Funds Nokia Plan To Provide Cellular Service On Moon
schwit1 shares a report from UPI: NASA will fund a project by Nokia to build a 4G cellular communication network on the moon with $14.1 million, the space agency announced. That project was part of $370 million in new contracts for lunar surface research missions NASA announced Wednesday. Most of the money went to large space companies like SpaceX and United Launch Alliance to perfect techniques to make and handle rocket propellant in space. The space agency must quickly develop new technologies for living and working on the moon if it wants to realize its goal to have astronauts working at a lunar base by 2028, NASA Administrator Jim Bridenstine said in a live broadcast.

Read more of this story

05:51 A Dead Soviet Satellite and An Old Rocket Booster Could Collide In Space Tonight
Space traffic experts are tracking two pieces of orbital garbage that appear to be careening toward each other: A defunct Soviet satellite and a discarded Chinese rocket booster that are expected to nearly miss each other -- with a slight chance of colliding -- Thursday evening. CNN reports: No one knows for sure if the objects will collide, and near-misses happen in space all the time. But LeoLabs, a California-based startup that uses ground-based radars to track spaceborne objects, is putting the odds of collision at 10% or more. That's high, but not uncommon LeoLabs CEO Daniel Ceperley told CNN Business on Thursday. "Multiple times a week we're seeing dead satellites come within 100 meters of each other, moving at tremendous speeds," Ceperley said. The company decided to raise public awareness about this particular event, he said, because the two objects are both large -- and likely to create an enormous debris field if they collide -- and because they're in an area of orbit that's still relatively clean compared to nearby orbits. The company is also trying to raise more general public awareness about the debris problem, he said. The Soviet satellite, which launched to space in 1989 and was used for navigation, weighs nearly 2,000 pounds and is 55 feet long, according to Jonathan McDowell, an astronomer at the Harvard-Smithsonian Center for Astrophysics. And the rocket booster, part of a Chinese Long March launch vehicle that likely launched in 2009, is about 20 feet long. Neither of the objects is still in use. If the rocket and satellite do collide, it would be the first time in more than a decade that two objects spontaneously collided in space -- a situation space traffic experts have hoped desperately to avoid.

Read more of this story
Hide

Show 16 Fri 05:25 lwn.net-comments [16]

05:25 An open letter to Apache OpenOffice

This isn't the place for this.

05:25 BleedingTooth: critical kernel Bluetooth vulnerability

Also, new kernel builds for F31/32/33 are available.

05:25 A PHP syntax for discardable assignments

Okay, that makes a bit more sense.

05:25 BleedingTooth: critical kernel Bluetooth vulnerability

Other comments were suggesting 5.9 doesn't actually have most of the fixes and Intel even removed the kernel version to upgrade recommendation from their advisory since this morning.

Did Fedora get them backported? I guess I could go dig through Koji to see what got built.

05:25 Further analysis of PyPI typosquatting

Maybe something like crev then? https://github.com/crev-dev/crev

05:25 The Arm64 memory tagging extension in Linux

Does anyone know where are the 'Tag Granule' keys are stored?

Presumably somewhere there needs to be 4-bits stored for every 16-bytes of tagged memory, so 3.125% memory overhead. I'm guessing something like a page table and TLB type arrangement is used by the processor to lookup the key for each memory area, but I can't find a description of it.

05:25 Development quotes of the week

An even better quote of that article is about our current state of the Internet for non-techies:

> turning the web into five giant websites filled with screenshots from the other four.

05:25 The Arm64 memory tagging extension in Linux

Also the STE instruction only sets the tag for one 16-byte granule. If an address is a pointer to a structure that may be tens to thousands of bytes in size, presumably the code would have to loop through the whole structure setting the same tag for every granule that belongs to it. Not a problem for code that only uses malloc() which should take care of that, but some programs use their own allocators. I guess they shouldn't break as long as they're using malloc() to begin with, but unless they are made aware of this the advantage would be reduced.

05:25 The Arm64 memory tagging extension in Linux
Yes, it sounds like there is some overhead initialising memory too, though there is a STZGM instruction to set tags while zeroing blocks of memory.

