Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Bucks County woman created ‘deepfake’ videos to harass rivals on her daughter’s cheerleading squad, DA says

Posted on by

A Bucks County woman anonymously sent coaches on her teen daughter’s cheerleading squad fake photos and videos that depicted the girl’s rivals naked, drinking, or smoking, all in a bid to embarrass them and force them from the team, prosecutors say.

The woman, Raffaela Spone, also sent the manipulated images to the girls, and, in anonymous messages, urged them to kill themselves, Bucks County District Attorney Matt Weintraub’s office said.

[…]

The affidavit says Spone last year created the doctored images of at least three members of the Victory Vipers, a traveling cheerleading squad based in Doylestown. There was no indication that her high school-age daughter, who was not publicly identified, knew what her mother was doing, according to court records.

Police in Hilltown Township were contacted by one of the victim’s parents in July, when that girl began receiving harassing text messages from an anonymous number, the affidavit said. The girl and her coaches at Victory Vipers were also sent photos that appeared to depict her naked, drinking, and smoking a vape. Her parents were concerned, they told police, because the videos could have caused their daughter to be removed from the team.

As police investigated, two more families came forward to say their daughters had been receiving similar messages from an unknown number, the affidavit said. The other victims were sent photos of themselves in bikinis, with accompanying text saying the subjects were “drinking at the shore.”

After analyzing the videos, detectives determined they were “deepfakes” — digitally altered but realistic looking images — created by mapping the girls’ social media photos onto other images.

[…]

Source: Bucks County woman created ‘deepfake’ videos to harass rivals on her daughter’s cheerleading squad, DA says

Two Companies are Turning Airborne CO2 into Diamonds

Posted on by

two companies are selling diamonds made in a laboratory from CO2 that once circled the Earth.

[…]

Each carat of a diamond removes 20 tons of CO2. That, he said, is more invisible gas than the average person produces in a year.

With the purchase of a 2-carat diamond, Shearman pointed out, “you’re essentially offsetting 2 ½ years of your life.”

It can take Mother Nature as long as a billion years to make diamonds, which are formed in rocks. But as Shearman explained in an interview with E&E News, he has developed a patent-pending process that can make a batch of diamonds in a laboratory in four weeks.

Unlike other laboratory-made diamonds, his process starts with CO2 removed from the air. The gas undergoes a chemical reaction where it is subjected to high pressure and extremely high temperatures. All of this is created using solar, wind or hydraulic power.

[…]

Aether has been selling its diamonds since the beginning of the year at prices ranging from $7,000 for a ring to around $40,000 for earrings with sparkling stone arrangements.

[…]

Aether has a competitor, a British company called Skydiamond founded by Dale Vince, an entrepreneur and self-styled environmentalist who says he spent five years researching how to make what he calls the world’s first “zero-impact diamonds.”

Vince takes frequent potshots at the traditional diamond industry, noting that it has a history of using child labor and underpaid women. He also points to diamond mines that have scarred the Earth and damaged wildlife. He argues that a lack of regulations has fostered civil wars in Africa that can be funded by smuggled stones sometimes called “conflict diamonds” or “blood diamonds.”

[…]

In 1954, an American chemist, Tracy Hall, invented an alternative to natural stones: the first diamonds made in a laboratory. He worked for General Electric Co. and used a reactor combined with a press to subject powdered carbon to high temperatures and pressures.

The result was diamond crystals made within a few weeks. It eventually led to a new industry that manufactured “laboratory diamonds” using two competing methods. Both required a lot of energy.

[…]

According to Shearman, the CO2 is sent to a facility in Europe where it is converted into methane. That is sent to a reactor in Chicago, where pressure and heat fueled by renewable energy convert it into diamonds.

Climeworks has gone on to make a business out of accepting donations of CO2 from various sources and, for a fee, injecting it into a rock formation near a power plant in Iceland. Once it’s underground, the gas is mixed with water, and it will turn into stone in two years. The company is building a pilot plant called Orca that is designed to bury 4,000 tons of CO2 each year.

So far, over 3,000 companies and individuals from 52 countries have made contributions in exchange for a certificate showing that they have permanently stored CO2 underground

[…]

Source: Modern Alchemists Turn Airborne CO2 into Diamonds – Scientific American

California will soon be home to the world’s first 3D-printed housing community

Posted on by

Mighty Buildings, a construction tech company, specializes in 3D printed homes of varying sizes, presenting a technology-forward solution that could address issues like the housing crisis and sustainability. And so far, this formula has found the company success: last month, Mighty Buildings raised $40 million in a Series B round.

The California-based business isn’t the first or only company taking advantage of this growing 3D printing tech. But unlike other companies, Mighty Building’s upcoming project in Rancho Mirage, California will have the title of “world’s first planned community of 3D printed homes,” according to its maker.

Read more: This company is building 3-D printed, small homes on existing residential properties to fight back against California’s housing shortage. Look inside a unit that was move-in ready in one week.

[…]

To create this first-of-its-kind community, Mighty Buildings partnered with development-focused Palari Group, a working relationship that first started from other property designs in September 2020.

In December of last year, Palari Group officially ordered Mighty’s “Cinco” models for the Rancho Mirage, California housing development.

[…]

The tech-forward housing development will consist of 15 homes across five-acres. This $15 million project will be built using the Mighty Kit system, which utilizes prefabbed panels to create custom homes.

