Map making is a finicky challenge where oftentimes your map data — points, lines, and polygons — must align just right with your external data that exists as a CSV file or related. Mapshaper is an online tool that helps you massage your geographic data to where it needs to be.
Source: Adjusting map data with Mapshaper
A hotel executive said a recently-passed New York law cracking down on Airbnb hosts will enable the company to raise prices for New York City hotel rooms, according to the transcript of the executive’s words on a call with shareholders last week.
The law, signed by New York’s Governor Andrew Cuomo on Friday, slaps anyone who lists their apartment on a short-term rental site with a fine up to $7,500. It “should be a big boost in the arm for the business,” Mike Barnello, chief executive of the hotel chain LaSalle Hotel Properties, said of the law last Thursday, “certainly in terms of the pricing.”
Source: Hotel CEO openly celebrates higher prices after anti-Airbnb law passes – The Washington Post
Well of course it would – and it’s pretty surprising that in 2016 government officials (governors!) still understand so little about technology and innovation that they enact idiot protectionist laws to keep the old way of doing things in place instead of making the old people innovate themselves if they want to stay relevant. Unless, of course, the governor is in the pocket of some hotel lobbyists.
Somewhere a Lenovo engineer is crying over how your OS is accessing the SSD
Source: Lenovo downward dogs with Yoga BIOS update supporting Linux installs
Finally – wtf is with Lenovo!?
With proof of concept. Of course, this requires “hacking” the originating bot back and only works if the bot is running over http, but still, better than nothing.
Source: Invincea Labs
Mike Kelley is a Los Angeles based artist specializing in architectural, aerial, and aviation photography.
Source: Mike Kelley Art
This stuff is made by sitting at an airport, taking pictures of everything that flies by and then creating a composite.
Long-overdue rules protecting security research and vehicle repair have finally taken effect, as they should have done last year. Though the Copyright Office and the Librarian of Congress unlawfully and pointlessly delayed their implementation, for the next two years the public can take advantage of the freedom they offer.
Source: Why Did We Have to Wait a Year to Fix Our Cars? | Electronic Frontier Foundation
Government idiots.
This bag of gummy penises is a great way to tell your friends, family, loved ones, or enemies to ‘EAT A BAG OF DICKS’. Sent anonymously with a stock message, this product will get your point across in a way that nobody will mistake. A tasty gift? or just a funny reminder that someone should stuff it; leave the recipient guessing!
Source: Dicks By Mail – Anonymously mail a bag of dicks
The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim’s machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it’s on.
Source: Recording Keystroke Sounds Over Skype to Steal User Data | On the Wire
Redmond’s digital crimes unit senior attorney Courtney Gregoire says half of respondents between the age of 18 and 34 had followed tech support scammer instructions, handing over remote access to their machines or downloading software after encountering a scam page.
Only 17 per cent of respondents 55 years and older took the bait. Meanwhile, one in three (34 per cent) of folks aged between 36 and 54 fell for scams.
Source: Kids today are so stupid they fall for security scams more often than greybeards
Images representing 117 million American adults – almost half the grownups in the country – can be found in the facial recognition databases maintained by US law enforcement agencies, according to a study conducted by the Center on Privacy and Technology at Georgetown Law School.
That figure is expected to grow as facial recognition technology becomes more capable and more commonplace. Yet such systems have very little oversight.
[…]
“Transparency makes a lot of the problems we’ve noticed easier to detect,” said Frankle.Some of these problems include: the disproportionate representation of African Americans in US law enforcement databases; the potentially chilling effect of facial recognition on free speech; lack of reliable information on the accuracy of facial recognition systems; and unsettled questions about the circumstances under which facial recognition might violate Fourth Amendment protections against unreasonable searches.
[…]
At the same time, the utility of the technology remains open to question. Where public data about the efficacy of facial recognition searches exists, it’s not particularly compelling. “Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.”What’s more, reliable metrics for the accuracy of facial recognition systems are scarce. For example, FaceFirst, facial recognition vendor, advertises “an identification rate above 95 per cent.” The CPT study claims this is misleading and cites a 2015 contract with the San Diego Association of Governments that disclaims any specific success rate: “FaceFirst makes no representations or warranties as to the accuracy and reliability of the product in the performance of its facial recognition capabilities.”
[…]
The study cites a facial recognition test conducted with real-time video in Mainz, Germany, from 2006 to 2007, where accuracy was 60 per cent during the day and 10 to 20 per cent at night.