Elsewhere I read that if the compiler is modified to use MTE on each stack frame, things like char path[PATH_MAX] on the stack can have excessive overhead as it requires tagging in the function prologue, but paths will typically be shorter than PATH_MAX.

PATH_MAX is kinda broken anyway, but it's an example where large stack buffers may have increased cost.

Security is rarely free, but still usually worthwhile.

05:25 Tags are stored in separate physical memory

I had the same question as mm7323. I happen to have the Armv8-A Architecture Reference Manual open, so I did a text search. I was surprised by what I found: you need separate physical memory!

�Tag load and store instructions to access Allocation tags in a tag physical address space, separate to the data physical address space accessed by data load and store instructions to access data in normal memory and devices.�
� §D6.1 on p2660 (of 7900!)

So chips which support MTE need to store a 4-bit tags for every 16-byte �granule' of data. Moreover, tags applies to Logical Addresses, ie., virtual addresses, so you need enough tag storage to cover all the virtual addresses you will ever allocate.

If you require physical memory to be contiguous, you could just reserve some of it at boot time by setting a single implementation-specific register. But if you want to allow non-contiguous physical memory ranges, you might want multiple registers. Supporting hot-plugging of memory would be quite hairy. Maybe MTE and hot-pluggable memory would be mutally exclusive?

Are there any chips which support MTE on the market yet? Does anyone know how they handle tag storage?

05:25 Tags are stored in separate physical memory

Wowsers. I wonder what happens when you try and set more tags than there is memory to store the granule keys...

I also don't see an instruction to 'unset' a key either.

05:25 Further analysis of PyPI typosquatting

Crowdsourced code review is definitely something awesome that the world needs. I imagine it would be an incredibly complex thing to do correctly though.

05:25 Wishing David Miller well

Best wishes for the recovery and for living with it afterwards!

05:25 Tags are stored in separate physical memory

In answer to my own question, and having looked at the reference manual, it looks like the tags are translated from the virtual into physical tags, then keys looked up at that point.

Therefore there just needs to be $mem/32 bytes of extra RAM set aside for storing the Granule tags for each physical address, and it can never run out.

Other things of curiosity - the synchronous tag error mode has a significant runtime overhead, as does a tag value of all 1's, according to the manual.

05:25 An open letter to Apache OpenOffice

It's also related to the way the Apache Foundation manage its various projects, if I remember correctly they are by definition required to use the Apache License. So, each time a project move under the Apache umbrella, it adopts the ASL.

05:25 An open letter to Apache OpenOffice

"Top Level Project" (TLP) is an idiom related to the ASF's structure. Some projects have sub-projects. The TLPs report directly to the Board. They're at the "top" of the organization. (and not at top of rankings, which it seems you're inferring)

Hide

Show 16 Fri 05:21 HackerNews [11]

Show 16 Fri 03:40 ArsTechnica [1]

03:40 YouTube cracks down on QAnon conspiracists
Video platform follows Facebook and Twitter but stops short of full ban.
Hide

Show 16 Fri 02:51 Slashdot [1]

02:51 FCC Will Move To Regulate Social Media After Censorship Outcry
An anonymous reader quotes a report from The Verge: On Thursday, Federal Communications Commission Chairman Ajit Pai said that the agency will seek to regulate social media platforms like Facebook and Twitter at the behest of the Trump administration's executive order signed earlier this year. "Members of all three branches of the federal government have expressed serious concerns about the prevailing interpretation of the immunity set for in Section 230 of the Communications Act. There is bipartisan support in Congress to reform the law," Pai said in a statement Thursday. "Social media companies have a First Amendment right to free speech. But they do not have a First Amendment right to a special immunity denied to other media outlets, such as newspapers and broadcasters." On Thursday, Pai said that the commission's general counsel said that "the FCC has the legal authority to reinterpret Section 230." He continued, "Consistent with this advice, I intend to move forward with a rulemaking to clarify its meaning." "Pai's decision to move forward with rulemaking follows a series of moderation decisions on Wednesday made by Facebook and Twitter against a New York Post article regarding former Vice President Joe Biden's son, Hunter Biden, who has been the subject of political attacks from the right throughout the 2020 presidential election," the report adds. Facebook reduced the reach of the story, while Twitter banned linking to the story entirely. "These moves from Facebook and Twitter incited an outcry over conservative bias from Republicans," reports The Verge.

