The Linkielist

Linking ideas with the world

The Linkielist

Monthly Archives: November 2021

Vizio’s profit on ads, subscriptions, and data is double the money it makes selling TVs

Posted on by

It’s been less than a year since Vizio became a publicly traded company, and one consequence of that is we know more about its business than ever before. The TV maker released its latest earnings report on Tuesday and revealed that over the last three months, its Platform Plus segment that includes advertising and viewer data had a gross profit of $57.3 million. That’s more than twice the amount of profit it made selling devices like TVs, which was $25.6 million, despite those device sales pulling in considerably more revenue.

When Vizio filed to go public, it described the difference between the two divisions. While Devices is easy to understand — 4K TVs, soundbars, etc. — Platform Plus is a little more complicated. It counts money made from selling ad placements on its TV homescreens, deals for the buttons on remotes, ads that run on streaming channels, its cut from subscriptions, and viewer data that it tracks and sells as part of the InScape program.

The company says shipments of its TVs fell to 1.4 million in 2021 compared to 2.1 million in 2020, a drop of 36 percent. CEO William Wang told investors on the call that he sees “pretty healthy inventory” going into the holiday season, so anyone planning to pick up a value-priced TV or soundbar should have some decent options available.

That spike in Platform Plus revenue, which shot up 136 percent compared to last year, did a lot to help Vizio make up the difference as profits from TVs dipped compared to last year. Supply chain and logistics problems affecting many companies hit Vizio hard, too, but execs also said the company is working with its third-party partners to help find warehouse and trucking employees.

Where the numbers keep growing is in its number of active SmartCast accounts, which are now over 14 million, and how much money it makes from each user on average. That number has nearly doubled from last year, going from $10.44 to $19.89. On the call with investors and analysts, Vizio execs said 77 percent of that money comes directly from advertising, like the kind that runs on its WatchFree Plus package of streaming channels, a group that recently expanded with content targeting. The next biggest contributor is the money it makes selling Inscape data about what people are watching.

Vizio isn’t the only smart TV maker that’s really in the advertising business — as we noted a couple of years ago, while you probably know Roku for its TV OS and streaming boxes, CEO Anthony Wood is very up front about its true model. Roku’s most recent report revealed that on average it’s pulling in $40 per month on each user, or more than double what Vizio manages. One way Vizio plans to catch up is by building its own in-app payment system, which chief revenue officer Mike O’Donnell says will roll out to consumers next year.

[…]

Source: Vizio’s profit on ads, subscriptions, and data is double the money it makes selling TVs – The Verge

With this kind of profitability it’s not really surprising that everyone is out to turn you into a product.

Take Two and Rockstar Use DMCA Claims To Remove More GTA Mods

Posted on by

As players continue to criticize the recently released GTA Trilogy remastered collection, Rockstar Games parent company Take-Two Interactive has decided this is the perfect time to use DMCA takedown notices to remove some more GTA mods and fan projects.

On November 11, according to the folks over at the GTA modding site LibertyCity, Take-Two contacted them and used DMCA strikes to remove three different GTA-related mods. The three removed mods are listed below:

  • GTA Advance PC Port Beta 2
  • The Lost and Damned Unlocked for GTA 4
  • GTA IV EFLC The Lost And Damned (65%)

GTA Advance PC Port is a fan-developed project attempting to port the game into the GTA 3 engine. Developed by Digital Eclipse, GTA Advance was only released on the GameBoy Advance in 2004.

The Lost and Damned Unlocked for GTA IV is a mod released in 2009 which lets players swap out the star of GTA IV, Niko Bellic, with the protagonist of the Lost and Damned DLC, biker Johnny Klebitz. It also included some new biker outfits and icons.

Finally, GTA IV EEFLC (65%) isn’t even a mod! It’s just a save file for the game that lets players start from 65% completion. Yes, Take-Two used a DMCA strike against a save file for a game released over a decade ago.

These are just the latest in a growing number of GTA mods Take-Two has gone after and removed using legal DMCA notices. Over the last year, the company has been on a takedown spree, like a GTA character on a rampage. It has also sued fan devs over source code projects and led to some old mods, like GTA Underground, shutting down over fears of more legal and financial trouble.

[…]

Regardless of if these takedowns are evidence of a future GTA IV remaster or not, it still is a frustrating situation for modders and community devs who have spent decades improving, porting, and maintaining the classic GTA games, allowing fans to play them years after Rockstar had moved on. Kotaku spoke to some modders who seemed fed up with Rockstar and many more have moved on to other games from other companies, worried about the potential legal pitfalls for continuing to mod Grand Theft Auto titles.

Source: Take Two and Rockstar Use DMCA Claims To Remove More GTA Mods

The Good Guy/Bad Guy Myth

Posted on by

The first time we see Darth Vader doing more than heavy breathing in Star Wars (1977), he’s strangling a man to death. A few scenes later, he’s blowing up a planet. He kills his subordinates, chokes people with his mind, does all kinds of things a good guy would never do. But then the nature of a bad guy is that he does things a good guy would never do. Good guys don’t just fight for personal gain: they fight for what’s right – their values.

This moral physics underlies not just Star Wars, but also film series such as The Lord of the Rings (2001-3) and X-Men (2000-), as well as most Disney cartoons. Virtually all our mass-culture narratives based on folklore have the same structure: good guys battle bad guys for the moral future of society. These tropes are all over our movies and comic books, in Narnia and at Hogwarts, and yet they don’t exist in any folktales, myths or ancient epics. In Marvel comics, Thor has to be worthy of his hammer, and he proves his worth with moral qualities. But in ancient myth, Thor is a god with powers and motives beyond any such idea as ‘worthiness’.

In old folktales, no one fights for values. Individual stories might show the virtues of honesty or hospitality, but there’s no agreement among folktales about which actions are good or bad. When characters get their comeuppance for disobeying advice, for example, there is likely another similar story in which the protagonist survives only because he disobeys advice. Defending a consistent set of values is so central to the logic of newer plots that the stories themselves are often reshaped to create values for characters such as Thor and Loki – who in the 16th-century Icelandic Edda had personalities rather than consistent moral orientations.

Stories from an oral tradition never have anything like a modern good guy or bad guy in them,  despite their reputation for being moralising. In stories such as Jack and the Beanstalk or Sleeping Beauty, just who is the good guy? Jack is the protagonist we’re meant to root for, yet he has no ethical justification for stealing the giant’s things. Does Sleeping Beauty care about goodness? Does anyone fight crime? Even tales that can be made to seem like they are about good versus evil, such as the story of Cinderella, do not hinge on so simple a moral dichotomy. In traditional oral versions, Cinderella merely needs to be beautiful to make the story work. In the Three Little Pigs, neither pigs nor wolf deploy tactics that the other side wouldn’t stoop to. It’s just a question of who gets dinner first, not good versus evil.

The situation is more complex in epics such as The Iliad, which does have two ‘teams’, as well as characters who wrestle with moral meanings. But the teams don’t represent the clash of two sets of values in the same way that modern good guys and bad guys do. Neither Achilles nor Hector stands for values that the other side cannot abide, nor are they fighting to protect the world from the other team. They don’t symbolise anything but themselves and, though they talk about war often, they never cite their values as the reason to fight the good fight. The ostensibly moral face-off between good and evil is a recent invention that evolved in concert with modern nationalism – and, ultimately, it gives voice to a political vision not an ethical one.

