Monthly Archives: April 2021

F-22 And F-35 Datalinks *Finally* Talk Freely With Each Other Thanks To A U-2 Flying Translator

Posted on by

Five F-35A Joint Strike Fighters and a single F-22 Raptor “talked” with each other using their proprietary stealthy datalinks via a U-2S Dragon Lady spy plane carrying a specialized communications gateway payload, during a recent demonstration. This marks the first time that the Air Force’s two stealth fighters were able to exchange data freely in flight, something that has been years in the making. The U-2 was also able to simultaneously share information with assets on the ground and at sea, as well as with non-stealthy combat aircraft, all in near-real-time. That info was used to initiate strikes from ground-based artillery and naval assets as part of the high-stakes capability demonstration.

This demonstration event was known as Project Hydra. The company’s Skunk Works advanced projects division worked together with the Air Force and the Missile Defense Agency (MDA) to carry out the tests. Elements of the U.S. Army and U.S. Navy were also involved.

[…]

Source: F-22 And F-35 Datalinks Finally Talk Freely With Each Other Thanks To A U-2 Flying Translator

It only took 10 years or so. For a military so entrenched in netcentric engagement to have their premier aviation assets not be able to communicate at all for so long is a major embarrassment. That they can only do it using a U2 within range is pretty weak.

Superspreaders of Malign and Subversive Information on COVID-19: Russian and Chinese Efforts Targeting the United States

Posted on by

Both Russia and China appear to have employed information manipulation during the COVID-19 pandemic in service to their respective global agendas. This report uses exploratory qualitative analysis to systematically describe the types of COVID-19-related malign and subversive information efforts with which Russia- and China-associated outlets appear to have targeted U.S. audiences from January 2020 to July 2020 and organizes them into a framework. This work lays the foundation for a better understanding of how and whether Russia and China might act and coordinate in the domain of malign and subversive information efforts in the future.

[..]

Key Findings

  • Both countries disseminated messages through a wide variety of channels and platforms, including social media.
  • Both countries attempted to tarnish the reputation of the United States by emphasizing challenges with its pandemic response and characterizing U.S. systems as inadequate.
  • Both countries falsely accused the United States of developing and intentionally spreading the virus.
  • The two countries appeared to differ in their principal goals for COVID-19-related information efforts: Russia aimed to destabilize the United States; China aimed to protect and enhance its own international reputation.
  • Both countries modified their COVID-19-related messaging over time, focusing on conspiracy theories about the virus’s origins and impacts from March 2020 to April 2020 and later moving to concentrate on perceived U.S. failure in responding to the pandemic.
  • While Russia deployed media with wide-ranging ideologies and a variety of audiences, China-linked messaging was ideologically uniform, consistent across multiple information outlets, and appeared to target audiences that were less varied.
  • Countering apparent Russian and Chinese malign and subversive information efforts will require campaigns that consider the capabilities and thematic emphasis of each of these actors.
  • Profiling Russian and Chinese sources known to frequently create and disseminate disinformation and propaganda can also inform counter-messaging efforts.
  • China and Russia appear to amplify one another’s messages, when opportune. This might eventually lead to some collaboration, albeit limited in nature.
  • Public health messaging should account for potential impacts of Russian and Chinese messaging on vaccination uptake

Source: Superspreaders of Malign and Subversive Information on COVID-19: Russian and Chinese Efforts Targeting the United States | RAND

Tesla Loses A Lot Of Money Selling Cars, But Makes It All Back On Credits And Bitcoin

Posted on by

On Monday after the close of business, Tesla announced its Q1 2021 financial results in its quarterly earnings call. The company turned a surprisingly large profit this quarter, but it didn’t do it by selling cars. Q1 net profit reached a new record for Tesla, at $438 million. Revenue for the electric car company was up massively to $10.39 billion. Unfortunately, all of that profit is accounted for in the company selling $518 million in regulatory credits, and $101 million was found in buying and then later selling Bitcoin.

That second point is particularly interesting, as Tesla purchased $1.5 billion worth of BTC, announced that the company would begin accepting BTC as payment for its cars, which drove up the value of BTC, then sold enough BTC to make a hundred million in profit. Strange how that works, eh? Surely nothing untoward going on there. Not at all. DOGE TO THE MOON! #hodlgang

Without the $619 million in credits and BTC sales, Tesla would have actually managed to lose $181 million in Q1. In that time, the company shifted 184,800 3/Y units, and while it didn’t build a single X or S in Q1, it sold 2020 units from previously-built inventory. That means the company lost around $970 per car sold in Q1.

[…]

Source: Tesla Loses A Lot Of Money Selling Cars, But Makes It All Back On Credits And Bitcoin

Court Chides F.B.I., but Re-Approves Warrantless Surveillance Program

Posted on by

For a second year, the nation’s surveillance court has pointed with concern to “widespread violations” by the F.B.I. of rules intended to protect Americans’ privacy when analysts search emails gathered without a warrant — but still signed off on another year of the program, a newly declassified ruling shows.

In a 67-page ruling issued in November and made public on Monday, James E. Boasberg, the presiding judge on the Foreign Intelligence Surveillance Court, recounted several episodes uncovered by an F.B.I. audit where the bureau’s analysts improperly searched for Americans’ information in emails that the National Security Agency collected without warrants.

