Facebook announced today that Messenger and Instagram are, for all intents and purposes, merging. Chat features from Messenger will become available to Instagram users, and folks on either service will be able to reach out to one another without needing to download a separate app.
“Today, we’re announcing an update to Instagram DMs by introducing a new Messenger experience on the app,” wrote Adam Mosseri and Stan Chudnovsky—the respective heads of Instagram and Messenger—in a blog post earlier today.
“People are communicating in private spaces now more than ever. More than a billion people already use Messenger as a place to share, hang out and express themselves with family and friends,” they added. “That’s why we’re connecting the Messenger and Instagram experience to bring some of the best Messenger features to Instagram—so you have access to the best messaging experience, no matter which app you use.”
Samsung brags to advertisers that “first screen ads”, seen by all users of its Smart TVs when they turn on, are 100 per cent viewable, audience targeted, and seen 400 times per TV per month. Some users are not happy.
“Dear Samsung, why are you showing Ads on my Smart TV without my consent? I didn’t agree to this in the privacy settings but I keep on getting this, why?” said a user on Samsung’s TV forum, adding last week that “there is no mention of advertising on any of their brand new boxes”.
As noted by TV site flatpanelshd, a visit to Samsung’s site pitching to advertisers is eye-opening. It is not just that the ads appear, but also that the company continually profiles its customers, using a technology called Automatic Content Recognition (ACR), which works by detecting what kind of content a viewer is watching.
Samsung’s Tom Focetta, VP Ad Sales and Operations in the US, said in an interview: “Our platform is built on the largest source of TV data from more than 50 million smart TVs. And we have amassed over 60 per cent of the US ACR footprint.” Focetta added that ACR data is “not sold, rented or distributed” but used exclusively by Samsung to target advertising.
The first screen ad unit was introduced five years ago, Focetta explained, and the company has since “added video, different types of target audience engagement, different ways to execute in terms of tactics like audience takeovers, roadblocks”. A “roadblock” is defined as “100 per cent ownership of first screen ad impressions across all Samsung TVs”. According to a Samsung support, quoted by flatpanelshd: “In general, the banner cannot be deactivated in the Smart Hub.”
Advertising does not stop there since Samsung also offers TV Plus, “a free ad-supported TV service”. Viewers are familiar with this deal, though, since ad-supported broadcasting is long established. What perturbs them is that when spending a large sum of money on TV hardware, they were unknowingly agreeing to advertising baked into its operating menu, every time they switch on.
The advent of internet-connected TVs means that viewers now divide their time between traditional TV delivered by cable or over the air, and streaming content, with an increasing share going to streaming. Viewers who have cancelled subscription TV services in favour of streaming are known as cord-cutters.
Even viewers who have chosen to watch only ad-free content do not escape. “30 per cent of streamers spend all of their streaming time in non-ad supported apps. This, however, does not mean ‘The Lost 30’ are unreachable,” said Samsung in a paper.
The rivalry between Apple and Microsoft continued last night as the fruity firm’s cloud services took a tumble a mere day after Azure crapped itself.
While Apple has remained silent on what happened (we asked; it did not respond), the vast majority of its services wobbled over a two-hour period early this morning (UK time).
Issues began at around 1am affecting services including Apple TV, iCloud Mail, iWork for iCloud, and the company’s App Store. On its System Status page the company said “Some users were affected”, along with “Users experienced a problem with this service.”
The “problem” being that it simply didn’t work. A glance at social media shows disappointed fanatics wailing about Apple TV stopping midstream, Apple Music hitting the pause button, and iCloud Photos leaping from the nearest ledge.
Apple’s inability to keep its cloud in the air came a day after Microsoft suffered an embarrassing Azure failure, prompting us to ponder if Redmond has a reliability problem.
Unless some late-night (and early morning) fondling was involved, the outage did not cause too much European outrage. Some US users, on the other hand, found themselves at the pointy end of Apple’s issues and unable to express their feelings on the US presidential debate via the medium of iCloud email.
Things appear back to normal this morning, and The Register was heartened to note that fanboi assistant Siri did not appear to be affected.
In marked contrast to the approach taken by Microsoft, Apple has yet to explain what happened, why it happened, and why it will not happen again. We will update should a statement be forthcoming.
In the meantime, we anxiously await Cook & co’s inevitable “you’re using it wrong” retort.
A team of US astrophysicists has produced one of the most precise measurements ever made of the total amount of matter in the Universe, a longtime mystery of the cosmos.
The answer, published in The Astrophysical Journal on Monday, is that matter consists of 31.5 percent—give or take 1.3 percent—of the total amount of matter and energy that make up the Universe.
The remaining 68.5 percent is dark energy, a mysterious force that is causing the expansion of the Universe to accelerate over time, and was first inferred by observations of distant supernovae in the late 1990s.
Put another way, this means the total amount of matter in the observable Universe is equivalent to 66 billion trillion times the mass of our Sun, Mohamed Abdullah, a University of California, Riverside astrophysicist and the paper’s lead author told AFP.
Most of this matter—80 percent—is called dark matter. Its nature is not yet known but it may consist of some as-yet-undiscovered subatomic particle.
[…]
So how exactly do you weigh the Universe?
The team honed a 90-year-old technique that involves observing how galaxies orbit inside galaxy clusters—massive systems that contain thousands of galaxies.
These observations told them how strong each galaxy cluster‘s gravitational pull was, from which its total mass could then be calculated.
Fate of the Universe
In fact, explained Wilson, their technique was originally developed by the pioneering astronomer Fritz Zwicky, who was the first person to suspect the existence of dark matter in galaxy clusters, in the 1930s.
He noticed that the combined gravitational mass of the galaxies he observed in the nearby Coma galaxy cluster was insufficient to prevent those galaxies from flying away from one another, and realized there must be some other invisible matter at play.
The UCR team refined Zwicky’s technique, developing a tool they called GalWeight that determines more accurately which galaxies belong to a given cluster and which do not.
They applied their tool to the Sloan Digital Sky Survey, the most detailed three-dimensional maps of the Universe currently available, measuring the mass of 1,800 galaxy clusters and creating a catalog.