[…]
“Face recognition can and should be used to respond to serious crimes and public emergencies,” the study concludes. “It should not be used to scan the face of any person, at any time, for any crime.”
Source: Meanwhile, in America: Half of adults’ faces are in police databases
A total of 32 lakh debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement.
The issue was brought to light when State Bank of India blocked the debit cards of 6 lakh customers on October 14. This was done after the bank was alerted to a possible fraud by the National Payment Corporation of India, MasterCard and Visa, said Managing Director Rajnish Kumar in a telephonic interview with BloombergQuint.
In a statement released on Thursday evening, the NPCI clarified that the problem was brought to their attention when they received complaints from a few banks that customers’ cards were used fraudulently, mainly in China and the U.S., while those cardholders were in India.
Source: The Big Debit Card Breach: Three Things Card Holders Need To Understand
The BTB provides a history of branches taken by the processor as it runs through its code: after the CPU is told to make a decision, it usually jumps to another part of the program based on the outcome of that decision. For example, if something fetched from memory has a value greater than zero, then jump to location A or jump to location B if not.
If a jump location is in the history buffer then the CPU knows this branch is usually taken so can start priming itself with instructions from the jump landing point. That means branches routinely taken execute with minimal delay.
By flooding the BTB with a range of branch targets, hackers can observe the BTB refilling with values of regularly taken jumps. This allows the miscreants to work out where in memory the operating system has randomly placed the application’s vital components. It takes a few tens of milliseconds to perform, we’re told. The eggheads say this allows an “attacker to identify the locations of known branch instructions in the address space of the victim process or kernel.”
Source: Boffins exploit Intel CPU weakness to run rings around code defenses
When it gave the Tesla Model S an unprecedented 103 out of 100 score last August, Consumer Reports looked like it might try to marry Elon Musk’s company and have its little electric car babies. But after a year of disappointments, trust violations and janky-ass door handles, it seems the magazine can no longer advocate true love.
Source: Consumer Reports Now Ranks Tesla Among the Least Reliable Carmakers
For the past two years, since researchers discovered the attack, the term Rowhammer has been used to describe a procedure through which attackers launch read & write operations at a row of memory bits inside a RAM memory card.
The repeated read and write operations cause an electromagnetic field to appear, which changes local memory bits from 0 to 1 and vice versa, in a process called bit flipping.
For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack.
The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable.
Source: Rowhammer Attack Can Now Root Android Devices
The Microsoft Cognitive Toolkit—previously known as CNTK—helps you harness the intelligence within massive datasets through deep learning.
Source: The Microsoft Cognitive Toolkit – Microsoft Research
They also offer RESTful APIs on another site, Cognitive Services, with applications you can tap into and APIs for vison, speech, language, knowledge and search. They usually offer free testing, and fees for running volume queries.
iTrack Easy, Nut Smart Tracker, TrackR Bravo en Tile were looked at: both the data the device itself sends and the apps they use. They don’t come out well.
Source: Stalkers volgen je dankzij je eigen GPS-trackers
This research aims at overcoming this limitation and realizes dynamic projection mapping in which dynamically-changing real-world and virtual visual information are completely merged in the level of human visual perception. This high-speed dynamic projection mapping requires a high-speed projector enabling high-frame-rate and low-latency projection. In order to meet this demand, we have developed a high-speed projector “DynaFlash” that can project 8-bit images up to 1,000fps with 3ms delay.In particular, as a challenging target for the dynamic projection mapping, we focus on a non-rigid surface. Sensing of non-rigid surface deformation is difficult to be achieved at high speed because it has high degrees-of-freedom and involves self-occlusions as well as external occlusions. Our newly proposed method overcomes this limitation. Our method can obtain the deformation robustly at 1,000 fps by using an originally proposed marker “Deformable Dot Cluster Marker”, even when the target causes large deformation and occlusions.
Source: Vision Architecture: High Speed Image Processing
On Oct 1, after a 2h absence from his phone, Bob attempted to check his email and discovered he’d been logged out of his gmail account. Upon trying to log back in, Google notified him that his email password had been changed less than an hour ago.
He then tried to make a call and discovered that his phone service was no longer active. Calling Verizon, he discovered that someone (the attacker) had called less than an hour ago and switched his service to an iPhone 4. Verizon later conceded that they had transferred his account despite having neither requested nor being given the 4-digit PIN they had on record.