[…]

The development will be completed next spring, and Mighty Buildings is already in talks with a “number of developers” for potential future communities.

Read the original article on Business Insider
Source: MSN

FarmBot | Open-Source CNC Farming robot

Posted on by

Drag and Drop Farming

Graphically design your farm by dragging and dropping plants into the map. The game-like interface is learned in just a few minutes so you’ll have the whole growing season planned in no time.

Farm from Anywhere

The FarmBot web app can be loaded on any computer, tablet, or smartphone with a modern web browser, giving you the power to manage your garden from anywhere at any time.

Using the manual controls, you can move FarmBot and operate its tools and peripherals in real-time. Scare birds away while at work, take photos of your veggies, turn the lights on for a night time harvest, or simply impress your friends and neighbors with a quick demo.

Source: FarmBot | Open-Source CNC Farming

Belgium’s Hard-Worked F-16 with P&W F100 engines Fighter Fleet Has Just Been Grounded

Posted on by

Belgium’s entire fleet of F-16 fighter jets, the backbone of its combat air force, has been grounded since yesterday after one of the Vipers experienced problems with its Pratt & Whitney F100 engine. As of today, the air defense of the European country has now been taken over by the neighboring Netherlands.

“While technicians work hard to get our Vipers airborne asap and the Belgium Control and Reporting Center monitors the airspace above Belgium 24/7, the Koninklijke Luchtmacht [Royal Netherlands Air Force] will temporarily take over the Quick Reaction Alert from the Belgian Air Force to safeguard the BENELUX skies as from 12 o’clock,” the Belgian Air Force tweeted today.

Belgian Ministry of Defense

The view from the cockpit of a Belgian F-16.

Belgium’s F-16 grounding order follows a February 11 incident at Florennes Air Base, in which one of the jets had engine problems on takeoff and immediately made a precautionary landing, leaving some debris within the confines of the base and on the end of the runway.

Belgium Decides To Join The F-35 Club Over Competing Offers For European Fighter Jets By Joseph Trevithick Posted in The War Zone
Turkey Prepares To Extend The Life Of Its Massive F-16 Fleet After F-35 Embargo By Thomas Newdick Posted in The War Zone
The Iraqi Air Force’s F-16 Fleet Is On The Brink Of Collapse Despite Showy Flybys  By Thomas Newdick Posted in The War Zone
Here Is The Lowdown On That F-16 Being Sold In Florida By Tyler Rogoway Posted in The War Zone
Air Force F-16s Are Getting Pylons With Built-In Missile Warning Sensors And Countermeasures By Joseph Trevithick Posted in The War Zone

The F-16 in question had a “nozzle burn through,” in which the engine’s “turkey feather” exhaust petals begin to disintegrate due to excessive temperatures. The engine of the affected aircraft was dismantled and sent to the Patria Belgium Engine Center, the contractor that handles maintenance of the powerplants.

[…]

Source: Belgium’s Hard-Worked F-16 Fighter Jet Fleet Has Just Been Grounded

Construction Of A Large Runway Suddenly Appears On Highly Strategic Island In The Red Sea

Posted on by

Satellite imagery shows that, earlier this year, construction began on a new, approximately 6,150-foot-long runway on Perim, an island right in the middle of the highly strategic Bab Al Mandeb Strait, which links the Red Sea and the Gulf of Aden. In addition to its location inside this critical maritime junction, which is an important route for both naval and commercial ships, Perim is situated less than five miles off the coast of Yemen, making it a valuable potential staging area for military operations in that country, possibly against Iranian-backed Houthi rebels, as well as elsewhere in the region.

Images from Planet Labs that The War Zone reviewed show that construction of the airstrip, which is around 165 feet wide, on the northwest portion of Perim, also known as Mayyun, only began sometime between Feb. 18 and Feb. 22, 2021. The full outline of the runway, with a turnout at the western end, was visible by March 3.

PHOTO © 2021 PLANET LABS INC. ALL RIGHTS RESERVED. REPRINTED BY PERMISSION / Google Earth

A satellite image showing Perim island in the Bab Al Mandeb Strait as of March 9, 2021. The new runway is plainly visible in the northwest portion of the island.

PHOTO © 2021 PLANET LABS INC. ALL RIGHTS RESERVED. REPRINTED BY PERMISSION / Google Earth

Another shot of Perim as of Feb. 2, 2021.

Available imagery also shows that two new small hangar-like structures appeared on a concrete pad to the south of this runway work sometime after Feb. 24. That paved area is part of an apron left over from a separate, now-dormant project that began in 2016 and that was working toward the establishment of an air base with a nearly 10,000-feet-long runway.

There has been no active work on this larger facility since 2017. It’s not entirely clear what happened, but Perim, a remnant of an ancient volcano, has an unforgiving climate that has frustrated attempts to build military outposts on it for centuries.

[…]

As to who is carrying out any of this work and what their ultimate goal is, it’s unclear, but the United Arab Emirates (UAE), as well as Saudi Arabia, are distinct possibilities. There has already been significant discussion about this construction being linked to the UAE. This follows earlier satellite imagery that The Associated Press obtained indicating that the Emiratis had dismantled many, if not all of their facilities at Assab in the East African country of Eritrea on the other side of the Bab Al Mandeb Strait sometime between January and February of this year.

