Daily Archives: June 7, 2020

Boffins step into the Li-ion’s den with sodium-ion battery that’s potentially as good as a lithium cousin

Posted on by

scientists in America and China have created a sodium-ion-based battery that can potentially perform at close to the levels of Li-ion, paving the way for a cheaper, commercially viable alternative to lithium.

The key challenge in creating this battery is that sodium-ion cells tend to break down faster than their lithium-ion cousins. Sodium crystals collect on the cathode, made of O3-layered metal oxide, preventing sodium ions from flowing, and thus knackering the operation of the battery.

A solution for this is what the Washington State University-based team – led by Jianming Zheng (Pacific Northwest National Laboratory), Yuehe Lin (WSU), Pengfei Yan (Beijing University of Technology), and Xiaolin Li (Pacific Northwest National Laboratory) – sought to figure out.

They eventually came up with a liquid electrolyte with a high concentration of sodium ions, which prevented the build up of inactive crystals, thus preserving 80 per cent of the cell’s charge capacity after 1,000 cycles.

Not only were the new cells observed as having a higher capacity and better lifespan than older sodium-ion cell designs, but they were able to hit levels closer to those of lithium-ion.

“Our study showed that sodium-ion can be as good as some lithium-ion chemistries and thus make them more competitive and versatile,” The Register was told by Junhua Song, a contributing author to the paper based out of Lawrence Berkeley Labs.

“We are hopeful that a deployable high energy and long cycle life sodium-ion battery can be realised in five years with enough funding resources.”

Song explained that while there could be other advantages to using sodium over lithium other than availability of materials and extraction costs, it is too soon to say that the sodium power cells would be, for example, safer or more environmentally friendly.

“Environmental friendliness relies on many factors because the battery is essentially a complicated system involving more than just electrode materials,” he explained.

“Sodium does provide better environmental benignity due to its resource abundance and accessibility, which might do less harm to the environment during extraction, compared to the geologically constrained lithium counterpart. Similar to environmental friendliness, safety depends on many components (materials, electrolyte, cell architecture, etc), more systematic studies are on the way to tackle the safety aspect of sodium-ion batteries.”

To that end, Song noted that the next steps in development of sodium-ion batteries will involve investigating the cathode and anode materials, and the actual reaction process within the electrolyte.

The team’s paper, “Controlling Surface Phase Transition and Chemical Reactivity of O3-Layered Metal Oxide Cathodes for High-Performance Na-Ion Batteries”, was published in the journal ACS Energy Letters.

Source: Boffins step into the Li-ion’s den with sodium-ion battery that’s potentially as good as a lithium cousin • The Register

Lenovo certifies all desktop and mobile workstations for Linux – and will even upstream driver updates

Posted on by

Lenovo has decided to certify all of its workstations for Linux.

“Our entire portfolio of ThinkStation and ThinkPad P Series workstations will now be certified via both Red Hat Enterprise Linux and Ubuntu LTS – a long-term, enterprise-stability variant of the popular Ubuntu Linux distribution,” said a Tuesday statement from GM and executive director of the company’s workstation and client AI group Rob Herman.

Lenovo is serious about this: the company says its workstations will “offer full end-to-end support – from security patches and updates to better secure and verify hardware drivers, firmware and bios optimizations.” Lenovo will also upstream device drivers into the Linux kernel.

The company’s rationale for the move is that Linux workstations are favourites of a sizable population of power users, especially developers and data scientists. Lenovo wants to relieve their employers of the chore of installing and maintaining Linux on the mildly-exotic hardware such users require. But it’s also tipped a hat to Linux enthusiasts with “a pilot program with a preloaded Fedora image on our ThinkPad P53 and P1 Gen 2 systems; providing the latest pure open source platform for this community-based distribution.” Note, however, that the new arrangements are only for Lenovo workstations. ThinkPads, Yogas and other models will still almost certainly run Linux, but don’t get extra love from Lenovo.