Finally, they compared the number of clusters observed per unit volume in their catalog against a series of computer simulations, each of which was fed a different value for the total matter of the Universe.
Simulations with too little matter had too few clusters, while those with too much matter had too many clusters.
The “Goldilocks” value they found fit the simulations just right.
A study of comet motions indicates that the solar system has a second alignment plane. Analytical investigation of the orbits of long-period comets shows that the aphelia of the comets, the point where they are farthest from the Sun, tend to fall close to either the well-known ecliptic plane where the planets reside or a newly discovered “empty ecliptic.” This has important implications for models of how comets originally formed in the solar system.
In the solar system, the planets and most other bodies move in roughly the same orbital plane, known as the ecliptic, but there are exceptions such as comets. Comets, especially long-period comets taking tens-of-thousands of years to complete each orbit, are not confined to the area near the ecliptic; they are seen coming and going in various directions.
[…]
The solar system does not exist in isolation; the gravitational field of the Milky Way galaxy in which the solar system resides also exerts a small but non-negligible influence
[…]
hen the galactic gravity is taken into account, the aphelia of long-period comets tend to collect around two planes. First the well-known ecliptic, but also a second “empty ecliptic.” The ecliptic is inclined with respect to the disk of the Milky Way by about 60 degrees. The empty ecliptic is also inclined by 60 degrees, but in the opposite direction. Higuchi calls this the “empty ecliptic” based on mathematical nomenclature and because initially it contains no objects, only later being populated with scattered comets.
Today’s the day YouTube is killing its “Community Contributions” feature for videos, which let content creators crowdsource captions and subtitles for their videos. YouTube announced the move back in July, which triggered a community outcry from the deaf, hard of hearing, and fans of foreign media, but it does not sound like the company is relenting. In one of Google’s all-time, poor-timing decisions, YouTube is killing the feature just two days after the International Week of the Deaf, which is the last full week in September.
Once enabled by a channel owner, the Community Contributions feature would let viewers caption or translate a video and submit it to the channel for approval. YouTube currently offers machine-transcribed subtitles that are often full of errors, and if you also need YouTube to take a second pass at the subtitles for machine translation, they’ve probably lost all meaning by the time they hit your screen. The Community Caption feature would load up those machine-written subtitles as a starting point and allow the user to make corrections and add text that the machine transcription doesn’t handle well, like transcribed sound cues for the deaf and hard of hearing.
YouTube says it’s killing crowd-source subtitles due to spam and low usage. “While we hoped Community Contributions would be a wide-scale, community-driven source of quality translations for Creators,” the company wrote, “it’s rarely used and people continue to report spam and abuse.” The community does not seem to agree with this assessment, since a petition immediately popped up asking YouTube to reconsider, and so far a half-million people have signed. “Removing community captions locks so many viewers out of the experience,” the petition reads. “Community captions ensured that many videos were accessible that otherwise would not be.”
In the endlessly escalating war between those striving to create flawless deepfake videos and those developing automated tools that make them easy to spot, the latter camp has found a very clever way to expose videos that have been digitally modified by looking for literal signs of life: a person’s heartbeat.
If you’ve ever had a doctor attach a pulse oximeter to the tip of your finger, then you’ve already experienced a technique known as photoplethysmography where subtle color shifts in your skin as blood is pumped through in waves allows your pulse to be measured. It’s the same technique that the Apple Watch and wearable fitness tracking devices use to measure your heartbeat during exercise, but it’s not just limited to your fingertips and wrists.
Though not apparent to the naked eye, the color of your face exhibits the same phenomenon, subtly shifting in color as your heart endlessly pumps blood through the arteries and veins under your skin, and even a basic webcam can be used to spot the effect and even measure your pulse. The technique has allowed for the development of contactless monitors for infants, simply requiring a non-obtrusive camera to be pointed at them while they sleep, but now is being leveraged to root out fake news.
Researchers from Binghamton University in Binghamton, New York, worked with Intel to develop a tool called FakeCatcher, and their findings were recently published in a paper titled, “FakeCatcher: Detection of Synthetic Portrait Videos using Biological Signals.” Deepfakes are typically created by matching individual frames of a video to a library of headshots, often times containing thousands of images of a particular person, and then subtly adjusting and tweaking the face being swapped in to match the existing one perfectly. Unbeknownst to the naked eye, those images still contain the telltale biological signs of the person having a pulse, but the machine learning tools used to create deepfakes don’t take into account that when the final video is played back, the moving face should still exhibit a measurable pulse. The random way in which a deepfake video is created results in an unstable pulse measurement when photoplethysmography detection techniques are applied to it, making them easier to spot.
From their testing, the researchers found that FakeCatcher was not only able to spot deepfake videos more than 90 percent of the time, but with the same amount of accuracy, it was also able to determine which of four different deepfake tools—Face2Face, NeuralTex, DeepFakes, or FaceSwap—was used to create the deceptive video. Of course, now that the research and the existence of the FakeCatcher tool has been revealed, it will give those developing the deepfake creation tools the opportunity to improve their own software and to ensure that as a deepfake videos are being created, those subtle shifts in skin color are included to fool photoplethysmography tools as well. But this is good while it lasts.
The British Army has reportedly developed AI-equipped killer drones armed with twin-linked shotguns designed for blasting enemies of the Queen hiding inside buildings.
As if that wasn’t terrifying enough, the Army is already looking at strapping a chain gun or rocket launcher to its i9 drone instead of the shotguns, according to The Times.
“It is the UK military’s first weaponised drone to be able to fly inside, using a combination of physics and AI that allow it to overcome ‘wall suck’, which causes drones with heavy payloads to crash because of the way they displace air in small rooms,” the newspaper reported this morning.
The weaponised craft is said to be loaded with “twin stabilised shotguns” as well as making use of “machine vision” to identify its targets. A human operator will have to press a button to actually fire the shotguns, though that is potentially the least of the civilised world’s worries from this thing.