The UAE had begun expanding airfield and port facilities in Assab just months after it, as part of a Saudi Arabian-led coalition, had intervened in Yemen to push back Iranian-backed Houthi rebels. That Eritrean base became an important hub for the UAE’s contribution to that campaign, including as a forward base to launch airstrikes against the Houthis and as a point through which to funnel various forces, including Sudanese troops and foreign mercenaries, onto the Arabian Peninsula.

It is certainly possible that some of the UAE forces that had been based at Assab have now moved to Perim. The Intel Lab suggests that the two-new structures could house a small UAE contingent, with at least some of that space serving as a headquarters of some kind. In addition, the runway being built now would definitely be long enough to support tactical airlift aircraft, such as C-130s, as well as the UAE’s Boeing C-17A Globemaster III airlifters, among other types.

[…]

Source: Construction Of A Large Runway Suddenly Appears On Highly Strategic Island In The Red Sea

Someone is doing a China!

Hackers Looted Passenger Data From Some of the Biggest Airlines through Supplier SITA

Posted on by

SITA, a data firm that works with some of the world’s largest airlines, announced Thursday that it had been the victim of a “highly sophisticated cyberattack,” the likes of which compromised information on hundreds of thousands of airline passengers all over the world.

The attack, which occurred in February, targeted data stored on SITA’s Passenger Service System servers, which are responsible for storing information related to transactions between carriers and customers. One of the things SITA does is act as a mechanism for data exchange between different airlines—helping to ensure that passenger “benefits can be used across different carriers” in a systematized fashion.

Understanding what specific data the hackers accessed is, at this point, a little tough—though it would appear that some of it was frequent flier information shared with SITA by members of the Star Alliance, the world’s largest global airline alliance.

An airline alliance is basically an industry consortium, and Star’s membership is comprised of some of the world’s most prominent airlines—including United Airlines, Lufthansa, Air Canada, and 23 others. Of those members, a number have already stepped forward to announce breaches in connection with the attack—and SITA itself would appear to have acknowledged that the affected parties are connected to alliance memberships.

[…]

So far, it would appear that the nature of the breach is more wide than deep. That is, a lot of people seem to have been affected, though in most cases the data that was being shared with SITA does not seem that extensive. In the case of Singapore Airlines, for instance, upwards of 500,000 people had their data compromised, though the data did not include things like member itineraries, passwords, or credit card information. The airline has stated:

Around 580,000 KrisFlyer and PPS members have been affected by the breach of the SITA PSS servers. The information involved is limited to the membership number and tier status and, in some cases, membership name, as this is the full extent of the frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer.

[…]

Source: Hackers Looted Passenger Data From Some of the Biggest Airlines

Facebook uses one billion Instagram photos to build massive object-recognition AI that partly trained itself

Posted on by

Known as SEER, short for SElf-supERvised, this massive convolutional neural network contains over a billion parameters. If you show it images of things, it will describe in words what it recognizes: a bicycle, a banana, a red-and-blue striped golfing umbrella, and so on. While its capabilities aren’t all that novel, the way it was trained differs from the techniques used to teach other types of computer vision models. Essentially, SEER partly taught itself using an approach called self-supervision.

First, it learned how to group the Instagram pictures by their similarity without any supervision, using an algorithm nicknamed SwAV. The team then fine-tuned the model by teaching it to associate a million photos taken from the ImageNet dataset with their corresponding human-written labels. This stage was a traditional supervised method: humans curated the photos and labels, and this is passed on to the neural network that was pretrained by itself.

[…]

“SwAV uses online clustering to rapidly group images with similar visual concepts and leverage their similarities. With SwAV, we were able to improve over the previous state of the art in self-supervised learning — and did so with 6x less training time.”

SEER thus learned to associate an image of, say, a red apple with the description “red apple.” Once trained, the model’s object-recognition skills were tested using 50,000 pictures from ImageNet it had not seen before: in each test it had to produce a set of predictions of what was pictured, ranked in confidence from high to low. Its top prediction in each test was accurate 84.2 per cent of time, we’re told.

The model doesn’t score as highly as its peers in ImageNet benchmarking. The downside of models like SEER is that they’re less accurate than their supervised cousins. Yet there are advantages to training in a semi-supervised way, Goyal, first author of the project’s paper on SEER, told The Register.

“Using self-supervision pretraining, we can learn on a more diverse set of images as we don’t require labels, data curation or any other metadata,” she said. “This means that the model can learn about more visual concepts in the world in contrast to the supervised training where we can only train on limited or small datasets that are highly curated and don’t allow us to capture visual diversity of the world.”

[…]

SEER was trained over eight days using 512 GPUs. The code for the model isn’t publicly available, although VISSL, the PyTorch library that was used to build SEER, is now up on GitHub.

[…]

Source: Facebook uses one billion Instagram photos to build massive object-recognition AI that partly trained itself • The Register

Results of US ‘Universal Basic Income’ Program? Employment Increased

Posted on by

After getting $500 per month for two years without rules on how to spend it, 125 people in California paid off debt, got full-time jobs and reported lower rates of anxiety and depression, according to a study released Wednesday. The program in the Northern California city of Stockton was the highest-profile experiment in the U.S. of a universal basic income, where everyone gets a guaranteed amount per month for free…

Stockton was an ideal place, given its proximity to Silicon Valley and the eagerness of the state’s tech titans to fund the experiment as they grapple with how to prepare for job losses that could come with automation and artificial intelligence. The Stockton Economic Empowerment Demonstration launched in February 2019, selecting a group of 125 people who lived in census tracts at or below the city’s median household income of $46,033. The program did not use tax dollars, but was financed by private donations, including a nonprofit led by Facebook co-founder Chris Hughes.

