Two Silicon Valley VC firms, Silver Lake and Thoma Bravo, sold hundreds of millions of dollars in SolarWinds shares just days before the software biz emerged at the center of a massive hacking campaign.
Silver Lake and Thoma Bravo deny anything untoward.
The two firms owned 70 per cent of SolarWinds, which produces networking monitoring software that was backdoored by what is thought to be state-sponsored Russian spies. This tainted code was installed by thousands of SolarWinds customers including key departments of the US government that were subsequently hacked via the hidden remote access hole.
News of the role SolarWinds’ hijacked Orion software played in the hacking spree emerged at the weekend, and on Monday the developer’s share price plummeted more than 20 per cent. It is currently down 22 per cent.
However, around a week before, Silver Lake sold $158m of SolarWinds’ shares and Thoma Bravo sold $128m, according to the Washington Post. The two outfits have six seats on SolarWinds’ board, meaning they will have access to confidential internal information before it is made public. It’s not clear when SolarWinds became aware that its Orion build system had been compromised to include the aforementioned backdoor.
[…]
We asked FireEye when precisely it told SolarWinds its Orion updates had been trojanized, and a representative told us: “I’m not able to address the timeline of events.”
Timing
There is a plausible explanation for all this: the VCs shed their stock-holdings on the same day SolarWinds’ long-standing CEO resigned.
The software house announced in August that Kevin Thompson would leave the company though it didn’t give a date. Thompson reportedly quit on Monday, December 7 – news that was not made public – and a new CEO was formally announced two days later, on December 9, the day after FireEye went public on December 8 with details of the intrusion into its own systems.
For Star Wars fans, an X-Wing fighter isn’t complete without R2-D2. Whether you need to fire up converters, increase power, or fix a broken stabilizer, that trusty droid, full of lively beeps and squeaks, is the ultimate copilot.
Teaming artificial intelligence (AI) with pilots is no longer just a matter for science fiction or blockbuster movies. On Tuesday, December 15, the Air Force successfully flew an AI copilot on a U-2 spy plane in California: the first time AI has controlled a U.S. military system.
[…]
With call sign ARTUµ, we trained µZero—a world-leading computer program that dominates chess, Go, and even video games without prior knowledge of their rules—to operate a U-2 spy plane. Though lacking those lively beeps and squeaks, ARTUµ surpassed its motion picture namesake in one distinctive feature: it was the mission commander, the final decision authority on the human-machine team
[…]
Our demo flew a reconnaissance mission during a simulated missile strike at Beale Air Force Base on Tuesday. ARTUµ searched for enemy launchers while our pilot searched for threatening aircraft, both sharing the U-2’s radar. With no pilot override, ARTUµ made final calls on devoting the radar to missile hunting versus self-protection. Luke Skywalker certainly never took such orders from his X-Wing sidekick!
[…]
to trust AI, software design is key. Like a breaker box for code, the U-2 gave ARTUµ complete radar control while “switching off” access to other subsystems.
[…]
Like a digital Yoda, our small-but-mighty U-2 FedLab trained µZero’s gaming algorithms to operate a radar—reconstructing them to learn the good side of reconnaissance (enemies found) from the dark side (U-2s lost)—all while interacting with a pilot. Running over a million training simulations at their “digital Dagobah,” they had ARTUµ mission-ready in just over a month.
[…]
That autonomous future will happen eventually. But today’s AI can be easily fooled by adversary tactics, precisely what future warfare will throw at it.
U.S. Air Force Maj. “Vudu”, U-2 Dragon Lady pilot for the 9th Reconnaissance Wing, prepares to taxi after returning from a training sortie at Beale Air Force, California, Dec. 15, 2020.
A1C Luis A.Ruiz-Vazquez
Like board or video games, human pilots could only try outperformingDARPA’s AI while obeying the rules of the dogfighting simulation, rules the AI had algorithmically learned and mastered. The loss is a wakeup call for new digital trickery to outfox machine learning principles themselves. Even R2-D2 confused computer terminals with harmful power sockets!
For the first time in 44 years, a spacecraft has brought lunar samples to Earth. With the Chang’e 5 mission complete, China now joins a very exclusive club, reinforcing the country’s role as a major player in space exploration.
China is now only the third country to collect samples from the Moon and bring them to Earth. The last time this happened was in 1976, when the Soviet Union did the same as part of its Luna 24 mission. NASA, during the course of its six Apollo missions, managed to collect and retrieve 842 pounds of lunar regolith and rocks.
[…]
The capsule was 3,100 miles (5,000 km) above the southern Atlantic Ocean when it separated from the orbiter. Prior to making the big plunge, the capsule bounced off the atmosphere while traveling at 7 miles per second (11.2 km/s), which it did to reduce speed, bringing it down to a more manageable 5 miles per second (7.9 km/s). A parachute allowed it to safely drift to the surface, where it was retrieved by ground crews. As Xinhua reports, the recovery team will briefly inspect the capsule, and then fly it to Beijing for further analysis.