Rather than a new problem, however, those instances appeared largely to be additional examples of an issue that was already brought to light in a December 2019 ruling by Judge Boasberg. The government made it public in September.

The F.B.I. has already sought to address the problem by rolling out new system safeguards and additional training, although the coronavirus pandemic has hindered the bureau’s ability to assess how well they are working. Still, Judge Boasberg said he was willing to issue a legally required certification for the National Security Agency’s warrantless surveillance program to operate for another year.

“While the court is concerned about the apparent widespread violations of the querying standard,” Judge Boasberg wrote, “it lacks sufficient information at this time to assess the adequacy of the F.B.I. system changes and training, post-implementation.”

Because of that, he added, the court concluded that “the F.B.I.’s querying and minimization procedures meet statutory and Fourth Amendment requirements.”

[…]

Source: Court Chides F.B.I., but Re-Approves Warrantless Surveillance Program – The New York Times

Responsible Space Behavior for the New Space Era: Preserving the Province of Humanity

Posted on by

Humans have explored and exploited near-earth space for more than six decades. More recently, the past two decades have seen the start of a New Space Era, characterized by more spacefaring nations and companies and a growing risk of collisions and conflict. Yet the basic treaties and mechanisms that were crafted 50 years ago to govern space activities have only marginally changed.

The calls for more progress on space governance and responsible space behavior are growing louder and coming from a larger group. To help address the gap between current space governance and future needs, the authors of this Perspective summarize the development of space governance and key problem areas, identify challenges and barriers to further progress, and, most importantly, offer recommended first steps on a trajectory toward responsible space behavior norms appropriate for the New Space Era. The authors used a review of relevant literature and official documents, expert workshops, and subject-matter expert interviews and discussions to identify these challenges, barriers, and potential solutions.

Source: Responsible Space Behavior for the New Space Era: Preserving the Province of Humanity | RAND

In 2008 there were 10k objects circling our planet. Now we have 20k. Especially with mr Musk sending up huge amounts of only partially working satellites in his Starlink program we need better agreements on how we use this incredibly congested area above us. For a visualisation of how bad it is, take a look at stuffin.space.

Google Is Saving Over $1 Billion a Year by Working From Home

Posted on by

During the first quarter, Google parent Alphabet Inc. saved $268 million in expenses from company promotions, travel and entertainment, compared to same period a year earlier, “primarily as a result of COVID-19,” according to a company filing.

On an annualized basis, that would be more than $1 billion. Indeed, Alphabet said in its annual report earlier this year that advertising and promotional expenses dropped by $1.4 billion in 2020 as the company reduced spending, paused or rescheduled campaigns, and changed some events to digital-only formats due to the pandemic. Travel and entertainment expenses fell by $371 million.

The savings offset many of the costs that came with hiring thousands more workers. And the pandemic prudence allowed the company to keep its marketing and administrative costs effectively flat for the first quarter, despite boosting revenue by 34%.

[…]

Google is notorious for perks such as massage tables, catered cuisine and corporate retreats, which have influenced much of Silicon Valley work culture. Most Google staff have worked remotely and without those perks since March of 2020.

[…]

Source: Google Is Saving Over $1 Billion a Year by Working From Home – Bloomberg

Satellites show world’s glaciers melting much faster than ever

Posted on by

Glaciers are melting faster, losing 31 percent more snow and ice per year than they did 15 years earlier, according to three-dimensional satellite measurements of all the world’s mountain glaciers.

[…]

Using 20 years of recently declassified satellite data, scientists calculated that the world’s 220,000 mountain glaciers are losing more than 328 billion tons (298 billion metric tons) of ice and snow per year since 2015, according to a study in Wednesday’s journal Nature. That’s enough melt flowing into the world’s rising oceans to put Switzerland under almost 24 feet (7.2 meters) of water each year.

The annual melt rate from 2015 to 2019 is 78 billion more tons (71 billion metric tons) a year than it was from 2000 to 2004. Global thinning rates, different than volume of water lost, doubled in the last 20 years

[…]

Almost all the world’s glaciers are melting, even ones in Tibet that used to be stable, the study found. Except for a few in Iceland and Scandinavia that are fed by increased precipitation, the melt rates are accelerating around the world.

[…]

Source: Satellites show world’s glaciers melting faster than ever

Fraudulent orders via Afterpay stupidly easy. To resolve Afterpay wants to breach victims privacy, cost them lots of time.

Posted on by

Online shoppen en de rekening naar iemand anders sturen, blijkt kinderlijk eenvoudig met Afterpay. Dat constateert de Consumentenbond, die de beveiliging van de achterafbetaaldienst heeft onderzocht.

Honderden consumenten kregen spookfacturen van Afterpay en Klarna, betaaldiensten waarmee consumenten online aankopen pas na ontvangst hoeven te betalen. De bedragen varieren van enkele tientjes tot honderden euro’s.

Met een simpele truc bestelt de oplichter online op naam en adres van een ander. Vervolgens laat hij het pakket naar een ander afleveradres sturen, het zijne. Als Afterpay na een maand nog geen betaling heeft ontvangen, stuurt het een herinnering naar het opgegeven factuuradres.

