Daily Archives: May 11, 2021

BYU hologram experts can now create real-life tiny images that move in the air

Posted on by

 

They may be tiny weapons, but BYU’s holography research group has figured out how to create lightsabers — green for Yoda and red for Darth Vader, naturally — with actual luminous beams rising from them.

Inspired by the displays of science fiction, the researchers have also engineered battles between equally small versions of the Starship Enterprise and a Klingon Battle Cruiser that incorporate photon torpedoes launching and striking the enemy vessel that you can see with the naked eye.

“What you’re seeing in the scenes we create is real; there is nothing computer generated about them,” said lead researcher Dan Smalley, a professor of electrical engineering at BYU. “This is not like the movies, where the lightsabers or the photon torpedoes never really existed in physical space. These are real, and if you look at them from any angle, you will see them existing in that space.”

[…]

Smalley and Rogers detail these and other recent breakthroughs in a new paper published in Nature Scientific Reports this month. The work overcomes a limiting factor to optical trap displays: wherein this technology lacks the ability to show virtual images, Smalley and Rogers show it is possible to simulate virtual images by employing a time-varying perspective projection backdrop.

“We can play some fancy tricks with motion parallax and we can make the display look a lot bigger than it physically is,” Rogers said. “This methodology would allow us to create the illusion of a much deeper display up to theoretically an infinite size display.”

To see more of the holography work professor Dan Smalley is doing with his students, check out his lab website here: https://www.smalleyholography.org/

Source: BYU hologram experts can now create real-life images that move in the air

Facebook Ordered to Stop German WhatsApp Users’ Data Collection

Posted on by

Facebook Inc. was ordered to stop collecting German users’ data from its WhatsApp unit, after a regulator in the nation said the company’s attempt to make users agree to the practice in its updated terms isn’t legal.

Johannes Caspar, who heads Hamburg’s privacy authority, issued a three-month emergency ban, prohibiting Facebook from continuing with the data collection. He also asked a panel of European Union data regulators to take action and issue a ruling across the 27-nation bloc. The new WhatsApp terms enabling the data scoop are invalid because they are intransparent, inconsistent and overly broad, he said.

“The order aims to secure the rights and freedoms of millions of users which are agreeing to the terms Germany-wide,” Caspar said in a statement on Tuesday. “We need to prevent damage and disadvantages linked to such a black-box-procedure.”

The order strikes at the heart of Facebook’s business model and advertising strategy. It echoes a similar and contested step by Germany’s antitrust office attacking the network’s habit of collecting data about what users do online and merging the information with their Facebook profiles. That trove of information allows ads to be tailored to individual users — creating a cash cow for Facebook.

Facebook’s WhatsApp unit called Caspar’s claims “wrong” and said the order won’t stop the roll-out of the new terms. The regulator’s action is “based on a fundamental misunderstanding” of the update’s purpose and effect, the company said in an emailed statement.

Read more: Facebook Faces German Bid to Halt WhatsApp Data Collection

The U.S. tech giant has faced global criticism over the new terms that WhatsApp users are required to accept by May 15. Caspar said Facebook may already be wrongfully handling data and said it’s important to prevent misuse of the information to influence the German national election in September.

Source: Facebook Ordered to Stop German WhatsApp Users’ Data Collection – Bloomberg

NASA’s OSIRIS-REx Spacecraft Is Racing Back to Earth With a Scoop of Asteroid Bennu

Posted on by

OSIRIS-REx, a NASA spacecraft tasked with collecting rocks and dust from a nearby asteroid named Bennu, is coming back home after almost five years away. The spacecraft, officially named Origins, Spectral Interpretation, Resource Identification, Security, Regolith Explorer, officially fired its engines to begin its Earthward journey on May 10. Its return trip will take two and half years.

Bennu, the asteroid the spacecraft accosted, is a 1,600-foot-wide (500-meter) hunk of rock and ice located 200 million miles (321 million kilometers) from Earth. OSIRIS-REx snagged a handful of dust last October after a fairly dramatic encounter with the desolate little world. NASA was concerned that OSIRIS-REx wouldn’t be able to bring back a full sample due to leaks in the collection system. Thankfully, the samples now are headed to Earth, where they will be carefully examined by researchers.

[…]

 

Source: NASA’s OSIRIS-REx Spacecraft Is Racing Back to Earth With a Scoop of Asteroid

Windows Defender bug fills Windows 10 boot drive with thousands of files

Posted on by

A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives.

The bug started with Windows Defender antivirus engine 1.1.18100.5 and will cause the C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store folder to be filled up with thousands of files with names that appear to be MD5 hashes.