The attacker was able to reset Bob’s password and take control of his account. He or she then removed Bob’s recovery email, changed the password, changed the name on the account, and enabled two factor authentication. (Records show that the account was accessed from IP addresses in Iowa and Germany.)
Source: Adding a phone number to your Google account can make it LESS secure.
What is the CVE-2016-5195?
CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.
Why is it called the Dirty COW bug?
“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.” (RH)
Source: Dirty COW (CVE-2016-5195)
An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others.
The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn’s DNS anycast servers offline, resulting in knock-on impacts across the internet. Folks immediately started reporting problems; millions of people are affected.
After two hours into the initial tidal wave of junk traffic, Dyn announced it had mitigated the assault and service was returning to normal. But the relief was short lived: just about an hour later, the attack resumed and at the time of writing (1800 UTC), not only is Dyn’s service still down but its website is too.
(Aptly, Dyn researcher Doug Madory had recently given a talk on DDoS attacks.)
By blasting Dyn offline, public DNS providers – such as Google and broadband ISPs – are unable to contact Dyn to lookup hostnames for netizens, preventing people from accessing sites using Dyn for DNS.
Source: DNS devastation: Top websites whacked offline as Dyn dies again
Investigators in Lancaster, Calif., were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday.The government argued that this did not violate the citizens’ Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities. Forbes was able to confirm with the residents of the building that the warrant was served, but the residents did not give any more details about whether their phones were successfully accessed by the investigators.”I was frankly a bit shocked,” said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation (EFF), when he learned about the scope of search warrant. “As far as I know, this warrant application was unprecedented.”Crocker said that it’s both the fingerprint lock method and the wide reach of the warrant that are so surprising. Search warrants are typically required to be narrow and clear in scope, but this one was extended to include any phone that happens to be on the property, and all of the private data that that entails. He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a “clever end-run” around constitutional rights.
Source: Using search warrants to get into fingerprint-locked phones
Touch is essential for hand use. Yet, brain-controlled prosthetic limbs have not been endowed with this critical sense. In a new study by Flesher et al ., microelectrode arrays were implanted into the primary somatosensory cortex of a person with spinal cord injury and, by delivering current through the electrodes, generated sensations of touch that were perceived as coming from his own paralyzed hand. These sensations often felt like pressure, could be graded in intensity, and were stable for months. The authors suggest that this approach could be used to convey information about contact location and pressure necessary for prosthetic hands to interact with objects.
In a new study by Flesher et al., microelectrode arrays were implanted into the primary somatosensory cortex of a person with spinal cord injury and, by delivering current through the electrodes, generated sensations of touch that were perceived as coming from his own paralyzed hand. These sensations often felt like pressure, could be graded in intensity, and were stable for months.
Source: Intracortical microstimulation of human somatosensory cortex
The mysterious Investigatory Powers Tribunal, which oversees Blighty’s snoops, has ruled that the bulk collection of personal data — conducted by GCHQ and MI5 between 1998 and 2015 — was illegal.
Responding to a claim brought by Privacy International, the 70-page judgment handed down this morning [PDF] found that the spooks’ surveillance activities had been taking place without adequate safeguards or supervision for over a decade; and as such were in breach of Article 8 of the European Convention on Human Rights.
[…]
There are huge risks associated with the use of bulk communications data. It facilitates the almost instantaneous cataloguing of entire populations’ personal data. It is unacceptable that it is only through litigation by a charity that we have learnt the extent of these powers and how they are used.
The public and Parliament deserve an explanation as to why everyone’s data was collected for over a decade without oversight in place and confirmation that unlawfully obtained personal data will be destroyed.
Source: Court finds GCHQ and MI5 engaged in illegal bulk data collection
One win for transparency. Will the UK gov care? Doubt it.
The Breast and Cosmetic Implant Registry (BCIR) is intended to prevent a repeat of faulty Poly Implant Prothèse (PIP) silicone breast implants scandal in 2010, in which fraudulently manufactured silicone gel implants affected thousands of women.
Its establishment is in response to recommendation 21 in Sir Bruce Keogh’s Review of the Regulation of Cosmetic interventions, which called for a cosmetic implant registry “to provide better monitoring of patient outcomes and device safety”.
[…]
The registry is expected to record more than 20,000 cases of implant surgery annually. Reporting of data will be done by the provider, via an online portal.
Source: New UK National silicone database will help avoid boobs
This makes no sense whatsoever to me, but for the life of me I can’t understand what other purpose the UK has in collecting such a specific set of surgery data.