A pair of independent researchers at the University of Tennessee and the University of Pennsylvania reviewed data from the first year of the study, which did not overlap with the pandemic. A second study looking at year two is scheduled to be released next year. When the program started in February 2019, 28% of the people slated to get the free money had full-time jobs. One year later, 40% of those people had full-time jobs. A control group of people who did not get the money saw a 5 percentage point increase in full-time employment over that same time period.

“These numbers were incredible. I hardly believed them myself,” said Stacia West, an assistant professor at the University of Tennessee who analyzed the data along with Amy Castro Baker, an assistant professor at the University of Pennsylvania.
The Stockton mayor who’d started the program told reporters to “tell your friends, tell your cousins, that guaranteed income did not make people stop working.”

Source: Results of ‘Universal Basic Income’ Program? Employment Increased – Slashdot

Furious AI Researcher Creates Site Shaming Non-Reproducible Machine Learning Papers

Posted on by

The Next Web tells the story of an AI researcher who discovered the results of a machine learning research paper couldn’t be reproduced. But then they’d heard similar stories from Reddit’s Machine Learning forum: “Easier to compile a list of reproducible ones…,” one user responded.

“Probably 50%-75% of all papers are unreproducible. It’s sad, but it’s true,” another user wrote. “Think about it, most papers are ‘optimized’ to get into a conference. More often than not the authors know that a paper they’re trying to get into a conference isn’t very good! So they don’t have to worry about reproducibility because nobody will try to reproduce them.” A few other users posted links to machine learning papers they had failed to implement and voiced their frustration with code implementation not being a requirement in ML conferences.

The next day, ContributionSecure14 created “Papers Without Code,” a website that aims to create a centralized list of machine learning papers that are not implementable…

Papers Without Code includes a submission page, where researchers can submit unreproducible machine learning papers along with the details of their efforts, such as how much time they spent trying to reproduce the results… If the authors do not reply in a timely fashion, the paper will be added to the list of unreproducible machine learning papers.

Source: Furious AI Researcher Creates Site Shaming Non-Reproducible Machine Learning Papers – Slashdot

Waymo simulated (not very many) real-world (if the world was limited to 100 sq miles) crashes to prove its self-driving cars can prevent deaths

Posted on by

In a bid to prove that its robot drivers are safer than humans, Waymo simulated dozens of real-world fatal crashes that took place in Arizona over nearly a decade. The Google spinoff discovered that replacing either vehicle in a two-car crash with its robot-guided minivans would nearly eliminate all deaths, according to data it publicized today.

The results are meant to bolster Waymo’s case that autonomous vehicles operate more safely than human-driven ones. With millions of people dying in auto crashes globally every year, AV operators are increasingly leaning on this safety case to spur regulators to pass legislation allowing more fully autonomous vehicles on the road.

But that case has been difficult to prove out, thanks to the very limited number of autonomous vehicles operating on public roads today. To provide more statistical support for its argument, Waymo has turned to counterfactuals, or “what if?” scenarios, meant to showcase how its robot vehicles would react in real-world situations.

Last year, the company published 6.1 million miles of driving data in 2019 and 2020, including 18 crashes and 29 near-miss collisions. In those incidents where its safety operators took control of the vehicle to avoid a crash, Waymo’s engineers simulated what would have happened had the driver not disengaged the vehicle’s self-driving system to generate a counterfactual. The company has also made some of its data available to academic researchers.

That work in counterfactuals continues in this most recent data release. Through a third party, Waymo collected information on every fatal crash that took place in Chandler, Arizona, a suburban community outside Phoenix, between 2008 and 2017. Focusing just on the crashes that took place within its operational design domain, or the approximately 100-square-mile area in which the company permits its cars to drive, Waymo identified 72 crashes to reconstruct in simulation in order to determine how its autonomous system would respond in similar situations.

[…]

The results show that Waymo’s autonomous vehicles would have “avoided or mitigated” 88 out of 91 total simulations, said Trent Victor, director of safety research and best practices at Waymo. Moreover, for the crashes that were mitigated, Waymo’s vehicles would have reduced the likelihood of serious injury by a factor of 1.3 to 15 times, Victor said.

[…]

Source: Waymo simulated real-world crashes to prove its self-driving cars can prevent deaths – The Verge

OK, it’s a good idea, but surely they could have modelled Waymo response on hundreds of thousands of crash scenarios instead of this very tightly controlled tiny subset?

The “Crazy Huge Hack” of Microsoft, Explained – it dwarfs SolarWinds

Posted on by

Last week, Microsoft announced that the on-premises version of its widely used email and calendaring product Exchange had several previously undisclosed security flaws. These flaws, the company said, were being used by foreign threat actors to hack into the networks of U.S. businesses and governments, primarily to steal large troves of email data. Since then, the big question on everybody’s mind has been: Just how bad is this?

The short answer is: It’s pretty bad

So far, hack descriptors such as “crazy huge,” “astronomical,” and “unusually aggressive” seem to be right on the money. As a result of Exchange vulnerabilities, it is likely that tens of thousands of U.S.-based entities have had malicious backdoors implanted in their systems. Anonymous sources close to the Microsoft investigation have repeatedly told press outlets that somewhere around 30,000 American organizations have been compromised as a result of the security flaws (if correct, these numbers officially dwarf SolarWinds, which led to the compromise of about 18,000 entities domestically and nine federal agencies, according to the White House). The number of compromised entities worldwide could be much larger. A source recently told Bloomberg that there are “at least 60,000 known victims globally.”

