Google was fined €500m ($590m, £425m) by the French Competition Authority on Tuesday for failing to negotiate fees with news publishers for using their content.
In April last year, the regulator ruled the American search giant had to compensate French publishers for using snippets of their articles in Google News, citing European antitrust rules and copyright law. Google was given three months to figure out how much to pay publishers. More than a year later, no licensing deals have been struck, and Google did not “enter into negotiations in good faith,” we’re told. For one thing, it just stopped including snippets from French publishers in all Google services.
[…]
Now, the FCA has sanctioned the Chocolate Factory €500m and has given it two months to negotiate with French publishers. If the web giant continues to dilly-dally after this point, it’ll be fined up to €900,000 (over $1m or around £767,000) a day until it complies with the FCA’s demands.
BIMI enables organizations that authenticate their emails using Domain-based Message Authentication, Reporting, and Conformance (DMARC)—a standard for providing strong sender authentication that allows security systems to perform better filtering, separating legitimate messages from potentially spoofed ones—to validate ownership of their logos and securely transmit them to Google. BIMI is designed to be easy: for organizations with DMARC in place, validated logos display on authenticated emails from their domains and subdomains.
Here’s how it works: Organizations who authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC). BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other anti-abuse checks, Gmail will start displaying the logo in the existing avatar slot.
[…]
For logo validation, BIMI is starting by supporting the validation of trademarked logos, since they are a common target of impersonation. Today, Entrust and DigiCert support BIMI as Certification Authorities, and in the future the BIMI working group expects this list of supporting validation authorities to expand further. To learn more about BIMI and see the latest news, visit the working group’s website.
To take advantage of BIMI, ensure that your organization has adopted DMARC, and that you have validated your logo with a VMC
Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don’t mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.
They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person’s full name, physical address, and other personal identifiable information (PII). Motherboard confirmed this by posing as a potential customer to a company that offers linking MAIDs to PII.
“If shady data brokers are selling this information, it makes a mockery of advertisers’ claims that the truckloads of data about Americans that they collect and sell is anonymous,” Senator Ron Wyden told Motherboard in a statement.
“We have one of the largest repositories of current, fresh MAIDS<>PII in the USA,” Brad Mack, CEO of data broker BIGDBM told us when we asked about the capabilities of the product while posing as a customer. “All BIGDBM USA data assets are connected to each other,” Mack added, explaining that MAIDs are linked to full name, physical address, and their phone, email address, and IP address if available. The dataset also includes other information, “too numerous to list here,” Mack wrote.
A MAID is a unique identifier a phone’s operating system gives to its users’ individual device. For Apple, that is the IDFA, which Apple has recently moved to largely phase out. For Google, that is the AAID, or Android Advertising ID. Apps often grab a user’s MAID and provide that to a host of third parties. In one leaked dataset from a location tracking firm called Predicio previously obtained by Motherboard, the data included users of a Muslim prayer app’s precise locations. That data was somewhat pseudonymized, because it didn’t contain the specific users’ name, but it did contain their MAID. Because of firms like BIGDBM, another company that buys the sort of data Predicio had could take that or similar data and attempt to unmask the people in the dataset simply by paying a fee.
[…]
“This real-world research proves that the current ad tech bid stream, which reveals mobile IDs within them, is a pseudonymous data flow, and therefore not-compliant with GDPR,” Edwards told Motherboard in an online chat.
“It’s an anonymous identifier, but has been used extensively to report on user behaviour and enable marketing techniques like remarketing,” a post on the website of the Internet Advertising Bureau, a trade group for the ad tech industry, reads, referring to MAIDs.
In April Apple launched iOS 14.5, which introduced sweeping changes to how apps can track phone users by making each app explicitly ask for permission to track them. That move has resulted in a dramatic dip in the amount of data available to third parties, with just 4 percent of U.S. users opting-in. Google said it plans to implement a similar opt-in measure broadly across the Android ecosystem in early 2022.
A total of 46 F-35 stealth fighters are currently without functioning engines due to an ongoing problem with the heat-protective coating on their turbine rotor blades becoming worn out faster than was expected. With the engine maintenance center now facing a backlog on repair work, frontline F-35 fleets have been hit, with the U.S. Air Force’s fleet facing the most significant availability shortfall.
