The Linkielist

Linking ideas with the world

The Linkielist

Monthly Archives: September 2020

Official launch of ELLIS Units – 15th of September 2020! | European Lab for Learning & Intelligent Systems

Posted on by

The European Laboratory for Learning and Intelligent Systems (ELLIS) is officially launching its 30 ELLIS research units on Tuesday, September 15. Since the first 17 units were announced in December 2019, the ELLIS initiative has gained significant momentum, adding another 13 units at top research institutions across Europe. To highlight this rapid progress toward securing the future of European AI research, each unit will be presenting its research focus. While an in-person launch was initially planned in spring at the Royal Society in London, the event was postponed as a result of the global COVID-19 pandemic and will now take place online. The event will be will be open to the general public via livestreaming. A detailed agenda and the YouTube link will be posted shortly.

A detailed agenda and the YouTube link can be found here.

Source: Official launch of ELLIS Units – 15th of September 2020! | European Lab for Learning & Intelligent Systems

Cory Doctorow Crowdfunds His New Audiobook to Protest Amazon/Audible DRM

Posted on by

Science fiction writer Cory Doctorow (also a former EFF staffer and activist) explains why he’s crowdfunding his new audiobook online. Despite the large publishers for his print editions, “I can’t get anyone to do my audiobooks. Amazon and its subsidiary Audible, which controls 90% of the audiobook sales, won’t carry any of my audiobooks because I won’t let them put any of their digital rights management on it.

“I don’t want you locked in with their DRM as a condition of experiencing my work,” he explains in a video on Kickstarter. “And so I have to do it myself.”

He’s promising to sell the completed book through all the usual platforms “except Audible,” because “I want to send a message. If we get a lot of pre-orders for this, it’s going to tell something to Amazon and Audible about how people prioritize the stories they love over the technology they hate, and why technological freedom matters to people.

“It’s also going to help my publisher and other major publishers understand that there is an opportunity here to work with crowdfunding platforms in concert with the major publishers’ platforms to sell a lot of books in ways that side-step the monopolists, and that connect artists and audiences directly.”

it’s the third book in a series which began with the dystopian thriller Little Brother (recommended by Neil Gaiman) and continued with a sequel named Homeland. (“You may have seen Edward Snowden grab it off his bedstand and put it in his go bag and go into permanent exile in Hong Kong” in the documentary Citizen 4,” Doctorow says in his fundraising video.) The newest book, Attack Surface, finds a “technologist from the other side” — a surveillance contractor — now reckoning with their conscience while being hunted with the very cyber-weapons they’d helped to build. “There are a lot of technologists who are reckoning with the moral consequences of their actions these days,” Doctorow says, adding “that’s part of what inspired me to write this…

“Anyone who’s been paying attention knows that there’s been a collision between our freedom and our technology brewing for a long time.”

Just three days after launching the Kickstarter campaign, Doctorow had already raised over $120,000 over his original goal of $7,000 — with 26 days left to go. And he also promises that the top pledge premium is for real….

$10,000 You and Cory together come up with the premise for his next story in the “Little Brother” universe.
$75 or more All three novels as both audiobooks and ebooks
$40 or more All three novels as audiobooks
$35 or more All three novels as ebooks
$25 or more The audiobook and the ebook of Cory’s new novel, Attack Surface
$15 or more The audiobook for Attack Surface
$14 or more The new book Attack Surface in ebook format as a .mobi/.epub file
$11 or more The second book in the series, Homeland, in ebook format as a .mobi/.epub file
$10 or more The first novel in the series in ebook format as a .mobi/.epub file
$1 or more Cory will email you the complete text of “Little Brother,” the first book in the series, cryptographically signed with his private key

Source: Cory Doctorow Crowdfunds His New Audiobook to Protest Amazon/Audible DRM – Slashdot

It’s good to see that there are ways around the duopolies / monopolies that have taken control of so many facets of our lives. The books are available for free but paying helps break the system.

Swedish Company Unveils A Wind-Powered Car Carrier Ship That Uses Wings, Not Sails

Posted on by

KTH Royal Institute of Technology in Stockholm and the maritime consultancy SSPA partnered with shipbuilders Wallenius Marine in Sweden to design a cargo ship capable of reducing the industry’s huge carbon footprint. Around three percent of today’s carbon dioxide emissions come from the shipping industry, a figure that accounts for the 90,000 ships responsible for 90 percent of all trade on the planet, according to the Financial Times. That much carbon dioxide each year rivals the output of some industrialized nations.

The regulatory body International Maritime Organization has set a goal of cutting emissions by 40 percent over the next decade. That’s going to be a tall order, requiring drastic changes in the industry.

Enter Wallenius Marine’s Oceanbird, also known as the wind-Powered Car Carrier.

The ship will run on wind, but not by using conventional sails. Instead, the Oceanbird will use five 80-foot-tall wings, similar in shape to airplane wings, for propulsion. Those huge fins will be able to collapse down like a telescope to 45 feet in order to slip under bridges or when encountering rough seas. The plan is for the Oceanbird to be capable of transporting 7,000 cars across the Atlantic in 12 days, a trip that with current internal combustion engines takes seven or eight days. The ship will also be equipped with a small motor, probably electric, for navigating harbors and tricky areas.

Wallenius says the concept starts with cargo shipping but could be used by cruise lines as well. Of course, the Oceanbird concept won’t be ready for launch until probably 2025, according to SSPA. All the cool, world-changing technology seems to always be a few years away, doesn’t it? Still, Wallenius has been in the shipbuilding and logistics business for 30 years, and it has built 70 ships during that time. Maybe this could actually work. We’ve got to try something.

Source: Swedish Company Unveils A Wind-Powered Car Carrier Ship That Uses Wings, Not Sails

Watchdog accuses Amazon of price gouging during the pandemic

Posted on by

A new report by the consumer watchdog group Public Citizen accuses Amazon of price gouging during the pandemic. According to the group, Amazon increased the prices of essential items like masks, hand sanitizer, disinfectant spray, paper towels and toilet paper.

According to the report, the cost of a 50-pack of disposable face masks jumped from about $4 on April 1st to $39.99 on August 16th. That’s a 900 percent increase. Toilet paper sold by other retailers for $6.89 sold on Amazon for nearly $37, Public Citizen says. In August, the cost of disinfectant spray reportedly increased from about $7 to $13, a jump of more than 80 percent. Even the prices of flour, sugar and cornstarch varied widely.

[…]

Source: Watchdog accuses Amazon of price gouging during the pandemic | Engadget

Three middle-aged Dutch hackers slipped into Donald Trump’s Twitter account days before 2016 US election

Posted on by

Three “grumpy old hackers” in the Netherlands managed to access Donald Trump’s Twitter account in 2016 by extracting his password from the 2012 Linkedin hack.

The pseudonymous, middle-aged chaps, named only as Edwin, Mattijs and Victor, told reporters they had lifted Trump’s particulars from a database that was being passed about hackers, and tried it on his account.

To their considerable surprise, the password – but not the email address associated with @realdonaldtrump – worked the first time they tried it, with Twitter’s login process confirming the password was correct.

The explosive allegations were made by Vrij Nederland (VN), a Dutch magazine founded during WWII as part of the Dutch resistance to Nazi German occupation.