Even more problematically, some researchers have said that, since the public disclosure of the Exchange vulnerabilities, it would appear that attacks on the product have only accelerated. Anton Ivanov, a threat research specialist at Kaspersky, said in an email that his team has seen an uptick in activity over the past week.

[…]

Microsoft Exchange Server comes in two formats, which has led to some confusion about what systems are at risk: there is an on-premises product and a software-as-a-service cloud product. The cloud product, Exchange Online, is said to be unaffected by the security flaws. As previously stated, it is the on-premises products that are being exploited. Other Microsoft email products are not thought to be vulnerable. As CISA has said, “neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments.”

There are four vulnerabilities in on-premises Exchange Servers that are actively being exploited (see: here, here, here, and here). Three other security-associated vulnerabilities exist, but authorities say these have not seen active exploitation of these yet (see: here, here, and here.) Patches can be found at Microsoft’s website, though, as we’ll go over in more detail later, there have been some issues with proper deployment.

So far, Microsoft has primarily blamed a threat actor dubbed “HAFNIUM” for the intrusions into Exchange. HAFNIUM is said to be a state-sponsored group

[…]

security researchers say it is almost certain that other threat actors are also involved in the exploitation of the vulnerabilities. S

[…]

. “Based on our visibility and that of researchers from Microsoft, FireEye, & others, there are at least 5 different clusters of activity that appear to be exploiting the vulnerabilities,” said Red Canary researcher Katie Nickels on Saturday.

Who Is Getting Hit

Due to the widespread use of Exchange, many different types of entities are at-risk. Some large organizations—including the European Banking Authority—have already announced breaches.

[…]

As noted above, Microsoft has issued patches for the vulnerabilities—but these patches have had some problems. On Thursday, a Microsoft spokesperson noted that, in certain cases, the patches would appear to work but wouldn’t actually fix the vulnerability. A full break-down of that issue can be found on Microsoft’s website.

Organizations have been warned that they should not only be patching vulnerabilities but should also be investigating whether they have already been compromised. Microsoft has announced resources to help with that. It issued an update to its Safety Scanner (MSERT) tool which can help identify whether web shells have been deployed against Exchange servers. MSERT is an anti-malware tool that searches for, identifies, and removes malware on a system.

[…]

 

Source: The “Crazy Huge Hack” of Microsoft, Explained

How to build your own digital telescope

Posted on by

The sky is a fascinating place, but the real interesting stuff resides far beyond the thin atmosphere. The Universe, the Milky Way and our Solar System is where it’s at. To be able to peer far out through the sky and observe the galaxy and beyond, one needs a telescope.

This Instructable follows my journey as I develop a miniture GOTO telescope. We’ll look through some of the research I perform, glimpse at my design process, observe the assembly & wiring processes, view instuctions for the software configuration and then finally step outside to scope out the cosmos.

The Micro Scope Features.

  • Raspberry Pi 4B & HQ Camera.
  • 300mm Mirror Lens.
  • Canon EOS Lens compatible.
  • NEMA 8 Geared Stepper Motors.
  • Fully GOTO with tracking.
  • GPS.
  • WiFi Enabled.
  • GT2 Belt Drive.
  • Hand Controller.
  • 3D Printed Parts.
  • Tripod.
  • OnStep Telescope Mount GOTO Controller.
  • INDI Server.
  • KStars/Ekos.

Bill Of Materials & 3D Printable Parts.

The BOM & STLs are available from Thingiverse (4708262). However, I recommend downloading The Micro Scope Build Pack as it contains extras not available from Thingiverse!

[…]

Source: The Micro Scope | a Miniture GOTO Telescope. : 41 Steps (with Pictures) – Instructables

Hackers Target Surveillance Firm, Exposing thousands Live Camera Feeds at Tesla, Cloudflare, Hospitals, Jails, Police, etc etc etc in anti-surveillance ideology

Posted on by

A hacker group claims to have broken into the networks of cloud-based surveillance startup Verkada, gaining unfiltered access to thousands and thousands of live security camera feeds in the process.

The hack first gained public attention Tuesday afternoon, when a Twitter user who goes by the name “Tillie” began leaking purported images of the hack onto the internet: “ever wondered what a @Tesla warehouse looks like?” the hacker quipped, dangling a picture of what appears to be an industrial facility.

Tillie, who goes by the full name Tillie Kottmann and uses they/them pronouns, is allegedly part of an international hacker collective responsible for having breached Verkada, according to a report from Bloomberg. Once inside, the hackers were able to use the firm’s security feeds to peer into the internal workings of droves of organizations, including medical facilities, psychiatric hospitals, jails, schools and police departments, and even large companies like Tesla, Equinox and Cloudflare. The scope of the hack appears massive.

Among other things, Kottmann implied Tuesday that they could have used their access to Verkada to hack into the laptop of Cloudflare CEO Matthew Prince:

The hacker group has very noticeably courted public attention, calling the intrusion campaign “Operation Panopticon” and claiming they want to “end surveillance capitalism” by bringing attention to the ways in which ubiquitous surveillance dominates people’s lives.