Specifically, the sealed samples will be “transferred to specially designed laboratories for analyses, experiments and tests so scientists can determine the extraterrestrial substances’ composition, structure and traits, thus deepening their knowledge about the history of the moon and the solar system,” according to CNSA. “A certain proportion of the samples will also be on public display to enhance science awareness among the public, especially young generations, sources close to the mission have said.”
[…]
Using its drill, the Chang’e 5 lander pulled 18 ounces (500 grams) of material from beneath the surface, while its robotic arm collected upwards of 3.5 pounds (1.5 kg). The research team will have to confirm these quantities once the capsule is opened. After storing the samples in a vacuum chamber, the lander planted a Chinese flag on the surface, bid farewell to the Moon, and then re-joined the orbiter on December 3. It marked the “first time a Chinese spacecraft has blasted off from an extraterrestrial body,” according to CNSA.
Last week, infamous porn-hosting site Pornhub made a big change by cutting off “unverified” uploads. Now, the company is taking things a step further and has removed all content that wasn’t uploaded by either a “content partner” or a verified user. Overnight, Pornhub has removed millions of uploaded videos — and, according to Vice, the site will start reviewing and verifying that those videos meet its “trust and safety policy.”
This comes after a New York Times report last week highlighted how the site’s lax enforcement of its policies was leading to child exploitation. Other issues linked to the site include scads of revenge porn, or videos uploaded without the consent of people in them. Pornhub didn’t directly address the allegations in the Times report, but the two major changes to the company’s policies over the last week speak volumes.
*Cough* I think you’ll find it was Visa and Mastercard dropping their support for them
Today, Pornhub said that the third-party Internet Watch Foundation had reported 118 incidents of child sexual abuse material on the Pornhub platform, compared to 84 million instances self-reported by Facebook. Pornhub also pointed out that, as of today, every piece of content on the site is from verified uploaders, “a requirement that platforms like Facebook, Instagram, TikTok, YouTube, Snapchat and Twitter have yet to institute.”
The company’s responses certainly have a ring of self-righteousness, especially as it says it’s being targeted “not because of our policies and how we compare to our peers, but because we are an adult content platform.” But with Mastercard and Visa both cutting off payments to Pornhub, the company has clear financial incentive to cleaning up its act.
Ah, all right, you found the reason why after all…
Cydia, the original app store for jailbroken iPhones, has joined a wave of companies and regulators in targeting Apple over antitrust concerns. In a lawsuit it filed on Thursday, it accused Apple of “anti-competitive acquisition and maintenance of an illegal monopoly over iOS app distribution.”
Were that not the case, Cydia argues, users would “be able to choose how and where to locate and obtain iOS apps, and developers would be able to use the iOS app distributor of their choice.” Apple rejected accusations it has a monopoly and told Motherboard it would review the lawsuit.
Apple launched the App Store in 2008, the year after Cydia arrived. The unofficial store allows users who jailbreak their iPhone and iPad to download apps and add features that Apple hasn’t necessarily approved.
Over time, Apple has made jailbreaking its devices more difficult and Cydia isn’t as prominent or popular as it once was. In 2010, Cydia developer Jay “Saurik” Freeman said 4.5 million users were searching the store for apps.
Like the App Store, Cydia took a cut of app sales and revenue peaked at around $10 million in 2011 and 2012, according to the Washington Post. Freeman ended purchases from Cydia’s store in 2018.
The suit follows a number of high-profile moves against Apple for similar reasons. Back in August, Epic Games sued Apple over its App Store rules after trying to bypass them. A coalition of companies, including Epic and Spotify, has formed to pressure Apple and Google into changing their app store practices. Apple is also under antitrust scrutiny from regulators in Europe and the US.
France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent.
Google has been hit with a total of €100 million ($120 million) for dropping cookies on Google.fr and Amazon €35 million (~$42 million) for doing so on the Amazon .fr domain under the penalty notices issued today.
The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country’s Data Protection Act.
In Google’s case the CNIL has found three consent violations related to dropping non-essential cookies.
“As this type of cookies cannot be deposited without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement provided for by article 82 of the Data Protection Act and the prior collection of the consent before the deposit of non-essential cookies,” it writes in the penalty notice [which we’ve translated from French].
Amazon was found to have made two violations, per the CNIL penalty notice.
CNIL also found that the information about the cookies provided to site visitors was inadequate — noting that a banner displayed by Google did not provide specific information about the tracking cookies the Google.fr site had already dropped.