Het bedrijf zegt dat het zijn fraudebestrijding op orde heeft. Consumenten die een onterechte rekening kregen kunnen aangifte doen bij de politie.

‘Het slachtoffer moet zijn onschuld bewijzen, terwijl het lek bij Afterpay zit,’ zegt de Consumentenbond. ‘Ook vragen een aangifte aan te leveren is niet in de haak. Afterpay vraagt zo persoonsgegevens af te staan, die notabene al een keer zijn misbruikt. We hebben de Autoriteit Persoonsgegevens hierover geïnformeerd, want we betwijfelen of dit volgens de regels is.’

Source: ‘Bestelfraude via Afterpay kinderlijk eenvoudig’ – Emerce

Study finds GAEN Google Apple contact tracing apps allow user + contact location tracking. NL stops use of tracking app.

Posted on by

A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes, potentially enabling fine-grained location tracking. Google Play Services, which users cannot turn off if they want to use the contact tracing app, also shares numerous details – serial numbers of SIM cards and hardware, phone IMEI, MAC address, and user email address with Google, along with fine-grained information about other apps running on the phone. While data protection impact assessments have been carried out for the health authority client app components, they have not been made public for the GAEN component.

Source: https://www.scss.tcd.ie/Doug.Leith/pubs/contact_tracing_app_traffic.pdf

Source: Study finds gaps in GAEN contact tracing apps privacy protection | Privacy International

De CoronaMelder-app stuurt tijdelijk geen waarschuwingen van mogelijke besmettingen naar andere gebruikers vanwege privacyproblemen.

Het stopzetten van de meldingen heeft te maken met het onveilig opslaan van de codes van CoronaMelder op Android-telefoons. Met het stopzetten wordt voorkomen dat gebruikers van de app in Nederland gekoppeld kunnen worden aan gegevens die toegankelijk zijn voor derden via het systeem van Google.

CoronaMelder maakt gebruik van het Google Apple Exposure Notification (GAEN) framework om ontmoetingen te detecteren. Het framework maakt gebruik van steeds wisselende willekeurige codes die worden uitgewisseld wanneer twee telefoons dichtbij elkaar zijn. Zo kan worden vastgesteld of iemand in contact is geweest met iemand die achteraf besmet bleek. Dit is een privacyvriendelijke manier om ontmoetingen bij te houden.

Derden zouden deze codes niet moeten kunnen verzamelen en inzien. Op telefoons die gebruik maken van Google Android is dit wel mogelijk. Apps die meegeleverd werden met een telefoon konden vaststellen of de telefoon in bezit is van iemand die eerder als besmet is gemeld in CoronaMelder en welke ontmoetingen met besmette personen hebben plaatsgevonden.

Woensdag gaf Google aan het probleem te hebben verholpen. Om hier zeker van te zijn worden de komende 48 uur geen codes van Nederlandse gebruikers van CoronaMelder die zich besmet hebben gemeld gedeeld met andere gebruikers van CoronaMelder. Deze tijd wordt gebruikt om te onderzoeken of Google het lek daadwerkelijk heeft gedicht.

Source: Temporary stop NL Corona Tracing App due to privacy problems (Dutch) | Emerce

Google used ‘double-Irish’ to shift $75.4bn in profits out of Ireland

Posted on by

Google shifted more than $75.4 billion (€63 billion) in profits out of the Republic using the controversial “double-Irish” tax arrangement in 2019, the last year in which it used the loophole.

The technology giant availed of the tax arrangement to move the money out of Google Ireland Holdings Unlimited Company via interim dividends and other payments. This company was incorporated in Ireland but tax domiciled in Bermuda at the time of the transfer.

The move allowed Google Ireland Holdings to escape corporation tax both in the Republic and in the United States where its ultimate parent, Alphabet, is headquartered. The holding company reported a $13 billion pretax profit for 2019, which was effectively tax-free, the accounts show.

A year earlier, Google Ireland Holdings paid out dividends of €23 billion, having recorded turnover of $25.7 billion.

Google has used the double Irish loophole to funnel billions in global profits through Ireland and on to Bermuda, effectively putting them beyond the reach of US tax authorities.

Companies exploiting the double Irish put their intellectual property into an Irish-registered company that is controlled from a tax haven such as Bermuda.

Ireland considers the company to be tax-resident in Bermuda, while the US considers it to be tax-resident here. The result is that when royalty payments are sent to the company, they go untaxed – unless or until the money is eventually sent home to the US parent.

The “double Irish” was abolished in 2015 for new companies establishing operations in the Republic. However, controversially, it allowed those already using it until the end of 2020 to phase it out.

Google overhauled its global tax structure and consolidated its intellectual property holdings back to the United States in early 2020, meaning 2019 was the final year in which it availed of the arrangement.

Up to late 2019, Google Ireland Holdings Unlimited Company was an intellectual property licensing company with turnover derived from the licensing of IP to subsidiaries. The accounts state it had no employees and that it was tax resident at the time in Bermuda, where the “standard rate tax is 0 per cent”.