[…]

According to Bloomberg, “Arson Cats” gained entry to the company via a pretty massive security blunder: The hackers discovered a password and username for a Verkada administrative account publicly exposed to the internet. In a Twitter message, Tillie reiterated this to Gizmodo, claiming that once they had compromised the administrator account (called a “super administrator”), they were able to hook into any of the 150,000 video feeds in Verkada’s library.

“The access we had allowed us to impersonate any user of the system and access their view of the platform,” said the hacker, further explaining that the “superadmin rights are also what granted us access to the root shell at the click of a button.”

[…]

Source: Hackers Target Surveillance Firm, Exposing Live Camera Feeds

Russian Cracker / Cybercrime Forums Hacked

Posted on by

n the latest in a string of “hits” on Russian dark web forums, the prominent crime site Maza appears to have been hacked by someone earlier this week.

This is kind of big news since Maza (previously called “Mazafaka”) has long been a destination for all assortment of criminal activity, including malware distribution, money laundering, carding (i.e., the selling of stolen credit card information), and lots of other bad behavior. The forum is considered “elite” and hard to join, and in the past, it has been a cesspool for some of the world’s most prolific cybercriminals.

Whoever hacked Maza netted thousands of data points about the site’s users, including usernames, email addresses, and hashed passwords, a new report from intelligence firm Flashpoint shows. Two warning messages were then scrawled across the forum’s home page: “Your data has been leaked” and “This forum has been hacked.”

KrebsOnSecurity reports that the intruder subsequently dumped the stolen data on the dark web, spurring fears among criminals that their identities might be exposed (oh, the irony). The validity of the data has been verified by threat intelligence firm Intel 471.

This hack comes shortly after similar attacks on two other Russian cybercrime forums, Verified and Exploit, that occurred earlier this year. It’s been noted that the successive targeting of such high-level forums is somewhat unusual.

[…]

Source: Hacker Forum Maza Hacked

GPS jamming around Cyprus gives our air traffic controllers a headache, says Eurocontrol

Posted on by

[…]

Jamming of the essential navigational satellite signal has caused enough headaches for the EU air traffic control organisation to prompt an investigation, complete with an instrumented aircraft designed to detect signs of GPS jamming.

Airliners rely on GPS to a great extent, and air traffic management (the science of making sure airliners don’t come dangerously close to each other) is almost solely focused nowadays on building approach paths and airways that are defined by GPS waypoints.

[…]

Eurocontrol “started collecting GNSS outage reports by pilots in 2014, following up significant numbers of outage reports in a given area to determine cause and impact, and to support the [air traffic control company] and operators in question,” said the organisation in its report [PDF], adding that between 2017 and 2018, reported outages increased by 2,000 percentage points, rising from 154 in 2017 to a whopping 4,364 the following year.

Most of this jamming is focused on the Eastern Mediterranean and specifically affects Cyprus, Eurocontrol said. During a three-hour period in February 2020, a fifth of all flights passing through Cypriot airspace were affected, said the air traffic control org, extrapolating from a research flight it operated with an instrumented Airbus A320 that flew south of Cyprus itself.

The eastern Med, especially around Syria and Lebanon, has long been a conflict zone – and air forces from West and East alike have long been jamming GPS as part of their military operations there.

“Larnaca could become an absolute shitshow when the Americans jammed it,” an airline pilot told The Register. Describing one incident, where a radar* contact that was “going at least 50 per cent faster than us” passed below his aircraft, the pilot said it seemed to be on course for Sicily shortly before his own aircraft had a GPS failure.

“Luckily at that point, because at high altitude, it’s irritating, but not a major issue. Because for short term, you’ve got your eyes and your internal navigation system,” said the pilot.

It has deeper effects, however. “The main issue is when it happens in Larnaca (eastern Cyprus), because you’re right next to mountains and [you’re following a] GNSS approach. And if you get jammed, it causes the map to shift and the plane then decides that it’s currently inside a mountain. Sets off all of your terrain warnings.”

[…]

Triggering a terrain warning means immediately having to perform a prescribed escape manoeuvre that can mean breaking off an otherwise safe approach to land, said the pilot, who spoke on condition of anonymity because he is not an official spokesman for his airline. This causes delays and potentially extra costs to the airline and its passengers.

[…]

As for Eurocontrol, the body plaintively concluded: “At national level, local RFI [radio frequency interference] mitigation measures need to be taken, ideally including the ability to conduct in-flight RFI measurements.

“While the majority of RFI hotspots appear to originate in conflict zones, they affect commercial aviation at large distances from these zones, reflecting a disproportionate use of jamming that appears to go well beyond simple military mission effectiveness.”

So far the problem’s been formally identified: but, other than flying around jamming zones, what else can pilots do?

Source: GPS jamming around Cyprus gives our air traffic controllers a headache, says Eurocontrol • The Register

How Solar Panels Work

Posted on by

[…] How exactly do those panels work? Unlike power from a wind turbine or even a power plant, solar panels don’t seem to have any moving parts — so how exactly is that energy being produced?

The simple answer is that solar panels are made up of silicon and conductive metals, which form an electric field. When sunlight hits, the solar energy shakes electrons in the silicon out of their “natural” state, while a circuit attached to the panel is able to generate a current out of those electrons’ desire to return to their original positions within the panel. If this seems a little too complicated, don’t worry! Our animated visualization breaks down everything into easy-to-understand sections — you won’t need to remember your physics or chemistry classes to understand. You can see it for yourself directly below:

Source: How Solar Panels Work | SaveOnEnergy.com

Volumetric OLED Display Shows Bladerunner Vibe, Curious Screen Tech

Posted on by

Sean Hodgins] is out with his latest video and it’s a piece of art in itself. Beyond a traditional project show and tell, he’s spun together a cyberpunk vibe to premiere the volumetric display he built from an OLED stackup.