We want weaponised urban drones flying through your house, says UK defence ministry as it waves a fistful of banknotes
Assuming that the drone is genuinely capable of firing a shotgun while hovering or in flight, this would mean the “unnamed British company” behind it has overcome some rather large challenges of physics. Basic Newtonian theory tells us that flinging an ounce of lead forwards at great speed causes an equal and opposite reaction backwards. In ballistics this force is called “recoil”. It takes little imagination to realise that recoil in a confined space is likely to push a drone backwards into a wall, rendering it useless.
[…]
The Ministry of Defence is but four years behind Russia in its armed drone endeavours. Back in 2016 a group of students designed an armed drone which first flew in 2019, though that appears to be an outdoors-only craft. The Belarusian Army also strapped an RPG to a drone in 2018, though footage doesn’t show it actually being fired
Flight Radar spokesman Ian Petchenik told The Register: “At this time we understand this to be a very strong DDoS attack [orchestrated] from a single source. While it is not known why we’re being targeted, multiple flight tracking services have suffered attacks over the past two days.”
It was not immediately obvious which other sites had suffered attacks, though some had used their Twitter accounts to inform followers of planned server upgrades and updates to end-user apps.
Open source researchers claim to have picked up the live flight tracks of drones over Armenia and Azerbaijan, following armed skirmishes between the two nations over the long-disputed Nagorno-Karabakh region. The conflict gained a more international dimension earlier today when a Turkish F-16 fighter jet reportedly shot down an elderly Armenian Su-25 Frogfoot ground attack aircraft.
The use of DDoSes against general-interest websites has fallen out of favour in recent years as the script kiddies behind those types of attacks in days of yore a) grew up and b) realised that ransomware is far more lucrative than crayoning over someone else’s website.
Whatever the cause of the Flight Radar 24 attacks – one knowledgeable source suggested to El Reg that the Nagorno-Karabakh conflict may have triggered a government determined to control what the wider world can see – they serve as a reminder that even one of the oldest online attack methods can still cause chaos today.
Some Microsoft services, including Outlook, Office 365, and Microsoft Teams, experienced a multi-hour outage on Monday, but the issues have been resolved, according to the company.
“We’ve confirmed that the residual issue has been addressed and the incident has been resolved,” Microsoft tweeted at 12AM ET on Tuesday. “Any users still experiencing impact should be mitigated shortly.”
The company first acknowledged issues at 5:44PM ET via the Microsoft 365 Status Twitter account, and said it had rolled back a change thought to be the cause of the issue at 6:36PM ET. But just 13 minutes later, the company tweeted again to say that it was “not observing an increase in successful connections after rolling back a recent change.” Microsoft tweeted that services were mostly back at 10:20PM ET.
Microsoft’s Azure Active Directory service was also experiencing issues on Monday, but the company said those were “now mitigated” as of 11:21PM ET Monday night. Microsoft said the problems were caused by a configuration change to a backend storage layer, which the company rolled back.
Update, September 29th, 11:20AM ET: Updated to confirm Microsoft has resolved the issues. The headline has also been updated to reflect this fact.
The core service affected was Azure Active Directory, which controls login to everything from Outlook email to Teams to the Azure portal, used for managing other cloud services. The five-hour impact was also felt in productivity-stopping annoyances like some installations of Microsoft Office and Visual Studio, even on the desktop, declaring that they could not check their licensing and therefore would not run.
There are claims that the US emergency 911 service was affected, which is not implausible given that the RapidDeploy Nimbus Dispatch systemdescribes itself as “a Microsoft Azure–based Computer Aided Dispatch platform”. If the problem is authentication, even resilient services with failover to other Azure regions may become inaccessible and therefore useless.
The company has yet to provide full details, but a status report today said that “a recent configuration change impacted a backend storage layer, which caused latency to authentication requests”.
[…]
Microsoft seems to have more than its fair share of problems. Gartner noted recently that it “continues to have concerns related to the overall architecture and implementation of Azure, despite resilience-focused efforts and improved service availability metrics during the past year”. The analyst’s reservations were based in part on the low ratio of availability zones to regions, and that “a limited set of services support the availability zone model”.
Gartner’s concerns are valid, but this was not the cause of the recent disruption. Bill Witten, identity architect at Okta, was to the point, commenting: “So, does everyone get why the mono-directory is not a good idea?”
Microsoft has built so much on Azure Active Directory that it is a single point of failure. The company either needs to make it so resilient that failure is near-impossible (which is likely to be its intention), or consider gradually reducing the dependence of so many services.
Source:
With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft
To hear many politicians (and, tragically, many academics) tell the story, patents and patent policy are keys to innovation. Indeed, many studies trying to measure innovation use the number of patents as a proxy. For years, we’ve argued that there is little evidence that patents are in any way correlated with innovation. Indeed, in practice, we often see patents get in the way of innovation, rather than being a sign of innovation. If anything, an influx of patents seems to indicate a decline in innovation, because as the saying goes, smart companies innovate, while failed companies litigate. Litigating patents tends to happen when a more established company no longer is able to compete by innovation, and has to bring in the courts to block and stop more nimble competitors.
Indeed, over and over again we seem to see the most innovative companies eschewing the anti-competitive powers that patents give them. I was reminded of this recently with the announcement that payments company Square had agreed to put all of its crypto patents into a new non-profit called the Crypto Open Patent Alliance to help fight off the unfortunate number of crypto patent trolls that are showing up.
Square is putting all of our crypto patents into a new non-profit org we’re calling the Crypto Open Patent Alliance, which will maintain a shared patent library to help the crypto community defend against patent aggressors and trolls. Join us! #bitcoinhttps://t.co/I9VopgtMz9
Of course, we see this throughout the companies generally considered to be the most innovative. A decade ago, Twitter came up with a very clever Innovator’s Patent Agreement, which effectively would block patent trolls from ever being able to use Twitter’s patents, should they somehow fall into trollish hands. A bunch of other top internet companies including Google, Dropbox, Asana, and Newegg launched the License on Transfer network, as a basic poison pill to, again, stop patent trolls.
And, most famously, Elon Musk flat out gave away Tesla’s patents and encouraged anyone else to use them to compete with Tesla, license-free.