[…]

Source: Google used ‘double-Irish’ to shift $75.4bn in profits out of Ireland

Parker Solar Probe Captures View of Venus’s Orbital Dust Ring

Posted on by

A band of dust that follows Venus along its entire orbital path has finally been viewed in full, thanks to a series of fortuitous maneuvers involving NASA’s Parker Solar Probe.

Astronomers suspected it was there, but now we know it’s real: a band of particles distributed along Venus’s orbital path around the Sun.

[…]

A paper detailing this discovery now appears in The Astrophysical Journal.

Combined images from WISPR, revealing Mercury, Venus, Earth and part of the Milky Way galaxy. The dust ring perfectly aligns with Venus’s orbit, as shown by the red dots.
Combined images from WISPR, revealing Mercury, Venus, Earth and part of the Milky Way galaxy. The dust ring perfectly aligns with Venus’s orbit, as shown by the red dots.
Image: Stenborg et al.

To date, the Parker Solar Probe has completed seven orbits around the Sun. Equipped with its Wide-field Imager for Solar Probe (WISPR)—a pair of visible light telescopes—the spacecraft has been analyzing the Sun’s corona and solar wind. That’s the probe’s primary focus, but mission planners had also planned on using WISPR to study the presumed dust ring.

[…]

, the dust within this circumsolar ring is approximately 10% denser than the dust in outlying areas. The tiny particles that make up this ring are likely leftovers from the formation of the solar system and/or debris from colliding asteroids and disintegrating comets,

[…]

Source: Parker Solar Probe Captures View of Venus’s Orbital Dust Ring

WordPress may automatically disable Google FLoC on websites

Posted on by

WordPress announced today that they are treating Google’s new FLoC tracking technology as a security concern and may block it by default on WordPress sites.

For some time, browsers have begun to increasingly block third-party browser cookies [1, 2, 3] used by advertisers for interest-based advertising.

In response, Google introduced a new ad tracking technology called Federated Learning of Cohorts, or FLoC, that uses a web browser to anonymously place users into interest or behavioral buckets based on how they browse the web.

After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google’s FLoC implementation just replaces one privacy risk with another one.

[…]

“WordPress powers approximately 41% of the web – and this community can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code,” says WordPress.

WordPress plans to disable FLoC using the following four lines of code, which will cause the blogging platform to issue a HTTP request header tells the browser that FLoC should be disabled for the site.

function disable_floc($headers) {
    $headers['Permissions-Policy'] = 'interest-cohort=()';
    return $headers;
  }
 
add_filter('wp_headers', 'disable_floc');

WordPress explains that though some admins will likely want to enable this technology, those admins probably have the tech know-how to override the above code. WordPress also indicated that they might add a setting that allows admins to control whether FLoC is permitted.

However, WordPress’s concern is that those unaware of this new tracking technology will automatically opt into it without fully understanding what it entails. Therefore, it is in these users’ best interest for WordPress to automatically disable the technology.

[…]

Source: WordPress may automatically disable Google FLoC on websites

Let’s hope they implement this, but if not, then at least we know how to implement it ourselves.

NASA / JPL honours open source devs with a badge on their github if their code made it to Mars

Posted on by

[…]

we have worked with JPL to place a new Mars 2020 Helicopter Mission badge on the GitHub profile of every developer who contributed to the specific versions of any open source projects and libraries used by Ingenuity. You can check out the full list of projects like SciPy, Linux, and F Prime (F’) that were used by the JPL team here.

[…]

We are also using this opportunity to introduce a new Achievements section to the GitHub profile. Right now, Achievements include the Mars 2020 Helicopter Mission badge, the Arctic Code Vault badge, and a badge for sponsoring open source work via GitHub Sponsors. Watch this space!

Read the story behind the new badge and how open source contributors helped Ingenuity take flight on The ReadME Project.

Congratulations to the teams at NASA and JPL, and to the thousands of developers who made today’s first Martian flight possible. We’re all still here on Earth, but your code is now on Mars!

Source: Open source goes to Mars 🚀 – The GitHub Blog

As FOSS is hugely powered by recognition, this looks like an awesome step to recognise individual developers as well as projects.

Songwriters Are Getting Short-Changed by Music Streaming, Study Shows

Posted on by

Ever since the music industry began its streaming-fueled recovery around five years ago, the songwriting and publishing communities have been protesting not only the uneven payment structure of streaming — which sees recorded-music rights holders being paid three times what publishing is paid — but also the imbalanced power and payment structures of the music industry. This situation has been thrown into dramatic relief in recent weeks by the formation of the songwriters’ group the Pact and its calls for artists to stop demanding credit and publishing income for songs they did not write — but the organization’s founders also say that it is just the first step in a music economy that has tilted against the people who create the very foundation of that economy: songs.

[…]

But as streaming rose and the industry adapted, artists came to accept that their recorded music — which garnered a fraction of the income in the streaming world that it had in the CD era — had essentially become the way to bring people to the place where they really made money: concerts, where fans not only buy tickets but merchandise as well as CDs and albums.

 

 

Needless to say, songwriters saw little income from that business model — which has been completely up-ended by the pandemic. Now, with most areas of the business looking at streaming as a if not the primary generator of income, the songwriter’s plight is more dire than ever, according to “Rebalancing the Song Economy,” an authoritative new report by industry analysts Mark Mulligan and Keith Jopling of Midia Research(with an introduction by Abba’s Bjorn Ulvaeus).