The trick of a volumetric display is the ability to add a third dimension for positioning pixels. Here [Sean] delivered that ability with a stack up of ten screens to add a depth element. This is not such an easy trick. These small OLED displays are all over the place but they share a common element: a dark background over which the pixels appear. [Sean] has gotten his hands on some transparent OLED panels and with some Duck-Duck-Go-Fu we think it’s probably a Crystalfontz 128×56 display. Why is it we don’t see more of these? Anyone know if it’s possible to remove the backing from other OLED displays to get here. (Let us know in the comments.)

The rest of the built is fairly straight-forward with a Feather M4 board driving the ten screens via SPI, and an MPU-6050 IMU for motion input. The form factor lends an aesthetic of an augmented reality device and the production approach for the video puts this in a Bladerunner or Johnny Mneumonic universe. Kudos for expanding the awesome of the build with an implied backstory!

If you can’t find your own transparent displays, spinning things are a popular trend in this area. We just saw one last week that spun an LED matrix to form cylindrical display. Another favorite of ours is a volumetric display that spins a helix-shaped projection screen.

Source: Volumetric OLED Display Shows Bladerunner Vibe, Curious Screen Tech | Hackaday

Bag maker Peak Design calls out Amazon for its copycat ways

Posted on by

Amazon is well-known for its copycat ways, but it’s not so often that another company calls it out on it, much less in a way that’s funny. But that’s exactly what Peak Design did today when it uploaded a video to YouTube comparing its Everyday Sling to a camera bag from AmazonBasics that shares the exact same name.

“It looks suspiciously like the Peak Design Everyday Sling, but you don’t pay for all those needless bells and whistles,” the video’s narrator declares. Those extras include things like a lifetime warranty, BlueSign approved recycled materials, as well as the time and effort the company’s design team put into creating the bag.

In its most on-the-nose jab at Amazon, the video includes a “dramatization” of how the AmazonBasics design team created their take on the bag. “Keep combing that data,” a googly-eyed executive tells his subordinate, who’s played here by Peak Design founder and CEO Peter Dering. “Let’s Basic that bad boy,” they say after finding the Everyday Sling.

Source: Bag maker Peak Design calls out Amazon for its copycat ways | Engadget

RAWGraphs releases version 2

Posted on by

RAW Graphs is an open source data visualization framework built with the goal of making the visual representation of complex data easy for everyone.

Primarily conceived as a tool for designers and vis geeks, RAW Graphs aims at providing a missing link between spreadsheet applications (e.g. Microsoft Excel, Apple Numbers, OpenRefine) and vector graphics editors (e.g. Adobe Illustrator, Inkscape, Sketch).

The project, led and maintained by the DensityDesign Research Lab (Politecnico di Milano) was released publicly in 2013 and is regarded by many as one of the most important tools in the field of data visualization.

Source: About | RAWGraphs

Posted in Art

Hackers exploit websites to give them excellent SEO before deploying malware

Posted on by

According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings.

[…]

In a blog post on Monday, the cybersecurity team said the technique, dubbed “Gootloader,” involves deployment of the infection framework for the Gootkit Remote Access Trojan (RAT) which also delivers a variety of other malware payloads.

The use of SEO as a technique to deploy Gootkit RAT is not a small operation. The researchers estimate that a network of servers — 400, if not more — must be maintained at any given time for success.

[…]

Websites compromised by Gootloader are manipulated to answer specific search queries. Fake message boards are a constant theme in hacked websites observed by Sophos, in which “subtle” modifications are made to “rewrite how the contents of the website are presented to certain visitors.”

“If the right conditions are met (and there have been no previous visits to the website from the visitor’s IP address), the malicious code running server-side redraws the page to give the visitor the appearance that they have stumbled into a message board or blog comments area in which people are discussing precisely the same topic,” Sophos says.

If the attackers’ criteria aren’t met, the browser will display a seemingly-normal web page — that eventually dissolves into garbage text.

[…]

Victims who click on the direct download links will receive a .zip archive file, named in relation to the search term, that contains a .js file.

The .js file executes, runs in memory, and obfuscated code is then decrypted to call other payloads.

According to Sophos, the technique is being used to spread the Gootkit banking Trojan, Kronos, Cobalt Strike, and REvil ransomware, among other malware variants, in South Korea, Germany, France, and the United States.

“At several points, it’s possible for end-users to avoid the infection, if they recognize the signs,” the researchers say. “The problem is that, even trained people can easily be fooled by the chain of social engineering tricks Gootloader’s creators use. Script blockers like NoScript for Firefox could help a cautious web surfer remain safe by preventing the initial replacement of the hacked web page to happen, but not everyone uses those tools.”

[…]

Source: Hackers exploit websites to give them excellent SEO before deploying malware | ZDNet

ICANN Refuses to Accredit Pirate Bay Founder Peter Sunde Due to His ‘Background’

Posted on by

Peter Sunde was one of the key people behind The Pirate Bay in the early years, a role for which he was eventually convicted in Sweden.