Windows Defender folder filled with small files 
Windows Defender folder filled with small files 

From a system seen by BleepingComputer, the created files range in size from 600 bytes to a little over 1KB.

File properties of one of these files
File properties of one of these files

While the system we looked at only had approximately 1MB of files, other Windows 10 users report that their systems have been filled up with hundreds of thousands of files, which in one case, used up 30GB of storage space.

On smaller SSD system drives (C:), this can be a considerable amount of storage space to waste on unnecessary files.

According to Deskmodder, who first reported on this issue, the bug has now been fixed in the latest Windows Defender engine, version 1.1.18100.6.

Source: Windows Defender bug fills Windows 10 boot drive with thousands of files

NHS Digital booking website had unexpected side effect: It leaked people’s jab status

Posted on by

An NHS Digital-run vaccine-booking website exposed just how many vaccines individual people had received – and did so with no authentication, according to the Guardian.

The booking page, aimed at English NHS patients wanting to book first and second coronavirus jabs, would tell anyone at all whether a named person had had zero, one or two vaccination doses, the newspaper reported on Thursday.

All you need, it says, are the date of birth and postcode of the person whose vaccination status you wanted to check up on.

[…]

Vaccination status is set to become a political hot potato as the UK restarts its economy following the 2020 COVID-19 shutdown. Government policy is to enforce vaccine passports, initially as a means of deterring overseas travel but rumours persist that they will be required for domestic activities. To that end, the ruling Conservatives’ insincere promise in December that vaccine passports wouldn’t become reality at all has prompted a 350,000 strong Parliamentary petition against them.

Carelessness around health data in general has been a feature of the current government’s tech-driven approach to tackling COVID-19. Such repeated incidents have a habit of lodging themselves in the public’s consciousness, making it harder to gain consent for genuine health-boosting measures based on handing data over to public sector bodies.

Source: NHS Digital booking website had unexpected side effect: It leaked people’s jab status • The Register

Flawless Is Using Deepfake Tech to Dub Foreign Films Actors Lips

Posted on by

a company called Flawless has created an AI-powered solution that will replace an actor’s facial performance to match the words in a film dubbed for foreign audiences.

[…]

What Flawless is promising to do with its TrueSync software is use the same tools responsible for deepfake videos to manipulate and adjust an actor’s face in a film so that the movements of their mouths, and in turn the muscles in their faces, more closely match how they’d move were the original performance given in the language a foreign audience is hearing. So even though an actor shot a film in English, to a moviegoer in Berlin watching the film dubbed in German, it would appear as if all of the actors were actually speaking German.

[…]

Is it necessary? That’s certainly up for debate. The recent Academy Award-winning film Parasite resurfaced the debate over dubbing a foreign film versus simply watching it with subtitles. One side feels that an endless string of text over a film is distracting and takes the focus away from everything else happening on screen, while the other side feels that a dub performed by even a talented and seasoned voice artist simply can’t match or recreate the emotions behind the original actor’s performance, and hearing it, even if the words aren’t understood, is important to enjoying their performance as a whole.

[…]

The company has shared a few examples of what the TrueSync tool is capable of on its website, and sure enough, Tom Hanks appears to be speaking flawless Japanese in Forrest Gump.

[…]

Source: Flawless Is Using Deepfake Tech to Dub Foreign Films

Scientists Create Record-Breaking Laser With Power of all sunlight reaching earth focussed on a tiny spot

Posted on by

After ten years of toiling, the team has demonstrated in a paper published on Thursday in the journal Optica the development of a laser with record-breaking intensity over 10²³ watts per square centimeter. Nam told Motherboard in an email that you can compare the intensity of this laser beam to the combined power of  all of the sunlight across the entire planet, but pressed together into roughly the size of a speck of dust or a single red blood cell. This whole burst of power happens in just fractions of a second.

“The laser intensity of 10²³ W/cm² is comparable to the light intensity obtainable by focusing all the sunlight reaching Earth to a spot of 10 microns,” explained Nam.

To achieve this effect, Nam and colleagues at the Center for Relativistic Laser Science (CoReLS) lab constructed a kind of obstacle course for the laser beam to pass through to amplify, reflect, and control the motion of the photons comprising it. Because light behaves as both a particle (e.g. individual photons) as well as a wave, controlling the wavefront of this laser (similar to the front of an ocean wave) was crucial to make sure the team could actually focus its power.

Nam explains that the technology to make this kind of precise control possible has been years in the making.