The 35-page report, which is available here for free, lays out both the history of this dilemma and some (admittedly difficult) proposed solutions, but what may be unprecedented is the way that it lays out how skewed against songwriters the new music economy is. A handful of the many statistics from the study follow:

  • The global music industry revenues (recordings, publishing, live, merchandise, sponsorship) fell by 30% in 2020 due to the combined impact of COVID-19 and a recession
  • Streaming has created a song economy, making the song more important than ever, yet music publisher royalties are more than three times smaller than record label royalties
  • Streaming will bring further strong industry growth, reaching 697 million subscribers and $456 billion in retail revenues, but the royalty imbalance means that label streaming revenue will grow by 3.3 times more than publisher streaming revenue
  • The current royalty system assumes all songs are worth the same – they are not – and rewards poor behavior that dilutes artist and songwriter royalties
  • Music subscribers believe in the value of the song: twice as many (60%) state that the song matters more than the artist, than think the artist matters more (29%)
  • They also believe that songwriters should be remunerated properly: 71% of music subscribers consider it important that streaming services pay songwriters fairly

In a section titled “The Songwriter’s Paradox,” it lays out the ways that the song has become more important than ever, but, paradoxically, the songwriter has less income and influence

 

 

  • Big record labels have weaponized songwriting: In order to try to minimize risks, bigger record labels are turning to an ever more elite group of songwriters to create hits.
  • The emergence of the song economy: The audience has shift its focus from albums to songs.
  • Writing and production are fusing: As music production technologies have become more central to both the songwriting process and to the formation of the final recorded work, there has been a growing fusion of the role of production with writing. This has led to a growing body of superstar writer-producers.
  • The industrialization of songwriting: Record labels are reshaping songwriting by pulling together teams of songwriters to create “machine tooled” hits – finely crafted songs that are “optimized for streaming.” While the upside for songwriters is more work, the downside is sharing an already-small streaming royalties pot with a larger team of creators and co-writers.
  • Decline of traditional formats: Songwriters have long relied upon performance royalties from broadcast TV and radio. However, as the audiences on these platforms migrate towards on-demand alternatives, performance royalties face a long-term decline. Similarly, the continued fall in sales means fewer mechanical royalties for songwriters.
  • Streaming royalties: The song is the first in line culturally but it is last in line for streaming royalties. Of total royalties paid by streaming services to rights holders, between a fifth and a quarter is paid for publishing rights to the song. Labels are paid more than three times higher than publishers on streaming. An independent label artist could earn more than three thousand dollars for a million subscriber streams, whereas a songwriter could expect to earn between $1,200 and $1,400, and even then, only if they are the sole songwriter on the track. On average, songwriters will therefore earn between a third and a half of what artists do.

The report then proposes a series of solutions that are far too complex to summarize fully here, but in short:

  • The song economy requires an interconnected set of solutions across three areas: songwriter remuneration and share, streaming pricing and culture and consumption, with rights holders and streaming services working together
  • Streaming royalties will better serve creators if they recognize that different types of behavior (e.g. lean forward, lean back listening) represent different royalty values and that not all songs are worth the same
  • Fan-centric licensing is a simple concept that may be complex to implement but will bring a crucial foundation of fairness into the song economy
  • Streaming pricing needs a rethink, including ensuring price increases benefit creators, a reduction in the discounting of subscriptions and even metered access to music catalogs, to protect against the current situation of royalty deflation
  • Songwriter careers need to be reshaped, with an opportunity for labels and publishers to work more closely together, including secondments for young songwriters into artist projects, providing predictable income and accelerating their development.

The report concludes with a very British statement: “What is clear is that today’s’ song economy is not working as it should and that everyone across the value chain will benefit from a coordinated programme of change.”

In last week’s Variety article on the Pact, hit songwriter Justin Tranter expressed a similar sentiment in far more direct terms: “The business is definitely still broken and songwriters are definitely the least respected people in our industry, no matter how big of a songwriter you become.”

Source: Songwriters Are Getting Short-Changed by Music Streaming, Study Shows – Variety

Posted in Art

This Artist Uses Drones To Create Gigantic Long-Exposure Light Paintings in the Sky

Posted on by

[…]

artist Frodo Álvarez has come up with a different approach, using just a handful of pre-programmed drones to create towering long-exposure light paintings.

Typically these types of images are created by someone standing in front of a camera with its shutter open for a prolonged period and either waving an LED light wand around, or using brightly colored flashlights to sketch out images in the air that are only visible to the camera’s sensor.

[…]

the flight path of a drone can be precisely controlled and pre-programmed, so Álvarez teamed up with the Madrid-based UMILES entertainment who specializes in using drones to create light shows. This particular project required just five drones to create an image of a soccer player ready to kick a ball. The drones were each flown into a very specific position before turning on their LED lights and then performing a pre-determined flight pattern

[…]

According to PetaPixel, thanks to the drone’s limited battery life and an 11pm curfew in place as a result of the pandemic, the team only had time for four attempts once the sky had sufficiently darkened so the long exposure image wouldn’t be blown out. The scale of the image necessitated the use of multiple drones who were each responsible for just a part of the soccer player’s body so that the light painting would be finished in a specific time frame.