Read more of this story
Hide

Show 16 Fri 01:21 HackerNews [15]

Show 16 Fri 01:21 Slashdot [3]

01:21 Oxford Scientists Develop 5-Minute COVID-19 Antigen Test
Scientists from Britain's University of Oxford have developed a rapid COVID-19 test able to identify the coronavirus in less than five minutes. CNBC reports: The university said it hoped to start product development of the testing device in early 2021 and have an approved device available six months afterwards. The device is able to detect the coronavirus and distinguish it from other viruses with high accuracy, the researchers said in a pre-print study. "Our method quickly detects intact virus particles," said Professor Achilles Kapanidis, at Oxford's Department of Physics, adding that this meant the test would be "simple, extremely rapid, and cost-effective." Siemens Healthineers on Wednesday announced the launch of a rapid antigen test kit in Europe to detect coronavirus infections, but warned that the industry may struggle to meet a surge in demand. Although the Oxford platform will only be ready next year, the tests could help manage the pandemic in time for next winter. Health officials have warned that the world will need to live with coronavirus even if a vaccine is developed.

Read more of this story

23:51 Microsoft Will Share Digital Revenues With GameStop On Every Xbox It Sells
New details have emerged about a partnership between Microsoft and GameStop that will see the retailer receive a share of all digital revenues generated by a console sold in their stores. GamesIndustry.biz reports: The agreement has been rumored, but investment advisor DOMO Capital Management claimed via Twitter that it had received confirmation from GameStop: the chain will get a share of all downstream revenue for customers it brings into the Xbox ecosystem this generation. Essentially, if a customer has purchased their Xbox Series X or S from any GameStop branch, the retailer will get a share of each digital purchase the user makes, whether its full-game downloads or downloadable content. DOMO even claims this applies when the DLC is being purchased for a physical base game that was bought at another retailer, providing the DLC is being bought from the Xbox store. This also extends to pre-owned Xbox Series X and S consoles, with GameStop reporting to Microsoft every unit that it sells. It's unclear whether a similar arrangement exists with Sony.

Read more of this story

23:51 Google Music Shuts Down Smart Speaker Support and Music Store
Google has started to shut down parts of its 9-year-old music service as it transitions people to YouTube Music. Ars Technica reports: The gradual shutdown started on Monday with the death of the Google Play Music Store, which previously let you purchase music for playback and download, as opposed to the all-you-can-eat rental services that dominate the music landscape today. Google's Music store was a section of the Google Play Store, which now just shows a message saying the feature has been removed. Google is getting out of the business of selling music entirely and now only offers a rental service through YouTube Music. The other big feature shutdown is music playback on Google Home and Nest Audio speakers. While the Google Music app still works and you can start a playback through Chromecast, you're no longer able to start music by voice through Google Assistant devices. If you dig into the Google Assistant settings (that means opening the Google app on your phone, then hitting "More," then "Settings," then "Google Assistant," "Services," and finally "Music") you'll find that the "Google Play Music" option has completely disappeared. Now the only supported services for voice commands are YouTube Music, Pandora, Deezer, and Spotify. [...] Google Music is scheduled to completely shut down sometime this month. Right now, the only thing left is streaming via the smartphone app and the Google Music website.

Read more of this story
Hide

Show 15 Thu 22:49 ArsTechnica [2]

22:49 Putin touts second dubious approval of an unproven COVID-19 vaccine
It has only been tested in 100 people, and there's no published data.

22:49 Ajit Pai says he'll help Trump impose crackdown on Twitter and Facebook
As Trump requested, Pai proposes to limit social media websites' legal immunity.
Hide

Show 15 Thu 22:21 Slashdot [3]

22:21 Facebook's Account Verification Leaves Some Quest 2 Buyers With 'Paperweight'
Quest 2 is the first Oculus headset to require a Facebook account at launch. False positives from its account verification system may be leaving some buyers with no choice but to return it. UploadVR reports: We're seeing reports from Quest 2 buyers who aren't on Facebook finding difficulty creating an account. Facebook's account verification system -- reportedly administered by a machine learning agent -- may ask for photographic evidence of identity. That evidence seems to be reviewed by a human, since it can apparently take weeks to process. Others trying to re-activate old accounts to use their brand new Quest 2 also report instant suspensions. Trying to create a new account also fails. If the review fails or your account is suspended, there appears to be no recourse for appeal. Multiple buyers called the system a "paperweight" in their emails to us about their interactions with customer service and what they feel like they can do with the latest VR headset on the market. In an emailed statement, a Facebook spokesperson said Quest 2 customers should contact Oculus Customer support to work through issues. Facebook claimed to only have "a very small number" of Oculus users running into login issues. Among the screenshots from Twitter and Reddit users reporting issues are Oculus Support agents supposedly saying they're unable to help with Facebook account issues.