At a hearing before the U.S. House Committee on Armed Services’ Subcommittee on Tactical Air and Land Forces yesterday, Air Force Lieutenant General Eric T. Fick, director of the F-35 Joint Program Office, confirmed that 41 U.S. Air Force F-35s, as well as one Joint Strike Fighter belonging to the U.S. Marine Corps, another from the U.S. Navy, and three that had been delivered to foreign air forces were grounded without engines. Those figures were as of July 8.
U.S. Air Force/Staff Sgt. Staci Miller
An F-35A assigned to the 61st Fighter Squadron at Luke Air Force Base, Arizona, takes off as the sun sets, during corrosion testing of the F135 engine.
The exact breakdown of how many of each F-35 variant lack engines is unclear. The Air Force and the Navy only fly the F-35A and F-35C, respectively, but the Marines operate both F-35Bs and F-35Cs and various models are in service with other military forces around the world.
[…]
It is worth remembering too, of course, that the F-35 enterprise almost had an alternative engine to the F135. However, the General Electric/Rolls-Royce F136 turbofan was deemed to be an unnecessary expense and was eventually canceled in 2011, when the project was over 80 percent complete. With the benefit of hindsight, it can well be imagined that an alternative source of engines would be very valuable right now.
Most data on microplastic concentrations comes from commercial and research ships that tow plankton nets—long, cone-shaped nets with very fine mesh designed for collecting marine microorganisms.
But net trawling can sample only small areas and may be underestimating true plastic concentrations. Except in the North Atlantic and North Pacific gyres—large zones where ocean currents rotate, collecting floating debris—scientists have done very little sampling for microplastics. And there is scant information about how these particles’ concentrations vary over time.
To address these questions, University of Michigan research assistant Madeline Evans and I developed a new way to detect microplastic concentrations from space using NASA’s Cyclone Global Navigation Satellite System. CYGNSS is a network of eight microsatellites that was launched in 2016 to help scientists predict hurricanes by analyzing tropical wind speeds. They measure how wind roughens the ocean’s surface—an indicator that we realized could also be used to detect and track large quantities of microplastics.
This animation shows how satellite data can be used to track where microplastics enter the water, how they move and where they tend to collect.
Looking for smooth zones
[…]
The radars on CYGNSS satellites are designed to measure winds over the ocean indirectly by measuring how they roughen the water’s surface. We knew that when there is a lot of material floating in the water, winds don’t roughen it as much. So we tried computing how much smoother measurements indicated the surface was than it should have been if winds of the same speed were blowing across clear water.
This anomaly—the “missing roughness”—turns out to be highly correlated with the concentration of microplastics near the ocean surface. Put another way, areas where surface waters appear to be unusually smooth frequently contain high concentrations of microplastics. The smoothness could be caused by the microplastics themselves, or possibly by something else that’s associated with them.
By combining all the measurements made by CYGNSS satellites as they orbit around the world, we can create global time-lapse images of ocean microplastic concentrations. Our images readily identify the Great Pacific Garbage Patch and secondary regions of high microplastic concentration in the North Atlantic and the southern oceans.
These images show microplastic concentrations (number of particles per square kilometer) at the mouths of the Yangtze and Qiantang rivers where they empty in to the East China Sea. (A) Average density year-round; (B) short-lived burst of particles from the Qiantang River; (C and D) short-lived bursts from the Yangtze River. Credit: Evans and Ruf, 2021., CC BY
We found that global microplastic concentrations tend to peak in the North Atlantic and Pacific during the Northern Hemisphere’s summer months. June and July, for example, are the peak months for the Great Pacific Garbage Patch.
Concentrations in the Southern Hemisphere peak during its summer months of January and February. Lower concentrations during the winter in both hemispheres are likely due to a combination of stronger currents that break up microplastic plumes and increased vertical mixing—the exchange between surface and deeper water—that transports some of the microplastic down below the surface.
This approach can also target smaller regions over shorter periods of time. For example, we examined episodic outflow events from the mouths of the China’s Yangtze and Qiantang rivers where they empty into the East China Sea. These events may have been associated with increases in industrial production activity, or with increases in the rate at which managers allowed the rivers to flow through dams.
[…]
While the ocean roughness anomalies that we observed correlate strongly with microplastic concentrations, our estimates of concentration are based on the correlations that we observed, not on a known physical relationship between floating microplastics and ocean roughness. It could be that the roughness anomalies are caused by something else that is also correlated with the presence of microplastics.
One possibility is surfactants on the ocean surface. These liquid chemical compounds, which are widely used in detergents and other products, move through the oceans in ways similar to microplastics, and they also have a damping effect on wind-driven ocean roughening.