If patents really were so vital to innovation, why would all of these innovative companies be so quick to give them up? And why is it so incredibly rare that any of them assert patents against competitors? Instead, so much of the patent litigation we see is against those innovative companies coming from a variety of patent trolls (frequently lawyers who never innovated at all) or also ran companies which may have been innovative in the past but have long since seen their innovative days in the rearview mirror.
It would be nice if policymakers, the media, and academics finally started recognizing the idea that patents are not just a bad proxy for actual innovation, but often antithetical to innovation, and we can see all the evidence we need for that in the fact that the most innovative companies are “devaluing” in their own patents to improve the ecosystem, rather than enforce those patents.
Not only that, but there are whole industries that would be nowhere if patents were enforced rigidly, such as the fashion industry and computer programming.
Tax records obtained by The New York Times appear to show that President Trump reduced his taxable income by treating his eldest daughter, Ivanka Trump, as a consultant, then deducting this as a business expense.
The Times reports that Trump Organization tax records show between 2010 and 2018, President Trump wrote off as business expenses $26 million in “consulting fees.” The consultants are not listed by name, but the Times compared the tax records to financial disclosures Ivanka Trump filed when she started working at the White House in 2017 as a senior adviser to her father. Ivanka Trump reported receiving $747,622 in payments from a consulting company she co-owned — the same exact amount in consulting fees the Trump Organization claimed as tax deductions for hotel projects in Hawaii and Vancouver.
As an executive officer with the Trump Organization, Ivanka Trump managed the Hawaii and Vancouver hotel projects, “meaning she appears to have been treated as a consultant on the same hotel deals that she helped manage as part of her job at her father’s business,” the Times said. Ivanka Trump earned a salary of about $480,000 while serving as an executive with the Trump Organization, and the amount jumped up to $2 million after her father became president, the Times reports; since leaving to work in the White House, she has not received a salary from the company.
The tax filings also show that Trump collected $5 million for a hotel deal in Azerbaijan and reported $1.1 million in consulting fees and made $3 million in Dubai while reporting a $630,000 consulting fee. People with direct knowledge of the deals told the Times they were not aware of any consultants or third parties who would have been paid in connection with the projects.
We’ve already covered what a ridiculous, pathetic grift the Oracle/TikTok deal was. Despite it being premised on a “national security threat” from China, because the app might share some data (all of which is easily buyable from data brokers) with Chinese officials, the final deal cured none of that, left the Chinese firm ByteDance with 80% ownership of TikTok, and gave Trump supporters at Oracle a fat contract — and allowed Trump to pretend he did something.
Of course, what he really did was hand China a huge gift. In response to the deal, state media in China is now highlighting how the Chinese government can use this deal as a model for the Chinese to force the restructuring of US tech companies, and force the data to be controlled by local companies in China. This is from the editor-in-chief of The Global Times, a Chinese, state-sponsored newspaper:
That says:
The US restructuring of TikTok’s stake and actual control should be used as a model and promoted globally. Overseas operation of companies such as Google, Facebook shall all undergo such restructure and be under actual control of local companies for security concerns.
So, beyond doing absolutely nothing to solve the “problem” that politicians in the US laid out, the deal works in reverse. It’s given justification for China to mess with American companies in the same way, and push to expose more data to the Chinese government.
Great work, Trump. Hell of a deal.
Meanwhile, the same Twitter feed says that it’s expected that officials in Beijing are going to reject the deal from their end, and seek to negotiate one even more favorable to China’s “national security interests and dignity.”
So, beyond everything else, Trump’s “deal” has probably done more to help China, and harm data privacy and protection, while also handing China a justification playbook to do so: “See, we’re just following your lead!”
The Seychelles-based outfit, founded in 2017, proudly boasts of its venture capital backers who clearly admire its services facilitating trading of “numerous digital assets and cryptocurrencies”. And on Saturday it advised users that it “detected some large withdrawals since September 26, 2020 at 03:05:37 (UTC+8)” and that an internal security audit revealed “part of Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of our total assets holdings. The assets in our cold wallets are safe and unharmed, and hot wallets have been re-deployed.”
The company also promised that any losses would be covered by insurance, but also advised that deposit and withdrawal services would be suspended pending a security review.
A later update included an FAQ in which customers asked why some of the withdrawals continued even after the first incident notification was posted. KuCoin assured customers it conducted those transactions itself and advised that restoration of withdrawal functions could take a week. In the volatile world of cryptocurrency, a week can be the difference between a win and a bust.
A Monday update, the latest, revealed the scale of the hack as KuCoin identified over $130m of assets. It also describes work among a number of crypto players to identify suspicious transactions, freeze transactions, and even lists some addresses suspected of involvement in the heist.
“KuCoin has been in touch with a growing number of industry partners to take tangible actions, thanks to all of you for your support!,” the statement concluded.
However, the latest statement does not offer any further information on the cause of the incident, remediation steps, or restoration times.
So there you have it, dear reader: a venture-backed startup, based in a tax haven, demonstrating the future of money in all its glory.
And in the background, China deciding that its own digital currency will be run only by its biggest banks with new payment players like Alibaba not allowed anywhere near its innermost workings
Transistors based on carbon rather than silicon could potentially boost computers’ speed and cut their power consumption more than a thousandfold — think of a mobile phone that holds its charge for months — but the set of tools needed to build working carbon circuits has remained incomplete until now.
A team of chemists and physicists at the University of California, Berkeley, has finally created the last tool in the toolbox, a metallic wire made entirely of carbon, setting the stage for a ramp-up in research to build carbon-based transistors and, ultimately, computers.
“Staying within the same material, within the realm of carbon-based materials, is what brings this technology together now,” said Felix Fischer, UC Berkeley professor of chemistry, noting that the ability to make all circuit elements from the same material makes fabrication easier. “That has been one of the key things that has been missing in the big picture of an all-carbon-based integrated circuit architecture.”
[…]
“Nanoribbons allow us to chemically access a wide range of structures using bottom-up fabrication, something not yet possible with nanotubes,” Crommie said. “This has allowed us to basically stitch electrons together to create a metallic nanoribbon, something not done before. This is one of the grand challenges in the area of graphene nanoribbon technology and why we are so excited about it.”