Most folklore scholarship since the Second World War has been concerned with archetypes or commonalities among folktales, the implicit drive being that if the myths and stories of all nations had more in common than divided them, then people of all nations could likewise have more in common than divides us. It was a radical idea, when earlier folktales had been published specifically to show how people in one nation were unlike those in another.

In her study of folklore From the Beast to the Blonde (1995), the English author and critic Marina Warner rejects a reading of folktales, popularised by the American child psychologist Bruno Bettelheim, as a set of analogies for our psychological and developmental struggles. Warner argues instead that external circumstances make these stories resonate with readers and listeners through the centuries. Still, both scholars want to trace the common tropes of folktales and fairytales insofar as they stay the same, or similar, through the centuries.

Novelists and filmmakers who base their work on folklore also seem to focus on commonalities. George Lucas very explicitly based Star Wars on Joseph Campbell’s book The Hero with a Thousand Faces (1949), which describes the journey of a figure such as Luke Skywalker as a human universal. J R R Tolkien used his scholarship of Old English epics to recast the stories in an alternative, timeless landscape; and many comic books explicitly or implicitly recycle the ancient myths and legends, keeping alive story threads shared by stories new and old, or that old stories from different societies around the world share with each other.

Less discussed is the historic shift that altered the nature of so many of our modern retellings of folklore, to wit: the idea that people on opposite sides of conflicts have different moral qualities, and fight over their values. That shift lies in the good guy/bad guy dichotomy, where people no longer fight over who gets dinner, or who gets Helen of Troy, but over who gets to change or improve society’s values. Good guys stand up for what they believe in, and are willing to die for a cause. This trope is so omnipresent in our modern stories, movies, books, even our political metaphors, that it is sometimes difficult to see how new it is, or how bizarre it looks, considered in light of either ethics or storytelling.

When the Grimm brothers wrote down their local folktales in the 19th century, their aim was to use them to define the German Volk, and unite the German people into a modern nation. The Grimms were students of the philosophy of Johann Gottfried von Herder, who emphasised the role of language and folk traditions in defining values. In his Treatise on the Origin of Language (1772), von Herder argued that language was ‘a natural organ of the understanding’, and that the German patriotic spirit resided in the way that the nation’s language and history developed over time. Von Herder and the Grimms were proponents of the then-new idea that the citizens of a nation should be bound by a common set of values, not by kinship or land use. For the Grimms, stories such as Godfather Death, or the Knapsack, the Hat and the Horn, revealed the pure form of thought that arose from their language.

The corollary of uniting the Volk through a storified set of essential characteristics and values is that those outside the culture were seen as lacking the values Germans considered their own. Von Herder might have understood the potential for mass violence in this idea, because he praised the wonderful variety of human cultures: specifically, he believed that German Jews should have equal rights to German Christians. Still, the nationalist potential of the Grimm brothers’ project was gradually amplified as its influence spread across Europe, and folklorists began writing books of national folklore specifically to define their own national character. Not least, many modern nations went on to realise the explosive possibilities for abuse in a mode of thinking that casts ‘the other’ as a kind of moral monster.

In her book The Hard Facts of the Grimms’ Fairy Tales (1987), the American scholar Maria Tatar remarks on the way that Wilhelm Grimm would slip in, say, adages about the importance of keeping promises. She argued that: ‘Rather than coming to terms with the absence of a moral order … he persisted in adding moral pronouncements even where there was no moral.’ Such additions established the idea that it was values (not just dinner) at stake in the conflicts that these stories dramatised. No doubt the Grimms’ additions influenced Bettelheim, Campbell and other folklorists who argued for the inherent morality of folktales, even if they had not always been told as moral fables.

As part of this new nationalist consciousness, other authors started changing the old stories to make a moral distinction between, for example, Robin Hood and the Sheriff of Nottingham. Before Joseph Ritson’s 1795 retelling of these legends, earlier written stories about the outlaw mostly showed him carousing in the forest with his merry men. He didn’t rob from the rich to give to the poor until Ritson’s version – written to inspire a British populist uprising after the French Revolution. Ritson’s rendering was so popular that modern retellings of Robin Hood, such as Disney’s 1973 cartoon or the film Prince of Thieves (1991) are more centrally about outlaw moral obligations than outlaw hijinks. The Sheriff of Nottingham was transformed from a simple antagonist to someone who symbolised the abuses of power against the powerless. Even within a single nation (Robin Hood), or a single household (Cinderella), every scale of conflict was restaged as a conflict of values.

Or consider the legend of King Arthur. In the 12th century, poets writing about him were often French, like Chrétien de Troyes, because King Arthur wasn’t yet closely associated with the soul of Britain. What’s more, his adversaries were often, literally, monsters, rather than people who symbolised moral weaknesses. By the early 19th century, when Tennyson wrote Idylls of the King, King Arthur becomes an ideal of a specifically British manhood, and he battles human characters who represent moral frailties. By the 20th century, the word ‘Camelot’ came to mean a kingdom too idealistic to survive on Earth.

Once the idea of national values entered our storytelling, the peculiar moral physics underlying the phenomenon of good guys versus bad guys has been remarkably consistent. One telling feature is that characters frequently change sides in conflicts: if a character’s identity resides in his values, then when he changes his mind about a moral question, he is essentially swapping sides, or defecting. This is not always acknowledged. For example, when in the PBS series Power of Myth (1988) the journalist Bill Moyers discussed with Campbell how many ancient tropes Star Wars deployed, they didn’t consider how bizarre it would have seemed to the ancient storytellers had Darth Vader changed his mind about anger and hatred, and switched sides in his war with Luke and the Rebels. Contrast this with The Iliad, where Achilles doesn’t become Trojan when he is angry at Agamemnon. Neither the Greeks nor the Trojans stand for some set of human strengths or frailties. Since their conflict is not a metaphor for some internal battle of anger versus love, switching sides because of a transport of feeling would be incoherent. In Star Wars, the opposing teams each represent a set of human properties. What side Darth Vader fights on is therefore absolutely dependent on whether anger or love is foremost in his heart.

Bad guys change their minds and become good in exactly the same way in countless, ostensibly folkloric, modern stories: The Lord of the Rings, Buffy the Vampire Slayer (1997-2003), the Harry Potter series (1997-2007). When a bad character has a change of heart, it’s always a cathartic emotional moment – since what’s at stake for a character is losing the central part of his identity. Another peculiarity in the moral physics of good guys versus bad is that bad guys have no loyalty and routinely punish their own; whether it’s the Sheriff of Nottingham starving his own people or Darth Vader killing his subordinates, bad guys are cavalier with human life, and they rebuke their allies for petty transgressions. This has been true since the earliest modern bad guys, though it scarcely exists among older adversaries who might be hungry for human flesh, but don’t kill their own.

Good guys, on the other hand, accept all applicants into the fold, and prove their loyalty even when their teammates transgress. Consider Friar Tuck getting drunk on ale while Robin Hood looks the other way. Or Luke Skywalker welcoming the roguish Han Solo on side. Good guys work with rogues, oddballs and ex-bad guys, plus their battles often hinge on someone who was treated badly by the bad guys crossing over and becoming a good guy. Forgiving characters their wicked deeds is an emotional climax in many good guy/bad guy stories. Indeed, it’s essential that the good side is a motley crew that will never, ever reject a fellow footsoldier.

Again, this is a point of pride that seems incoherent in the context of pre-modern storytelling. Not only do people in ancient stories not switch sides in fights but Achilles, say, would never win because his army was composed of the rejects from the Trojans’. In old stories, great warriors aren’t scrappy recruits, there for the moral education: they’re experts.