Further study is needed to identify how the smooth areas that we identified occur, and if they are caused indirectly by surfactants, to better understand exactly how their transport mechanisms are related to those of microplastics.
The mastermind behind what the government says is one of the largest cryptocurrency Ponzi schemes prosecuted in the US has been sentenced to 15 years in prison. While crypto scams have been getting increasingly common, Swedish citizen Roger Nils-Jonas Karlsson defrauded thousands of victims and stole tens of millions of dollars over a period that lasted almost a decade. He pleaded guilty to securities and wire fraud, as well as money laundering charges on March 4th.
According to the Department of Justice, Karlsson ran his fraudulent investment scheme from 2011 until he was arrested in Thailand in 2019. He targeted financially insecure individuals, such as seniors, persuading them to use cryptocurrency to purchase shares in a business he called “Eastern Metal Securities.” Based on information from court documents, he promised victims huge payouts tied to the price of gold, but the money they handed over wasn’t invested at all. It was moved to Karlsson’s personal bank accounts instead and used to purchase expensive homes and even resorts in Thailand.
To keep his scheme running for almost a decade, he’d rebrand and would show victims account statements in an effort to convince them that their funds are secure. Karlsson would then give them various excuses for payout delays and even falsely claimed to be working with the Securities and Exchange Commission. During the sentencing, US District Judge Charles R. Breyer ordered his Thai resorts and accounts to be forfeited. He was also ordered to pay his victims in the amount of $16,263,820.
Acting US Attorney Stephanie Hinds of the Northern District of California said:
“The investigation into Roger Karlsson’s fraud uncovered a frighteningly callous scheme that lasted more than a decade during which Karlsson targeted thousands of victims, including financially vulnerable seniors, to callously rob them of their assets and all to fuel an extravagant lifestyle surrounded by luxury condominiums and lavish international vacations. The court’s decision to order a 180-month prison term reflects the fact that Karlsson’s cryptocurrency Ponzi scheme is one of the largest to be sentenced to date and ensures that Karlsson now will have plenty of time to think about the harm he has caused to his victims.”
Palo Alto Networks’ global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year – along with an estimation of the multimillion-dollar payouts it’s receiving.
“For these services, REvil takes a percentage of the negotiated ransom price as their fee. Affiliates of REvil often use two approaches to persuade victims into paying up: they encrypt data so that organizations cannot access information, use critical computer systems or restore from backups, and they also steal data and threaten to post it on a leak site (a tactic known as double extortion).”
According to research carried out by Martineau and colleagues, REvil and its affiliates averaged $2.25m in payouts per breach over the first six months of 2021 – chickenfeed compared to the $70m the group is demanding for a universal decryption tool designed to unlock the data being ransomed as a result of the Kaseya attack.
The methods chosen by the group to gain access to the target systems are depressingly simple, Martineau’s report claimed, with the most common methods being as simple as sending a phishing message or attempting to log in to Remote Desktop Protocol (RDP) servers using previously-compromised credentials.
“However,” Martineau noted, “we also observed a few unique vectors that relate to the recent Microsoft Exchange Server CVEs, as well as a case that involved a SonicWall compromise.”
Once in, REvil attackers cement their access by creating new local and domain user accounts, install Cobalt Strike’s Beacon covert payload – a commercial product which apparently delivers a little too well on its promise to “model advanced attackers” for “threat emulation” – and disable antivirus, security services, and other protection systems. The impact is further expanded to other devices on the network, using “various open-source tools to gather intelligence on a victim environment.”
It could be a while before the attack is noticed, too – no surprise given how the group often exfiltrates gigabytes of data as part of its ransom approach. “REvil threat actors often encrypted the environment within seven days of the initial compromise,” Martineau found. “However, in some instances, the threat actor(s) waited up to 23 days. [They] often used MEGASync software or navigated to the MEGASync website to exfiltrate archived data. In one instance, the threat actor used RCLONE to exfiltrate data.
[…]
The full report has been published on the Unit 42 site.
As expected, Google is facing a fresh legal assault regarding its Play Store, the 30 per cent cut it took from developers’ revenues via the software souk, and other rules and restrictions.
In an antitrust lawsuit [PDF] filed in a federal district court in San Francisco on Wednesday, 36 US states and commonwealths, plus Washington DC, alleged Google ran roughshod over the Sherman Act, screwing over users and software makers by abusing its monopoly on Android and the distribution of apps.