Under local French (and European) law, site users should have been clearly informed before the cookies were dropped and asked for their consent.
In Amazon’s case its French site displayed a banner informing arriving visitors that they agreed to its use of cookies. CNIL said this did not comply with transparency or consent requirements — since it was not clear to users that the tech giant was using cookies for ad tracking. Nor were users given the opportunity to consent.
The law on tracking cookie consent has been clear in Europe for years. But in October 2019 a CJEU ruling further clarified that consent must be obtained prior to storing or accessing non-essential cookies. As we reported at the time, sites that failed to ask for consent to track were risking a big fine under EU privacy laws.
Invisible structures generated by gravitational interactions in the Solar System have created a “space superhighway” network, astronomers have discovered.
These channels enable the fast travel of objects through space, and could be harnessed for our own space exploration purposes, as well as the study of comets and asteroids.
By applying analyses to both observational and simulation data, a team of researchers led by Nataša Todorović of Belgrade Astronomical Observatory in Serbia observed that these superhighways consist of a series of connected arches inside these invisible structures, called space manifolds – and each planet generates its own manifolds, together creating what the researchers have called “a true celestial autobahn”.
This network can transport objects from Jupiter to Neptune in a matter of decades, rather than the much longer timescales, on the order of hundreds of thousands to millions of years, normally found in the Solar System.
[…]
They collected numerical data on millions of orbits in the Solar System, and computed how these orbits fit with known manifolds, modelling the perturbations generated by seven major planets, from Venus to Neptune.
And they found that the most prominent arches, at increasing heliocentric distances, were linked with Jupiter; and most strongly with its Lagrange point manifolds. All Jovian close encounters, modelled using test particles, visited the vicinity of Jupiter’s first and second Lagrange points.
A few dozen or so particles were then flung into the planet on a collision course; but a vast number more, around 2,000, became uncoupled from their orbits around the Sun to enter hyperbolic escape orbits. On average, these particles reached Uranus and Neptune 38 and 46 years later, respectively, with the fastest reaching Neptune in under a decade.
Space manifolds act as the boundaries of dynamical channels enabling fast transportation into the inner- and outermost reaches of the Solar System. Besides being an important element in spacecraft navigation and mission design, these manifolds can also explain the apparent erratic nature of comets and their eventual demise. Here, we reveal a notable and hitherto undetected ornamental structure of manifolds, connected in a series of arches that spread from the asteroid belt to Uranus and beyond. The strongest manifolds are found to be linked to Jupiter and have a profound control on small bodies over a wide and previously unconsidered range of three-body energies. Orbits on these manifolds encounter Jupiter on rapid time scales, where they can be transformed into collisional or escaping trajectories, reaching Neptune’s distance in a mere decade. All planets generate similar manifolds that permeate the Solar System, allowing fast transport throughout, a true celestial autobahn.
[…]
igure 1 shows short-term FLI maps of the outer edge of the asteroid belt (∼3 AU) up to near the semimajor axis of Uranus (∼20 AU), for all elliptic eccentricities, and considering the seven-planet dynamical model (top) and the Sun-Jupiter-TP–restricted problem (bottom) in ORBIT9. The large stable island at 5.2 AU, nesting the Greeks, is clearly visible in both panels of Fig. 1, as is the niche for the Hildas at 3.97 AU. A shadow of the chaotic borders of the strongest resonance in the outer belt, the 2:1 mean-motion resonance (MMR) with Jupiter at 3.3 AU, begins to appear, indicating the relative weakness of such orbital resonances compared to the manifolds uncovered herein. The notable feature of Fig. 1, however, is the large “V-shaped” chaotic structure that emerges outside of roughly 5.6 AU, which is connected to a series of arches at increasing heliocentric distances that nearly follows the perihelion line (qj) of Jupiter. Chaos also emanates along the Jovian aphelion line (Qj) in elongated concentric curves, initiating near 4.8 AU.
Fig. 1Global arch-like structure of space manifolds in the Solar System.
Short-term FLI maps of the region between the outer edge of the main asteroid belt at 3 AU to just beyond the semimajor axis of Uranus at 20 AU, for all elliptic eccentricities, adopting a dynamical model in ORBIT9 that contains the seven major planets (from Venus to Neptune) as perturbers (top) or Jupiter as the only perturber (bottom). Orbits located on stable manifolds appear with a lighter color, while darker regions correspond to trajectories off of them.
Spotify said it has reset an undisclosed number of user passwords after blaming a software vulnerability in its systems for exposing private account information to its business partners.
In a data breach notification filed with the California attorney general’s office, the music streaming giant said the data exposed “may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify.” The company did not name the business partners, but added that Spotify “did not make this information publicly accessible.”
Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12. But like most data breach notices, Spotify did not say what the vulnerability was or how user account data became exposed.