Stories about good guys and bad guys that are implicitly moral – in the sense that they invest an individual’s entire social identity in him not changing his mind about a moral issue – perversely end up discouraging any moral deliberation. Instead of anguishing over multidimensional characters in conflict – as we find in The Iliad, or the Mahabharata or Hamlet – such stories rigidly categorise people according to the values they symbolise, flattening all the deliberation and imagination of ethical action into a single thumbs up or thumbs down. Either a person is acceptable for Team Good, or he belongs to Team Evil.

Good guy/bad guy narratives might not possess any moral sophistication, but they do promote social stability, and they’re useful for getting people to sign up for armies and fight in wars with other nations. Their values feel like morality, and the association with folklore and mythology lends them a patina of legitimacy, but still, they don’t arise from a moral vision. They are rooted instead in a political vision, which is why they don’t help us deliberate, or think more deeply about the meanings of our actions. Like the original Grimm stories, they’re a political tool designed to bind nations together.

It’s no coincidence that good guy/bad guy movies, comic books and games have large, impassioned and volatile fandoms – even the word ‘fandom’ suggests the idea of a nation, or kingdom. What’s more, the moral physics of these stories about superheroes fighting the good fight, or battling to save the world, does not commend genuine empowerment. The one thing the good guys teach us is that people on the other team aren’t like us. In fact, they’re so bad, and the stakes are so high, that we have to forgive every transgression by our own team in order to win.

When I talked with Andrea Pitzer, the author of One Long Night: A Global History of Concentration Camps (2017), about the rise of the idea that people on opposite sides of conflicts have different moral qualities, she told me: ‘Three inventions collided to make concentration camps possible: barbed wire, automatic weapons, and the belief that whole categories of people should be locked up.’ When we read, watch and tell stories of good guys warring against bad guys, we are essentially persuading ourselves that our opponents would not be fighting us, indeed they would not be on the other team at all, if they had any loyalty or valued human life. In short, we are rehearsing the idea that moral qualities belong to categories of people rather than individuals. It is the Grimms’ and von Herder’s vision taken to its logical nationalist conclusion that implies that ‘categories of people should be locked up’.

Watching Wonder Woman at the end of the 2017 movie give a speech about preemptively forgiving ‘humanity’ for all the inevitable offences of the Second World War, I was reminded yet again that stories of good guys and bad guys actively make a virtue of letting the home team in a conflict get away with any expedient atrocity.

Source: The Good Guy/Bad Guy Myth

Something Awful Founder Richard Lowtax Kyanka Has Reportedly Died

Posted on by

A GoFundMe is collecting money to put toward the wellbeing of the three daughters Kyanka left behind. Here is the corresponding thread on Something Awful. Original story continues below.

Longtime Something Awful forum administrator Fragmaster posted that site founder Richard “Lowtax” Kyanka has died. “I guess I should preface this by saying this isn’t a joke especially since I’m posting for like the first time in 10 years or something, but I got the bad news today directly from Rich’s family,” wrote Fragmaster. “Lowtax has passed away.”

“I didn’t ask for details,” Fragmaster continued. “I don’t know details. I don’t know what the current opinion of Rich here is. Not here to answer questions, I’m sharing the news. I really hate to share this news. But there you go.”

Considering all the shit that Something Awful has gotten up to over the years, some have wondered if this were a hoax. “Is this for real?” wondered one forum member. Some expressed shock at the news, while others offered their condolences to his children.

Kyanka’s second wife, who posts on SA under the name LadyAmbien, has confirmed her husband’s death, in a very angry post about his treatment of her and their children.

Below is the SA admin’s eulogy for the site’s founder, which was originally posted in a thread titled “itt a tribute to our late founder, farewell, deer richard.”

In 1999, Kyanka created Something Awful, and today, it’s hard to understate the site’s influence. It also spawned endless, classic memes, such as, “All your base are belong to us,” and was even the launching pad for what became 4chan. Our colleagues at Gizmodo listed it at number 89 in the 100 websites that shaped the internet today, writing the following:

While Something Awful had its moments as a host for various bits of comedy, rants, and reviews, SA’s community is its real legacy. From its forums, Something Awful members gave birth to the legend of Slenderman, an entire new genre of videos in Let’s Plays, and thanks to offshoots like the Goonswarm, SA was indirectly responsible for some of the most massive (and costly) space battles ever witnessed in video game history. It was also, uh, actually awful.

“The Something Awful forums spawned a great many things in its multiple decades of existence,” said Fragmaster in his YouTube eulogy. “Some things horrible and unfortunate, many things just unintelligible and a huge waste of time. But ultimately, Rich created a community where interesting things happened and people connected.”

In October 2020, Kyanka sold the site, writing on Facebook, “I just signed away the rights to Something Awful, goodbye, good riddance.”

[…]

Source: Something Awful Founder Richard Kyanka Has Reportedly Died

Latest Windows 11 overrides attempts to avoid using Edge – browser wars again!

Posted on by

Back in 2017, Daniel Aleksandersen created a free helper application called EdgeDeflector to counter behavioral changes Microsoft made in the way Windows handles mouse clicks on certain web links.

Typically, https:// links get handled by whatever default browser is set for the system in question. But there are ways to register a custom protocol handler, for operating systems and web browsers, that defines the scheme to access a given resource (URI).

Microsoft did just that when it created the microsoft-edge: URI scheme. By prefixing certain links as microsoft-edge:https://example.com instead of https://example.com, the company can tell Windows to use Edge to render example.com instead of the system’s default browser.

Microsoft is not doing this for all web links – it hasn’t completely rejected browser choice. It applies the microsoft-edge:// protocol to Windows 10 services like News and Interest, Widgets in Windows 11, various help links in the Settings app, search links from the Start menu, Cortana links, and links sent from paired Android devices. Clicking on these links will normally open in Edge regardless of the default browser setting.

When the microsoft-edge:// protocol is used, EdgeDeflector intercepts the protocol mapping to force affected links to open in the user’s default browser like regular https:// links. That allows users to override Microsoft and steer links to their chosen browsers.

This approach has proven to be a popular one: Brave and Firefox recently implemented their own microsoft-edge:// URI scheme interception code to counter Microsoft’s efforts to force microsoft-edge:// links into its Edge browser.

But since Windows 11 build 22494, released last week, EdgeDeflector no longer works.

This is on top of Microsoft making it tedious to change the default browser on Windows 11 from Edge: in the system settings, you have to navigate to Apps, then Default apps, find your preferred installed browser, and then assign all the link and file types you need to that browser, clicking through the extra dialog boxes Windows throws at you. Your preferred browser may be able to offer a shortcut through this process when you install it or tell it to make it your default.

[…]

Source: Latest Windows 11 overrides attempts to avoid using Edge • The Register

2K’s GTA Trilogy Pulled For PC, And Rockstar Launcher Is Broken

Posted on by

Something has gone very, very wrong since yesterday’s launch of GTA Trilogy on PC. As of last night, all mention of a PC version has been removed from Rockstar’s own site, and the Rockstar Games Launcher app has gone completely offline. Anyone who bought the remastered collection before it vanished is currently unable to play.

It has been at least 18 hours since the sudden disappearance of the PC’s GTA Trilogy, and Kotaku can confirm that the Launcher is not working. Which means all Rockstar PC games, including Red Dead Redemption 2 and GTA Online, are currently impossible to play.