[…]

 

Source: This Artist Uses Drones To Create Gigantic Long-Exposure Light Paintings in the Sky

Posted in Art

Snapchat suit defines free speech – US school decides they can hold an iron grip on their students comms any time any place

Posted on by

At the center of the case is Brandi Levy, who in ninth grade let loose on the platform after learning she didn’t make the varsity cheerleading squad. Compared to the sort of stuff teens get caught pulling on social media now, Levy’s Snap was relatively benign: just a photo of her and a friend flipping off the camera, overlaid with the caption “fuck school fuck softball fuck cheer fuck everything.”

But instead of vanishing into the Snapchat ether, it wound up in the hands of one of the school’s two cheerleading coaches after her daughter saw it on her timeline. Levy ended up being suspended from her school’s junior varsity team for the year, which then led to her family suing the school district. Their argument at the time was that these messages—vulgar as they were—were sent on the weekend, and well outside of Levy’s campus.

It turns out the Third Circuit agreed. This past summer, a federal appeals court ruled that the school’s attempt to control Levy’s off-campus speech constituted a First Amendment violation. The school, in its defense, argued that Levy waived her free speech rights by agreeing to certain cheerleading squad rules, like “[avoiding] foul language and inappropriate gestures,” and having “respect” for “coaches [and] teachers.”

The courts didn’t see it that way. “[These rules] would not cover a weekend post to Snapchat unconnected with any game or school event and before the cheerleading season had even begun,” wrote one of the judges overseeing the case. “It is hard to believe a reasonable student would understand that by agreeing to [them], she was waiving all rights to malign the school once safely off-campus and in the world at large.”

At the core of this ruling is a 1969 case—Tinker v. Des Moines—that centered on an Iowa public school that suspended five students who wore armbands to protest the Vietnam war. The students (and their parents) filed suit against the school, and their case ended up in front of the Supreme Court. In a landmark decision, the court sided with the students, on the grounds that they don’t “shed their constitutional rights at the schoolhouse gate.”

The school district fired back that the 52-year-old ruling doesn’t apply to Levy’s case. Back then, the school argued, the lines between “on” and “off” campus were clearly delineated—but those lines are becoming more blurred by the day, particularly when remote learning became the national norm.

Appealing to the Supreme Court last month, the district wrote that the advent of social media makes it “far easier for students’ off-campus messages to instantly reach a wide audience of classmates and dominate the on-campus environment.”

Source: A Single Snapchat Might Change the Way We Define Free Speech

The best thing: she didn’t make it to the cheerleading team and the team is saying that the student should still abide by their rules. America: this is why people don’t like you.

Pentagon doesn’t really explain odd transfer of 175 million IP addresses to obscure company starting 5 minutes before Trump left office

Posted on by

The US Department of Defense puzzled Internet experts by apparently transferring control of tens of millions of dormant IP addresses to an obscure Florida company just before President Donald Trump left the White House, but the Pentagon has finally offered a partial explanation for why it happened. The Defense Department says it still owns the addresses but that it is using a third-party company in a “pilot” project to conduct security research.

“Minutes before Trump left office, millions of the Pentagon’s dormant IP addresses sprang to life” was the title of a Washington Post article on Saturday. Literally three minutes before Joe Biden became president, a company called Global Resource Systems LLC “discreetly announced to the world’s computer networks a startling development: It now was managing a huge unused swath of the Internet that, for several decades, had been owned by the US military,” the Post said.

The number of Pentagon-owned IP addresses announced by the company rose to 56 million by late January and 175 million by April, making it the world’s largest announcer of IP addresses in the IPv4 global routing table.

[…]

Brett Goldstein, the DDS’s director, said in a statement that his unit had authorized a “pilot effort” publicizing the IP space owned by the Pentagon.

“This pilot will assess, evaluate, and prevent unauthorized use of DoD IP address space,” Goldstein said. “Additionally, this pilot may identify potential vulnerabilities.”

Goldstein described the project as one of the Defense Department’s “many efforts focused on continually improving our cyber posture and defense in response to advanced persistent threats. We are partnering throughout DoD to ensure potential vulnerabilities are mitigated.”

[…]

The Washington Post and Associated Press weren’t able to dig up many details about Global Resource Systems. “The company did not return phone calls or emails from The Associated Press. It has no web presence, though it has the domain grscorp.com,” an AP story yesterday said. “Its name doesn’t appear on the directory of its Plantation, Florida, domicile, and a receptionist drew a blank when an AP reporter asked for a company representative at the office earlier this month. She found its name on a tenant list and suggested trying email. Records show the company has not obtained a business license in Plantation.” The AP apparently wasn’t able to track down people associated with the company.

The AP said that the Pentagon “has not answered many basic questions, beginning with why it chose to entrust management of the address space to a company that seems not to have existed until September.” Global Resource Systems’ name “is identical to that of a firm that independent Internet fraud researcher Ron Guilmette says was sending out email spam using the very same Internet routing identifier,” the AP continued. “It shut down more than a decade ago. All that differs is the type of company. This one’s a limited liability corporation. The other was a corporation. Both used the same street address in Plantation, a suburb of Fort Lauderdale.”