“We have developed ultrahigh power femtosecond lasers for more than a decade, reaching the output power of 4 PW (1015 W) in 2017,” says Nam. “We then developed the laser technology to focus the beam size of 28 cm to 1 micron, for which we have to make the laser wavefront superb using a deformable mirror.”

[…]

Beyond being a scientific breakthrough, Nam said that this high-intensity laser will open doors to explore some of the universe’s most fundamental questions that had previously only been explored by theoreticians.

“With such ultrahigh laser intensity we can tackle such phenomena as electron-positron pair production from light-light interactions… This kind of phenomena is supposed to happen in the early universe, plasma jets from supernova explosions and from black holes,” said Nam.

Thanks to these lasers, and even more powerful ones yet to come, Nam says that it will now be possible to explore these cosmic rays in the lab instead of just through simulations and theories. Using laser pulses, the researchers will be able to make and collide high energy electrons with photons, recreating the Compton scattering effect that scientists believe creates such high-energy cosmic rays.

Nam also said that these lasers have a more terrestrial purpose as well in the form of cancer treatment technology.

Proton therapy is a newer cancer treatment that directs positively charged proton beams to patients’ tumors using an accelerator. While this technique has shown promise, the use of an accelerator also requires a large, and expensive, radiation shield.

Nam proposes that using laser beams to direct these protons instead could be a more cost-efficient solution and may get this treatment into the hands of even more patients.

[…]

Source: Scientists Create Record-Breaking Laser With Mind Blowing Power

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here’s a list of those changes

Posted on by

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets’ networks as a legitimate pentesting exercise.

Now, the UK’s National Cyber Security Centre (NCSC) and the US warn, the SVR is busy exploiting a dozen critical-rated vulns (including RCEs) in equipment ranging from Cisco routers through to VMware virtualization kit – and the well-known Pulse Secure VPN flaw, among others.

“In one example identified by the NCSC, the actor had searched for authentication credentials in mailboxes, including passwords and PKI keys,” warned the GCHQ offshoot today.

Roughly equivalent to MI6 mixed with GCHQ, the SVR is Russia’s foreign intelligence service and is known to infosec pros as APT29. A couple of weeks ago, Britain and the US joined forces to out the SVR’s Tactics, Techniques and Procedures (TTPs), giving the world’s infosec defenders a chance to look out for the state-backed hackers’ fingerprints on their networked infrastructure.

[…]

They include:

On top of all that the SVR is also posing as legitimate red-team pentesters: looking for easy camouflage, the spies hopped onto GitHub and downloaded the free open-source Sliver red-teaming platform, in what the NCSC described as “an attempt to maintain their accesses.”

There are more vulns being abused by the Russians and the full NCSC advisory on what these are can be read on the NCSC website. The advisory includes YARA and Snort rules.

[…]

Source: Russian cyber-spies changed tactics after the UK and US outed their techniques – so here’s a list of those changes • The Register

Justice Department Quietly Seized Washington Post Reporters’ Phone Records During Trump Era

Posted on by

The Department of Justice quietly seized phone records and tried to obtain email records for three Washington Post reporters, ostensibly over their coverage of then-U.S. Attorney General Jeff Sessions and Russia’s role in the 2016 presidential election, according to officials and government letters reviewed by the Post.

Justice Department regulations typically mandate that news organizations be notified when it subpoenas such records. However, though the Trump administration OK’d the decision, officials apparently left the notification part for the Biden administration to deal with. I guess they just never got around to it. Probably too busy inspiring an insurrection and trying to overthrow the presidential election.

In three separate letters dated May 3 addressed to reporters Ellen Nakashima, Greg Miller, and former reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017,” according to the Post. Listed were Miller’s work and cellphone numbers, Entous’ cellphone number, and Nakashima’s work, cellphone, and home phone numbers. These records included all calls to and from the phones as well as how long each call lasted but did not reveal what was said.

According to the letters, the Post reports that prosecutors also secured a court order to seize “non content communications records” for the reporters’ email accounts, which would disclose who emailed whom and when the emails were sent but not their contents. However, officials ultimately did not obtain these records, the outlet said.

[…]

“We are deeply troubled by this use of government power to seek access to the communications of journalists,” said the Post’s acting executive editor Cameron Barr. “The Department of Justice should immediately make clear its reasons for this intrusion into the activities of reporters doing their jobs, an activity protected under the First Amendment.”

Frustratingly, the letters apparently don’t go into why the Department of Justice seized this data. A department spokesperson told the outlet that the decision to do so was made in 2020 during the Trump administration. (It’s worth noting that former President Donald Trump has made it crystal clear that he despises news media and the government leakers that provide them their scoops.)