“A digital treasure chest with 120 million usernames and hashes of passwords. It was the spoil of a 2012 digital break-in,” wrote VN journalist Gerard Janssen, describing the LinkedIn database hack. After the networking website for suits was hacked in 2012 by a Russian miscreant, the database found its way onto the public internet in 2016 when researchers eagerly pored over the hashes. Critically, the leaked database included 6.5 million hashed but unsalted passwords.

Poring through the database, the trio found an entry for Trump as well as the hash for Trump’s password: 07b8938319c267dcdb501665220204bbde87bf1d. Using John the Ripper, a hash-reversing tool, they were able to uncover one of the Orange One’s login credentials. Some considerable searching revealed the correct email address (twitter@donaldjtrump.com – a different one from the one Trump used on LinkedIn and which was revealed in the hack)… only for the “middle aged” hackers to be defeated by Twitter detecting that the man who would become the 45th president of the United States had logged in earlier from New York.

One open proxy server later, they were in.

VN published screenshots supplied by the three showing a browser seemingly logged into Trump’s Twitter account, displaying a tweet dating from 27 October 2016 referring to a speech Trump delivered in Charlotte, North Carolina, USA.

The Dutch hackers also alleged that they found Trump’s details in a database hacked from Ashley Madison, a dating website aimed at cheating spouses. Amusingly, just 1.4 per cent of its 31 million users were actual women.

Despite trying to alert American authorities to just how insecure Trump’s account was (no multi-factor authentication, recycled password from an earlier breach) the hackers’ efforts got nowhere, until in desperation they tried Netherland’s National Cyber Security Centrum – which acknowledged receipt of their prepared breach report, which the increasingly concerned men had prepared immediately once they realised their digital trail was not particularly well covered.

“In short, the grumpy old hackers must set a good example. And to do it properly with someone they ‘may not really like’ they think this is a good example of a responsible disclosure, the unsolicited reporting of a security risk,” concluded VN’s Janssen.

Professor Alan Woodward of the University of Surrey added: “It’s password hygiene 101: use a different password for each account. And, if you know a password has been compromised in a previous breach (I think LinkedIn is well known) then for goodness sake, don’t use that one. [This is] a textbook example of credential stuffing.”

Source: Three middle-aged Dutch hackers slipped into Donald Trump’s Twitter account days before 2016 US election • The Register

High-fidelity record of Earth’s climate history puts current changes in context of orbital variation

Posted on by

For the first time, climate scientists have compiled a continuous, high-fidelity record of variations in Earth’s climate extending 66 million years into the past. The record reveals four distinctive climate states, which the researchers dubbed Hothouse, Warmhouse, Coolhouse, and Icehouse.

These major states persisted for millions and sometimes tens of millions of years, and within each one the climate shows rhythmic variations corresponding to changes in Earth’s orbit around the sun. But each climate state has a distinctive response to orbital variations, which drive relatively small changes in compared with the dramatic shifts between different climate states.

[…]

“We’ve known for a long time that the glacial-interglacial cycles are paced by changes in Earth’s orbit, which alter the amount of solar energy reaching Earth’s surface, and astronomers have been computing these orbital variations back in time,” explained coauthor James Zachos, distinguished professor of Earth and planetary sciences and Ida Benson Lynn Professor of Ocean Health at UC Santa Cruz.

“As we reconstructed past climates, we could see long-term coarse changes quite well. We also knew there should be finer-scale rhythmic variability due to orbital variations, but for a long time it was considered impossible to recover that signal,” Zachos said. “Now that we have succeeded in capturing the natural climate variability, we can see that the projected anthropogenic warming will be much greater than that.”

For the past 3 million years, Earth’s climate has been in an Icehouse state characterized by alternating glacial and interglacial periods. Modern humans evolved during this time, but and other human activities are now driving the planet toward the Warmhouse and Hothouse climate states not seen since the Eocene epoch, which ended about 34 million years ago. During the early Eocene, there were no polar ice caps, and average global temperatures were 9 to 14 degrees Celsius higher than today.

[…]

Critical to compiling the new climate record was getting high-quality sediment cores from deep ocean basins through the international Ocean Drilling Program (ODP, later the Integrated Ocean Drilling Program, IODP, succeeded in 2013 by the International Ocean Discovery Program). Signatures of past climates are recorded in the shells of microscopic plankton (called foraminifera) preserved in the seafloor sediments. After analyzing the sediment cores, researchers then had to develop an “astrochronology” by matching the climate variations recorded in sediment layers with variations in Earth’s orbit (known as Milankovitch cycles).

“The community figured out how to extend this strategy to older time intervals in the mid-1990s,” said Zachos, who led a study published in 2001 in Science that showed the climate response to orbital variations for a 5-million-year period covering the transition from the Oligocene epoch to the Miocene, about 25 million years ago.

“That changed everything, because if we could do that, we knew we could go all the way back to maybe 66 million years ago and put these transient events and major transitions in Earth’s climate in the context of orbital-scale variations,” he said.

[…]

Now that they have compiled a continuous, astronomically dated climate record of the past 66 million years, the researchers can see that the climate’s response to orbital variations depends on factors such as greenhouse gas levels and the extent of polar ice sheets.

“In an extreme greenhouse world with no ice, there won’t be any feedbacks involving the ice sheets, and that changes the dynamics of the climate,” Zachos explained.

Most of the major climate transitions in the past 66 million years have been associated with changes in greenhouse gas levels.

[…]

The new climate record provides a valuable framework for many areas of research, he added. It is not only useful for testing climate models, but also for geophysicists studying different aspects of Earth dynamics and paleontologists studying how changing environments drive the evolution of species.

Source: High-fidelity record of Earth’s climate history puts current changes in context

TikTok reveals details of how its algorithm works

Posted on by

TikTok Wednesday revealed some of the elusive workings of the prized algorithm that keeps hundreds of millions of users worldwide hooked on the viral video app.

[…]

TikTok’s algorithm uses machine learning to determine what content a user is most likely to engage with and serve them more of it, by finding videos that are similar or that are liked by people with similar user preferences.

  • When users open TikTok for the first time, they are shown 8 popular videos featuring different trends, music, and topics. After that, the algorithm will continue to serve the user new iterations of 8 videos based on which videos the user engages with and what the user does.
  • The algorithm identifies similar videos to those that have engaged a user based on video information, which could include details like captions, hashtags or sounds. Recommendations also take into account user device and account settings, which include data like language preference, country setting, and device type.
  • Once TikTok collects enough data about the user, the app is able to map a user’s preferences in relation to similar users and group them into “clusters.” Simultaneously, it also groups videos into “clusters” based on similar themes, like “basketball” or “bunnies.”
  • Using machine learning, the algorithm serves videos to users based on their proximity to other clusters of users and content that they like.
  • TikTok’s logic aims to avoid redundancies that could bore the user, like seeing multiple videos with the same music or from the same creator.

Yes, but: TikTok concedes that its ability to nail users’ preferences so effectively means that its algorithm can produce “filter bubbles,” reinforcing users’ existing preferences rather than showing them more varied content, widening their horizons, or offering them opposing viewpoints.