The AP did find out that the Defense Department still owns the IP addresses, saying that “a Defense Department spokesman, Russell Goemaere, told the AP on Saturday that none of the newly announced space has been sold.”

[…]

Madory’s conclusion was that the new statement from the Defense Department “answers some questions,” but “much remains a mystery.” It isn’t clear why the Defense Department didn’t simply announce the address space itself instead of using an obscure outside entity, and it’s unclear why the project came “to life in the final moments of the previous administration,” he wrote.

But something good might come out of it, Madory added: “We likely won’t get all of the answers anytime soon, but we can certainly hope that the DoD uses the threat intel gleaned from the large amounts of background traffic for the benefit of everyone. Maybe they could come to a NANOG conference and present about the troves of erroneous traffic being sent their way.”

Source: Pentagon explains odd transfer of 175 million IP addresses to obscure company | Ars Technica

The Postal Service is running a running a ‘covert operations program’ that monitors Americans’ social media posts

Posted on by

The law enforcement arm of the U.S. Postal Service has been quietly running a program that tracks and collects Americans’ social media posts, including those about planned protests, according to a document obtained by Yahoo News.

The details of the surveillance effort, known as iCOP, or Internet Covert Operations Program, have not previously been made public. The work involves having analysts trawl through social media sites to look for what the document describes as “inflammatory” postings and then sharing that information across government agencies.

[…]

The government’s monitoring of Americans’ social media is the subject of ongoing debate inside and outside government, particularly in recent months, following a rise in domestic unrest. While posts on platforms such as Facebook and Parler have allowed law enforcement to track down and arrest rioters who assaulted the Capitol on Jan. 6, such data collection has also sparked concerns about the government surveilling peaceful protesters or those engaged in protected First Amendment activities.

[…]

The Postal Service isn’t the only part of government expanding its monitoring of social media. In a background call with reporters last month, DHS officials spoke about that department’s involvement in monitoring social media for domestic terrorism threats. “We know that this threat is fueled mainly by false narratives, conspiracy theories and extremist rhetoric read through social media and other online platforms,” one of the officials said. “And that’s why we’re kicking off engagement directly with social media companies.”

[…]

Source: The Postal Service is running a running a ‘covert operations program’ that monitors Americans’ social media posts

New Technique Could Turn Plastic Back Into Oil

Posted on by

There is way too much plastic in the world—and we’re making more every day, even as we struggle to find a way to get rid of the old stuff. A new study poses an interesting solution: Melting plastic bags and bottles back into the oil it was originally made from.

The new research, published Wednesday in Science Advances, looks at a technique called pyrolysis, which essentially melts down polyolefin into its original form—aka oil and gas. Polyolefins are a very common type of plastic in everyday items from drinking straws to packaging to thermal underwear to plastic cling wrap.

[…]

One of the most notable things about the new technique is that it’s able to break down the plastics at lower temperatures than other pyrolysis methods, which helps transform the plastic into denser fuel and uses two to three times less energy.

[…]

Source: New Technique Could Turn Plastic Back Into Oil

The article then goes on to miss the implication that plastics filling our landfills could be reduced massively as they also miss the relevance of old plastics decaying and releasing poisons into the environment.

Signal maker exploits Cellebrite – authoritarian govt phone spying software – to create false reports on phones scanned by them and then forever after

Posted on by

Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software.

[…]

They produce two primary pieces of software (both for Windows): UFED and Physical Analyzer.

UFED creates a backup of your device onto the Windows machine running UFED (it is essentially a frontend to adb backup on Android and iTunes backup on iPhone, with some additional parsing). Once a backup has been created, Physical Analyzer then parses the files from the backup in order to display the data in browsable form.

When Cellebrite announced that they added Signal support to their software, all it really meant was that they had added support to Physical Analyzer for the file formats used by Signal. This enables Physical Analyzer to display the Signal data that was extracted from an unlocked device in the Cellebrite user’s physical possession.

One way to think about Cellebrite’s products is that if someone is physically holding your unlocked device in their hands, they could open whatever apps they would like and take screenshots of everything in them to save and go over later. Cellebrite essentially automates that process for someone holding your device in their hands.

[…]

we were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.

As just one example (unrelated to what follows), their software bundles FFmpeg DLLs that were built in 2012 and have not been updated since then. There have been over a hundred security updates in that time, none of which have been applied.

FFmpeg vulnerabiltiies by year

The exploits

Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed.

For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.

Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices.

[…]

In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice,

[…]

We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time.

Source: Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective

Nice – so installing Signal on your phone means there is a real possibility that you will get a Cellebrite breaking file on your phone. If they tap you, they will unknowingly break the Cellebrite unit permanently.

NASA Generates Oxygen on Mars, Setting Stage for Crewed Missions

Posted on by

[…]

On April 20, the MOXIE device on Perseverance produced roughly 5 grams of oxygen. That’s a tiny step for NASA and its rover, but a potentially huge leap for humanity and our aspirations on Mars. This small amount of oxygen—extracted from the carbon dioxide-rich Martian atmosphere—is only enough to sustain an astronaut for about five minutes, but it’s the principle of the experiment that matters. This technology demonstration shows that it’s possible to produce oxygen on Mars, a necessary requirement for sustainably working on and departing the Red Planet.