“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted,” the letter read.
Spotify spokesperson Adam Grossberg confirmed that a “small subset” of Spotify users are affected, but did not provide a specific figure. Spotify has more than 320 million users, and 144 million subscribers.
It’s the second time in as many months that the company has reset user passwords.
Last month security researchers found an unsecured database, likely operated by hackers, allegedly containing around 300,000 stolen user passwords. The database was probably used to launch credential stuffing attacks, in which lists of stolen passwords are matched against different websites that use the same password.
Although in that case the exposed data did not come from Spotify, the company reset the passwords on affected user accounts.
Long-time Slashdot reader zoobab shares this update about the long-standing Foundation for a Free Information Infrastructure, a Munich-based non-profit opposing ratification of a “Unified Patent Court” by Germany: The FFII is crowdfunding a constitutional complaint in Germany against the third attempt to impose software patents in Europe, calling on all software companies, independent software developers and FLOSS authors to donate.
The Unitary Patent and its Court will promote patent trolls, without any appeal possible to the European Court of Justice, which won’t be able to rule on patent law, and software patents in particular. The FFII also says that the proposed court system will be more expensive for small companies then the current national court system.
The stakes are high — so the FFII writes that they’re anticipating some tricky counter-maneuvering: Stopping the UPC in Germany will be enough to kill the UPC for the whole Europe… German government believe that they can ratify before the end of the year, as they consider the UK still a member of the EU till 31st December. The agenda of next votes have been designed on purpose to ratify the UPC before the end of the year. FFII expects dirty agenda and political hacks to declare the treaty “into force”, dismiss “constitutional complaints”, while the presence of UK is still problematic.
Sunday Reuters reported that “a sophisticated hacking group” backed by “a foreign government” has stolen information from America’s Treasury Department, and also from “a U.S. agency responsible for deciding policy around the internet and telecommunications.”
The Washington Post has since attributed the breach to “Russian government hackers,” and discovered it’s “part of a global espionage campaign that stretches back months, according to people familiar with the matter.” Officials were scrambling over the weekend to assess the extent of the intrusions and implement effective countermeasures, but initial signs suggested the breach was long-running and significant, the people familiar with the matter said. The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service and breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration… [The Washington Post has also reported this is the group responsible for the FireEye breach. -Ed]
All of the organizations were breached through the update server of a network management system called SolarWinds, according to four people familiar with the matter. The company said Sunday in a statement that monitoring products it released in March and June of this year may have been surreptitiously weaponized with in a “highly-sophisticated, targeted…attack by a nation state.” The scale of the Russian espionage operation is potentially vast and appears to be large, said several individuals familiar with the matter. “This is looking very, very bad,” said one person. SolarWinds products are used by more than 300,000 organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website. SolarWinds is also used by the top 10 U.S. telecommunications companies…
APT29 compromised the SolarWinds server that sends updates so that any time a customer checks in to request an update, the Russians could hitch a ride on that update to get into a victim’s system, according to a person familiar with the matter. “Monday may be a bad day for lots of security teams,” tweeted Dmitri Alperovitch, a cybersecurity expert and founder of the Silverado Policy Accelerator think tank.
Reuters described the breach as “so serious it led to a National Security Council meeting at the White House.”
Google services such as YouTube and Gmail started the week with an almighty bang as the Chocolate Factory’s cloud came crashing to the ground.
Despite an insistence from the company’s various health dashboards that all was fine and dandy, it most definitely was not.
Those seeking distraction in video form were treated to YouTube’s “Something went wrong…” monkey, while others wishing to express their disquiet via Gmail were shown a 502 code or a suggestion to try again in five minutes.
The issue appears to have afflicted vast swathes of the globe, with users in the Philippines and India joining Europeans and US early birds in being unexpectedly ejected from the Chocolate Factory’s services.
Problems seemed to start at around 11:30 GMT. At time of writing YouTube was inaccessible, Gmail was borked, Drive was down, image search failed (unless an error code was what you were looking for), and Docs didn’t seem happy.
Some things still worked – we found links to existing Google Docs were working and the search for which the company is famed appeared to be running. So there was no need to resort to something like Bing.
Google is no stranger to outages. Pretty much everything from GCP to G Suite fell over into a heap back in August.
As for today’s outage, Google’s Workspace dashboard was aglow with green lights, even if the reality was quite different.
The TSA’s “Quiet Skies” program continues to suffer under scrutiny. When details first leaked out about the TSA’s suspicionless surveillance program, even the air marshals tasked with tailing non-terrorists all over the nation seemed concerned. Marshals questioned the “legality and validity” of the program that sent them after people no government agency had conclusively tied to terrorist organizations or activities. Simply changing flights in the wrong country was enough to initiate the process.