Those states include New York, California, Florida, Washington, New Jersey, North Carolina, and Arizona, though not Texas, Pennsylvania, Ohio, nor Illinois, among others. There doesn’t appear to be an obvious partisan split.
The complaint is wide-ranging and extensive, from criticizing Google’s commission from app and in-app purchases and that it must handle payments, to undue pressure on phone makers, to a ban on advertising by non-Play stores on Google’s web properties, like YouTube, and more.
[…]
In March, Google dropped its cut of app sales from 30 to 15 per cent for the first $1m a developer makes. The move mirrored a similar decision by Apple last year, matching the same terms almost exactly. This was not enough, it seems, to hold off attorneys general.
After a recent investigation by Anandtech pointed out that a number of popular apps were experiencing sluggish performance on the OnePlus 9 and OnePlus 9 Pro, OnePlus has now admitted to throttling hundreds of popular apps to help “reduce power consumption.”
Anandtech’s Andrei Frumusanu noticed that a number of popular browsers, including Google Chrome, performed significantly worse on benchmarks such as Jetstream 2.o and Speedometer 2.0, posting results more similar to those from old budget phones than a modern high-end device. And while Gizmodo does not use those benchmarks as part of our review process (due in part to previous tampering from companies including OnePlus and others), we can confirm similar numbers in our own testing.
Upon further review, Anandtech discovered that OnePlus had installed a custom OnePlus Performance Service function that throttled the performance of apps like YouTube, Snapchat, Discord, Twitter, Zoom, Facebook, Microsoft Office apps, and even a number of first-party apps from OnePlus. And by limiting the performance of certain cores in the OnePlus 9 and 9 Pro’s Snapdragon 888 processor, OnePlus was effectively throttling these apps in order to help deliver increased battery life.
In a statement provided to XDA Developers, OnePlus has confirmed it throttled the performance of apps on the OnePlus 9 and 9 Pro
Ransomware attacks are on the rise, but quantifying the scope of the problem can be tricky when only the most high-profile cases make headlines. Enter Ransomwhere,
[…]
Jack Cable, a security architect at the cybersecurity consulting firm Krebs Stamos Group, launched the site on Thursday.
[…]
The way it works is Ransomwhere keeps a running tally of ransoms paid out to cybercriminals in the bitcoin cryptocurrency. This is largely made possible because of the transparent nature of bitcoin: All transactions involving the cryptocurrency are recorded on the blockchain, a decentralized database that acts as a public ledger, thus allowing anyone to track any transactions specifically associated with ransomware groups.
[…]
Since the U.S. dollar value of bitcoin is constantly fluctuating, Ransomwhere calculates each ransom amount based on the bitcoin exchange rate on the day that the transaction was sent.
[…]
So far in 2021, the Russia-linked cybercriminal gang that took credit for the Kaseya and JBS attacks, REvil, is leading the pack by a mile with more than $11 million in ransom payments, according to Ransomwhere. Coming in second with 6.2 million is Netwalker, one of the most popular ransomware-as-a-service offerings on the dark web. Though it should be noted that Netwalker has the dubious honor of racking up the most ransom payments of all time, with roughly $28 million to its name based on the site’s data.
REvil could soon surpass that record if its recent demands for $70 million are met. That’s how much the gang asked for on Sunday to publish a universal decryptor that would unlock all computers affected in the Kaseya hack, a supply chain attack that has crippled more than 1,000 companies worldwide and prompted a federal investigation.
Cyberattacks reportedly disrupted Iran’s railway system on Friday, causing “unprecedented chaos” at stations throughout the country, according to state media.
The hackers, whoever they are, also reportedly trolled the nation’s Supreme Leader Ali Khamenei, posting his phone number as “the number to call for information” on multiple train station message boards, Reuters reports. According to some Iranian outlets, the number, 64411, was displayed on screens in train stations and redirected to Ayatolla Khamenei’s office when dialed.
The railway’s website, local ticket offices, and cargo services have all apparently been affected, the news outlet reports.
There isn’t otherwise a whole lot of information about this incident, though local reporting would appear to suggest that trains have been massively delayed but not totally stalled.
A series of Samsung apps that allow customers to control their internet-connected appliances require access to all the phone’s contacts and, in some cases, the phone call app, phone’s location, and camera. Customers have been furious about this for years.
On Wednesday, a Reddit user complained that their washing machine app, the Samsung Smart Washer, wouldn’t work “unless I give it access to my contacts, location and camera.”