  • The company says that it’s studying filter bubbles, including how long they last and how a user encounters them, to get better at breaking them when necessary.
  • Since filter bubbles can reinforce conspiracy theories, hoaxes and other misinformation, TikTok’s product and policy teams study which accounts and video information — themes, hashtags, captions, and so on — might be linked to misinformation.
  • Videos or creators linked to misinformation are sent to the company’s global content reviewers so they can be managed before they are distributed to users on the main feed, which is called the “For You” page.

The briefing also featured updates about TikTok’s data, privacy and security practices.

  • The company says it tries to triage and prevent incidents on its platform before they happen by working to detect patterns of problems before they spread.
  • TikTok’s chief security officer, Roland Cloutier, said it plans to hire more than 100 data, security and privacy experts by year’s end in the U.S.
  • He also said that the company will be building a monitoring, response and investigative response center in Washington D.C. to actively detect and respond to critical incidents in real time.

The big picture: Beckerman says that TikTok’s transparency efforts are meant to position the company as a leader in Silicon Valley.

  • “We want to take a leadership position and show more about how the app works,” he said. “For us, we’re new, and we want to do this because we don’t have anything to hide. The more we’re talking to and meeting with lawmakers, the more comfortable they are with the product. That’s the way it should be.”

Source: TikTok reveals details of how its coveted algorithm works – Axios

Who Emerges into Virtual Team Leadership Roles? Different people from face to face leadership

Posted on by

It turns out that where in traditional face to face leadership, people prefer leaders who are vocal, charming, friendly (ascription qualities). In virtual leadership, people prefer leaders who facilitate, are organised and actually do stuff (achievement factors).

 In two independent samples—a laboratory experiment involving 86 teams (n = 340; sample one) and a semester long project involving 134 teams (n = 430; sample two)—we found that in low virtuality contexts, ascription factors accounted for incremental variance over achievement factors in predicting leadership emergence, and had larger relative importance. Conversely, in high virtuality contexts, achievement factors accounted for incremental variance over ascription factors in predicting leadership emergence, and had larger relative importance.

Source: Who Emerges into Virtual Team Leadership Roles? The Role of Achievement and Ascription Antecedents for Leadership Emergence Across the Virtuality Spectrum | SpringerLink

This seed of professional vexation has borne fruit, with new data showing that the confidence, intelligence and extroversion that have long propelled ambitious workers into the executive suite are not enough online, because they simply don’t translate into virtual leadership. Instead, workers who are organised, dependable and productive take the reins of virtual teams. Finally, doers lead the pack – at least remotely.

The study shows that, instead of those with the most dynamic voices in the room, virtual teams informally anoint leaders who actually do the work of getting projects done. “They are the individuals who help other team members with tasks, and keep the team on schedule and focused on goals,” says lead author Radostina Purvanova, an associate professor of management and leadership at Drake University in the US state of Iowa.

Source: The surprising traits of good remote leaders

BlindSide: Watch speculative memory probing bypass kernel defenses, give malware root control

Posted on by

Boffins in America, the Netherlands, and Switzerland have devised a Spectre-style attack on modern processors that can defeat defenses that are supposed to stop malicious software from hijacking a computer’s operating system. The end result is exploit code able to bypass a crucial protection mechanism and take over a device to hand over root access.

That’s a lot to unpack so we’ll start from the top. Let’s say you find a security vulnerability, such as a buffer overflow, in the kernel of an OS like Linux. Your aim is to use this programming flaw to execute code within the kernel so that you can take over the whole machine or device. One way to do this, and sidestep things like stack cookies and the prevention of data execution, is to use return-orientated programming (ROP). This involves chaining together snippets of instruction sequences in the kernel to form an ad-hoc program that does whatever you want: hand control of the machine to you, for example.

To thwart ROP-based exploits, a defense called Address Space Layout Randomization (ASLR) was devised some years back that, as the name suggests, randomizes the locations of an application or operating system kernel’s code and libraries in memory. That makes it difficult to write working ROP exploits as the snippets of code they need aren’t in their expected locations; they are randomly placed during boot. Some information needs to be leaked from the kernel that reveals the current layout of its components in RAM. If a ROP exploit just guesses the kernel’s layout and is wrong, it will trigger a crash, and this can be detected and acted on by an administrator.

Enter Spectre. This is the family of vulnerabilities that can be exploited by malware or a rogue user to obtain secret, privileged information – such as passwords and keys – by taking advantage of speculative execution, which is when a processor performs an operation before it’s needed and either retains or tosses the result, depending on the processor instructions ultimately executed.

What the team say they’ve done is designed a Spectre-style technique that can silently speculatively probe memory to determine the location of the kernel’s parts without triggering a crash. And that makes a blind return-oriented programming (BROP) attack possible, bypassing any ASLR in the way.

Hijack merchant

The technique, dubbed BlindSide, is explained in a paper [PDF] by Enes Göktaş and Georgios Portokalidis (Stevens Institute of Technology), Herbert Bos and Cristiano Giuffrida (Vrije Universiteit Amsterdam), and Kaveh Razavi (ETH Zürich). Scheduled to be presented at the ACM Conference on Computer and Communications Security (CCS) 2020, it involves memory-corruption-based speculative control-flow hijacking.

“Using speculative execution for crash suppression allows the elevation of basic memory write vulnerabilities into powerful speculative probing primitives that leak through microarchitectural side effects,” the paper stated. “Such primitives can repeatedly probe victim memory and break strong randomization schemes without crashes and bypass all deployed mitigations against Spectre-like attacks.”

The basic memory write vulnerability in this case was a heap buffer overflow patched some time ago in the Linux kernel (CVE-2017-7308). But the boffins insist other vulnerabilities that provide access to a write primitive, such as CVE-2017-1000112, CVE-2017-7294, and CVE-2018-5332, would work too. So to be clear: you need to find an unpatched hole in the kernel, get some kind of code execution on the machine in question, and then deploy the BROP technique with an exploit to gain root privileges.

The boffins show that they can break KASLR (Kernel ASLR) to run an ROP exploit; leak the root password hash; and undo fine-grained randomization (FGR) and kernel execute-only memory (XoM) protections to access the entire kernel text and perform an ROP exploit.

A video of one such attack shows that the technique takes a few minutes, but does manage to elevate the user to root privileges:

The computer scientists confirmed their technique on Linux kernel version 4.8.0 compiled with gcc and all mitigations enabled on a machine with an Intel Xeon E3-1270 v6 processor clocked at 3.80GHz with 16GB of RAM.

They also did so on Linux kernel version 5.3.0-40-generic with all the mitigations (e.g., Retpoline) enabled on an Intel i7-8565U chip (Whiskey Lake) with the microcode update for the IBPB, IBRS and STIBP mitigations. What’s more, the technique worked on Intel Xeon E3-1505M v5, Xeon E3-1270 v6 and Core i9-9900K CPUs (Skylake, Kaby Lake, and Coffee Lake) and on AMD Ryzen 7 2700X and Ryzen 7 3700X CPUs (Zen+ and Zen2).

“Overall, our results confirm speculative probing is effective on a modern Linux system on different microarchitectures, hardened with the latest mitigations,” the paper stated.

Potential mitigations involve preventing, detecting, and hindering speculative probing, but none of these approaches, the authors suggest, can deal with the issue very well. Intel and AMD did not immediately respond to requests for comment.