First, the TSA lost the support of the marshals. Then it lost itself. The TSA admitted during a Congressional hearing that it had trailed over 5,000 travelers (in less than four months!) but had yet to turn up even a single terrorist. Nonetheless, it stated it would continue to trail thousands of people a year, presumably in hopes of preventing another zero terrorist attacks.
Then it lost the Government Accountability Office. The GAO’s investigation of the program contained more investigative activity than the program itself. According to its report, the TSA felt surveillance was good but measuring the outcome was bad. When you’re trailing 5,000 people and stopping zero terrorists, the less you know, the better. Not being able to track effectiveness appeared to be a feature of “Quiet Skies,” rather than a bug.
Now it’s lost the TSA’s Inspector General. The title of the report [PDF] underplays the findings, stating the obvious while also understating the obvious: TSA Needs to Improve Management of the Quiet Skies Program. A good alternative title would be “TSA Needs to Scrap the Quiet Skies Program Until it Can Come Up with Something that Might Actually Stop Terrorists.”
I mean…
TSA did not properly plan, implement, and manage the Quiet Skies program to meet the program’s mission of mitigating the threat to commercial aviation posed by higher risk passengers.
In slightly more detail, the TSA did nothing to set up the program correctly or ensure it actually worked. The IG says the TSA never developed performance goals or other metrics to gauge the effectiveness of the suspicionless surveillance. It also ignored its internal guidance to more effectively deploy its ineffective program.
Here’s why:
This occurred because TSA lacked sufficient, centralized oversight to ensure the Quiet Skies program operated as intended.
The European Medicines Agency (EMA), the EU regulatory body in charge of approving COVID-19 vaccines, said today it was the victim of a cyber-attack.
In a short two-paragraph statement posted on its website today, the agency discloses the security breach but said it couldn’t disclose any details about the intrusion due to an ongoing investigation.
in a follow-up statement released on its own website, BioNTech said that “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed” during the attack, confirming that COVID-19 research was most likely the target of the attack.
Over the past months, numerous companies working on COVID-19 research and vaccines have been the targets of hackers, and especially of state-sponsored hacking groups.
Companies like Johnson & Johnson, Novavax, Genexine, Shin Poong Pharmaceutical, Celltrion, AstraZeneca, Moderna, and Gilead have been targeted by hackers, according to reports from Reuters and the Wall Street Journal.
In November, OS maker and cyber-security giant Microsoft said it detected three nation-state hacking groups (known as APTs) targeting seven companies working on COVID-19 vaccines, singling out Russia’s Strontium (Fancy Bear) and North Korea’s Zinc (Lazarus Group) and Cerium for the attacks.
Facebook illegally crushed its competition and continues to do so to this day to maintain its monopoly, according to a lawsuit filed on Wednesday by the attorneys general of no fewer than 46 US states plus Guam and DC.
The lawsuit alleges that the social media giant “illegally acquired competitors in a predatory manner and cut services to smaller threats – depriving users from the benefits of competition and reducing privacy protections and services along the way – all in an effort to boost its bottom line through increased advertising revenue.”
America’s consumer watchdog the FTC is also suing the antisocial network in a parallel action, and making the same basic allegations: that Facebook has been “illegally maintaining its personal social networking monopoly through a years-long course of anticompetitive conduct.”
It’s been a long time coming but the, as alleged, privacy-invading, competition-crushing Zuckerberg spin machine that is Facebook has finally been taken on by the United States.
The action is being led by New York’s Attorney General Letitia James, and she wasn’t holding back in her declaration of legal war. “For nearly a decade, Facebook has used its dominance and monopoly power to crush smaller rivals and snuff out competition, all at the expense of everyday users,” she said. “Today, we are taking action to stand up for the millions of consumers and many small businesses that have been harmed by Facebook’s illegal behavior.”
She also highlighted the biggest complaint against Facebook by its users, a complaint that has been commonplace for nearly a decade, that it has made “billions by converting personal data into a cash cow.”
[…]
The 123-page lawsuit [PDF] dives into how what was once just a website among many others became an online monster devouring anything in its path. “Facebook illegally maintains that monopoly power by deploying a buy-or-bury strategy that thwarts competition and harms both users and advertisers. Facebook’s illegal course of conduct has been driven, in part, by fear that the company has fallen behind in important new segments and that emerging firms were ‘building networks that were competitive with’ Facebook’s and could be ‘very disruptive to’ the company’s dominance,” the lawsuit stated.