This is a common complaint.
[…]
These situations speak to two issues: Apps that demand permissions that they don’t need, and “smart” and internet of things devices that make formerly simple tasks very complicated, and open up potential privacy and security concerns.
Generally speaking, over the last few years, people have become more sensitive to what they’re giving up in privacy and potentially security when they deal with big tech companies. Smart TVs (Samsung included), for example, have been caught listening to users and automatically deliver ads. Tech companies have had to adapt and do better. For example, both Apple and Google allow users to see what data an app has access to, and in some cases users can toggle the permissions individually. The upcoming new version of Android will even have a dedicated “Privacy Dashboard” where users can see which apps used what permissions, and revoke them if they want. Apple’s iOS has similar functionality. But none of this stops app developers from asking users to accept unnecessary permissions.
It’s unclear why apps that are designed to let you set the type of washing cycle you want, or see how long it’s gonna take for the dryer to be done, would need access to your phone’s contacts. In an FAQ for another Samsung app, the company says it needs access to contacts “to check if you already have a Samsung account set up in your device. Knowing this information helps mySamsung to make the sign-in process seamless.”
The rocket ship launched the 70-year-old and his crew from Spaceport America in the New Mexico desert.
Tropical storms had delayed the launch before setting off at around 3.30pm.
Branson – known as ‘Astronaut 001’ – soared into space in his blue spacesuit aboard Virgin Space Ship Unity, a 62ft rocket-powered space plane nestled between the twin hulls of Mother Ship Eve, which propelled them to an altitude of around 55 miles.
What are these terms and how do they work in terms of control schemes? In this world you generally get what you pay for – if it’s cheap, then it’s probably plasticky and nasty. If it’s expensive, then it’s probably high quality. Saitek and Logitech have equipment running from low to midrange. Thrustmaster from mid to high range.
The VKB Gladiator NXT is currently the most popular midrange joystick you can find around $120 – $150 which comes in left and righthand versions.
If you have the money though, you go for the Virpil (VPC) Constellation Alpha (both left and right hand) and MongoosT-50CM2 grips and bases
WingWin.cn has a very good F-16 throttle, stick and instrument panel with desk mounts
HOTAS
The world of flight sim control used to be fairly straightforward: ideally you had a stick on the right, a throttle unit on the left and rudders in the middle. Some stick makers tried to replace the rudder with a twistable stick grip and maybe a little throttle lever on the stick so you could get full control cheaper – the four degrees of freedom (roll, yaw, pitch and thrust) / 4 DOF on a single stick. You had less buttons but you used the keyboard and mouse more.
HOSAS / Dual Stick
Now in the resurgence of the age of space sims – (Elite Dangerous, Star Citizen,No Mans Sky, Star Wars Squadrons and Tie Fighter Total Conversion to name a few) the traditional HOTAS (Hands on Throttle and Stick) is losing ground to the HOSAS (Hands on Stick and Stick). The HOSAS offers six degrees of freedom (6 DOF): roll, yaw, pitch, thrust + horizontal and vertical translation / strafing, which makes sense for a space plane that can not only go backwards but can also strafe directly upwards and downwards or left and right.
This gives rise to some interesting control schemes:
Left stick
x-axis
translate / strafe left + right
y-axis
throttle
z/twist-axis
translate / strafe up + down
Right stick
x-axis
roll
y-axis
pitch
z/twist axis
yaw
a variation which seems to be popular in Star Wars Squadrons is
Right stick
x-axis
yaw
y-axis
pitch
z/twist-axis
roll
`
another variation with throttling
Left stick
x-axis
translate / strafe left + right
y-axis
translate / strafe up + down
z/twist-axis
thrust
often combined with:
rudder left foot
throttle backwards / reverse
rudder right foot
throttle forwards
Different combinations work better or worse depending on the person and how tiring it is for them personally. As Reddit user Enfiguralimificuleur points out: “It worked best for me with Z/twist being the throttle. I found it very efficient to adjust your speed properly. Very easy to stay at that speed as well. However due to wrist issue and tendinitis, some positions are VERY awkward. Try pulling+right+twisting. Ouch. And even without the pain, this is not comfortable.”
Throttling and the Omnithrottle
The throttle can be set in different ways: a traditional HOTAS throttle is set to where it’s pushed to. Generally sticks have a recentering mechanism. This means that it’s easy to find reverse but can get annoying because to throttle you need to keep pushing the stick forwards. There are a few solutions to this.