[…]

“Someday we hope to send people to Mars, but they will have to take an awful lot of stuff with them,” Michael Hecht, the principal investigator of the MOXIE project, explained in an email. “The single biggest thing will be a huge tank of oxygen, about 25 tonnes of it.”

Yikes—that converts to approximately 55,100 pounds, or 25,000 kg.

Some of this oxygen will be for the astronauts to breathe, but the “bulk of it” will be used for the rocket “to take the crew off the planet and start them on their journey home again,” Hecht said.

Hence the importance of the MOXIE experiment. Should we be capable of making that oxygen on Mars, it would “save a lot of money, time, and complexity,” said Hecht, but it’s a “challenging new technology that we can only really test properly if we actually do it on Mars,” and that’s “what MOXIE is for, even though it’s a very small scale model.”

[…]

MOXIE works by separating oxygen from carbon dioxide, leaving carbon monoxide as the waste product.

“MOXIE uses electrical energy to take carbon dioxide molecules, CO2, and separate them into two other types of molecule, carbon monoxide (CO) and oxygen (O2),” Hecht explained. “It uses a technology called electrolysis that is very similar to a fuel cell, except that a fuel cell goes the other way—it starts with fuel and oxygen and combines them to get electrical energy out.”

[…]

When asked what surprised him most about the first test, Hecht said it was the identical performance compared to tests done on Earth.

[…]

 

Source: NASA Generates Oxygen on Mars, Setting Stage for Crewed Missions

China behind another hack as U.S. cybersecurity issues mount

Posted on by

China is behind a newly discovered series of hacks against key targets in the U.S. government, private companies and the country’s critical infrastructure, cybersecurity firm Mandiant said Wednesday.

The hack works by breaking into Pulse Secure, a program that businesses often use to let workers remotely connect to their offices. The company announced Tuesday how users can check to see if they were affected but said the software update to prevent the risk to users won’t go out until May.

The campaign is the third distinct and severe cyberespionage operation against the U.S. made public in recent months, stressing an already strained cybersecurity workforce. The U.S. government accused Russia in January of hacking nine government agencies via SolarWinds, a Texas software company widely used by American businesses and government agencies. In March, Microsoft blamed China for starting a free-for-all where scores of different hackers broke into organizations around the world through the Microsoft Exchange email program.

In all three campaigns, the hackers first used those programs to hack into victims’ computer networks, then created backdoors to spy on them for months, if not longer.

The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, said in a warning Tuesday evening the latest hacking campaign is currently “affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations.”

[…]

Source: China behind another hack as U.S. cybersecurity issues mount

If you have a QNAP NAS, stop what you’re doing right now and install latest updates before Qlocker gets you

Posted on by

Two file-scrambling nasties, Qlocker and eCh0raix, are said to be tearing through vulnerable QNAP storage equipment, encrypting data and demanding ransoms to restore the information.

In response, QNAP said on Thursday users should do the following to avoid falling victim:

  • Install the latest software updates for the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps on their QNAP NAS gear to close off vulnerabilities that can be exploited by ransomware to infect devices.
  • Install the latest Malware Remover tool from QNAP, and run a malware scan. The manufacturer said it has “released an updated version of Malware Remover for operating systems such as QTS and QuTS hero to address the ransomware attack.”
  • Change the network port of the web-based user interface away from the default of 8080, presumably to mitigate future attacks. We’ll assume for now that vulnerable devices are being found and attacked by miscreants scanning the internet for public-facing QNAP products – we’ve asked the manufacturer to comment on this.
  • Make sure they use strong, unique passwords that can’t easily be brute-forced or guessed.
  • If possible, follow the 3-2-1 rule on backups: have at least three good recent copies of your documents stored on at least two types of media, at least one of which is off-site. That means if your files are scrambled, you have a good chance of restoring them from a backup untouched by the malware, thus avoiding having to cough up the demand, if you make sure the software nasty can’t alter said backups.

Source: If you have a QNAP NAS, stop what you’re doing right now and install latest updates. Do it before Qlocker gets you • The Register

Samsung Electronics Expands its Galaxy Upcycling Program to Enable Consumers to Repurpose Galaxy Smartphones into Smart Home Devices

Posted on by

With Galaxy Upcycling at Home, users can easily turn their old Galaxy devices² into smart home devices like a childcare monitor, a pet care solution and other tools that meet individual lifestyle needs.

Make Any Home a Smart Home

The Galaxy Upcycling at Home program provides enhanced sound and light-control features, by repurposing built-in sensors. Users can transform their old devices through SmartThings Labs, a feature within the SmartThings app.

[…]

For a device to continuously detect sound and light, it needs to be actively operating for long periods of time. For this reason, Samsung equipped the Galaxy Upcycling at Home upgrade with battery optimization solutions to minimize battery usage. Devices will also be able to connect effortlessly to SmartThings, allowing them to interact with countless other IoT devices in the SmartThings ecosystem.

[…]

Source: Samsung Electronics Expands its Galaxy Upcycling Program to Enable Consumers to Repurpose Galaxy Smartphones into Smart Home Devices – Samsung US Newsroom

So it can do sound and light detection stuff for you or be used as a controller for your other IoT equipment