Read more of this story

22:21 'Person In Jetpack' Spotted Flying Again Near LA Airport
There are reports of an unidentified person flying in a jetpack near Los Angeles International Airport (LAX) -- the second such incident in two months. The BBC reports: A China Airlines crew said it saw what appeared to be someone in a jetpack on Wednesday at 6,000ft (1,829m), seven miles (11km) north-west of LAX, the Federal Aviation Administration said. The FBI is investigating the incident, as well as a similar one in September. It is not clear if either incident posed any danger to aircraft. The China Airlines flight reported what it believed to be a person flying in a jetpack at 13:45 local time (20:45 GMT) on Wednesday, the FAA said. It said it then alerted enforcement agencies, who are now investigating the incident. "The FBI is in contact with the FAA and is investigating multiple reports of what, according to witnesses, appeared to be an individual in a jetpack near LAX," FBI Los Angeles Field Office spokeswoman Laura Eimiller was quoted as saying by US media. The airport authorities have so far made no public comment on the issue.

Read more of this story

22:21 Canonical Introduces High-Availability Micro-Kubernetes
An anonymous reader quotes a report from ZDNet: If you've been hiding under a rock -- and who could blame you these days? -- you may have missed how totally Kubernetes now dominates container orchestration. One way to quickly get up to speed on Kubernetes is with Canonical's MicroK8s. This is an easy-to-run and install mini-version of Kubernetes. And now Canonical has added autonomous high availability (HA) clustering to it. [...] Now, with HA, MicroK8s is ready to move from Internet of Things (IoT) implementations, testing out Kubernetes implementations on a workstation, or simply learning Kubernetes to bigger, better cloud jobs. With the new MicroK8s release, HA is enabled automatically once three or more nodes are clustered, and the data store migrates automatically between nodes to maintain a quorum in the event of a failure. Designed as a minimal conformant Kubernetes, MicroK8s installs, and clusters easily on Linux, macOS, or Windows. To work, a HA Kubernetes cluster needs three elements. Here's how it works in MicroK8s: -There must be more than one worker node. Since MicroK8s uses every node as a worker node, there is always another worker available so long as there's more than one node in the cluster. -The Kubernetes API services must run on one or more nodes so that losing a single node would not render the cluster inoperable. Every node in the MicroK8s cluster is an API server, which simplifies load-balancing and means we can switch instantaneously to a different API endpoint if one fails. -The cluster state must be in a reliable datastore. By default, MicroK8s uses Dqlite, a high-availability SQLite, as its datastore.

Read more of this story
Hide

Show 15 Thu 21:27 AndroidAuthority [8]

21:27 Apple Watch Series 6 review: Take notes, Google
Now that Apple is pushing an affordable Apple Watch, do you really need the high-end Series 6?

21:27 The best Google Cloud courses to future-proof your resume
The best Google Cloud courses for IT professionals looking to augment their careers.

21:27 LG buyer's guide: Everything you need to know
The company's lineup can be a bit confusing, but we're here to help. Here's what you need to know!

21:27 Lenovo's $50 Smart Clock Essential is now on sale
If you've been waiting for Lenovo's simple Smart Clock to go on sale, now's the time to buy.

21:27 Google Pixel 5 vs Apple iPhone 12: Which should you buy?
We take a look at the Pixel 5 vs iPhone 12 to see which one of these two smartphones is a better buy for you.

21:27 These will be the Xbox Series X/S optimized games available on November 10
There will be 30 games optimized for the Xbox Series X and S game consoles in time for the November 10 launch.