Metallic graphene nanoribbons — which feature a wide, partially-filled electronic band characteristic of metals — should be comparable in conductance to 2D graphene itself.
“We think that the metallic wires are really a breakthrough; it is the first time that we can intentionally create an ultra-narrow metallic conductor — a good, intrinsic conductor — out of carbon-based materials, without the need for external doping,” Fischer added.
Crommie, Fischer and their colleagues at UC Berkeley and Lawrence Berkeley National Laboratory (Berkeley Lab) will publish their findings in the Sept. 25 issue of the journal Science.
[…]
Several years ago, Fischer and Crommie teamed up with theoretical materials scientist Steven Louie, a UC Berkeley professor of physics, to discover new ways of connecting small lengths of nanoribbon to reliably create the full gamut of conducting properties.
Two years ago, the team demonstrated that by connecting short segments of nanoribbon in the right way, electrons in each segment could be arranged to create a new topological state — a special quantum wave function — leading to tunable semiconducting properties.
In the new work, they use a similar technique to stitch together short segments of nanoribbons to create a conducting metal wire tens of nanometers long and barely a nanometer wide.
The nanoribbons were created chemically and imaged on very flat surfaces using a scanning tunneling microscope. Simple heat was used to induce the molecules to chemically react and join together in just the right way. Fischer compares the assembly of daisy-chained building blocks to a set of Legos, but Legos designed to fit at the atomic scale.
“They are all precisely engineered so that there is only one way they can fit together. It’s as if you take a bag of Legos, and you shake it, and out comes a fully assembled car,” he said. “That is the magic of controlling the self-assembly with chemistry.”
Once assembled, the new nanoribbon’s electronic state was a metal — just as Louie predicted — with each segment contributing a single conducting electron.
The final breakthrough can be attributed to a minute change in the nanoribbon structure.
“Using chemistry, we created a tiny change, a change in just one chemical bond per about every 100 atoms, but which increased the metallicity of the nanoribbon by a factor of 20, and that is important, from a practical point of view, to make this a good metal,” Crommie said.
The two researchers are working with electrical engineers at UC Berkeley to assemble their toolbox of semiconducting, insulating and metallic graphene nanoribbons into working transistors.
“I believe this technology will revolutionize how we build integrated circuits in the future,” Fischer said. “It should take us a big step up from the best performance that can be expected from silicon right now. We now have a path to access faster switching speeds at much lower power consumption. That is what is driving the push toward a carbon-based electronics semiconductor industry in the future.”
President Donald Trump paid just $750 in federal income taxes the year he ran for president and in his first year in the White House, according to a report Sunday in The New York Times.
Trump, who has fiercely guarded his tax filings and is the only president in modern times not to make them public, paid no federal income taxes in 10 of the past 15 years.
The details of the tax filings complicate Trump’s description of himself as a shrewd and patriotic businessman, revealing instead a series of financial losses and income from abroad that could come into conflict with his responsibilities as president. The president’s financial disclosures indicated he earned at least $434.9 million in 2018, but the tax filings reported a $47.4 million loss.
The tax filings also illustrate how a reputed billionaire could pay little to nothing in taxes, while someone in the middle class could pay substantially more than him. Nearly half of Americans pay no income taxes, primarily because of how their low incomes are. But IRS figures indicate that the average tax filer paid roughly $12,200 in 2017, about 16 times more than what the president paid.
The disclosure, which the Times said comes from tax return data it obtained extending over two decades, comes at a pivotal moment ahead of the first presidential debate Tuesday and weeks before a divisive election against Democrat Joe Biden.
Speaking at a news conference Sunday at the White House, Trump dismissed the report as “fake news” and maintained he has paid taxes, though he gave no specifics. He also vowed that information about his taxes “will all be revealed,” but he offered no timeline for the disclosure and made similar promises during the 2016 campaign on which he never followed through.
In fact, the president has fielded court challenges against those seeking access to his returns, including the U.S. House, which is suing for access to Trump’s tax returns as part of congressional oversight.
During his first two years as president, Trump received $73 million from foreign operations, which in addition to his golf properties in Scotland and Ireland included $3 million from the Philippines, $2.3 million from India and $1 million from Turkey, among other nations. The president in 2017 paid $145,400 in taxes in India and $156,824 in the Philippines, compared to just $750 in U.S. income taxes. The Times said the tax records did not reveal any unreported connections to Russia.
Trump found multiple ways to reduce his tax bills. He has taken tax deductions on personal expenses such as housing, aircraft and $70,000 to style his hair while he filmed “The Apprentice.” Losses in the property businesses solely owned and managed by Trump appear to have offset income from his stake in “The Apprentice” and other entities with multiple owners.
During the first two years of his presidency, Trump relied on business tax credits to reduce his tax obligations. The Times said $9.7 million worth of business investment credits that were submitted after Trump requested an extension to file his taxes allowed him to reduce his income and pay just $750 each in 2016 and 2017.
Income tax payments help finance the military and domestic programs.
Trump, starting in 2010, claimed and received an income tax refund that totaled $72.9 million, which the Times said was at the core of an ongoing audit by the IRS. The Times said a ruling against Trump could cost him $100 million or more. He also has more than $300 million in loans due to be repaid in the next four years.
Richard Neal, D-Mass., the chair of the House Ways and Means Committee who has tried unsuccessfully to obtain Trump’s tax records, said the Times report makes it even more essential for his committee to get the documents.
“It appears that the President has gamed the tax code to his advantage and used legal fights to delay or avoid paying what he owes,” Neal wrote in a statement. “Now, Donald Trump is the boss of the agency he considers an adversary. It is essential that the IRS’s presidential audit program remain free of interference.”
A lawyer for the Trump Organization, Alan Garten, and a spokesperson for the Trump Organization did not immediately respond to a request for comment from The Associated Press on the report.
Garten told the Times that “most, if not all, of the facts appear to be inaccurate.”
He said in a statement to the news organization that the president “has paid tens of millions of dollars in personal taxes to the federal government, including paying millions in personal taxes since announcing his candidacy in 2015.”
The New York Times said it declined to provide Garten with the tax filings in order to protect its sources, but it said its sources had legal access to the records.