Based on the time period cited in the letters and what the reporters covered during those months, the Post speculates that their investigations into Sessions and Russian interference could be why the department wanted to get its hands on their phone data.

[…]

Source: Justice Department Quietly Seized Washington Post Reporters’ Phone Records During Trump Era

PimEyes: a powerful facial-recognition and finding tool – like Clearview AI but for free

Posted on by

You probably haven’t seen PimEyes, a mysterious facial-recognition search engine, but it may have spotted you.

If you upload a picture of your face to PimEyes’ website, it will immediately show you any pictures of yourself that the company has found around the internet. You might recognize all of them, or be surprised (or, perhaps, even horrified) by some; these images may include anything from wedding or vacation snapshots to pornographic images.
PimEyes is open to anyone with internet access.
[…]
Imagine a potential employer digging into your past, an abusive ex tracking you, or a random stranger snapping a photo of you in public and then finding you online. This is all possible through PimEyes
[…]
PimEyes lets users see a limited number of small, somewhat pixelated search results at no cost, or you can pay a monthly fee, which starts at $29.99, for more extensive search results and features (such as to click through to see full-size images on the websites where PimEyes found them and to set up alerts for when PimEyes finds new pictures of faces online that its software believes match an uploaded face).
The company offers a paid plan for businesses, too: $299.99 per month lets companies conduct unlimited searches and set up 500 alerts.
[…]
while Clearview AI built its massive stockpile of faces in part by scraping images from major social networks (it was subsequently served with cease-and-desist notices by Facebook, Google, and Twitter, sued by several civil rights groups, and declared illegal in Canada), PimEyes said it does not scrape images from social media.
[…]
I wanted to learn more about how PimEyes works, and why it’s open to anyone, as well as who’s behind it. This was much trickier than uploading my own face to the website. The website currently lists no information about who owns or runs the search engine, or how to reach them, and users must submit a form to get answers to questions or help with accounts.
Poring over archived images of the website via the Internet Archive’s Wayback Machine, as well as other online sources, yielded some details about the company’s past and how it has changed over time.
The Pimeyes.com website was initially registered in March 2017, according to a domain name registration lookup conducted through ICANN (Internet Corporation for Assigned Names and Numbers). An “about” page on the Pimeyes website, as well as some news stories, shows it began as a Polish startup.
An archived image of the website’s privacy policy indicated that it was registered as a business in Wroclaw, Poland, as of August 2020. This changed soon after: The website’s privacy policy currently states that PimEyes’ administrator, known as Face Recognition Solutions Ltd., is registered at an address in the Seychelles. An online search of the address — House of Francis, Room 303, Ile Du Port, Mahe, Seychelles — indicated a number of businesses appear to use the same exact address.
[…]

Source: Anyone can use this powerful facial-recognition tool — and that’s a problem – CNN

CNN says it’s a contrast with Clearview AI because they supposedly limit their database to law enforcement. The problem with Clearview was partially that they didn’t limit access at all, giving out free accounts to anyone and everyone.

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

Posted on by

One of the USA’s largest oil pipelines has been shut by ransomware, leading the nation’s Federal Motor Carrier Safety Administration to issue a regional emergency declaration permitting the transport of fuel by road.

The Colonial Pipeline says it carries 100 million gallons a day of refined fuels between Houston, Texas, and New York Harbor, or 45 percent of all fuel needed on the USA’s East Coast. The pipeline carries fuel for cars and trucks, jet fuel, and heating oil.

It’s been offline since May 7, according to a company statement, due to what the outfit described as “… a cybersecurity attack [that] involves ransomware.”

It added: “In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”

[…]

In a statement on May 10 fingering the culprits of the attack, the FBI said “the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation.”

Meanwhile, on its Tor-hidden website, the Darkside crew seems to regret the attention it has drawn from Uncle Sam. “From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” it wrote.

Source: US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day • The Register

WhatsApp’s privacy policy – not accepting will slowly kill your functionality and then delete your history

Posted on by

After facing international backlash over impending updates to its privacy policy, WhatsApp has ever-so-slightly backtracked on the harsh consequences it initially planned for users who don’t accept them—but not entirely.

In an update to the company’s FAQ page, WhatsApp clarifies that no users will have their accounts deleted or instantly lose app functionality if they don’t accept the new policies. It’s a step back from what WhatsApp had been telling users up until this point. When this page was first posted back in February, it specifically told users that those who don’t accept the platform’s new policies “won’t have full functionality” until they do. The threat of losing functionality is still there, but it won’t be automatic.