21:27 Google catches up to SoundHound, offers new Hum to Search song-finding feature
Google's new Hum to Search feature is super cool, but it's a bit late to the "hum a song and find it" game.

21:27 Google is finally going to close out Hangouts sometime in 2021
Google is going to slowly close out Hangouts, and will move most of its features to its Google Chat service in the next year.
Hide

Show 15 Thu 21:21 HackerNews [13]

Show 15 Thu 20:51 Slashdot [2]

20:51 Google Introduces Song Matching via Humming, Whistling or Singing
Google has added a new feature that lets you figure out what song is stuck in your head by humming, whistling or singing -- a much more useful version of the kind of song-matching audio feature that it and competitors like Apple's Shazam have offered previously. From a report: As of today, users will be able to open either the latest version of the mobile Google app, or the Google Search widget, and then tap the microphone icon, and either verbally ask to search a song or hit the 'Search a song button' and start making noises. The feature should be available to anyone using Google in English on iOS, or across over 20 languages already on Android, and the company says it will be growing that user group to more languages on both platforms in the future. Unsurprisingly, it's powered behind the scenes by machine learning algorithms developed by the company. Google says that it's matching tech won't require you to be a Broadway star or even a choir member -- it has built-in abilities to accommodate for various degrees of musical sensibility, and will provide a confidence score as a percentage alongside a number of possible matches. Clicking on any match will return more info about both artist and track, as well as music videos, and links that let you listen to the full song in the music app of your choice.

Read more of this story

20:51 Robinhood Estimates Hackers Infiltrated Almost 2,000 Accounts
An anonymous reader quotes a report from Bloomberg: Almost 2,000 Robinhood Markets accounts were compromised in a recent hacking spree that siphoned off customer funds, a sign that the attacks were more widespread than was previously known. A person with knowledge of an internal review, who asked not to be identified because the findings aren't public, provided the estimated figure. When Bloomberg first reported on the hacking spree last week, the popular online brokerage disclosed few details. It said "a limited number" of customers had been struck by cyber-criminals who gained access by breaching personal email accounts outside of Robinhood, an assertion that some of the victims acknowledge and others reject. The attacks unleashed a torrent of complaints on social media, where investors recounted futile attempts to call the brokerage, which doesn't have a customer service phone number. Robinhood, which has more than 13 million customer accounts, is now considering whether to add a phone number along with other tools, the person said. This week, Robinhood sent push notifications to users suggesting they enable two-factor authentication on their accounts. It also plans to send customers more advice on security, according to the statement. Several victims said they found no sign of criminals compromising their email accounts. And some said their brokerage accounts were accessed even though they had set up two-factor authentication.

Read more of this story
Hide

Show 15 Thu 19:25 lwn.net-comments [16]

19:25 Distribution quotes of the week

I was interested to read about Gnome OS - then I realised it was from 2012. Was there a mistake in copying/did we slip through a timewarp or was there something particularly germane and interesting about an eight year old discussion?

Not criticising - merely curious

19:25 Distribution quotes of the week

Genuinely - I seemed to be posted back to something that was referencing Gnome timelines in 2014. Reloading the browser and I got to 2020 ...

19:25 Distribution quotes of the week

"I was interested to read about Gnome OS - then I realised it was from 2012."

What is from 2012? The blog post is dated Oct 7, 2020 and the initial testing images are from July.

19:25 BleedingTooth: critical kernel Bluetooth vulnerability

I was under impression that BlueZ is _userspace_ part of the bluetooth stack. And the bugs found are in _kernel_ part, which is supposedly shared by all userspaces (BlueZ, Bluedroid, Fluoride, Gabeldorsche, etc...).
Am I wrong?

19:25 Distribution quotes of the week - 2012 etc.

Solved it - there's a hyperlink on introduced. I inadvertently clicked on that, thinking that it would refer me back a couple of months perhaps to initial discussions - it leads all the way back to 2012 and appears identical, obviously, because the blog is skinned that way. Nothing to see here, move along, problem exists between chair and keyboard ... :)

19:25 Security quotes of the week

> a $400 device that did nothing more than squeezing a bag of juice into a cup.

But it was *verified* pulp that was used. You wouldn't want to use dirty off-brand pulp would you? And based on AvE's teardown, they were *losing* money at that price point based on the components they put in that thing (it was all in the subscriptions).