Source: Don’t be BlindSided: Watch speculative memory probing bypass kernel defenses, give malware root control • The Register

Several Fish Can Secretly Walk on Land, Study Suggests

Posted on by

A surprising number of hillstream loaches—a family of Asian fish—are capable of walking on land using all four limbs, according to a new study. It’s a discovery that could explain how some of the earliest animals managed to stroll on solid ground.

South Asian hillstream loaches are a family of small fish that can often be found clinging to rocks in fast-moving waters. New research published in the Journal of Morphology suggests at least 11 species of hillstream loaches can also walk on land, as evidenced by their peculiar anatomies. At least one species, a blind cavefish known as Cryptotora thamicola, has actually been caught in the act, but the new research suggests other hillstream loaches can do it as well.

Brooke Flammang, a biologist at the New Jersey Institute of Technology and the study’s lead principal investigator, along with her colleagues, analyzed 29 hillstream loach specimens. Using micro-CT scans, the team studied and compared the various specimens, looking at their distinctive shapes, muscle groups, and skeletal structures.

Cryptotora thamicola as seen in multiple perspectives.
Cryptotora thamicola as seen in multiple perspectives.
Image: Zach Randall, Florida Museum of Natural History, and BE Flammang, NJIT

This international team of researchers, which included scientists from the Florida Museum of Natural History, Louisiana State University, and Thailand’s Maejo University, also conducted some genetic work, sampling the DNA of 72 loaches in order to reconstruct their evolutionary family tree.

Together, the physical and genetic analysis revealed the fishes’ unusual land-walking capabilities.

“In most fishes, there is no bony connection between the backbone and the pelvic fins. These fish are different because they have hips,” explained Flammang in an email. “The hip bone is a sacral rib, and within the fishes we studied, we found three morphological variants ranging from very thin and not well-connected to robust and having a sturdy connection. We expect that those with the largest, most robust ‘hip’-bones have the best walking ability.”

Cryptotora thamicola in the wild.
Cryptotora thamicola in the wild.
Image: Florida Museum

Of the fish studied, 11 were found to have these robust hips, or pelvic girdles. Interestingly, the resulting gait is reminiscent of the way salamanders walk on land. As noted, the only documented example of a walking hillstream loach is Cryptotora thamicola, also known as the cave angel fish. These blind fish, in addition to walking on land, have been seen climbing up waterfalls, which they do using all four limbs.

[…]

Flammang said these fish don’t represent an intermediate species, that is, some kind of missing link between fully aquatic animals and those capable of living on land.

“But we know that throughout evolution, organisms have repeatedly converged on similar morphologies as a result of facing similar pressures of natural selection,” she said. “And we also know that physics does not change with time. Therefore, we can learn from the mechanics of how this fish walks and use it to better understand how extinct early animals may have walked.”

Source: Several Fish Can Secretly Walk on Land, Study Suggests

How Britain can help you get away with stealing millions: a five-step guide

Posted on by

Step 1: Forget what you think you know

If you want to commit significant financial crime, therefore, you need a bank account, because electronic cash weighs nothing, no matter how much of it there is. But that causes a new problem: the bank account will have your name on it, which will alert the authorities to your identity if they come looking.

This is where shell companies come in. Without a company, you have to act in person, which means your involvement is obvious and overt: the bank account is in your name. But using a company to own that bank account is like robbing a house with gloves on – it leaves no fingerprints, as long as the company’s ownership information is hidden from the authorities. This is why all sensible crooks do it.

[…]

Here is the secret you need to know to get started in the shell company game: the British company registration system contains a giant loophole – the kind of loophole you can drive a billion euros through without touching the sides.

[…]

. The true image associated with “shell companies” these days should not be an exotic island redolent of the sound of the sea and the smell of rum cocktails, but a damp-stained office block in an unfashionable London suburb, or a nondescript street in a northern city. If you want to set up in the money-laundering business, you don’t need to move to the Caribbean: you’d be far better off doing it from the comfort of your own home.

Step 2: Set up a company

The second step is easy, and involves creating a company on the Companies House website. Companies House maintains the UK’s registry of corporate structures and publishes information on shareholders, directors, accounts, partners and so on, so anyone can check up on their bona fides.

Setting up a company costs £12 and takes less than 24 hours. According to the World Bank’s annual Doing Business report, the UK is one of the easiest places anywhere to create a company, so you’ll find the process pretty straightforward.

[…]

While it has bullied the tax havens into checking up on their customers, Britain itself doesn’t bother with all those tiresome and expensive “due diligence” formalities. It is true that, while registering your company on the Companies House website, you will find that it asks for information such as your name and address.

[…]

Step 3: Make stuff up

This third step may be the hardest to really take in, because it seems too simple. Since 2016, the UK government has made it compulsory for anyone setting up a company to name the individual who actually owns it: “the person with significant control”, or PSC.

[…]

Here is the secret: no one checks the accuracy of the information you provide when you register with Companies House. You can say pretty much anything and Companies House will accept it.

[…]

Suspicious typos are everywhere once you start delving into the Companies House database.

[…]

Recently, while messing about on the Companies House website, I came across a PSC named Mr Xxx Stalin, who is apparently a Frenchman resident in east London.

[…]

Xxx Stalin led me to a PSC of a different company, who was named Mr Kwan Xxx, a Kazakh citizen, resident in Germany; then to Xxx Raven; to Miss Tracy Dean Xxx; to Jet Xxx; and finally to (their distant cousin?) Mr Xxxx Xxx. These rabbitholes are curiously engrossing, and before long I’d found Mr Mmmmmmm Yyyyyyyyyyyyyyyyyy, and Mr Mmmmmm Xxxxxxxxxxx (correspondence address: Mmmmmmm, Mmmmmm, Mmm, MMM), at which point I decided to stop.

As trolling goes, it is quite funny, but the implications are also very serious, if you think about what companies are supposed to be for. Limited companies and partnerships have their liability for debts limited, which means that if they go bust, their investors are not personally bankrupted. It’s a form of insurance – society as a whole is accepting responsibility for entrepreneurs’ debts, because we want to encourage entrepreneurial behaviour. In return, entrepreneurs agree to publish details about their companies so we can all check what they are up to, and to make sure they’re not abusing our trust.

[…]

The anti-corruption campaign group Global Witness looked into PSCs last year, and found 4,000 of them were under the age of two. One hadn’t even been born yet. At the opposite end of the spectrum, its researchers found five individuals who each controlled more than 6,000 companies. There are more than 4m companies at Companies House, which is a very large haystack to hide needles in.

You don’t actually even need to list a person as your company’s PSC. It’s permissible to say that your company doesn’t know who owns it (no, you’re not misunderstanding; that just doesn’t make sense), or simply to tie the system up in knots by listing multiple companies in multiple jurisdictions that no investigator without the time and resources of the FBI could ever properly check.

This is why step three is such an important one in the five-step pathway to creating a British shell company. If you can invent enough information when filing company accounts, then the calculation that underpins the whole idea of a company goes out of the window: you gain the protection from legal action, without giving up anything in return. It’s brilliant.

[…]

Step 4: Lie – but do so cleverly

Most of the daft examples earlier (Mmmmmmm, Mmmmmm, Mmm, MMM) would not be useful for committing fraud, since anyone looking at them can tell they’re not serious. Cumberland Capital Ltd, however, was a different matter. It looked completely legitimate.