For whatever reasons, Rockstar chose to remove all versions of GTAs III, Vice City, and San Andreas from alternative PC stores—including Steam—ahead of this launch, meaning its bespoke software is now the only way to buy and play the games. Or indeed, the only way to not play it.

[…]

Source: 2K’s GTA Trilogy Pulled For PC, And Rockstar Launcher Is Broken

What a clusterfuck – first they piss off their fans by attacking them with DMCA suits, then they release crap and then it all breaks.

GTA Trilogy Remaster Not Worth The Lost Mods And Classic Games

Posted on by

After months of rumors, speculation, leaks, and teasers, Rockstar finally released the remastered Grand Theft Auto: The Trilogy – Definitive Edition collection yesterday. It landed with a thud as players encountered and documented countless visual bugs, gameplay glitches, and odd changes to models and textures. Even viewed in a vacuum, this state of affairs is disappointing, especially considering the $60 price tag attached to the collection. But looking at the bigger picture, it gets even worse. These busted remasters seemingly led to the removal of a ton of classic GTA mods, and the original versions of GTA III, Vice City, and San Andreas. With that context added, it becomes a much more frustrating situation, and one which likely doesn’t have a happy ending.

Before Rockstar officially announced the GTA remasters, fans speculated about them for months due to random leakers and insiders on various forums hinting about their possible existence. Around this same time in the summer of 2021, Rockstar and Take-Two Interactive began targeting and removing mods that were related to the classic PS2 games, including popular mods like Vice Cry, which ported Vice City to the GTA V engine. The companies also sued the devs behind a project aiming to release the reverse-engineered source code for Vice City and GTA III, which would have allowed folks to more easily port and tweak these older games.

And because fans had already been speculating that GTA remasters were in the works, and all of these mods were related to those games—often improving them or making them easier to play—many connected the dots and concluded that Take-Two Interactive was clearing the runway ahead of its own official remakes. However, Take-Two and Rockstar have yet to confirm why any of the mods or fan projects were sent DMCA takedowns or lawsuits.

[…]

Source: GTA Trilogy Remaster Not Worth The Lost Mods And Classic Games

ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough – how to pwn all MS Azure’s hosted databases for all customers – also shows value of responsible disclosure

Posted on by

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers. In August 2021, we disclosed to Microsoft a new vulnerability in Cosmos DB that ultimately allowed us to retrieve numerous internal keys that can be used to manage the service, following this high-level workflow:

1. Set up a Jupyter Notebook container on your Azure Cosmos DB
2. Run any C# code to obtain root privileges
3. Remove firewall rules set locally on the container in order to gain unrestricted network access
4. Query WireServer to obtain information about installed extensions, certificates and their corresponding private keys
5. Connect to the local Service Fabric, list all running applications, and obtain the Primary Key to other customers’ databases
6. Access Service Fabric instances of multiple regions over the internet

In this post we walk you through every step of the way, to the point where we even gained administrative access to some of the magic that powers Azure.

[…]

Conclusion

We managed to gain unauthorized access to customers’ Azure Cosmos DB instances by taking advantage of a chain of misconfigurations in the Jupyter Notebook Container feature of Cosmos DB. We were able to prove access to thousands of companies’ Cosmos DB Instances (database, notebook environment, notebook storage) with full admin control via multiple authentication tokens and API keys. Among the affected customers are many Fortune 500 companies. We also managed to gain access to the underlying infrastructure that runs Cosmos DB and we were able to prove that this access can be maintained outside of the vulnerable application—over the internet. Overall, we think that this is as close as it gets to a “Service Takeover”.

Disclosure Timeline

August 09 2021 – Wiz Research Team first exploited the bug and gained unauthorized access to Cosmos DB accounts.
August 11 2021 – Wiz Research Team confirmed intersection with Wiz customers.
August 12 2021 – Wiz Research Team sent the advisory to Microsoft.
August 14 2021 – Wiz Research Team observed that the vulnerable feature has been disabled.
August 16 2021 – Microsoft Security Response Center (MSRC) confirmed the reported behavior (MSRC Case 66805).
August 16 2021 – Wiz Research Team observed that some obtained credentials have been revoked.
August 17 2021 – MSRC awarded $40,000 bounty for the report.
August 23 2021 – MSRC confirmed that several thousand customers were affected.
August 23 2021 – MSRC and Wiz Research Team discussed public disclosure strategy.
August 25 2021 – Public disclosure.

Source: ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough | Wiz Blog

The blog post is well worth reading

King of Ad Fraud Zhukov to reign in a US prison for years

Posted on by

Aleksandr Zhukov, a Russian national and the self-proclaimed “king of fraud,” this week received a 10-year prison sentence for carrying out a $7m digital ad fraud scheme.

Zhukov was convicted in May of multiple counts of fraud and money laundering. He was arrested in Bulgaria in 2018 and extradited to America the following year.

“Sitting at his computer keyboard in Bulgaria and Russia, Zhukov boldly devised and carried out an elaborate multi-million-dollar fraud against the digital advertising industry, and victimized thousands of companies across the United States,” said Breon Peace, US Attorney for the Eastern District of New York, in a statement.

Starting around 2014, according to court documents, Zhukov and co-conspirators launched a fraudulent ad business called Media Methane that took payment from ad networks to present ads online to internet users.

“Rather than place these advertisements on real publishers’ webpages as promised, however, Zhukov and others rented thousands of computer servers located at commercial data centers in the United States and elsewhere, and used those data center computer servers to simulate humans viewing ads on fabricated webpages,” the US government’s indictment [PDF] says.

Zhukov and his associates – seven individuals who are being prosecuted separately – are said to have rented more than 2,000 servers in data centers in Dallas, Texas, and in Amsterdam, the Netherlands. Media Methane allegedly offered ad space on fabricated web pages to ad buyers who would bid for the space. But the company showed those ads to an audience of bots.

The bots – computer programs – are said to have been designed to interact with the fake web pages so as to simulate realistic mouse movements and webpage interactions like viewing videos on social media sites. They were trained to bypass CAPTCHA puzzles, to accept cookies, and to fake being signed-in to social media services. Their code, the indictment claims, managed to avoid the fraud detection software used by several US cybersecurity firms.

To make the fraud more believable, Zhukov is said to have leased more than 765,000 IP addresses from IP address leasing companies, which he then assigned to data-center servers and entered into a global registry of IP addresses. By falsely registering IP addresses in the names of companies like Comcast and Time Warner Cable, Zhukov made it appear that the addresses belonged to residential US internet subscribers of those services. Some 6,000 domains are said to have been spoofed in this manner.

The companies victimized by this scheme, said to have netted more than $7m, include The New York Times, The New York Post, Comcast, Nestle Purina, the Texas Scottish Rite Hospital for Children, and Time Warner Cable.

According to the government, Zhukov hired various developers to help him carry out his fraud scheme and he referred to himself as the “king of fraud.” The Feds claim he personally took in more than $4.8m through the ad fraud scheme, though Zhukov’s attorneys are currently trying to convince the judge that only about $1m should be subject to forfeiture.

Criminal ad fraud prosecutions have been relatively rare. Among the more notable cases are a 2011 click fraud case against six Estonian nationals and one Russian national, another from 2017, and a medical ad fraud case from 2019.