First, The VKB gunfighter III base has a dry clutch which will remove the centering spring back of the pitch axes, meaning you can assign that to thrust and basicly have a stick that stays there mimicking a throttle while still allowing for rotation and roll axes.
Second, people can use a traditional throttle as well (so then I guess it becomes a HOTSAS)
Third, you can map a hat to 0, 50, 75, 100% speed and set speeds that way as a sort of cruise control
Fourth you can use the rudder (left foot back, front foot forward) or z-axis (twist) for thrust / throttle control. This will not eliminate the problem though.
The omnithrottle is when you angle the left hand stick around 90 degrees downwards so that it looks like a throttle. You retain the three axes and the extra buttons and hats, giving you more freedom.
According to a new investigation from Bloomberg, cyber spies connected to the Russian government recently hacked into the Republican National Committee—though the RNC has denied that their systems were breached in this way.
According to Bloomberg, the hacker group known as “Cozy Bear”—thought to be connected to Russia’s intelligence service, the SVR—conducted the intrusion, though it’s not clear what they viewed or whether they stole any data. The hackers are believed to have gained entry to the RNC’s networks through one of its IT providers, a company called Synnex Corp.
The incident occurred this past 4th of July weekend—around the same time that a cybercriminal group was launching a massive ransomware attack on American IT firm Kaseya, the damage from which is still being assessed. The Russian cybercriminal group REvil has claimed responsibility for that attack.
A notorious threat actor, Cozy Bear has been blamed for large parts of the “SolarWinds” hack, the likes of which compromised close to a dozen federal agencies and droves of American businesses. The group, which also goes by its technical designation APT 29, has also been accused of hacking the Democratic National Committee in the past.
DRM has shown time after time to be of almost no hindrance whatsoever for those seeking to pirate video games, but has done an excellent job of hindering those who actually bought the game in playing what they’ve bought. Ubisoft, in particular, has had issues with this over the years, with DRM servers failing and preventing customers from playing games that can no longer ping the DRM server.
And while those instances involved unforeseen downtime or migrations impacting customers’ ability to play their games, this time it turns out that Ubisoft simply stopped supporting the DRM server for Might and Magic X-Legacy. And now basically everyone is screwed.
Last month, Ubisoft decided to end online support for a bunch of older games, but in doing so also brought down the DRM servers for Might and Magic X – Legacy, meaning players couldn’t access the game’s single-player content or DLC.
As Eurogamer reports, fans were not happy, having to cobble together an unofficial workaround to be able to continue playing past a certain point in the single-player. But instead of Ubisoft taking the intervening weeks to release something official to fix this, or reversing their original move to shut down the game’s DRM servers, they’ve decided to do something else.
They have simply removed the game for sale on Steam.
This, of course, does nothing for the people who already bought the game and now suddenly cannot progress through it completely, as all the DLC is non-functional. They can play the game up until a point, but then it just doesn’t work.
There are multiple bad actions on Ubisoft’s part here. First, using DRM like this is a terrible idea with almost no good consequences. But once it’s in use, you would think it would be the obligation of the company to ensure any changes it makes on its end don’t suddenly render purchases made by its customers unplayable. In other words, rather than ending support for a DRM server that nixes parts of a paid-for game, the company could have rolled out patches to remove the DRM completely so that none of this happened. After all, with the game no longer even available as a new purchase, what would be the harm in removing the DRM? And, of course, there’s the total lack of communication to Ubisoft customers about basically all of this.
Which is what has people so understandably pissed.
There’s a limit to what you can learn about cells from 2D pictures, but creating 3D images is a time-intensive process. Now, scientists from UT Southwestern have developed a new “simple and cost-effective” device capable of capturing multi-angle photos that can be retrofitted onto existing lab microscopes. The team say their solution — which involves inserting a unit of two rotating mirrors in front of a microscope’s camera — is 100 times faster than converting images from 2D to 3D.
Currently, this process involves collecting hundreds of photos of a specimen that can be uploaded as an image stack into a graphics software program, which then performs computations in order to provide multiple viewing perspectives. Even with a powerful computer, those two steps can be time-consuming. But, using their optical device, the team found they could bypass that method altogether.
What’s more, they claim their approach is even faster as it requires only one camera exposure instead of the hundreds of camera frames used for entire 3D image stacks. They discovered the technique while de-skewing the images captured by two common light-sheet microscopes. While experimenting with their optical method, they realized that when they used an incorrect amount of de-skew the projected image seemed to rotate.