It quotes CEO Mark Zuckerberg directly and notes that the Silicon Valley goliath would ruthlessly buy up companies in order to “build a competitive moat” or “neutralize a competitor” in its bid for dominance. And notes that Facebook has “coupled its acquisition strategy with exclusionary tactics that snuffed out competitive threats and sent the message to technology firms that, in the words of one participant, if you stepped into Facebook’s turf or resisted pressure to sell, Zuckerberg would go into ‘destroy mode’ subjecting your business to the ‘wrath of Mark.’ As a result, Facebook has chilled innovation, deterred investment, and forestalled competition in the markets in which it operates, and it continues to do so.”
The lawsuit is a much tighter and angrier indictment of Facebook than a similar one lodged against Google in October by the Department of Justice. It still relies on traditional antitrust arguments, however, rather than trying to break new ground to deal with the modern internet era.
According to Politico offshoot Protocol, the felony streaming proposal is the work of Republican senator Thom Tillis, who has backed similar proposals previously. It is more or less exactly what it sounds like: A proposal to turn unauthorized commercial streaming of copyrighted material—progressive policy publication The American Prospectspecifically points to examples like “an album on YouTube, a video clip on Twitch, or a song in an Instagram story”—into a felony offense with a possible prison sentence. Currently, such violations, no matter how severe, are considered misdemeanors rather than felonies, because the law regards streaming as a public performance. With Twitch currently in the crosshairs of the music industry, such a change would turn up the heat on streamers and Twitch even higher—perhaps to an untenable degree. Other platforms, like YouTube, would almost certainly suffer as well.
“A felony streaming bill would likely be a chill on expression,” Katharine Trendacosta, associate director of policy and activism with the Electronic Frontier Foundation, told The American Prospect. “We already see that it’s hard enough in just civil copyright and the DMCA for people to feel comfortable asserting their rights. The chance of a felony would impact both expression and innovation.”
According to Protocol, House and Senate Judiciary Committees have agreed to package the streaming felony proposal with other controversial provisions that include the CASE act, which would establish a new court-like entity within the U.S. Copyright Office to resolve copyright disputes, and the Trademark Modernization Act, which would give the U.S. Patent and Trademark Office more flexibility to crack down on illegitimate claims from foreign countries.
Alongside the felony streaming proposal, these provisions have drawn ire from civil rights groups, digital rights nonprofits, and companies including the aforementioned Electronic Frontier Foundation, the Internet Archive, the American Library Association, and the Center for Democracy & Technology. Collectively, these groups and others penned a letter to the U.S. Senate last week.
It’s incredible that not only does copyright stifle competition, but it allows a creator to create something once, get lucky and then sit on his / her arse for the rest of their lives – and their childrens’ doing sweet fuck all and raking in dosh. And that these laws get stronger and stronger for the people who do pretty much nothing.
SpaceX has conducted a test of the Starship it plans to use for flights to Mars, and while the experiment ended badly the flight was judged a success.
Wednesday’s flight used just the Starship – the second stage of SpaceX’s planned heavy lifter. Previous flights had seen the craft ascend to around 500 feet. This time around the goal was a high-altitude test that would take it to 41,000 feet, before returning to terra firma to prove its reusability.
As the video below shows, the vehicle lifted off (at around 1:48:00) and then came down belly-first before pivoting for landing (1:53:00).
SpaceX’s summary of the mission said that Starship “successfully ascended, transitioned propellant, and performed its landing flip maneuver with precise flap control to reach its landing point.”
But not everything went right. The vids above and below show the excitement. Spoiler: big ball of flame!
Despite that excitement, SpaceX founder and CEO Elon Musk was chuffed with the outcome.
Fuel header tank pressure was low during landing burn, causing touchdown velocity to be high & RUD, but we got all the data we needed! Congrats SpaceX team hell yeah!!
Why so upbeat despite the unhappy ending? Musk rated the chances of mission success as one in three, and SpaceX has other prototypes ready to fly. This one didn’t even have the engine configuration planned for the production model. So getting everything right bar the landing is a decent outcome.
Wall Street has begun trading water as a commodity, like gold or oil. The country’s first water market launched on the Chicago Mercantile Exchange this week with $1.1 billion in contracts tied to water prices in California, Bloomberg News reported.
The market allows farmers, hedge funds, and municipalities to hedge bets on the future price of water and water availability in the American West. The new trading scheme was announced in September, prompted by the region’s worsening heat, drought, and wildfires fueled by climate change. There were two trades when the market went live Monday.
“Climate change, droughts, population growth, and pollution are likely to make water scarcity issues and pricing a hot topic for years to come,” RBC Capital Markets managing director and analyst Deane Dray told Bloomberg. “We are definitely going to watch how this new water futures contract develops.”
The glass-free organic Thin Film Transistor (oTFT) displays are lightweight and ultra low-power. E Ink claims they’re more durable, thinner and lighter than glass-based TFTs. That, according to the company, makes oTFT displays “ideal” for wearables. For instance, designers could build the Legio-branded displays into smart clothing and jewelry. Until now, ACeP displays have mainly been used for signage, which of course doesn’t require panels to be flexible.