19:25 BleedingTooth: critical kernel Bluetooth vulnerability

Anyone know if there's a mitigation that's not just completely turning off bluetooth for Linux desktops (I specifically care about Fedora as a user with a bluetooth speaker).

19:25 BleedingTooth: critical kernel Bluetooth vulnerability

Yeah, upgrade to kernel 5.9. For Fedora, you can get the one from Rawhide at the moment.

19:25 16-bit Windows applications tried to deal with OOM

Better they break by themselves than freeze up the entire system while it tries to page every single executable VM page through a single 4K page of physical RAM, because the rest of it has been overcommitted to memory that just got written to.

19:25 Security quotes of the week

Juicero was an interesting idea that failed, but the failure had nothing to do with whether it had an onboard microprocessor. The device was intended as a loss leader, with the real money coming from selling subscriptions to the juice packets. It was intended to be the juicing equivalent of the K-cup coffee makers back when the K-cup was still under patent so they could get away with overcharging for the cups. It failed for the same reasons that many startup companies fail, basically boiling down to really bad management, but the underlying concept wasn't inherently ridiculous.

Full disclosure: I am a minor investor in a different juicer company, so I know at least a little bit about the industry. There is a market out there for expensive juicers that produce premium juice. I think Juicero's biggest mistakes were A) trying to make a big splash instead of trying to establish a small but profitable business and B) not knowing the market well enough.

19:25 Further analysis of PyPI typosquatting

Commercial companies could solve this for themselves. It just takes money. And people. The latter is the problem, big tech is trying very hard to rid themselves of humans unless they perform piecework as meat robots. See also content moderation hellscape.

19:25 Python and the infinite

I was thinking that, on the one hand, python isn't the preferred choice for serious mathematical endeavors;
on the other hand, giving python substantial mathematical heft would be useful.

19:25 Further analysis of PyPI typosquatting

Seems to me like it already does this. I can never tell when PIP fails because it generates so much noise during normal operation. I think that's a real problem.

19:25 Further analysis of PyPI typosquatting

Wouldn't gpg web of trust solves this problem? If package is signed by key, trusted by many, it's good. If it's totally alone with zero signatures, one should inspect package before installing.

If you noticed a good package, sign it's key with low trust. If you know author, give him medium or high.

19:25 Collabora Online moves out of The Document Foundation

"too many in that camp forget that software developers need to eat ..."

yes but not necessarily "eat what they make" Einstein said if you want to be a a physicist get a job as a plumber, do physics in the evening.

19:25 Also test against a spelling corrector

A variant of the same problem is addressed by spelling correctors, that of putative typos of words in a particular dictionary.

Hide

Show 15 Thu 19:21 Slashdot [2]

19:21 FCC To Move on Trump Plan To Weaken Social Media Legal Shield
U.S. Federal Communications Commission Chairman Ajit Pai said the agency will consider President Donald Trump's request to weaken legal protections for social media companies such as Twitter. From a report: The FCC will begin a rulemaking to "clarify" the meaning of a law that gives broad legal immunity to social media companies for their handling of users' posts, Pai said in an emailed statement. The action follows a request by the Trump administration for regulators to dilute the decades-old law that Facebook, Twitter and Google say is crucial. The request was called for in an executive order that Trump signed in May. Tech trade groups, civil liberties organizations and legal scholars have slammed the action and said it isn't likely to survive a court challenge.

Read more of this story

19:21 Remdesivir Has Little Effect on Covid-19 Mortality, WHO Study Says
The Covid-19 treatment remdesivir has no substantial effect on a patient's chances of survival [Editor's note: the link may be paywalled; alternative source], a clinical trial by the World Health Organization has found, delivering a significant blow to hopes of identifying existing medicines to treat the disease. From a report: Results from the WHO's highly anticipated Solidarity trial, which studied the effects of remdesivir and three other potential drug regimens in 11,266 hospitalised patients, found that none of the treatments "substantially affected mortality" or reduced the need to ventilate patients, according to a copy of the study seen by the Financial Times. "These remdesivir, hydroxychloroquine, lopinavir and interferon regimens appeared to have little effect on in-hospital mortality," the study found. The results of the WHO trial also showed that the drugs had little effect on how long patients stayed in hospital. However, WHO researchers said the study was primarily designed to assess impact on in-hospital mortality. The study has not yet been peer-reviewed. Remdesivir was one of a series of drugs used to treat US President Donald Trump after he tested positive for Covid-19. It was developed by US drugmaker Gilead Sciences, initially as a potential medicine to treat Ebola.