[…]

When US police came looking for the people behind Cumberland Capital Ltd, they searched the Companies House website and found that its director was an Australian citizen called Manford Martin Mponda. Anyone researching binary-options fraud might quickly conclude that Mponda was a kingpin. He was a serial company director, with some 80 directorships in UK-registered companies to his name, and features in dozens of complaints.

It already looked like a major scandal that British regulation was so lax that Mponda could have been allowed to conduct a global fraud epidemic behind the screen of UK-registered companies, but the reality was even more remarkable: Mponda had nothing to do with it. He was a victim, too.

Police officers suspect that, after Mponda submitted his details to join a binary-options website, his identity was stolen so it could be used to register him as a director of dozens of UK companies. The scheme was only exposed after complaints to consumer protection bodies were passed onto the City of London police, who then asked their Australian colleagues to investigate.

[…]

So here is step four: don’t just lie, lie cleverly. British companies look legitimate, so look legitimate yourself. Steal a real person’s name, and put that on the company documents. Don’t put your own address on the documents, rent a serviced office to take your post: Paul Manafort used one in Finchley, the binary options fraudsters went to Liverpool, and Lantana Trade was based in the London suburb of Harrow.

[…]

Step 5: Don’t worry about it

I know what you’re thinking: it cannot be this easy. Surely you’ll be arrested, tried and jailed if you try to follow this five-step process. But if you look at what British officials do, rather than at what they say, you’ll begin to feel a lot more secure. The Business Department has repeatedly been warned that the UK is facilitating this kind of financial crime for the best part of a decade, and is yet to take any substantive action to stop it. (Though, to be fair, it did recently launch a “consultation”.)

[…]

In 2011, then-business secretary and Liberal Democrat MP Vince Cable decided to open up Companies House, and everything changed. After Cable’s reform, anyone with an internet connection, anywhere in the world, could create a UK company in about as much time as it takes to order a couple of pizzas, and for approximately the same amount of money. The checks were gone; there was no longer any connection to a verifiably existing person; it was as easy to create a UK company as it was to set up a Twitter account. The rationale was that this would unleash the latent entrepreneurship within the British nation by making it easy to turn business ideas into thriving concerns.

Instead of unchaining a new generation of British businesspeople, however, Cable let slip the dogs of fraud. At first, this rather technical modification to an obscure corner of the British machinery of state did not garner much attention, but for people who understood what it meant it was alarming.

[…]

There is, it turns out, a simple explanation for why successive governments have failed to do anything about it. Last year, when challenged in the House of Commons, Treasury minister John Glen stated that Companies House simply couldn’t afford to check the information filed with it, since that would cost the UK economy hundreds of millions of pounds a year. This is almost certainly an exaggeration. Anti-corruption activists who have looked at the data say the cost would in fact be far less than that, but the key point is that the reform would pay for itself. As Brewer has pointed out, “the burden of cost is one thing. But the cost of fraud is far greater.”

VAT fraud alone costs the UK more than £1bn a year, while the National Crime Agency estimates the cost of all fraud to the UK economy to be £190bn. The cost to the rest of the world of the money laundering enabled by UK corporate entities is almost certainly far higher.

[…]

lesson number five: don’t worry about it. Commit as much fraud as you like, fill your boots, the only reason anyone would care is if you kick up a fuss. And what sensible fraudster is going to do that?

Source: How Britain can help you get away with stealing millions: a five-step guide | World news | The Guardian

Researchers reveal a much richer picture of the past with new DNA recovery technique

Posted on by

Researchers at McMaster University have developed a new technique to tease ancient DNA from soil, pulling the genomes of hundreds of animals and thousands of plants—many of them long extinct—from less than a gram of sediment.

The DNA extraction method, outlined in the journal Quarternary Research, allows scientists to reconstruct the most advanced picture ever of environments that existed thousands of years ago.

The researchers analyzed permafrost samples from four sites in the Yukon, each representing different points in the Pleistocene-Halocene transition, which occurred approximately 11,000 years ago.

This transition featured the extinction of a large number of animal species such as mammoths, mastodons and ground sloths, and the new process has yielded some surprising new information about the way events unfolded, say the researchers. They suggest, for example, that the survived far longer than originally believed.

In the Yukon samples, they found the genetic remnants of a vast array of , including mammoths, horses, bison, reindeer and thousands of varieties of plants, all from as little as 0.2 grams of sediment.

The scientists determined that woolly mammoths and horses were likely still present in the Yukon’s Klondike region as recently as 9,700 years ago, thousands of years later than previous research using fossilized remains had suggested.

[…]

The technique resolves a longstanding problem for scientists, who must separate DNA from other substances mixed in with sediment. The process has typically required harsh treatments that actually destroyed much of the usable DNA they were looking for. But by using the new combination of extraction strategies, the McMaster researchers have demonstrated it is possible to preserve much more DNA than ever.

[…]

Source: Researchers reveal a much richer picture of the past with new DNA recovery technique

Apple sues Epic for destroying the App store and won’t let their users log in using Apple log in (whatever that is)

Posted on by

So, Apple is trying to frame it’s strong arming of companies into paying 30% protection money… uh… app store fees – well… unless you have an agreement to pay less, but only one or two have that… as being in the interest of the people who’s arms they are ripping out. Because we believe the scary man in the suit who has been ripping off customers and consumers left and right over the man who is saying he’s had enough.

Apple has filed a countersuit against Epic Games as the two companies continue their battle over App Store royalties.

The Cupertino giant is seeking a declaratory judgement [PDF] for breach of contract as it claims Epic has broken their agreement to distribute software and in-app purchases though the App Store. The filing is part formal response to the original Epic suit and part Apple making legal allegations of its own.

“Although Epic portrays itself as a modern corporate Robin Hood, in reality it is a multi-billion dollar enterprise that simply wants to pay nothing for the tremendous value it derives from the App Store,” Apple claims.

“Epic’s demands for special treatment and cries of ‘retaliation’ cannot be reconciled with its flagrant breach of contract and its own business practices, as it rakes in billions by taking commissions on game developers’ sales and charging consumers up to $99.99 for bundles of V-Bucks.”

Source: Apple to Epic: Sue me? No, sue you, pal! • The Register

“Epic’s actions have caused Apple to suffer reputational harm and loss of goodwill with consumers who rely on Apple to offer the apps they want to download, like Fortnite, with all of the safety, security, and privacy protections that they expect from Apple,” Apple said in its filing. “Left unchecked, Epic’s conduct threatens the very existence of the iOS ecosystem and its tremendous value to consumers.”

Apple claimed that Epic purposefully sent a “Trojan horse” to the App Store, hiding a line of code in a Fortnite hotfix that allowed the gaming company to “bypass Apple’s app review process” so it could trigger the option for users to pay Epic directly for V-Bucks, the game’s currency. Epic has denied that it hid anything from Apple.

Apple said this hotfix amounted to “little more than theft,” claiming that Epic purposefully tried to find a way to “enjoy all of the benefits of Apple’s iOS platform and related services” without paying Apple what it was contractually owed.