“This was the aha! moment,” said Reto Fiolka, assistant professor at the Lyda Hill Department of Bioinformatics at UT Southwestern. “We realized that this could be bigger than just an optical de-skewing method; that the system could work for other kinds of microscopes as well.”
Using their modified microscope, the team imaged calcium ions carrying signals between nerve cells in a culture dish and looked at the circulatory system of a zebrafish embryo. They also rapidly imaged cancer cells in motion and a beating zebrafish heart. They also applied the optical unit to additional microscopes, including light-sheet and spinning disk confocal microscopy.
iPhone doesn’t even have to connect to the network to mess up.
Back in June, security researcher Carl Schou found that when he joined the network “%p%s%s%s%s%n”, his iPhone permanently disabled its wifi functionality. Luckily, this was fixed by resetting all network settings, which erased the villainous wifi name from his phone’s memory. You would think that would have been the end of connecting to networks with weird and fishy sounding names, but you are not Schou.
On Sunday, he decided to try his luck again by investigating a public wifi network named “%secretclub%power”. According to Schou, just having an iOS device in the vicinity of a wifi network with this name can permanently disable its wifi functionality.
“You can permanently disable any iOS device’s WiFI by hosting a public WiFi named %secretclub%power,” he wrote on Twitter. “Resetting network settings is not guaranteed to restore functionality.”
Schou apparently struggled to find his way out of this one and get his wifi functionality back. He said he reset network settings multiple times, forced restarted his iPhone, and even contacted Apple’s device security team. The researcher eventually got some help from Twitter, which advised him to manually edit an iPhone backup to remove malicious entries from the known networks plist files.
What you’re looking at here is TIE Fighter: Total Conversion, which isn’t actually the original TIE Fighter. Instead, it’s a mod for its sequel, 1999’s X-Wing Alliance, porting the original game’s menus and missions into a more robust engine, then using more mods on top of that (the X-Wing Alliance Upgrade Project) to make everything look nicer.
Having been in development for years, the project was finally and fully released over the weekend, and is so much more than just “TIE Fighter with better lighting.” Because this had to be rebuilt in a whole other game, the developers decided to take the opportunity to mess with the original, and have designed a “reimagined” campaign that goes for 37 missions and adds “more ships, bigger battles [and] in some cases completely new missions.”
The soundtrack has also been remastered, proper widescreen resolutions are available, and there’s VR support as well. Though it’s important to note that both those reimagined missions and the soundtrack are optional improvements; you can still play the original campaign and listen to the old MIDI soundtrack if you want.
One such project can be found on GitHub, with user “cookiengineer” proclaiming themselves “evil benevolent temporary dictator” in order to get the ball rolling.
Oh boi, #audacity issue regarding legal terms and privacy policy exploded yesterday. Like, for real.
I created a fork that removed all those features, and we’re currently working on a rebrand, github orga, and automated builds via GitHub actions:https://t.co/6hOI5oHVGF
“Being friendly seemed to have invited too many trolls,” observed the engineer, “and we must stop this behaviour.”
Presumably that refers to the trolling rather than being friendly. And goodness, the project has had somewhat of a baptism by fire in recent hours as a number of 4chan users elected to launch a raid on it.
Like most Internet-of-things (IoT) devices these days, Amazon’s Echo Dot gives users a way to perform a factory reset so, as the corporate behemoth says, users can “remove any… personal content from the applicable device(s)” before selling or discarding them. But researchers have recently found that the digital bits that remain on these reset devices can be reassembled to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other sensitive data.
Most IoT devices, the Echo Dot included, use NAND-based flash memory to store data. Like traditional hard drives, NAND—which is short for the boolean operator “NOT AND“—stores bits of data so they can be recalled later, but whereas hard drives write data to magnetic platters, NAND uses silicon chips. NAND is also less stable than hard drives because reading and writing to it produces bit errors that must be corrected using error-correcting code.
Reset but not wiped
NAND is usually organized in planes, blocks, and pages. This design allows for a limited number of erase cycles, usually in the neighborhood of between 10,000 to 100,000 times per block. To extend the life of the chip, blocks storing deleted data are often invalidated rather than wiped. True deletions usually happen only when most of the pages in a block are invalidated. This process is known as wear-leveling.