Lenovo’s offering isn’t unique: Dell offers supported RHEL and Ubuntu on its XPS13 and Precision mobile workstations, plus the Precision tower workstations. HP Inc also supports Linux on its Z-series mobile and desktop workstations and claims it was first to do so. Lenovo seems to think it might have them outflanked by supporting all possible configurations of its P-series laptops (The Register counts nine machines in that range) and the seven P-series workstations.

Source: Lenovo certifies all desktop and mobile workstations for Linux – and will even upstream driver updates • The Register

Zoom won’t encrypt free calls because it wants to comply with law enforcement

Posted on by

If you’re a free Zoom user, and waiting for the company to roll out end-to-end encryption for better protection of your calls, you’re out of luck. Free calls won’t be encrypted, and law enforcement will be able to access your information in case of ‘misuse’ of the platform.

Zoom CEO Eric Yuan today said that the video conferencing app’s upcoming end-to-end encryption feature will be available to only paid users. After announcing the company’s financial results for Q1 2020, Yuan said the firm wants to keep this feature away from free users to work with law enforcement in case of the app’s misuse:

Free users, for sure, we don’t want to give that [end-to-end encryption]. Because we also want to work it together with FBI and local law enforcement, in case some people use Zoom for bad purpose.

In the past, platforms with end-to-end encryption, such as WhatsApp, have faced heavy scrutiny in many countries because they were unable to trace the origins of problematic and misleading messages. Zoom likey wants to avoid being in such a position, and wants to comply with local laws to keep operating across the globe.

Alex Stamos, working as a security consultant with Zoom, said it wants to catch repeat offenders for hate speech or child exploitative content by not offering end-to-end encryption t0 free users.

In March, The Intercept published a report stating that the company doesn’t use end-to-end encryption, despite claiming that on its website and security white paper. Later, Zoom apologized and issued a clarification to specify it didn’t provide the feature at that time.

Last month, the company acquired Keybase.io, an encryption-based identity service, to build its end-to-end encryption offering. Yuan said today that the company got a lot of feedback from users on encryption, and it’s working out on executing it. However, he didn’t specify a release date for the feature.

According to the Q1 2020 results, the company grew 169% year-on-year in terms of revenue. Zoom has more than 300 million daily participants attending meetings through the platform.

Source: Zoom won’t encrypt free calls because it wants to comply with law enforcement

GSMA suggests mobile carriers bake contact-tracing into their own apps – if governments ask for it

Posted on by

The GSM Association, the body that represents mobile carriers and influences the development of standards, has suggested its members bake virus contact-tracing functionality into their own bundled software.

The body today popped out a paper [PDF] on contact-tracing apps. After some unremarkable observations about the need for and operations of such apps, plus an explanation of the centralised vs. centralised data storage debate, the paper offers members a section titled: “How the mobile industry can help.”

That section suggests carriers could help to improve the reach of and disseminate such apps with the following three tactics:

  • Integrate software into own apps (e.g. customer self-care app), if this is part of the national strategy
  • Pre-install on devices
  • Communicate to / educate subscribers

The first item may prove unworkable given Google and Apple have indicated they’ll only register coronavirus-related apps if they’re developed by governments and their health agencies. The two tech giants have also said they’ll only allow one app per jurisdiction to use their pro-privacy COVID-19 contact-tracing interface. The second suggestion also has potential pitfalls as contact-tracing apps are generally opt-in affairs. Carriers would need to be sensitive about how they are installed and the user experience offered if the apps ask for registration.

Source: GSMA suggests mobile carriers bake contact-tracing into their own apps – if governments ask for it • The Register

Marketers Bring Antitrust Suit Against Google

Posted on by

Three online advertisers are suing Google for allegedly violating antitrust laws by monopolizing “digital advertising markets.”

“Google leveraged its stranglehold on online search and search advertising to gain an illegal monopoly in brokering display advertising on other companies’ websites,” the marketers allege in a class-action complaint filed last week in U.S. District Court for the Northern District of California. The case was filed on behalf of Washington, D.C. tour company Grand Atlas Tours, Delray Beach, Florida-based Prana Pets (which sells herbs for dogs and cats) and the San Francisco law firm Hanson Law.