Read more of this story
Hide

Show 15 Thu 17:59 ArsTechnica [6]

17:59 FDA approves first treatment for Ebola, a Regeneron antibody cocktail
Approval may bolster hopes for Regeneron's COVID-19 therapy, which uses same strategy.

17:59 Pluto's ice-capped peaks are like Earth's�but not
Methane ice is accumulating up there for another reason.

17:59 Lidar used to cost $75,000�here's how Apple brought it to the iPhone
How Apple made affordable lidar with no moving parts for the iPhone.

17:59 Verizon forced to pull ad that claimed firefighters need Verizon 5G
Ad dispute echoes 2018 controversy over Verizon throttling fire department.

17:59 Microsoft will give GameStop a share of Xbox's digital revenues
But the size of the unprecedented revenue-sharing deal is up for debate.

17:59 Google Music shuts down smart speaker support and music store
Google's rocky transition to YouTube Music leaves some speakers without music support.
Hide

Show 15 Thu 17:51 Slashdot [2]

17:51 YouTube Bans QAnon, Other Conspiracy Content That Targets Individuals
YouTube said Thursday that it would no longer allow content that targets individuals and groups with conspiracy theories, specifically QAnon and its antecedent, "pizzagate." From a report: "Today, we are taking another step in our efforts to curb hate and harassment by removing more conspiracy theory content used to justify real-world violence," the company announced on its blog. The new rules, an expansion of YouTube's existing hate and harassment policies, will prohibit content that "threatens or harrasses someone by suggesting they are complicit in one of these harmful conspiracies, such as QAnon or Pizzagate," the post read. YouTube said it would be enforcing the updated policy immediately and plans to "ramp up in the weeks to come."

Read more of this story

17:51 Ubisoft, Crytek Data Posted on Ransomware Gang's Site
A ransomware gang going by the of Egregor has leaked data it claims to have obtained from the internal networks of two of today's largest gaming companies -- Ubisoft and Crytek. An anonymous reader writes: Data allegedly taken from each company has been published on the ransomware gang's dark web portal on Tuesday. Details about how the Egregor gang obtained the data remain unclear. Ransomware gangs like Egregor regularly breach companies, steal their data, encrypt files, and ask for a ransom to decrypt the locked data. However, in many incidents, ransomware gangs are also get caught and kicked out of networks during the data exfiltration process, and files are never encrypted. Nevertheless, they still extort companies, asking victims for money to not leak sensitive files. Usually, when negotiations break down, ransomware gangs post a partial leak of the stolen files on so-called leak sites. On Tuesday, leaks for both Crytek and Ubisoft were posted on the Egregor portal at the same time, with threats from the ransomware crew to leak more files in the coming days.

Read more of this story
Hide

Show 15 Thu 17:21 HackerNews [21]

Show 15 Thu 16:21 Slashdot [5]

16:21 Senate To Subpoena Twitter CEO Over Blocking of Disputed Biden Articles
The Senate Judiciary Committee plans to issue a subpoena on Tuesday to Twitter Chief Executive Jack Dorsey after the social-media company blocked a pair of New York Post articles that made new allegations about Democratic presidential nominee Joe Biden, which his campaign has denied. From a report: The subpoena would require the Twitter executive to testify on Oct. 23 before the committee, according to the Republicans who announced the hearing. GOP lawmakers are singling out Twitter because it prevented users from posting links to the articles, which the Post said were based on email exchanges with Hunter Biden, the Democratic candidate's son, provided by allies of President Trump. Those people in turn said they received them from a computer-repair person who found them on a laptop, according to the Post. "This is election interference, and we are 19 days out from an election," Sen. Ted Cruz (R., Texas), a committee member who discussed the subpoena with Senate Judiciary Committee Chairman Lindsey Graham (R., S.C.), told reporters. "Never before have we seen active censorship of a major press publication with serious allegations of corruption of one of the two candidates for president."