Source: King of Ad Fraud to reign in a US prison for years • The Register

Space Launch Start-Up Spinlaunch Just Used A Giant Centrifuge To Fling A Projectile Into The Upper Atmosphere

Posted on by

A U.S. space launch start-up has, for the first time, demonstrated a kinetic-based system that’s intended one day to put small spacecraft into orbit. The SpinLaunch concept, which feels ripped right from the classic age of science fiction, is based around a vacuum-sealed centrifuge that spins an unpowered projectile at several times the speed of sound before releasing it, hurling it into the upper atmosphere, and ultimately into orbit. In this way, the company, based in Long Beach, Calif., hopes to challenge traditional rockets for putting payloads into space.

The first test flight of a prototype — a so-called suborbital accelerator — took place at Spaceport America in New Mexico on October 22, but the company only announced the milestone yesterday.

The system uses a vacuum chamber within which a rotating arm brings a projectile up to very high speed without any drag penalty, before hurling it into the atmosphere “in less than a millisecond,” according to the company, as a port opens for a fraction of a second to release the projectile. A counterbalance spins in the opposite direction to prevent the system from becoming unbalanced. The vacuum seal stays in place until the projectile breaks through a membrane at the top of the launch tube.

SpinLaunch

The moment the suborbital projectile used in the initial test is propelled out of the suborbital accelerator.

While the concept is fairly simple, the challenge of making it work reliably and repeatedly is a significant one.

[…]

The suborbital accelerator used in the first SpinLaunch test is a one-third scale version of the planned final hardware but is still 300 feet tall, Yaney explains.

The suborbital projectile used in the initial test was around 10 feet long and was accelerated to “many thousands of miles an hour,” using approximately 20 percent of the accelerator’s power capacity.

[…]

The company has future plans to add a rocket motor inside the projectile to provide for orbital flights. In that version, the rocket booster will ignite only after it separates from the projectile/launch vehicle, as you can see in this video. According to previous reports, the projectile will coast, unpowered, for around a minute, before the rocket ignites at an altitude of approximately 200,000 feet.

[…]

The idea behind SpinLaunch may indeed be “audacious and crazy,” but, if it can be fully matured, the technology would appear to offer major advantages over traditional space launch systems. Today, a rocket delivering a payload into orbit will consist primarily of fuel, by mass, reducing the size of the payload that can be carried. SpinLaunch, in contrast, envisages a much smaller rocket that carried a reduced fuel load, but a proportionally larger payload. The company currently forecasts its orbital vehicle delivering a payload of around 400 pounds into orbit.

[…]

Once the orbital vehicle is ready, SpinLaunch says it will have to move away from Spaceport America and seek a coastal space launch facility that will be able to support “dozens of launches per day,” according to Yaney. The rapid tempo of launches without the use of large complex rockets, will, in turn, bring down the costs of putting cargoes into orbit. The company claims that the velocity boost imparted by the accelerator drive results in a four-times reduction in the fuel required to reach orbit and a ten-times reduction in cost.

[…]

Source: Space Launch Start-Up Just Used A Giant Centrifuge To Fling A Projectile Into The Upper Atmosphere

Palm OS: Reincarnate – Pumpkin OS

Posted on by

[pmig96] loves PalmOS and has set about on the arduous task of reimplementing PalmOS from scratch, dubbing it Pumpkin OS. Pumpkin OS can run on x86 and ARM at native speed as it is not an emulator. System calls are trapped and intercepted by Pumpkin OS. Because it doesn’t emulate, Palm apps currently need to be recompiled for x86, though it’s hoped to support apps that use ARMlets soon. Since there are over 800 different system traps in PalmOS, he hasn’t implemented them all yet.

Generally speaking, his saving grace is that 80% of the apps only use 20% of the API. His starting point was a script that took the headers from the PalmOS SDK and converted them into functions with just a debug message letting him know that it isn’t implemented yet and a default return value. Additionally, [pmig96] is taking away some of the restrictions on the old PalmOS, such as being limited to only one running app at a time.

As if an x86 desktop version wasn’t enough, [pmig96] recompiled Pumpkin OS to a Raspberry Pi 4 with a ubiquitous 3.5″ 320×480 TFT SPI touch screen. Linux maps the TFT screen to a frame buffer (dev/fb0 or dev/fb1). He added a quick optimization to only draw areas that have changed so that the SPI writes could be kept small to keep the frame rate performance.

[pmig96] isn’t the only one trying to breathe some new life into PalmOS, and we hope to see more progress on PumpkinOS in the future.

Source: Palm OS: Reincarnate | Hackaday

Low-Cost DIY Computer Gesture Control With An I2C Sensor

Posted on by

Controlling your computer with a wave of the hand seems like something from science fiction, and for good reason. From Minority Report to Iron Man, we’ve seen plenty of famous actors controlling their high-tech computer systems by wildly gesticulating in the air. Meanwhile, we’re all stuck using keyboards and mice like a bunch of chumps.

But it doesn’t have to be that way. As [Norbert Zare] demonstrates in his latest project, you can actually achieve some fairly impressive gesture control on your computer using a $10 USD PAJ7620U2 sensor. Well not just the sensor, of course. You need some way to convert the output from the I2C-enabled sensor into something your computer will understand, which is where the microcontroller comes in.

Looking through the provided source code, you can see just how easy it is to talk to the PAJ7620U2. With nothing more exotic than a switch case statement, [Norbert] is able to pick up on the gesture flags coming from the sensor. From there, it’s just a matter of using the Arduino Keyboard library to fire off the appropriate keycodes. If you’re looking to recreate this we’d go with a microcontroller that supports native USB, but technically this could be done on pretty much any Arduino. In fact, in this case he’s actually using the ATtiny85-based Digispark.

This actually isn’t the first time we’ve seen somebody use a similar sensor to pull off low-cost gesture control, but so far, none of these projects have really taken off. It seems like it works well enough in the video after the break, but looks can be deceiving. Have any Hackaday readers actually tried to use one of these modules for their day-to-day futuristic computing?

 

Source: Low-Cost Computer Gesture Control With An I2C Sensor | Hackaday

Swiss lab’s rooftop demo makes fuel from sunlight and air

Posted on by

[…]

the pilot system demonstrates an important possible source of carbon-neutral fuel for industries struggling to decarbonise, such as aviation and shipping, which currently contribute around 8 per cent of total carbon dioxide emissions attributed to human activity.

But, producing 32 millilitres of methanol in a typical seven-hour-day run, the current proof of concept will require investment and a policy shift to compete with fossil fuels.

The technique, described in a peer-reviewed early access version of the paper in science journal Nature earlier this month, captures carbon dioxide and water directly from ambient air. They are then fed into a solar redox unit which is heated to 1,500˚C using an umbrella-like parabolic sunlight collector. The inside of the reactor employs cerium oxide in a two-step thermochemical process. Firstly, cerium oxide is reduced, and oxygen is released. In the second step, CO2 and water are added to a mixture of hydrogen and carbon monoxide. The cerium oxide then absorbs oxygen, oxidizes and returns to its initial state, allowing the process to begin again.

The output mix – also known as syngas – is fed into a gas-to-liquid unit where it is converted to methanol, although such units can convert the gases into kerosene, gasoline, or other liquid fuels.

Given the high investment needed to scale such technology, the output would cost vastly more than commercial aviation fuel and would need policy support to be viable, according to the research group led by Professor Aldo Steinfeld of ETG Zurich.

[…]

With investment, the researchers estimate that the technique could produce 95,000 litres of kerosene a day – enough to fuel an Airbus A350 carrying 325 passengers for a London-New York roundtrip – from a 3.8km2 field.

Co-sourcing water and CO2 from the air means the system could operate without a fresh water supply, making it suitable for desert locations, thus avoiding impact on agriculture, human population or areas rich in wildlife.