They claim Google “achieved this market dominance in part by acquiring rivals in the online advertising space, conditioning access to its search-results data and YouTube video advertising platform upon the purchase of its separate display advertising services, and ensuring those systems were not compatible with those of its competitors in online advertising.”

The complaint comes as the U.S. Department of Justice and a coalition of state attorneys general are reportedly preparing separate antitrust lawsuits against Google.

Grand Atlas Tours and the others allege that Google’s “pervasive monopoly conduct” has resulted in higher prices for advertisers and consumers, lower payments to online publishers and diminished competition in the online ad marketplace.

The complaint alleges both that Google commands a dominant position in search advertising, and that the company has leveraged its market power in search “to drive out competition in the separate market for display advertising services.”

Among other allegations, the marketers claim Google’s decision to eventually block third-party cookies in Chrome will make it “much harder for advertisers and competitors to efficiently bid on ads.”

Google said in January it plans to phase out Chrome’s support for third-party cookies within two years — a move often seen as privacy friendly, because it can prevent companies that have no relationship with consumers from tracking them. Mozilla’s Firefox, as well as Apple’s Safari, already automatically prevent ad-tech companies from using cookies to track people around the web in order to serve them targeted ads.

Source: Marketers Bring Antitrust Suit Against Google 06/02/2020

I’ve been talking about this happening since May 2019 and it’s becoming more and more common

Have I Been Pwned breach report email pwned entire firm’s helldesk ticket system

Posted on by

A hapless IT bod found the Have I Been Pwned service (HIBP) answering its own question in a way he really didn’t want – after a breach report including a SQL string KO’d his company’s helpdesk ticket system.

A pseudonymous blogger posting under the name Matt published a tortured account of what happened when a breach notification email from HIBP was ingested into his firm’s helpdesk ticket system and was automatically assigned a ticket ID.

The company used version 9.4.5 of the GLPi open source helpdesk system, a rather old product but quite functional. As Matt put it: “All was well until we received an email from haveibeenpwned to our helpdesk support address, which automatically got logged as a support ticket.”

When one of your email addresses is included in a breach picked up by HIBP, you can generate a report that tells you where your details were found. Included in the email with the link to the report is the HIBP header logo graphic, partly formed from ASCII text which reads as so:

‘;–have I been pwned?

Problems arose when Matt received that email. While he looked at it and took the relevant actions, GLPi had encountered an issue. “I and the other techs quickly noticed that every single ticket description had been deleted and replaced with partial header data from the HIBP email,” wrote Matt.

This caused some headaches, requiring a restore from the previous day’s backups. Not ideal and quite disruptive.

That evening Matt started fault-finding, eventually narrowing down the ticket-wiping problem to one of either assigning the HIBP email to yourself in GLPi or adding yourself as a “watcher” of it. In both cases, Matt suspected, some kind of SQL injection was happening.

“I managed to shrink the exploit down to six characters (‘;– ” – the space and double-quote at the end appear to be required though this could do with more testing) to achieve the same kind of malicious behaviour, in this case deleting all content of the descriptions for every ticket in the database,” he wrote.

Eventually he figured it out. GLPi 9.4.5 is vulnerable to a SQL injection flaw which just happened to be triggered by the formatting of HIBP’s breach report email. As Matt put it, “GLPI supports HTML emails, which get rendered (almost) normally within the interface. Simply hiding the text in an attribute or the <head> or something will keep it invisible to the tech. You’ve just gotta wait for them to assign it to themselves.”

Buoyed by his success, Matt zoomed off to GLPi’s Github page to find contact details for its maintainers to warn them of the flaw. There he made an equally important discovery: GLPi had since been updated to version 9.4.6. Not only that, but the latest version fixed the SQLi vuln.