Source: Apple Says ‘Epic’s Conduct Threatens the Very Existence of the iOS Ecosystem’ in Countersuit

As of September 11th, Apple will no longer allow users to sign into Epic Games accounts using “Sign in with Apple.” If you’re using the Apple sign-in feature, make sure to update your Epic Games account email and password before Friday.

This change is the latest petty move in the Apple versus Epic battle.

Source: Apple will stop letting Epic Games use ‘Sign in with Apple’ on September 11th

Hacked Windows 10 Themes Can Swipe Your Microsoft Login

Posted on by

Windows 10 users can customize their desktops with unique themes, and are able to create and share those themes with others. Hackers can also use them to steal your credentials.

A flaw in Windows 10’s theme-creation feature lets hackers modify custom themes that, once installed, trick users into passing over their Microsoft account name and password data via counterfeit login pages. This technique wouldn’t necessarily raise any red flags for an average person, as some legit Windows 10 themes have you sign in after installation.

This “Pass the Hash” attack doesn’t steal your password verbatim, but rather the password hash—a jumbled up and obfuscated version of your password’s data. Companies hash password data to keep it more secure when stored on remote servers, but hackers can unscramble passwords with readily available software. In some cases, passwords can be cracked in just a few seconds.

This vulnerability was discovered by cybersecurity researcher Jimmy Bayne, who publicly disclosed the findings in a Twitter thread.

Bayne alerted Microsoft to the security risk, but the company says it has no plans to change the Theme feature since the credential passing is an intended feature; Hackers have simply found a way to use it maliciously.

With no official action being taken, it’s up to users to keep themselves safe from shady Windows 10 themes.

BleepingComputer and Bayne outline options for enterprise versions of Windows 10, but these won’t work for general users. The smartest move is to avoid custom themes entirely, but if you keep using them, make sure you’re only downloading official themes from secure sources like the Windows Store.

Whether you keep using custom themes or not, you should also update your accounts with unique passwords, turn on two-factor authentication, and use an encrypted password manager. I would also suggest unlinking third-party accounts from your Microsoft account and using local user accounts to sign in to your PC, rather than your Microsoft Account. Protective steps like these make it harder for outsiders to steal your data, even if they happen to snag a password.

Source: Hacked Windows 10 Themes Can Swipe Your Microsoft Login

TCL’s new paper-like display can also play videos

Posted on by

NXTPAPER today — a new type of display that’s meant to offer better eye protection by reducing flicker, blue light and light output. The company said the effect is similar to E Ink, calling it a “combination of screen and paper.” TCL also said it has received eye protection certifications from the German Rhine laboratory, and has 11 different patents for eye protection.

Don’t expect to see NXTPAPER appear on a smartphone, though. TCL said it’s meant for larger devices like tablets or e-readers. The new screen tech will support Full HD definition and allow for smooth video playback on a paper-like experience. Compared to E Ink, TCL said its version will offer 25 percent higher contrast. It uses a “highly reflective screen” to “reuse natural light,” doing away with backlighting in the process. TCL said NXTPAPER will be 36 percent thinner than typical LCD while offering higher contrast. Because it doesn’t require its own lights, the company said the new screen tech is also 65 percent more power efficient. This way, devices won’t need large unwieldy batteries for prolonged use.

Source: TCL’s new paper-like display can also play videos | Engadget

Rocket Lab secretly launched its own satellite that may one day go to the Moon

Posted on by

Rocket Lab recently made a successful return to flight and launched a client satellite from its Electron Rocket, but that’s not all that happened on the mission. The company also secretly launched its own satellite, called Photon, that could one day fly ambitious deep space missions.

Photon is based on Rocket Lab’s “Kick Stage,” which is a mini rocket designed to boost satellite payloads into their final circular orbit once Electron has brought them to space. However, rather than just packing a propulsion system, Photon will carry additional electronics, orientation sensors, power generation units and instruments like cameras. That means that Photon can act as a satellite itself so that clients don’t need to contract third-party providers to design and build them.

Normally, once the Kick Stage does its job, Rocket Lab de-orbits it to burn up in the atmosphere. However, this time it sent a command that switched it into Photon satellite mode to continue on a standalone mission called “First Light.” Intended as a demonstration, it’s equipped with solar panels and a camera that can snap images of itself and the Earth.

Eventually, customers will be able to choose a “launch-plus-spacecraft” mission with the Electron Rocket and Photon satellite, which “eliminate[s] the complexity, risk and delays associated with having to build their own satellite hardware and procure a separate launch,” said Rocket Lab CEO Peter Beck in a statement.

During a press conference, Beck said that the company launched Photon in secret to “make sure it’s all good and it works before announcing it.” Rocket Lab said that a high-energy version of Photon will eventually fly “lunar and interplanetary missions,” including NASA’s Capstone mission in early 2021. In that mission, Photon will fly as a “pathfinder” that will help the Artemis program’s Gateway spacecraft safely approach the Moon.

Source: Rocket Lab secretly launched its own satellite that may one day go to the Moon | Engadget

Harvard created a wool-like 3D-printable material that can shape shift

Posted on by

The team, from the John A. Paulson School of Engineering and Applied Sciences (SEAS), created a 3D-printable material that can be “pre-programmed with reversible shape memory.” The wool-like material can remember old forms and morph back into those, or transform into different shapes when a certain stimulus is applied.

It’s made using keratin extracted from recycled wool. Keratin is a fibrous protein that’s found in hair, which, of course, has a habit of returning to its natural form.

The researchers shaped a single chain of keratin into a spring-like structure. They twisted two of those together and used many such “coiled coils” to assemble large fibers. When a stimulus is applied to the material or it’s stretched out, those structures uncoil and the bonds realign. The material stays that way until it’s triggered to return to its original state, which is programmed with a solution of hydrogen peroxide and monosodium phosphate.

In one test, researchers programmed a sheet of keratin to have an origami star as its permanent shape. They dunked the sheet in water to make it malleable and rolled it into a tube. But when the team put that tube in the water again, it unrolled and reformed as the origami star.

The researchers believe the material could help reduce waste in the fashion industry. They suggested it could be used for truly one-size-fits-all clothing that stretches to fit the wearer, or bras “whose cup size and shape can be customized every day.” Consumers could save as well if they don’t have to replace stretched-out clothes quite so often.

“This two-step process of 3D printing the material and then setting its permanent shapes allows for the fabrication of really complex shapes with structural features down to the micron level,” Luca Cera, a SEAS postdoctoral fellow and first author of a paper on the material, said in a press release. “This makes the material suitable for a vast range of applications from textile to tissue engineering.”

Source: Harvard created a wool-like 3D-printable material that can shape shift | Engadget

Italy is investigating Apple, Google and Dropbox cloud storage services

Posted on by

Italy’s competition watchdog is investing Apple, Google and Dropbox, TechCrunch reports. In a press release, the AGCM announced that it opened six investigations into the companies’ cloud storage services: Google Drive, iCloud and Dropbox.

The authority is concerned that the services fail to adequately explain how user data will be collected and used for commercial purposes. It’s also investigating unfair clauses in the services’ contracts, terms that exempt the services from some liability and the prevalence of English versions of contracts over Italian versions.

In July, Italy launched an antitrust investigation into Amazon and Apple over Beats headphones. Authorities want to know whether the two companies agreed to prevent retailers outside of Apple’s official program from selling Beats and other Apple products.