During his first general election debate against Democrat Hillary Clinton in 2016, Clinton said that perhaps Trump wasn’t releasing his tax returns because he had paid nothing in federal taxes.
Trump interrupted her to say, “That makes me smart.”
A judge in Washington has temporarily blocked a Trump administration order banning Apple and Google from offering Chinese-owned app TikTok for download that was set to take effect at 11:59pm on Sunday.
US district judge Carl Nichols granted a preliminary injunction sought by TikTok’s owner, ByteDance, to allow the app to remain available at US app stores, but declined “at this time” to block additional commerce department restrictions that are set to take effect on 12 November that TikTok has said would have the impact of making the app impossible to use in the United States.
Nichols’ detailed written opinion is expected to be released as soon as Monday.
The Commerce Department said in a statement it “will comply with the injunction and has taken immediate steps to do so.” The statement, which defended the TikTok order and Trump’s executive order demanding owner ByteDance divest its TikTok US operations within 90 days, did not specify whether the government would appeal.
TikTok said it was pleased with the injunction and added it “will also maintain our ongoing dialogue with the government to turn our proposal, which the president gave his preliminary approval to last week, into an agreement.”
The company’s lawyer John Hall had said a ban would be “punitive” and close off a public forum used by tens of millions of Americans.
In a written brief filed ahead of the hearing, TikTok lawyers said the ban was “arbitrary and capricious” and “would undermine data security” by blocking updates and fixes to the app used by some 100 million Americans.
The company also said the ban was unnecessary because negotiations were already underway to restructure the ownership of TikTok to address national security issues raised by the administration.
TikTok has an estimated 100 million users in the US and 700 million worldwide, making it one of the largest operators in the social media space.
Government lawyers argued the president had a right to take national security actions, and said the ban was needed because of TikTok’s links to the Chinese government through its parent firm ByteDance.
A government brief called ByteDance “a mouthpiece” for the Chinese Communist Party and said it was “committed to promoting the CCP’s agenda and messaging.”
ByteDance said on 20 September it had struck a preliminary deal for Walmart Inc and Oracle Corp to take stakes in a new company, TikTok Global, that would oversee US operations after Trump said he had given the deal his “blessing.” Negotiations continue over the terms of the agreement and to resolve concerns from Washington and Beijing.
The deal is still to be reviewed by the US government’s Committee on Foreign Investment in the United States (CFIUS).
A newly discovered technique by a researcher shows how Google’s App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products.
Google App Engine is a cloud-based service platform for developing and hosting web apps on Google’s servers.
While reports of phishing campaigns leveraging enterprise cloud domains are nothing new, what makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed.
Practically unlimited subdomains for one app
Typically scammers use cloud services to create a malicious app that gets assigned a subdomain. They then host phishing pages there. Or they may use the app as a command-and-control (C2) server to deliver malware payload.
But the URL structures are usually generated in a manner that makes them easy to monitor and block using enterprise security products, should there be a need.
For example, a malicious app hosted on Microsoft Azure services may have a URL structure like: https://example-subdomain.app123.web.core.windows.net/…
Therefore, a cybersecurity professional could block traffic to and from this particular app by simply blocking requests to and from this subdomain. This wouldn’t prevent communication with the rest of the Microsoft Azure apps that use other subdomains.
It gets a bit more complicated, however, in the case of Google App Engine.
Security researcher Marcel Afrahim demonstrated an intended design of Google App Engine’s subdomain generator, which can be abused to use the app infrastructure for malicious purposes, all while remaining undetected.
Google’s appspot.com domain, which hosts apps, has the following URL structure:
A subdomain, in this case, does not only represent an app, it represents an app’s version, the service name, project ID, and region ID fields.
But the most important point to note here is, if any of those fields are incorrect, Google App Engine won’t show a 404 Not Found page, but instead show the app’s “default” page (a concept referred to as soft routing).
“Requests are received by any version that is configured for traffic in the targeted service. If the service that you are targeting does not exist, the request gets Soft Routed,” states Afrahim, adding:
“If a request matches the PROJECT_ID.REGION_ID.r.appspot.com portion of the hostname, but includes a service, version, or instance name that does not exist, then the request is routed to the default service, which is essentially your default hostname of the app.”
Essentially, this means there are a lot of permutations of subdomains to get to the attacker’s malicious app. As long as every subdomain has a valid “project_ID” field, invalid variations of other fields can be used at the attacker’s discretion to generate a long list of subdomains, which all lead to the same app.
For example, as shown by Afrahim, both URLs below – which look drastically different, represent the same app hosted on Google App Engine.
“Verified by Google Trust Services” means trusted by everyone
The fact that a single malicious app is now represented by multiple permutations of its subdomains makes it hard for sysadmins and security professionals to block malicious activity.
But further, to a technologically unsavvy user, all of these subdomains would appear to be a “secure site.” After all, the appspot.com domain and all its subdomains come with the seal of “Google Trust Services” in their SSL certificates.
Google App Engine sites showing valid SSL certificate with “Verified by: Google Trust Services” text
Source: Afrahim
Even further, most enterprise security solutions such as Symantec WebPulse web filter automatically allow traffic to trusted category sites. And Google’s appspot.com domain, due to its reputation and legitimate corporate use cases, earns an “Office/Business Applications” tag, skipping the scrutiny of web proxies.
Automatically trusted by most enterprise security solutions
On top, a large number of subdomain variations renders the blocking approach based on Indicators of Compromise (IOCs) useless.
A screenshot of a test app created by Afrahim along with a detailed “how-to” demonstrates this behavior in action.
In the past, Cloudflare domain generation had a similar design flaw that Astaroth malware would exploit via the following command wheen fetching stage 2 payload:
This would essentially launch a Windows command prompt and put a random number replacing %RANDOM% making the payload URL truly dynamic.
“And now you have a script that downloads the payload from different URL hostnames each time is run and would render the network IOC of such hypothetical sample absolutely useless. The solutions that rely on single run on a sandbox to obtain automated IOC would therefore get a new Network IOC and potentially new file IOC if script is modified just a bit,” said the researcher.