“For a short time, you’ll be able to receive calls and notifications, but won’t be able to read or send messages from the app,” WhatsApp wrote at the time. While the deadline to accept was initially early February, the blowback the company got from, well, just about everyone, caused the deadline to be postponed until May 15—this coming Saturday.

After that, folks that gave the okay to the new policy won’t notice any difference to their daily WhatsApp experience, and neither will the people that didn’t—at least at first. “After a period of several weeks, the reminder [to accept] people receive will eventually become persistent,” WhatsApp wrote, adding that users getting these “persistent” reminders will see their app stymied pretty significantly: For a “few weeks,” users won’t be able to access their chat lists, but will be able to answer incoming phone and video calls made over WhatsApp. After that grace period, WhatsApp will stop sending messages and calls to your phone entirely (until you accept).

[…]

It’s worth mentioning here that if you keep the app installed but still refuse to accept the policy for whatever reason, WhatsApp won’t outright delete your account because of that. That said, WhatsApp will probably delete your account due to “inactivity” if you don’t connect for 120 days, as is WhatsApp policy.

[…]

While the company has done the bare minimum in explaining what this privacy policy update actually means, the company hasn’t done much to assuage the concerns of lawyers, lawmakers, or really anyone else. And it doesn’t look like these new “reminders” will put them at ease, either.

Source: WhatsApp’s New Update: What It Means for Your Account

Lone Developer Stands Up To Grand Theft Auto DMCA Claim, Wins – reverse engineered  code the original code

Posted on by

Earlier this year fans reversed engineered the source code to Grand Theft Auto III and Grand Theft Auto: Vice City. They released it to the web, but Grand Theft Auto copyright holder Take-Two pulled it offline via a DMCA claim. But one fan stood up to the publisher and has now succeeded in getting the reverse-engineered source code back online.

Deriving the source code through reverse-engineering was a huge milestone for the GTA hacking scene. Players would still need the original game assets to run either classic GTA title, but with accessible source code, modders and devs could begin porting the game to new platforms or adding new features. That’s exactly what’s happened this past year with Super Mario 64.

A week after the code went public on GitHub, Rockstar’s parent company, Take-Two Interactive, issued a DMCA takedown claiming that the reversed-engineered source code contained “copyrighted materials owned by Take-Two.” GitHub pulled the fan-derived code and all its related forks.

However, as TorrentFreak reports, a New Zealand-based developer named Theo, who maintained a fork of the removed code, didn’t agree with Take-Two’s claims and pushed back, filing their own counter-notice with GitHub last month. This counter-claim seems to have succeeded, as GitHub’s made the fan-derived source code available to download once more.

Theo explained in their counter-claim that the code didn’t, in fact, contain any original work created or owned by Take-Two Interactive, so it should not have been removed. They filed their claim last month after Take-Two removed over 200 forks of the reversed source, all built off of the original reversed-engineered code. That original repository and all the rest remain unavailable, as only Theo’s fork was restored by the DMCA counter-claim.

Grand Theft Auto III
Grand Theft Auto III
Screenshot: Rockstar Games

In an interview with TorrentFreak, the dev explained that he believes Take-Two’s DCMA claim is “wholly incorrect” and that the publisher has “no claim to the code” because while it functions like the original source code that went into GTA III and Vice City, it is not identical.

While it might seem like GitHub has taken a side and decided that Take-Two was wrong, this isn’t accurate. DMCA rules state that content that is disputed must be restored within 14 days of a counter-notice being received. At this point, if Take-Two wants the source code removed again, it would become a legal battle. Theo says he understands the legal risk he faces, but doesn’t expect the publisher to pursue this to court any time soon.

While it’s possible Take-Two could challenge Theo’s counter-claim in court at a later date, this is still a nice win for the Grand Theft Auto III and Vice City modding scene. It’s also another reminder that modders, pirates, and fan developers are often the only ones doing the work to keep old games around in an easily playable form.

Source: Lone Developer Stands Up To Grand Theft Auto DMCA Claim, Wins

Environmental Commodities: What Are They & How Can You Trade Them?

Posted on by
Commodity.com has a huge and useful page on how to get started trading in environmental commodities. Unfortunately it won’t let me paste it into here easily so below is a list of the subjects they cover. They are also very transparent about how they make their money (through links on their site), which I thought was honest of them.  Anyway, enjoy!
What Are Environmental Commodities?
Types Of Environmental Commodities
History Of Environmental Commodities
What Drives Environmental Commodity Prices?
Environmental Commodity Exchanges
Environmental Commodity Brokers
Further Reading

Source: Environmental Commodities: What Are They & How Can You Trade Them? – Commodity.com