The first Legio panel is a 2.1-inch, 240 x 146-pixel display with support for six colors, including black and white. It’s powered by an Ultrachip UC8156 single-chip controller.
NextMind is the latest in a longline of companies trying to harness the brain as a means of controlling our digital world. At first, its take on things may seem familiar: Don a headset which places a sensor on the back of your head, and it’ll detect your brainwaves which can then be translated into digital actions. One area where NextMind differs is that the sensor seems more practical than many we’ve seen and won’t leave you looking like a shower cap-wearing lab rat. In fact, the wearable can just as easily clip onto the rear of a snapback.
Beyond size and aesthetics, NextMind’s technology also seems fairly mature. I tried a demo (via the developer kit which goes on sale today for $399) and was surprised by how polished the whole experience was. Set up involved just one basic “training” exercise and I was up and running, controlling things with my mind. The variety of demos made it clear that NextMind is thinking way beyond simple mental button pushes.
There’s still a slight learning curve to get the “knack” — and it won’t replace your mouse or keyboard just yet. Mostly because we’ll need to wait for a library of apps to be built for it first, but also it’s still a new technology — and it takes some practice to become “fluent” with it, as my terrible performance on a mind-controlled game of Breakout can attest. But the diverse and creative demo applications I experienced do hold a lot of promise.
James Trew / Engadget
Right now, the applications are pretty simple: Mostly controlling media and games and so on, but NextMind’s founder and CEO, Sid Kouider is confident the technology will evolve to the point where you can simply think of an image to search for it, for example. There are also complementary technologies, like AR, where this sort of control not only seems apt, but almost essential. Imagine donning some augmented reality glasses and being able to choose from menu items or move virtual furniture around your room just with a glance.
The technology driving things is familiar enough: The sensor is an EEG that gently rests against the back of your head. This position is key, according to Kouider, as that’s where your visual cortex’s signals can most easily (or comfortably) be reached. And it’s these signals that NextMind uses, interpreting what you are looking at as the item or signal to be acted upon. In its simplest form, this would be a button or trigger, but the demos also show how it can be used to DJ, copy and paste and even augment (instead of simply replace) other inputs, such as that mouse or a game controller you are already using.
BMW’s much-loathed idea to charge owners a subscription fee for Apple CarPlay in its 2019 and 2020 models strikes again, one year after BMW reversed that decision after considerable blowback. Some owners of those cars reported that Apple CarPlay would not work over the weekend, and some were even prompted to pay for the feature, Autoevolution reports.
Some features like CarPlay go through BMW ConnectedDrive Services, which allows users to pair devices, monitor their cars from afar and sign up for additional apps or services. It’s a customer portal, and that’s where some BMW owners whose CarPlay quit working encountered some confusing messages. Bacster007 on Reddit’s r/BMW explained:
“I spoke with my sales rep at the dealership and verified issues are going on. Had me check the customer portal website which has the car and all the information/apps on it. It shows that I’m subscribed to CarPlay. He said for some people who lost the feature it shows that they have to pay for the app all of a sudden, and some like myself are still showing a valid subscription.”
Since the start of the coronavirus pandemic, we’ve seen hackers target efforts to develop a COVID-19 vaccine, but it now seems they’re shifting their attention to the supply chain that will distribute those vaccines to people across the world.
IBM says it recently uncovered a highly coordinated global phishing campaign focused on the companies and organizations involved with the upcoming “cold chain” distribution of COVID-19 vaccines. That’s the part of the supply network that ensures those vaccines stay cold enough so that they don’t go bad. It’s a critically important aspect of the two leading vaccine candidates from Pfizer and Moderna, as they need to be kept at minus 94 degrees Fahrenheit and minus 4 degrees Fahrenheit, respectively.
The hackers impersonated an executive with Haier Biomedical, a Chinese company that styles itself as “the world’s only complete cold chain provider.” They sent meticulously researched phishing emails that included an HTML attachment asking the recipient to input their credentials. They could have used that information later to gain access to sensitive networks.
The campaign, which IBM says has “the potential hallmarks” of a state-sponsored effort, cast a wide net. The company only named one target explicitly — the European Commission’s Directorate-General for Taxation and Customs Union — but said the campaign targeted at least 10 different organizations, including a dev shop that makes websites for pharmaceutical and biotech companies. The company doesn’t know if any of the attacks were ultimately successful in their goal.
Vids’n’pics Japanese and Australian astroboffins have successfully recovered samples taken from Asteroid Ryugu by the Hayabusa2 probe.
Hayabusa2 has had quite a ride and has more adventures ahead of it.