“If you’re running GLPI, make sure you’re on the latest release. Or look for alternative software,” he concluded, apparently rather crestfallen from all those excellent but ultimately needless efforts.

Source: Have I Been Pwned breach report email pwned entire firm’s helldesk ticket system • The Register

Trump’s Make Space Great Again video pulled after former ‘naut says: Nope

Posted on by

A funny thing happened overnight in the world of space and politics as a campaigning video featuring SpaceX’s commercial crew launch and promoting US President Donald Trump was abruptly pulled from YouTube.

“Make Space Great Again” was uploaded to YouTube following the successful launch, attended by Trump, and featured a mix of footage including some from the Demo-2 commercial crew mission.

It also set off a firestorm of protests, including one from retired astronaut, Karen Nyberg, who is married to NASA ‘naut, Doug Hurley. Hurley is one of the two lucky crew-members of that Demo-2 mission.

Nyberg, understandably, was somewhat aggrieved that imagery of her and her son was being used in what she described as “political propaganda” without consent.

Others highlighted the unfortunate appearance of a European Space Agency (ESA) logo in the presidential campaign video.

As is so often the case these days, a petition soon popped up, urging the master of the caps-lock key to stop politicising space. After all, while the implication of the video is that if it wasn’t for the efforts of the current US President the mission might not have happened, NASA’s Commercial Crew Program was actually kicked off by President Barack Obama years previously, and has its roots in the George W Bush administration.

Sadly, the politicisation of space is difficult to avoid. President Richard Nixon, for example, was less than keen to lavish credit on John F Kennedy during the moonlandings of 50 years ago, while the space race itself was arguably driven more by political gesturing rather than pure science.

Lawmakers, after all, hold the purse strings and, as the saying goes, “No bucks, no Buck Rogers.”

As well as perhaps allowing someone to take a little more credit than is due and managing to annoy a former astronaut, the video also stomped over NASA’s media usage guidelines, which aren’t keen on the agency’s logos being used to “imply endorsement” and state that permission to show identifiable people needs to come from those individuals.

We suspect that ESA might also be a bit grumpy about its logo popping up.

Trump has infamously found himself on the receiving end of a long overdue prodding by social media anger trumpet, Twitter, but this particular bit of video self-aggrandisement was swiftly yanked by the uploader, presumably Trump’s campaign itself.

The good news for Trump fans is that while a like on the Make Space Great Again video is no longer possible, support can still be shown with the purchase of a hat from Trump’s online store. Right up until Disney notices a distinct similarity to its own, Epcot-based Mission Space logo.

The motion simulator ride in Florida’s Epcot theme park itself can leave some of its users a tad nauseous. Not unlike sitting through “Make Space Great Again”. ®

Source: Trump’s Make Space Great Again video pulled after former ‘naut says: Nope • The Register

Did Instagram Just Say It’s Rewriting Online Copyright? Use their embedded API at your peril

Posted on by

In one fell swoop, Facebook may have changed its mind about how the online news media will operate from here on out. Undermining a now age-old assumption, Facebook told Ars Technica on Thursday that embedding from Instagram may not shield news organizations from freely cross-posting on their sites. A spokesperson said:

While our terms allow us to grant a sub-license, we do not grant one for our embeds API. Our platform policies require third parties to have the necessary rights from applicable rights holders.

The dry statement could mean upheaval for online publishing, implying that a news organization (or anyone running a for-profit site) would have to obtain a license for an Instagram post directly from the poster before they can embed it. Some will worry that it bodes a future in which publications retroactively strike every Instagram embed from its archives in order to avoid lawsuits.

On one hand, it’s good news for professional photographers and artists who would otherwise be paid for the use of their work embedded on a personal website. Photographers like the ones who separately sued Mashable and Newsweek for embedding their Instagram posts, both after they explicitly declined to license the images to the respective publications. On the other hand, this might be the last gasp for Instagram commentary, the bread of the news, the spice of the tea blogs.

Source: Did Instagram Just Say It’s Rewriting Online Copyright?