Big tech companies are facing increased pressure from antitrust regulators in the US and Europe. The US Department of Justice may present its case against Google later this month. Apple is in a battle with Epic over its App Store rules, and the antitrust case against Amazon keeps getting stronger. It’s hard to say how effective any of these investigations will be at changing the industry’s behavior.

Source: Italy is investigating Apple, Google and Dropbox cloud storage services | Engadget

This is why monopolies are bad

China Just Launched and Landed a Secret Reusable Spacecraft

Posted on by

In recent days, China has quietly launched a secret reusable spacecraft, left it in orbit for two days and safely landed it back on Earth. And although the spacecraft is top secret—we’re not even privy to its design—there are some things that China apparently wants the world to know about it.

According to Xinhua, China’s official news agency, the launch took place on Friday at the Jiuquan Satellite Launch Center in Inner Mongolia. The spacecraft was launched with a Long March-2F rocket, per the South China Morning Post, and successfully returned to its scheduled landing site on Sunday.

A Chinese military source confirmed to the Post that staff and visitors to the launch site had been warned not to film the lift-off or talk about it online.

“There are many firsts in this launch. The spacecraft is new, the launch method is also different. That’s why we need to make sure there is extra security,” the military source said.

The Post, citing Xinhua, reported that during its two-day flight, the spacecraft would test reusable technologies with the aim of “providing technological support for the peaceful use of space.”

And although details of the mission were scarce, the Chinese military source told the Post that it should “take a look at the US X-37B,” a reference to the U.S. Department of Defense’s top-secret space plane developed by Boeing. According to the U.S. Air Force, the X-37B is an experimental test program that aims to demonstrate “reusable spacecraft technologies for America’s future in space and operating experiments, which can be returned to, and examined, on Earth.”

The X-37B is a reusable vehicle that doesn’t require an onboard crew. It enters space on top of a rocket, stays in low Earth orbit and then re-enters the atmosphere. It even lands like a normal plane.

Source: China Just Launched and Landed a Secret Reusable Spacecraft

India flies Mach 6 scramjet for 20 seconds

Posted on by

India claims it flew a perfect scramjet test at Mach 6 on Monday.

A government announcement says the vehicle hitched a ride on a rocket that ascended to an altitude of 30km before launching the “Hypersonic Technology Demonstrator Vehicle

“The cruise vehicle separated from the launch vehicle and the air intake opened as planned. The hypersonic combustion sustained and the cruise vehicle continued on its desired flight path at a velocity of six times the speed of sound i.e., nearly 02 km/second for more than 20 seconds,” the announcement added. “The critical events like fuel injection and auto ignition of scramjet demonstrated technological maturity. The scramjet engine performed in a text book manner.”

Telemetry from the craft and observations led Indian authorities to state: “All the performance parameters have indicated a resounding success of the mission.” India hasn’t released details or images of the vehicle, but did publish the launch video below.

India’s prime minister chipped in with a canned quote about the test being a fine moment in the nation’s drive for self-sufficiency in defense hardware.

Reg readers may recall that India’s done this sort of thing before, notably in a 2016 test flight that saw a scramjet ignite for five seconds. Yesterday’s test lasted rather longer, suggesting India is on the way to developing vehicles with longer ranges.

Which is where things get interesting because China, Russia and the USA are all developing hypersonic weapons. Such craft are strategically significant because they’re so fast that detecting an incoming strike is horrendously hard and developing countermeasures harder still. It’s also vastly difficult to build hypersonic craft because anything moving at 7,000km/h has all sorts of challenges with heat and vibration.

India already has a substantial and capable military and is one of few nations to possess nuclear weapons, operate a blue-water navy and run a space program.

Source: India flies Mach 6 scramjet for 20 whole seconds • The Register

No, Kubernetes doesn’t make applications portable, say analysts. Good luck avoiding lock-in, too

Posted on by

Do not make application portability your primary driver for adopting Kubernetes, say Gartner analysts Marco Meinardi, Richard Watson and Alan Waite, because while the tool theoretically improves portability in practice it also locks you in while potentially denying you access to the best bits of the cloud.

The three advance that theory in a recent “Technical Professional Advice” document that was last week summarised in a blog post.

The Register has accessed the full document and its central idea is that adopting Kubernetes can’t be done without also adopting a vendor of your preferred Kubernetes management tools.

“By using Kubernetes, you simply swap one form of lock-in for another, specifically for one that can lower switching cost should the need arise,” the trio write. “Using Kubernetes to minimize provider lock-in is an attractive idea, but such abstraction layer simply becomes an alternative point of lock-in. Instead of being locked into the underlying infrastructure environment, you are now locked into the abstraction layer.”

“If you adopt Kubernetes only to enable application portability, then you are trying to solve one problem, by taking on three new problems you didn’t already have.”

And that matters because “Although abstraction layers may be attractive for portability, they do not surface completely identical functionality from the underlying services — they often mask or distort them. In general, the use of abstraction layers on top of public cloud services is hardly justified when organizations prioritize time to value and time to market due to their overhead and service incongruence.”

The trio also worry that shooting for portability can cut users off from the best bits of the cloud.

“Implementing portability with Kubernetes also requires avoiding any dependency that ties the application to the infrastructure provider, such as the use of cloud provider’s native services. Often, these services provide the capabilities that drove us to the cloud in the first place,” they write.

And then there’s the infrastructure used to run Kubernetes, which the three point out will have variable qualities that make easy portability less likely.

“The more specific to a provider a compute instance is, the less likely it is to be portable in any way,” the analysts wrote. “For example, using EKS on [AWS] Fargate is not CNCF-certified and arguably not even standard Kubernetes. The same is true for virtual nodes on Azure as implemented by ACIs.”

The document also points out that adopting Kubernetes will almost certainly mean acquiring third-party storage and networking tools, which means more elements that have to be reproduced to make applications portable and therefore more lock-in.

Source: No, Kubernetes doesn’t make applications portable, say analysts. Good luck avoiding lock-in, too • The Register

Australia starts second fight with Google and Apple, this time over whether app stores leak data, gouge devs, steal ideas and warp markets

Posted on by

Australia, already embroiled in a nasty fight with Google and Facebook over its plan to make them pay for news links, has opened an inquiry into whether Apple and Google’s app stores offer transparent pricing and see consumers’ data used in worrying ways.

The issues paper [PDF] outlining the scope of the inquiry names only Apple and Google as of interest. The paper also mentions the recent Apple/Epic spat over developer fees to access the app store and proposes to ponder sideloading as a means of bypassing curated stores.