The probe launched in 2014 and spent three-and-a-half years travelling to near-Earth asteroid 162173 Ryugu, which has a diameter of about 1km and occasionally passes within 100,000km of the planet upon which you are (presumably) reading this story.
Hayabusa2 carried four rovers, one of which was used after the spacecraft shot a bullet at the asteroid to disturb its surface and stir up some matter to bring home in a sealed capsule designed to survive the rigours of re-entry to Earth’s atmosphere.
The probe bade farewell to Ryugu in November 2019 and early on Sunday morning, Australian time, the recovery capsule was spotted streaking across the sky as it made its way towards the Woomera prohibited area for a pre-dawn landing.
[…]
The capsule carried the samples from Ryugu, plus a radar-reflective parachute and a radio beacon designed to make it easier to find in the very hot, dry, and nasty conditions often found in the region.
As it happened, everything worked, and news of the capsule’s retrieval emerged before lunchtime.
[…]
Japan Aerospace Exploration Agency staff approached the capsule wearing protective gear and what looks like some trepidation.
Click to enlarge
Before long, the capsule becamse safe to handle and was popped into a shiny box.
The sample return capsule in its box.
Click to enlarge
The precious cargo was soon on its way to the facility established to handle the landing.
[…]
Another story we’ll have to wait for is news of Hayabusa2’s ongoing adventures, because the probe skipped off past Earth and has enough fuel aboard to line up a 2026 rendezvous with another asteroid, the mysteriously ruddy 2001 CC. Japan’s space agency has even contemplated a third asteroid visit, in 2030, and even a possible fly-by of Venus. As it flits about the inner solar system, the probe’s cameras will also be used for observations of exoplanets and other phenomena
The personal information of more than 243 million Brazilians, including alive and deceased, has been exposed online after web developers left the password for a crucial government database inside the source code of an official Brazilian Ministry of Health’s website for at least six months.
The security snafu was discovered by reporters from Brazilian newspaper Estadao, the same newspaper that last week discovered that a Sao Paolo hospital leaked personal and health information for more than 16 million Brazilian COVID-19 patients after an employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub.
Estadao reporters said they were inspired by a report filed in June by Brazilian NGO Open Knowledge Brasil (OKBR), which, at the time, reported that a similar government website also left exposed login information for another government database in the site’s source code.
Since a website’s source code can be accessed and reviewed by anyone pressing F12 inside their browser, Estadao reporters searched for similar issues in other government sites.
They found a similar leak in the source code of e-SUS-Notifica, a web portal where Brazilian citizens can sign up and receive official government notifications about the COVID-19 pandemic
Loon, known for its giant billowing broadband-beaming balloons, says it has figured out how to use machine-learning algorithms to keep its lofty vehicles hovering in place autonomously in the stratosphere.
The 15-metre-wide balloons relay internet connections between people’s homes and ground stations that could be thousands of kilometres apart. To form a steady network that can route data over long distances reliably, the balloons have to stay in place, and do so all by themselves.
Loon’s AI-based solution to this station-keeping problem has been described in a research paper published in Nature on Wednesday, and basically it works by adjusting the balloons’ altitude to catch the right wind currents to ensure they are where they need to be.
The machine-learning software, we’re told, managed to successfully keep the Loon gas bags bobbing up and down in the skies above in the Pacific Ocean in an experiment that lasted 39 days. Previously, the Loon team used a non-AI controller that used a handcrafted algorithm known as StationSeeker to do the job, though decided to experiment to see whether it could find a more efficient method using machine learning.
“As far as we know, this is the world’s first deployment of reinforcement learning in a production aerospace system,” said Loon CTO Salvatore Candido.
The AI is built out of a feed-forward neural network that learns to decide whether a balloon should fly up or go down by taking into account variables, such as wind speed, solar elevation, and how much power the equipment has left. The decision is then fed to a controller system to move the balloon in place.
By training the model in simulation, the neural network steadily improved over time using reinforcement learning as it repeated the same task over and over again under different scenarios. Loon tested the performance of StationSeeker against the reinforcement learning model in simulation.
“A trial consists of two simulated days of station-keeping at a fixed location, during which controllers receive inputs and emit commands at 3-min intervals,” according to the paper. The performance was then judged by how long the balloons could stay within a 50km radius of a hypothetical ground station.
The AI algorithm scored 55.1 per cent efficiency, compared to 40.5 per cent for StationSeeker. The researchers reckon that the autonomous algorithm is near optimum performance, considering that the best theoretical models reach somewhere between 56.8 to 68.7 per cent.
When Loon and Google ran the controller in the real experiment, which involved a balloon hovering above the Pacific Ocean, they found: “Overall, the [reinforcement learning] system kept balloons in range of the desired location more often while using less power… Using less power to steer the balloon means more power is available to connect people to the internet, information, and other people.”