[…]

Source: Swiss lab’s rooftop demo makes fuel from sunlight and air • The Register

Fifth Circuit Says Man Can’t Sue Federal Agencies For Allegedly Targeting and Tormenting Him After He Refused To Be An FBI Informant

Posted on by

The secrecy surrounding all things national security-related continues to thwart lawsuits alleging rights violations. The Fifth Circuit Court of Appeals has just dumped a complaint brought by Abdulaziz Ghedi, a naturalized American citizen who takes frequent trips to Somalia, the country he was born in. According to Ghedi’s complaint, rejecting the advances of one federal agency has subjected him to continuous hassling by a number of other federal agencies.

The Appeals Court decision [PDF] opens with a paragraph that telegraphs the futility of Ghedi’s effort, as well as the ongoing string of indignities the government has decided to inflict on people who just want to travel.

Abdulaziz Ghedi is an international businessman who regularly jets across the globe. Frequent travelers, however, are not always trusted travelers. In recent years, Ghedi has had repeated run-ins with one of America’s most beloved institutions: modern airport security.

The general indignities were replaced with seemingly more personal indignities when Ghedi decided he wasn’t interested in working part-time for the feds.

Ghedi complains that ever since he refused to be an informant for the Federal Bureau of Investigation a decade ago, he has been placed on a watchlist, leading to “extreme burdens and hardship while traveling.”

This isn’t a novel complaint. This has happened to plenty of immigrants and US citizens who visit countries the federal government finds interesting. Many, many Muslims have been approached by the FBI to work as informants. And many have reported their traveling experiences got noticeably worse when they refused to do so.

Without moving past a motion to dismiss, there can be no discovery. And national security concerns means there isn’t going to be much to discover, even if a plaintiff survives a first round of filings.

Unsurprisingly, the Government refuses to confirm or deny anything.

That put Ghedi in the crosshairs of “a byzantine structure featuring an alphabet soup of federal agencies,” as the court puts it. The DHS oversees everything. Day-to-day hassling is handled by the TSA (domestic travelers) and the CBP (international travelers). Ghedi saw more of one (CBP) than the other, but the TSA still handles screening of passengers and luggage, so he saw plenty of both.

The refusal to join the FBI as a paid informant apparently led to all of the following:

• an inability to print a boarding pass at home, requiring him to interact with ticketing agents “for an average of at least one hour, when government officials often appear and question” him;

• an SSSS designation on his boarding passes;

• TSA searches of his belongings, “with the searches usually lasting at least an hour”;

• TSA pat downs when departing the U.S. and CBP pat downs when returning to the U.S.;

• encounters with federal officers when boarding and deboarding planes;

• questioning and searches by CBP officers “for an average of two to three hours” after returning from international travel;

• CBP confiscation of his laptop and cellphone “for up to three weeks”;

• being taken off an airplane two times after boarding; and

• being detained for seven hours by DHS and CBP officials in Buffalo, New York in May 2012 and being detained in Dubai for two hours in March 2019.

Ghedi approached the DHS through its court-mandated redress program to inquire about his status twice — once in 2012 and again in 2019. In both cases, the DHS refused to confirm or deny anything about his travel status or his placement on any watchlists that might result in enhanced screening and extended conversations with federal agents every time he flew.

Ghedi sued the heads of all the agencies involved, alleging rights violations stemming from his refusal to become an informant and his apparent placement on some watchlist operated by these agencies.

Ghedi brings two Fourth Amendment claims. The first alleges that the heads of the DHS, TSA, and CBP violated his Fourth Amendment rights through “prolonged detentions,” and “numerous invasive, warrantless patdown searches” lacking probable cause. The second alleges that the heads of the DHS, TSA, and CBP also violated his Fourth Amendment rights through their agents conducting “warrantless searches of his cell phones without probable cause.” The Fourth Amendment protects “[t]he right of the people to be secure in their persons . . . and effects, against unreasonable searches and seizures.”

The district court said he had no standing to sue. The Fifth Circuit says he does. But standing to sue doesn’t matter if you sue the wrong people. The Appeals Court says there’s a plausible injury alleged here, but it wasn’t perpetrated by the named defendants.

Even though we hold that Ghedi has plausibly alleged an injury in fact, he still must satisfy standing’s second prong—that his injury is fairly traceable to these Defendants. Here Ghedi’s Fourth Amendment claims falter. That is because Ghedi bases his Fourth Amendment claims on TSA and CBP agents’ searching him and seizing his electronics. He argues these searches and seizures are atypical actions, even for people on the Selectee List. Yet instead of suing these agents directly, Ghedi has brought his Fourth Amendment claims against the heads of DHS, TSA, and CBP. Ghedi does not allege that any of these officials personally conducted or directed the searches or seizures he has experienced. And his allegations that his experiences are atypical cut against an inference that these agents are following official policy.

Not only that, but the court says Ghedi has never been prevented from traveling. At worst, traveling has become a constant hassle, marked by hours-long delays, unexplained device seizures, and plenty of unwanted conversations with federal agents. But ultimately Ghedi got where he was going and I guess that’s good enough.

Ghedi never alleges that he was prevented from ultimately getting to his final destination. At most, these allegations lead to a reasonable inference that the Government has inconvenienced Ghedi. But they do not plausibly allege a deprivation of Ghedi’s right to travel.

There are some rights the court will recognize but this isn’t one of them.

In short, Ghedi has no right to hassle-free travel. In the Supreme Court’s view, international travel is a “freedom” subject to “reasonable governmental regulation.” And when it comes to reasonable governmental regulation, our sister circuits have held that Government-caused inconveniences during international travel do not deprive a traveler’s right to travel.

And, putting the final nail in Ghedi’s litigation coffin, the Appeals Court says the government’s secrets may harm individuals but they can’t harm their reputation… because they’re secret.

As we noted at the outset, Ghedi’s status on the Selectee List is a Government secret. Simply put, secrets are not stigmas. The very harm that a stigma inflicts comes from its public nature. Ghedi pleaded no facts to support that the Government has ever published his status—one way or the other—on the Selectee List. His assertions that the Government has attached the “stigmatizing label of ‘suspected terrorist’” and “harm[ed] . . . his reputation” are legal conclusions, not factual allegations.

That’s how it goes for litigants trying to sue over rights violations perpetrated by agencies engaged in the business of national security. Allegations are tough to verify because the government refuses to confirm, deny, or even discuss a great deal of its national security work in court. Ghedi could always try this lawsuit again, perhaps armed with FOIA’ed documents pertaining to his travels and the many agencies that make it difficult for him. But that’s as unlikely to result in clarifying information for the same reason: national security.

[…]

Source: Fifth Circuit Says Man Can’t Sue Federal Agencies For Allegedly Targeting Him After He Refused To Be An FBI Informant | Techdirt

EU Plans to Ban Trading Practice That Helps Fuel GameStop Value Surge – or retail traders actually trade

Posted on by

The European Commission is planning to ban payment for order flow, paralleling potential U.S. moves to stem a practice that hit the headlines during the meme-stock mania.

A forthcoming review of the Markets in Financial Instruments Directive will include a ban amid other measures to increase transparency, such as a consolidated tape of information about transactions, people familiar with the matter said.