Read more of this story

16:21 FAA Revamps Space Launch Rules as SpaceX, Blue Origin Expand
Commercial rocket ventures including Elon Musk's SpaceX and Jeff Bezos' Blue Origin should get a clearer path to space under new regulations that oversee non-government launches. From a report: The Federal Aviation Administration on Thursday announced it is replacing decades-old rules as it adapts to rapid growth in the industry to propel satellites and, eventually, private citizens into space. "This rule paves the way for an industry that is moving at lightning speed," FAA Administrator Steve Dickson said in a press release. "We are simplifying the licensing process and enabling industry to move forward in a safe manner." In addition to SpaceX and Blue Origin, Virgin Galactic and Virgin Orbit, companies founded by Richard Branson, are also trying to cash in on space tourism and small satellite launches. Other companies include Northrop Grumman, United Launch Alliance and Rocket Lab.

Read more of this story

16:21 Amazon To Escape UK Digital Services Tax That Will Hit Smaller Traders
Amazon will not have to pay the UK's new digital services tax on products it sells directly to consumers but small traders who sell products on its site will face increased charges. From a report: The tax, which aims to get tech companies such as Amazon, Google and Facebook to pay more tax in the UK, is forecast to eventually bring in about $645 million annually to the exchequer. Amazon has already stated that the 2% tax on revenues made in the UK will be passed on to sellers but it will not be adding the charge to the cost of advertising on its platform. According to a report in the Times, Amazon, which paid only $18.5 million in corporation tax on total UK revenues of $17.7 billion last year, will not have to pay the tax on goods it sells directly. The new tax is not being levied on sales, which would also penalise online retailers such as Tesco and John Lewis, but on the service fees that companies such as Amazon and Google charge third parties. With Amazon's third-party sellers facing a 2% rise in the amount they pay, the US retailer is effectively getting a price advantage on competing goods it sells directly to consumers. "This seems to me to be absolutely outrageous," said Lord Leigh of Hurley, the Conservative peer and former party treasurer, in the House of Lords. "It is clear that the UK government is not taxing Amazon properly and is allowing it to avoid tax on its own sales through the marketplace."

Read more of this story

14:51 YouTube Bans Coronavirus Vaccine Misinformation
YouTube said this week it would remove videos from YouTube containing misinformation about COVID-19 vaccines, expanding its current rules against falsehoods and conspiracy theories about the pandemic. From a report: The video platform said it would now ban any content with claims about COVID-19 vaccines that contradict consensus from local health authorities or the World Health Organization. YouTube said in an email that this would include removing claims that the vaccine will kill people or cause infertility, or that microchips will be implanted in people who receive the vaccine.

Read more of this story

14:51 Google's Breast Cancer-Predicting AI Research is Useless Without Transparency, Critics Say
An anonymous reader shares a report: Back in January, Google Health, the branch of Google focused on health-related research, clinical tools, and partnerships for health care services, released an AI model trained on over 90,000 mammogram X-rays that the company said achieved better results than human radiologists. Google claimed that the algorithm could recognize more false negatives -- the kind of images that look normal but contain breast cancer -- than previous work, but some clinicians, data scientists, and engineers take issue with that statement. In a rebuttal published today in the journal Nature, over 19 coauthors affiliated with McGill University, the City University of New York (CUNY), Harvard University, and Stanford University said that the lack of detailed methods and code in Google's research "undermines its scientific value." Science in general has a reproducibility problem -- a 2016 poll of 1,500 scientists reported that 70% of them had tried but failed to reproduce at least one other scientist's experiment -- but it's particularly acute in the AI field. At ICML 2019, 30% of authors failed to submit their code with their papers by the start of the conference. Studies often provide benchmark results in lieu of source code, which becomes problematic when the thoroughness of the benchmarks comes into question. One recent report found that 60% to 70% of answers given by natural language processing models were embedded somewhere in the benchmark training sets, indicating that the models were often simply memorizing answers. Another study -- a meta-analysis of over 3,000 AI papers -- found that metrics used to benchmark AI and machine learning models tended to be inconsistent, irregularly tracked, and not particularly informative.

Read more of this story
Hide

Show 15 Thu 13:21 HackerNews [16]