Delivering malware via Google App Engine subdomain variations while bypassing IOC blocks
Actively exploited for phishing attacks
Security engineer and pentester Yusuke Osumi tweeted last week how a Microsoft phishing page hosted on the appspot.com subdomain was exploiting the design flaw Afrahim has detailed.
Osumi additionally compiled a list of over 2,000 subdomains generated dynamically by the phishing app—all of them leading to the same phishing page.
Active exploitation of Google App Engine subdomains in phishing attacks
Source: Twitter
This recent example has shifted the focus of discussion from how Google App Engine’s flaw can be potentially exploited to active phishing campaigns leveraging the design flaw in the wild.
“Use a Google Drive/Service phishing kit on Google’s App Engine and normal user would not just realize it is not Google which is asking for credentials,” concluded Afrahim in his blog post.
Formula 1 drivers have been told they cannot wear clothing bearing any slogans or messages while doing official duties after grands prix.
The move is a reaction to Mercedes’ Lewis Hamilton wearing a T-shirt at the last race in Tuscany referencing the case of a woman killed by US police.
The FIA said podium finishers “must remain attired only in their driving suits done up to the neck”.
This must be the case throughout the podium ceremony and interviews.
The requirements include a “medical face mask or team-branded face mask”.
The move had been expected after talks between the FIA, Mercedes and Hamilton’s representatives before this weekend’s Russian Grand Prix.
At Mugello, Hamilton wore a T-shirt saying: “Arrest the cops who killed Breonna Taylor” at the official pre-race anti-racism demonstration and on the podium and during the post-race interviews.
He had previously worn a Black Lives Matter T-shirt for the demonstration, but not after the race, while other drivers wore the FIA official “End Racism” T-shirts.
The FIA looked into whether they should investigate Hamilton on the grounds of breaking any rules, but decided against it.
Political messages have long been banned on the podium in F1.
Hamilton said at the Russian Grand Prix: “I did something that has never really happened in F1 and obviously they will stop it from happening moving forwards.”
Future moon explorers will be bombarded with two to three times more radiation than astronauts aboard the International Space Station, a health hazard that will require thick-walled shelters for protection, scientists reported Friday.
China’s lander on the far side of the moon is providing the first full measurements of radiation exposure from the lunar surface, vital information for NASA and others aiming to send astronauts to the moon, the study noted.
[…]
Astronauts would get 200 to 1,000 times more radiation on the moon than what we experience on Earth—or five to 10 times more than passengers on a trans-Atlantic airline flight, noted Robert Wimmer-Schweingruber of Christian-Albrechts University in Kiel, Germany.
“The difference is, however, that we’re not on such a flight for as long as astronauts would be when they’re exploring the moon,” Wimmer-Schweingruber said in an email.
Cancer is the primary risk.
“Humans are not really made for these radiation levels and should protect themselves when on the moon,” he added.
[…]
Wimmer-Schweingruber said the radiation levels are close to what models had predicted. The levels measured by Chang’e 4, in fact, “agree nearly exactly” with measurements by a detector on a NASA orbiter that has been circling the moon for more than a decade, said Kerry Lee, a space radiation expert at Johnson Space Center in Houston.
“It is nice to see confirmation of what we think and our understanding of how radiation interacts with the moon is as expected,” said Lee, who was not involved in the Chinese-led study.
[…]
The German researchers suggest shelters built of moon dirt—readily available material—for stays of more than a few days. The walls should be 80 centimeters (about 2 1/2 feet) thick, they said. Any thicker and the dirt will emit its own secondary radiation, created when galactic cosmic rays interact with the lunar soil.
The September 20 deadline for a purported TikTok sale has already passed, but the parties involved have yet to settle terms on the deal. ByteDance and TikTok’s bidders Oracle and Walmart presented conflicting messages on the future ownership of the app, confusing investors and users. Meanwhile, Beijing’s discontent with the TikTok sale is increasingly obvious.
China has no reason to approve the “dirty” and “unfair” deal that allows Oracle and Walmart to effectively take over TikTok based on “bullying and extortion,” slammed an editorial published Wednesday in China Daily, an official English-language newspaper of the Chinese Communist Party.
The editorial argued that TikTok’s success — a projected revenue of about a billion dollars by the end of 2020 — “has apparently made Washington feel uneasy” and prompted the U.S. to use “national security as the pretext to ban the short video sharing app.”
The official message might stir mixed feelings within ByteDance, which has along the way tried to prove its disassociation from the Chinese authority, a precondition for the companies’ products to operate freely in Western countries.
Beijing has already modified a set of export rules to complicate the potential TikTok deal, restricting the sale of certain AI-technologies to foreign companies. Both ByteDance and China’s state media have said the agreement won’t involve technological transfers.
The Trump administration said it would ban downloads of TikTok, which boasts 100 million users in the country, if an acceptable deal was not reached. It also planned to shut down Tencent’s WeChat, a decision that just got blocked by a district court in San Francisco.
TikTok has collected nearly 198 million App Store and Google Play installs in the U.S., while WeChat has been installed by nearly 22 million users in the U.S. since 2014, according to market research firm Sensor Tower. Unlike TikTok, which has a far-reaching user base in the U.S., WeChat is mainly used by Chinese-speaking communities or those with connections in China, where the messenger is the dominant chat app and most Western alternatives are blocked.
Four of the seven former eBay employees charged with cyberstalking a couple critical of the web auction house are scheduled to plead guilty next month.
In June, the US Justice Department charged six former staffers – director of safety and security James Baugh, 45, of San Jose, California; director of global resiliency David Harville, 48, of New York City; manager of global intelligence Stephanie Stockwell, 26, of Redwood City, California; and eBay Global Intelligence Center staffers Stephanie Popp, 32, Veronica Zea, 26, and Brian Gilbert, 51, all of San Jose – with conspiring to commit cyberstalking and tamper with witnesses.
The US Attorney’s Office of Massachusetts on Wednesday said four former eBay employees charged in that case plan to admit guilt at a video conference hearing scheduled for October 8, 2020.
A spokesperson for the USAO of Massachusetts confirmed to The Register the four individuals are Brian Gilbert, Stephanie Popp, Stephanie Stockwell, and Veronica Zea. The cases against the two most senior executives in the group, Harville and Baugh, remain ongoing; both deny the accusations.