The U.S. Securities and Exchange Commission is separately weighing a ban on payment for order flow, in which trading firms pay retail brokerages to execute their trades. Regulators are concerned that video-game like prompts have encouraged excessive trading on app-based brokerages that fueled a explosive surge in value for GameStop Corp. and other stocks this year.

relates to EU Set to Ban Trading Practice Helping Power Meme-Stock Mania

While the day-trading frenzy is far more muted in Europe than the U.S., the practice of zero-commission trading is starting to cross the Atlantic. That prompted the bloc’s markets watchdog to warn firms and investors in July of the risks arising from payment for order flow.

EXPLAINER: How Payment for Order Flow Works 

A spokesperson for the European Commission declined to comment.

Mairead McGuinness, the EU’s financial services commissioner, said this month regulators were “closely monitoring” payment for order flow. It was difficult to assess how problematic the practice is “because there is no consolidated view of all liquidity and prices of financial instruments traded across execution venues in the European markets.”

McGuinness said the payment for order flow “may lead to retail orders not being executed on terms most favorable to the client but instead on the terms most profitable to brokers,” according to a written response to a question from a European Union lawmaker.

“This would not be in line with the second Markets in Financial Instruments Directive,” she said. It’s also why regulators are “considering proposing legislation to facilitate a consolidated tape that provides all brokers and their clients with such a holistic view” of all liquidity and prices of financial instruments traded across execution venues in the European markets.

Consolidated Tape

The EU is planning to set a separate tape for each asset class, according to the people familiar. Details on delivery, specifications and speed would be set out later. There may be a tender process to choose the provider of a consolidated tape for an asset class.

The current draft notes a 15-minute delay to consolidate the data will remain acceptable, echoing current rules where exchanges should provide their data for free after 15 minutes. Those contributing data to the tape would share its revenue if the tape consolidates data in less than 15 minutes.

Source: EU Plans to Ban Trading Practice That Helps Fuel GameStop Value Surge – Bloomberg

So trying to restrict people from trading is somehow good for “the market”?

Researchers develop program to read any genome sequence and decipher its genetic code – shows underlying evolutionary forces

Posted on by

Yekaterina “Kate” Shulgina was a first year student in the Graduate School of Arts and Sciences, looking for a short computational biology project so she could check the requirement off her program in systems biology. She wondered how genetic code, once thought to be universal, could evolve and change.

That was 2016 and today Shulgina has come out the other end of that short-term project with a way to decipher this genetic mystery. She describes it in a new paper in the journal eLife with Harvard biologist Sean Eddy.

The report details a new computer program that can read the of any organism and then determine its genetic code. The program, called Codetta, has the potential to help scientists expand their understanding of how the genetic code evolves and correctly interpret the genetic code of newly sequenced .

“This in it of itself is a very fundamental biology question,” said Shulgina, who does her graduate research in Eddy’s Lab.

The genetic code is the set of rules that tells the cells how to interpret the three-letter combinations of nucleotides into proteins, often referred to as the building blocks of life. Almost every organism, from E. coli to humans, uses the same genetic code. It’s why the code was once thought to be set in stone. But scientists have discovered a handful of outliers—organisms that use alternative genetic codes—exist where the set of instructions are different.

This is where Codetta can shine. The program can help to identify more organisms that use these alternative genetic codes, helping shed new light on how genetic codes can even change in the first place.

“Understanding how this happened would help us reconcile why we originally thought this was impossible… and how these really fundamental processes actually work,” Shulgina said.

Already, Codetta has analyzed the genome sequences of over 250,000 bacteria and other called archaea for alternative genetic codes, and has identified five that have never been seen. In all five cases, the code for the amino acid arginine was reassigned to a different amino acid. It’s believed to mark the first-time scientists have seen this swap in bacteria and could hint at evolutionary forces that go into altering the genetic code.

[…]

Source: Researchers develop program to read any genome sequence and decipher its genetic code

How to Stop Chrome From Sharing Your Motion Data on Android

Posted on by

[…] Mysk, a duo of app developers and security researchers, recently exposed Chrome’s shadiness on Twitter. In the tweet, Mysk brings to light that, by default, Chrome is sharing your phone’s motion data with the websites you visit. This is not cool.

Why you don’t want third parties accessing your motion data

To start with, this is—as I have pointed out—creepy af. The data comes from your phone’s accelerometer, the sensor responsible for tracking the device’s orientation and position. That sensor makes it possible to switch from portrait to landscape mode, as well as track you and your phone’s motion. For example, it empowers fitness apps to know how many steps you took, so long as you had your phone on you.

Since most of us keep our phones in our pocket or on our person, there is a lot of motion data generated on the device throughout the day. Google Chrome, by design, allows any website you click on to request that motion data, and hands it over with gusto. Researchers have found that these sites use accelerometer data to monitor ad interactions, check ad impressions, and to track your device (well, duh). Those first two, however, are infuriatingly sketchy; websites don’t just want to know if you’ll click on an ad or not, they want to know how you physically interact with these popups. Hey, why stop there? Why not tap into my camera and see what color shirt I’m wearing?

How to stop Chrome from sharing motion data with sites

Delete the app from your phone. Kidding. I know the vast majority of people on Android aren’t going to want to switch from Chrome to another mobile browser. That said, privacy-minded users might want to jump ship to something more reputable—like Firefox—and, if so, good for you.

But there are plenty of benefits to sticking with Chrome, especially on Android (considering the platform is also designed and operated by Google). If you don’t want to take the most drastic step, you can simply toggle a setting to block Google from sharing this data. As Mysk points out in their tweet, you can disable motion-data-sharing from Chrome’s settings.

Here’s how: Open the app, tap the three dots in the top-right corner, then choose “Settings.” Next, scroll down, tap “Site settings,” then “Motion sensors.” Turn off the toggle here to make sure no more third-party sites can ask for your motion data from here on out.

Source: How to Stop Chrome From Sharing Your Motion Data on Android

Got Anything To Talk About? These Dutch Hackers Want You To Say It To Them

Posted on by

As we head into another Northern Hemisphere pandemic winter and hope that things won’t be quite as bad this year, next summer seems an extremely long time away in the future. But it will be upon us sooner than we might think, and along with it will we hope come a resumption of full-scale hacker camps. One of the biggest will be in the Netherlands, where MCH 2022 will take lace at the end of July, and if you’re up to casting your minds ahead far enough for that then they’re inviting submissions to their Call for Participation. Their events are always a memorable and relaxed opportunity to spend a few days in the sun alongside several thousand other like-minded individuals, so we’d urge you to give it some consideration.

If you’ve never delivered a conference talk before then it can be a daunting prospect, but in fact a hacker camp can be an ideal place to give it a first try. Unlike a more traditional technology conference where most of the attendees file into the auditorium, at hacker camps there is so much else on offer that many talks are delivered to only that sub group of attendees for whom the subject is of real interest. So there is less of the huge auditorium of anonymous crowds about it, and more of the small and friendly crowd of fellow enthusiasts. The great thing about our community is that there are as many different interests within it as there are individuals, so whatever your product, specialism, or favourite hobby horse might be, you’ll find people at a hacker camp who’d like to hear what you have to say.

If you’re still seeking inspiration, of course you might find it by looking at the schedule from SHA, the last Dutch camp.

Source: Got Anything To Talk About? These Dutch Hackers Want You To Say It To Them | Hackaday

Microsoft will now snitch on you at work like never before

Posted on by

[…]

this news again comes courtesy of Microsoft’s roadmap service, where Redmond prepares you for the joys to come.

This time, there are a couple of joys.

The first is headlined: “Microsoft 365 compliance center: Insider risk management — Increased visibility on browsers.”