While Sunde cut his ties with the notorious torrent site many years ago, he remains an active and vocal personality on the Internet.

[…]

Sunde is also involved with the domain registrar Sarek, which caters to technology enthusiasts and people who are interested in a fair and balanced Internet, promising low prices for domain registrations

As a business, everything was going well for Sarek. The company made several deals with domain registries to offer cheap domains but there is one element that’s missing. To resell the most popular domains, including .com and .org, it has to be accredited by ICANN.

ICANN is the main oversight body for the Internet’s global domain name system. Among other things, it develops policies for accredited registrars to prevent abuse and illegal use of domain names. Without this accreditation, reselling several popular domains simply isn’t an option.

ICANN Denies Accreditation

Sunde and the Sarek team hoped to overcome this hurdle and started the ICANN accreditation process in 2019. After a long period of waiting, the organization recently informed Sunde that his application was denied.

[…]

“After the background check I get a reply that I’ve checked the wrong boxes,” Sunde wrote. “Not only that, but they’re also upset I was wanted by Interpol.”

The Twitter thread didn’t go unnoticed by ICANN who contacted Sunde over the phone to offer clarification. As it turns out, the ‘wrong box’ issue isn’t the main problem, as he explains in a follow-up Twitter thread.

“I got some sort of semi-excuse regarding their claim that I lied on my application. They also said that they agreed it wasn’t fraud or similar really. So both of the points they made regarding the denial were not really the reason,” Sunde clarifies.

ICANN is Not Comfortable With Sunde

Over the phone, ICANN explained that the matter was discussed internally. This unnamed group of people concluded that the organization is ‘not comfortable’ doing business with him.

“They basically admitted that they don’t like me. They’ve banned me for nothing else than my political views. This is typical discrimination. Considering I have no one to appeal to except them, it’s concerning, since they control the actual fucking center of the internet.”

[…]

Making matters worse, ICANN will also keep the registration fee, so this whole ordeal is costing money as well.

Source: ICANN Refuses to Accredit Pirate Bay Founder Peter Sunde Due to His ‘Background’ * TorrentFreak

Yup. ICANN. It’s an autocracy run by no-one but themselves. This is clearly visible in their processes, which almost led to the whole .org TLD being sold off for massive profit (.org is not for profit!) to an ex board member.

SpaceX Mars prototype rocket nails landing for the first time – then explodes

Posted on by

SpaceX rocket prototype, known as SN10, soared over South Texas during test flight Wednesday before swooping down to a pinpoint landing near its launch site. Approximately three minutes after landing, however, multiple independent video feeds showed the rocket exploding on its landing pad.

SpaceX’s SN10, an early prototype of the company’s Starship Mars rocket, took off around 5:15 pm CT and climbed about six miles over the coastal landscape, mimicking two previous test flights SpaceX has conducted that ended in an explosive crash. Wednesday marked the first successful landing for a Starship prototype.
“We’ve had a successful soft touch down on the landing pad,” SpaceX engineer John Insprucker said during a livestream of the event. “That’s capping a beautiful test flight of Starship 10.”
It was unclear what caused the rocket to explode after landing, and the SpaceX livestream cut out before the conflagration.
[…]

Source: SpaceX aborts Mars prototype rocket nails landing for the first time – CNN

No wonder that Japanese businessman is trying to give away his tickets to space on Musk’s explody rides

How I cut GTA Online loading times by 70% (GTA fix JSON handler pls)

Posted on by

[…]

tl;dr

  • There’s a single thread CPU bottleneck while starting up GTA Online
  • It turns out GTA struggles to parse a 10MB JSON file
  • The JSON parser itself is poorly built / naive and
  • After parsing there’s a slow item de-duplication routine

R* please fix

If this somehow reaches Rockstar: the problems shouldn’t take more than a day for a single dev to solve. Please do something about it :<

You could either switch to a hashmap for the de-duplication or completely skip it on startup as a faster fix. For the JSON parser – just swap out the library for a more performant one. I don’t think there’s any easier way out.

Source: How I cut GTA Online loading times by 70%

Ticketcounter leaks data for millions of people, didn’t delete sensitive data and was outed

Posted on by

Data of visitors to Diergaarde Blijdorp, Apenheul, Dierenpark Amersfoort and dozens of other theme parks are on the street. Ticket seller Ticketcounter is also extorted for 3 tons.

An employee accidentally posted data online where they didn’t have to. As a result, the data could be found there for months (from 5 August 2020 to 22 February 2021). The data is then offered for sale on the dark web.

This mainly concerns data of people who have purchased day tickets via the website.

Source: Groot datalek bij Ticketcounter, ook hack bij InHolland – Emerce

It turns out they kept all this data they shouldn’t have.

The database contained the data of 1.5 million people who had purchased a ticket through Ticketcounter. These include their names, email addresses, telephone numbers, dates of birth and address details. If people with iDEAL have paid for their entrance ticket, their bank account number (IBAN) has also fallen into the wrong hands.

Source: Datalek Ticketcounter treft ook bezoekers musea en attracties

Why did they keep all this data? And why wasn’t it encrypted?

It was leaked when someone made a backup which a) wasn’t encrypted and b) was placed somewhere stunningly easy to find. Now they are being extorted to the tune of 7 BTC which they are not planning to give.

Ticketcounter makes it sound like they are some kind of victim in this but their security practices are abysmal and hopefully they will be fined a serious amount.