Researchers from Northeastern University bought 86 used devices on eBay and at flea markets over a span of 16 months. They first examined the purchased devices to see which ones had been factory reset and which hadn’t. Their first surprise: 61 percent of them had not been reset. Without a reset, recovering the previous owners’ Wi-Fi passwords, router MAC addresses, Amazon account credentials, and information about connected devices was a relatively easy process.
The next surprise came when the researchers disassembled the devices and forensically examined the contents stored in their memory.
“An adversary with physical access to such devices (e.g., purchasing a used one) can retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, door locks),” the researchers wrote in a research paper. “We show that such information, including all previous passwords and tokens, remains on the flash memory, even after a factory reset.”
[…]
If a device has not been reset (as in 61% of the cases), then it’s pretty simple: you remove the rubber on the bottom, remove 4 screws, remove the body, unscrew the PCB, remove a shielding and attach your needles. You can dump the device then in less than 5 minutes with a standard eMMC/SD Card reader. After you got everything, you reassemble the device (technically, you don’t need to reassemble it as it will work as is) and you create your own fake Wi-Fi access point. And you can chat with Alexa directly after that.
If the device has been reset, it gets more tricky and will involve some soldering. You will at least get the Wi-Fi credentials and potentially the position of the Wi-Fi using the MAC address. In some rare cases, you might be able to connect it to the Amazon cloud and the previous owner’s account. But that depends on the circumstances of the reset.
TikTok’s AI is no longer a secret — in fact, it’s now on the open market. The Financial Times has learned that parent company ByteDance quietly launched a BytePlus division that sells TikTok technology, including the recommendation algorithm. Customers can also buy computer vision tech, real-time effects and automated translations, among other features.
BytePlus debuted in June and is based in Singapore, although it has presences in Hong Kong and London. The company is looking to register trademarks in the US, although it’s not certain if the firm has an American presence at this stage.
There are already at least a few customers. The American fashion app Goat is already using BytePlus code, as are the Indonesian online shopping company Chilibeli and the travel site WeGo.
ByteDance wouldn’t comment on its plans for BytePlus.
A move like this wouldn’t be surprising, even if it might remove some of TikTok’s cachet. It could help ByteDance compete with Amazon, Microsoft and other companies selling behind-the-scenes tools to businesses. It might also serve as a hedge. TikTok and its Chinese counterpart Douyin might be close to plateauing, and selling their tech could keep the money flowing.
The Federal Trade Commission has filed charges against Broadcom over allegations that the chip maker monopolized the market for semiconductor components, the agency announced Friday.
According to the commission’s complaint, Broadcom entered into long-term exclusivity and loyalty agreements with both original equipment manufacturers and service providers to prevent them from buying chips from Broadcom’s rivals. The FTC’s investigation, which dates back years, found that Broadcom had been making “exclusive or near-exclusive” deals since 2016 with at least 10 manufacturers of TV set-top boxes and broadband devices. The company also threatened customers who used a rival’s product with retaliation, with nonexclusive customers facing higher prices for slower delivery times and less responsive customer support, the FTC claims.
“By entering exclusivity and loyalty agreements with key customers at two levels of the supply chain, Broadcom created insurmountable barriers for companies trying to compete with Broadcom,” the agency said in a press release Friday.
The FTC said that under a proposed consent order, Broadcom must stop engaging in these kinds of contracts and conditioning access to its chips based on exclusivity or loyalty deals. Broadcom would also be prohibited from retaliating against customers that do business with its competitors.
[…]
The proposed consent order is still subject to a public comment period and a final commission review. For its part, Broadcom has pushed back against the FTC’s allegations while also indicating that it’s willing to cooperate on a settlement. The company resolved a similar antitrust dispute with the European Union last October in which it agreed to stop pushing exclusivity arrangements for chips used in TV set-top boxes and modems for the next seven years.
DAN HOWLEY: On July 5, Jeff Bezos, the richest person on Earth, will officially step down as CEO of the company he founded in 1994. Amazon will continue to exist, of course. It’s one of the wealthiest publicly traded companies in the world with a market capitalization of $1.7 trilion
[…]
As for Bezos, he’ll remain as the company’s chairman of the board and continue to own a 10.3% stake in the company. Outside of Amazon, he’ll spend more time with his space efforts at Blue Origin.
Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.
REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency.
Earlier, the FBI said in a statement that while it was investigating the attack its scale “may make it so that we are unable to respond to each victim individually.” Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.
Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved.
Less than a month ago, Biden pressed Russian President Vladimir Putin to stop giving safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.
[…]
CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”
Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.
[…]
The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.
Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