The Australian Competition and Consumer Commission, which will conduct the inquiry, has set out the following matters it wishes to probe:

  1. The ability and incentive for Apple and Google to link or bundle their other goods and services with their app marketplaces, and any effect this has on consumers and businesses.
  2. How Apple and Google’s various roles as the key suppliers of app marketplaces, but also as app developers, operators of the mobile licensing operating system and device manufacturers affect the ability of third party app providers to compete, including the impact of app marketplace fee structures on rivals’ costs.
  3. Terms, conditions and fees (including in-app purchases) imposed on businesses to place apps on app marketplaces.
  4. The effect of app marketplace fee structures on innovation.
  5. How app marketplaces determine whether an app is allowed on their marketplace, and the effect of this on app providers, developers and consumers;
  6. How where an app is ranked in an app marketplace is determined.
  7. The collection and use of consumer data by app marketplaces, and whether consumers are sufficiently informed about and have control over the extent of data that is collected.
  8. Whether processes put in place by app marketplaces to protect consumers from harmful apps are working.The document also reveals an intention to probe whether app store operators “identify which product development ideas are successful and emulate these ideas in their own apps” and seeks “views on the data sharing arrangements between apps and app marketplaces, and any views on the potential for app marketplaces to use data to identify, and respond to, potential competitors to the marketplace’s own apps.”

The Commission has created a survey for consumers and another for developers . The latter asks for comment on “adequacy of communications from the app store during the review process” and the experience of appealing decisions. Which should make for some tasty reading once the inquiry reports in March 2021.

The ACCC lists “legislative reform to address systemic issues” as one possible outcome from the inquiry. Which would be tastier still, given the furor over Australia’s current proposed laws.

Source: Australia starts second fight with Google, this time over whether app stores leak data, gouge devs, steal ideas and warp markets • The Register

I spoke of this in Zagreb at Dors/Cluc 2019 – it’s interesting to see how this is being picked up all over the world

Angry 123-Reg customers in the UK wake up to another day where hosted mail doesn’t get through to users on Microsoft email accounts

Posted on by

Users of UK web hosting firm 123-Reg’s email service told The Reg this morning that 96 hours after clocking the issue, they are still having trouble sending emails to users with Microsoft’s Live, Outlook or Hotmail accounts.

For its part, 123-Reg has confirmed “delays in delivering emails to Hotmail/Outlook/Live email addresses,” but provided no ETA for a fix. According to the issue ticket on its status page, filed on Saturday, September 5, the firm claimed to have identified the root cause – which it has yet to explain – and said it was “working with Microsoft” to resolve it. The issue is not believed to affect the delivery of emails being sent by customers on 123-Reg’s Microsoft 365 “platform”.

Several users have claimed the mail-forwarding issues actually began on Friday morning.

Predictably, punters are irate, with many complaining the outage is causing lost business and reputational damage.

Source: Angry 123-Reg customers in the UK wake up to another day where hosted mail doesn’t get through to users on Microsoft email accounts • The Register

As a private host with email, I feel the frustration. MS and Google are good at this.

Security Risks Revolving the 2020 US Presidential Elections | Techwarn.com

Posted on by

The coronavirus pandemic has forced people around the globe to temporarily modify the ways they go about activities. Activities like these include political elections and campaigning.

Since the virus hit in an election year, it’s highly likely new measures will be taken to prevent mass gatherings during voting. Infection rates aren’t likely to drop any time soon, and even if they did, queues for voting could lead to huge bursts of cases everywhere. At least 15 states in the US postponed presidential election primaries.

Suggestions have been made by election administrators to utilize an analog method of voting known as mail voting. It involves the mailing in of ballots by voters. If this technique is used, it would be highly likely that the results of the election would be decided in weeks or months.

Because of the pandemic, new voter registrations have dropped tremendously, with a 70% decrease experienced in twelve states. This year’s election was expected to break previous voting turnout records. However, with lockdowns still in place, voting participation will seemingly be reduced.

There have also been calls for online voting in some states like New Jersey, Delaware, and West Virginia. Currently, election administrators are holding discussions on the best method to use that would combine voting efficiency, safe health practices, and a speedy turnout of results.

Omnibox – Security Vulnerabilities

The most viable method which has been touted by speculators is the use of Omnibox – an online-based voting and ballot system primarily for the disabled, military and overseas voters. This system has however come under scrutiny from several quarters regarding its credibility.

In a paper released by Michael Specter and J. Alex Halderman, researchers at Massachusetts Institute of Technology (MIT) and the University of Michigan, they highlighted several security vulnerabilities inherent in the system and labelled it insecure on so many levels. Their study was based on three main branches of the system namely:

  • Online Ballot Return: One of these issues stemmed from the fact that the system was reliant on several third-party services which could deliver altered results, robbing the system of its independence and reliability. The risks associated with online ballot return are considered grave and can be influenced by malware and database compromise.
  • Blank Ballot Delivery: Although considered a moderate risk since rigorous electoral screening can check this, blank ballot delivery is still regarded as a risk. The system runs the risk of having voters’ ballots returned as blank or some candidates omitted from the ballot box.
  • Online Ballot Marking Manipulation: Here, attackers discover the voters’ choices and then either alter them or get their votes scanned in a different candidate’s box. This is tagged as high-risk vulnerability and ultimately, one of the reasons why this system is not recommended for use.

Mitigating Online Risks when “going to the polls”

Despite these vulnerabilities which seem like they should be handled by the government – which ordinarily should be, below are ways by which voters themselves can protect their votes from alteration.

  • Use Encryption Software: Encryption software helps add an extra layer of security to the data being sent over the Internet. Many times, public WiFis which we all make use of, have malicious elements waiting somewhere on the network to steal user data. To mitigate against this risk, download and use a VPN app when connecting to an unsure network in order to prevent data theft or alteration.
  • Educate Yourself: The government often releases guidelines on best practices to apply when making use of the online voting system. Engage in voter education and also educate people around you. For example, make sure you enter the official voting website, instead of any unapproved system that was established to mislead voters.
  • Use Antivirus Software: Viruses and malwares are one of the many ways by which cyber criminals also perpetuate their acts when it comes to online voting. Getting one of the best antivirus software on the Internet can help detect, scan and remove any suspicious or corrupted program that might be existing on the system.

Dutch minister of Justice holds coronaparty, changes law to escape consequences, appears to DMCA to delete from internet, better than Cummings!

Posted on by

The man who told all of the Netherlands to keep to 1.5m distance and to stay away from older people (Grapperhaus) was photographed hugging his mother in law and repeatedly breaking the distance at his wedding. This is the man who fines people EUR 400,- for this and then gives them a permanent record.

He wasn’t fined – although he did donate some money to the red cross and it didn’t go onto his permanent record. He expressed some sorrow that he was caught when cross examined and then changed the law so that there would be no more permanent crime record. In this way he could remain in parliament, because ciminals have no place there. He also instantly destroyed any credibility he had as well as any ability to enforce any laws. Silmoutaneously the Netherlands was turned into a banana republic.

His party, the CDA (Christian Democrats) decided not to ask Grapperhaus to do the honorable thing and step down and accept his punishment, so the Dutch coalition had no choice but to stand by him or face a parliamentary crisis.

Of course this might remind you of Dominic Cummings, who drove all across the UK to visit his mother during lockdown.

Now searching for images a few days after the fact reveals that a lot of the pictures seem to be unfindable, don’t link properly and are just plain gone, which is usually the right of throwing DMCA and right to be forgotten lawyers at things.

Oud-president Hoge Raad: ‘Minister Grapperhaus moet aftreden’

Zeg eens ‘eh’ met Ferdinand Grapperhaus

Frits Wester: ‘Waarom doet Grapperhaus zichzelf dit aan?’

Nieuwe foto’s van Grapperhaus die de coronaregels overtreedt

Waarom Grapperhaus nog steeds minister van Justitie is