It all sounded wonderful until you those last four words, didn’t it? For this is the roadmap for administrators. And when you give a kindly administrator “increased visibility on browsers,” you can feel sure this means an elevated level of surveillance of what employees are typing into those browsers.

In this case, Microsoft is targeting “risky activity.” Which, presumably, has some sort of definition. It offers a link to its compliance center, where the very first sentence has whistleblower built in: “Web browsers are often used by users to access both sensitive and non-sensitive files within an organization.”

And what is the compliance center monitoring? Why, “files copied to personal cloud storage, files printed to local or network devices, files transferred or copied to a network share, files copied to USB devices.”

You always assumed this was the case? Perhaps. But now there will be mysteriously increased visibility.

“How might this visibility be increased?,” I hear you shudder. Well, there’s another little roadmap update that may, just may, offer a clue.

This one proclaims: “Microsoft 365 compliance center: Insider risk management — New ML detectors.”

Yes, your company will soon have extra-special robots to crawl along after you and observe your every “risky” action. It’s not enough to have increased visibility on browsers. You must also have Machine Learning constantly alert for someone revealing your lunch schedule.

Microsoft offers a link to its Insider Risk Management page. This enjoys some delicious phrasing: “Customers acknowledge insights related to the individual user’s behavior, character, or performance materially related to employment can be calculated by the administrator and made available to others in the organization.”

Yes, even your character is being examined here.

[…]

Source: Microsoft will now snitch on you at work like never before | ZDNet

Robinhood Hack Compromises Millions of Customer Email Addresses

Posted on by

Someone recently hacked and attempted to extort Robinhood, the popular investment and trading platform, gaining access to millions of customers’ email addresses and full names in the process.

The platform revealed the security incident in a blog post published Monday, assuring users that nobody had lost any money as a result of the incident.

“An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers,” the company revealed, while emphasizing that the breach had since been contained and that there had been “no financial loss to any customers.”

The incident, which took place on Nov. 3, was apparently the result of a social engineering scheme that targeted a customer support employee. The hacker convinced the employee that they were cleared to access “certain customer support systems,” and subsequently gained access to the email addresses of approximately 5 million customers and the full names of approximately 2 million customers, the company said.

For a much smaller subset of customers, the data breach was substantially more invasive: “We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed,” the company’s blog post says.

Afterward, the criminal attempted to extort the company with the information it had stolen.

[…]

Source: Robinhood Hack Compromises Millions of Customer Email Addresses

Star System With Right-Angled Planets Surprises Astronomers

Posted on by

this report from the New York Times about a “particularly unusual” star about 150 light-years away that’s orbited by three planets: What’s unusual is the inclinations of the outer two planets, HD 3167 c and d. Whereas in our solar system all the planets orbit in the same flat plane around the sun, these two are in polar orbits. That is, they go above and below their star’s poles, rather than around the equator as Earth and the other planets in our system do.

Now scientists have discovered the system is even weirder than they thought. Researchers measured the orbit of the innermost planet, HD 3167 b, for the first time — and it doesn’t match the other two. It instead orbits in the star’s flat plane, like planets in our solar system, and perpendicular to HD 3167 c and d. This star system is the first one known to act like this

The unusual configuration of HD 3167 highlights just how weird and wonderful other stars and their planets can be. “It puts in perspective again what we think we know about the formation of planetary systems,” said Vincent Bourrier from the University of Geneva in Switzerland, who led the discovery published last month in the journal Astronomy & Astrophysics.

“Planets can evolve in really, really different ways.”

Source: Star System With Right-Angled Planets Surprises Astronomers – Slashdot

DIY House Plants Watering System

Posted on by

Build watering system for house plants. In part one of this video series, we will create a sensor that measures soil moisture, ambient temperature and light.

Build watering system for house plants. In part two of this video series, we will create a central unit that takes sensor readings and also waters our plants on command.

Build watering system for house plants. In part two of this video series, we will create a central unit that takes sensor readings and also waters our plants on command.

Source: https://github.com/SasaKaranovic/HousePlantMonitoringSystem

No toilet for returning SpaceX crew, stuck using diapers – had just eaten chilli and tacos

Posted on by

The astronauts who will depart the International Space Station on Sunday will be stuck using diapers on the way home because of their capsule’s broken toilet.

NASA astronaut Megan McArthur described the situation Friday as “suboptimal” but manageable. She and her three crewmates will spend 20 hours in their SpaceX capsule, from the time the hatches are closed until Monday morning’s planned splashdown.

“Spaceflight is full of lots of little challenges,” she said during a news conference from orbit. “This is just one more that we’ll encounter and take care of in our mission. So we’re not too worried about it.”

After a series of meetings Friday, mission managers decided to bring McArthur and the rest of her crew home before launching their replacements. That SpaceX launch already had been delayed more than a week by and an undisclosed medical issue involving one of the crew.

SpaceX is now targeting liftoff for Wednesday night at the earliest.

French astronaut Thomas Pesquet, who will return with McArthur, told reporters that the past six months have been intense up there. The conducted a series of spacewalks to upgrade the station’s , endured inadvertent thruster firings by docked Russian vehicles that sent the station into brief spins, and hosted a private Russian film crew—a first.

They also had to deal with the toilet leak, pulling up panels in their SpaceX capsule and discovering pools of urine. The problem was first noted during SpaceX’s private flight in September, when a tube came unglued and spilled urine beneath the floorboards. SpaceX fixed the toilet on the capsule awaiting liftoff, but deemed the one in orbit unusable.

Engineers determined that the capsule had not been structurally compromised by the urine and was safe for the ride back. The astronauts will have to rely on what NASA describes as absorbent “undergarments.”

On the culinary side, the astronauts grew the first chile peppers in —”a nice moral boost,” according to McArthur. They got to sample their harvest in the past week, adding pieces of the green and red peppers to tacos.

“They have a nice spiciness to them, a little bit of a lingering burn,” she said. “Some found that more troublesome than others.”

Also returning with McArthur and Pesquet: NASA astronaut Shane Kimbrough and Japanese astronaut Akihiko Hoshide. SpaceX launched them to the space station on April 23. Their capsule is certified for a maximum 210 days in space, and with Friday marking their 196th day aloft, NASA is eager to get them back as soon as possible.

One American and two Russians will remain on the space following their departure. While it would be better if their replacements arrived first—in order to share tips on living in space—Kimbrough said the remaining NASA astronaut will fill in the newcomers.

Source: No toilet for returning SpaceX crew, stuck using diapers

Alfa Romeo will debut an all-electric Giulia sedan in 2024

Posted on by
Alfa Romeo Giulia
Alfa Romeo

Italian automaker Alfa Romeo is developing an all-electric version of its four-door Giulia sedan. In an interview with Auto Express, Jean-Philippe Imparato, the company’s CEO, said Alfa Romeo would debut the EV sometime in 2024. Additionally, he revealed the car will be built on the STLA Large platform from its parent company Stellantis.

The conglomerate announced the architecture this past summer. At the time, it said it would allow its cars to go from zero to 60 in as little as two seconds, and allow for a potential range of up to 500 miles. Dodge, one of the other automakers under the Stellantis umbrella, will use the platform in the all-electric muscle car it plans to debut in 2024. Alfa Romeo could also offer a Quadrifoglio variant of the Giulia, but Imparato said that will depend on whether it can get the kind of performance that’s associated with the moniker.

[….]

Source: Alfa Romeo will debut an all-electric Giulia sedan in 2024 | Engadget