In July, a seventh former eBay employee, former Santa Clara police captain Philip Cooke, 55, who oversaw security operations at eBay’s offices in Europe and Asia, was charged separately for alleged involvement in the harassment campaign.
The defendants are said [PDF] to have participated in a concerted effort to intimidate and silence a husband and wife team who run an ecommerce-focused newsletter and blog in a campaign last year.
[…]
it describes a harassment effort that consisted, among other things, of sending the newsletter publishers live cockroaches, the head of a fetal pig, a funeral wreath, a mask of a bloody pig’s head, and a book on surviving the loss of a spouse.
Unasked
Bloomberg suggests the recipient of that text message, “Executive 1,” is former CEO David Wenig, based on the similarity between a newsletter article quoted in the complaint, “eBay RICO Lawsuit Meant to Curb Seller Exodus to Amazon?” and an article with the same headline on the EcommerceBytes Blog that refers to Wenig.
The affidavit outlining the case cites text identical to the online article except that it replaces “eBay CEO” with “[Executive 1]”. Wenig has not been charged with any wrongdoing.
Subscriptions may be ideal for certain services such as Netflix, with its constant flow of new content, but for a suite of tools like Microsoft Office? Paying every month doesn’t suit everyone, especially if all they want is access to the word processor and spreadsheet. Thankfully, a new perpetual license edition of the suite arrives next year.
Microsoft clearly pushes an Office subscription as the best way to access its always up-to-date suite of tools and services, while those who just want to buy a copy outright and use it for years to come are still using Office 2019, which released back in 2018. It was unclear whether 2019 would ever be replaced, but as spotted by Windows Central, Microsoft quietly confirmed in a news post by the Exchange team that “Microsoft Office will also see a new perpetual release for both Windows and Mac, in the second half of 2021.”
There’s no details regarding the name, price, or availability of this new version
Spain’s highways agency is using bulk mobile phone data for monitoring speeding hotspots, according to local reports.
Equipped with data on customers handed over by local mobile phone operators, Spain’s Directorate-General for Traffic (DGT) may be gathering data on “which roads and at what specific kilometer points the speed limits are usually exceeded,” according to Granadan newspaper Ideal (en español).
“In fact, Traffic has data on this since the end of last year when the National Statistics Institution (INE) reached an agreement with mobile operators to obtain information about the movements of citizens,” reported the paper.
The data-harvesting agreement was first signed late last year to coincide with a national census (as El Reg reported at the time) and is now being used to monitor drivers’ speeds.
National newspaper El Paisreported in October 2019 that the trial would involve dividing Spain “into 3,500 cells with a minimum of 5,000 people in each of them” with the locations of phones being sampled continuously between 9am and 6pm, with further location snapshots being taken at 12am and 6am.
The newspaper explained: “With this information it will be possible to know how many citizens move from a dormitory municipality to a city; how many people work in the same neighbourhood where you live or in a different one; where do the people who work in an area come from, or how the population fluctuates in a box throughout the day.”
The INE insisted that data collected back then had been anonymised and was “aimed at getting a better idea of where Spaniards go during the day and night”, as the BBC summarised the scheme. Mobile networks Vodafone, Movistar, and Orange were all said to be handing over user data to the INE, with the bulk information fetching €500,000 – a sum split between all three firms.
In April the initiative was reactivated for the so-called DataCovid plan, where the same type of bulk location data was used to identify areas where Spaniards were ignoring COVID-19 lockdown laws.
“The goal is to analyse the effect which the (confinement) measures have had on people’s movements, and see if people’s movements across the land are increasing or decreasing,” Spain’s government said at the time, as reported by expat news service The Local’s Iberian offshoot.
The DGT then apparently hit on the idea of using speed data derived from cell tower pings (in the same way that Google Maps, Waze, and other online services derive average road speed and congestion information) to identify locations where drivers may have been breaking the speed limit.
The Ideal news website seemed to put the obvious fears to bed in its report of the traffic police initiative when it posed the obvious, rhetorical, question: whether drivers can be fined based on mobile data.
“The answer is clear and direct: it is not possible,” it concluded. “The DGT can only fine us through the fixed and mobile radars that it has installed throughout the country.”
While the direction of travel here seems obvious to anyone with any experience of living in a western country that implements this type of dragnet mass surveillance, so far there is little evidence of an explicit link between mobile phone data-slurping and speed cameras or fines.
Back in 2016, TfL ran a “trial” tracking people’s movements by analysing where their MAC addresses popped up within the Tube network, also hoping to use this data to get higher prices for advertising spots at busy areas inside Tube stations. Dedicated public Wi-Fi spots on train platforms is now a permanent fixture in all but a few of the London Underground stations. The service is operated by Virgin Media, which is “free” to use by customers of the four mobile network operators, but collects your mobile number at the point of signing up.
And here you can see the ease with which mission creep comes out and people start using your data for all kinds of non-related things once they have it. This is why we shouldn’t allow governments or anyone else to get their grubby little hands on it and why we should be glad that at least at EU level, data privacy is taken seriously with GDPR and other laws.
Twitter is notifying developers today about a possible security incident that may have impacted their accounts.
The incident was caused by incorrect instructions that the developer.twitter.com website sent to users’ browsers.
The developer.twitter.com website is the portal where developers manage their Twitter apps and attached API keys, but also the access token and secret key for their Twitter account.
In an email sent to developers today, Twitter said that its developer.twitter.com website told browsers to create and store copies of the API keys, account access token, and account secret inside their cache, a section of the browser where data is saved to speed up the process of loading the page when the user accessed the same site again.
This might not be a problem for developers using their own browsers, but Twitter is warning developers who may have used public or shared computers to access the developer.twitter.com website — in which case, their API keys are now most likely stored in those browsers.
“If someone who used the same computer after you in that temporary timeframe knew how to access a browser’s cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed,” Twitter said.
“Depending on what pages you visited and what information you looked at, this could have included your app’s consumer API keys, as well as the user access token and secret for your own Twitter account,” Twitter said.
