Kia seems to be in quite a predicament. As we reported earlier today, the automaker’s online services appear to have been severed from the outside world, with customers unable to start their cars remotely via Kia’s apps or even log into the company’s financing website to pay their bills. All signs pointed to a potential cyberattack against Kia—ransomware most likely—and that’s exactly what a new report is claiming it is.A report by information security news site Bleeping Computer seems to solidify that theory, as the publication shared a screenshot of an alleged ransom note asking Kia for the hefty sum of $20,000,000 to decrypt its files.Screenshot: KiaThe infection is believed to be the work of a group called DoppelPaymer by Crowdstrike researchers in 2019. Such threat actors routinely hunt big game for large payouts, according to a security bulletin released by the FBI late last year. The note left behind mentions that the malware not only encrypted live data, but also the company’s backups, which more sophisticated attacks of this nature often do to prevent an easy restoration.To make matters worse, it also claims to have exfiltrated a large amount of data along with the hack which it says it will release within three weeks. It’s not clear what kind of data was exfiltrated by the attackers, however, the note claims that it was a “huge amount” of it, and the number of Kia’s online services that were affected does elude to the possibility of a broad net being cast into Kia’s network. In more simple terms, these alleged attackers stole a bunch of stuff out of Kia’s house and then locked the doors to some of the bedrooms inside. After reaching out to Kia multiple times, The Drive finally received an answer on the matter. A Kia spokesperson confirmed that Kia is “experiencing an extended systems outage,” though it does not mention the nature of the outage. It also downplays the ransomware attack allegations shared by Bleeping Computer.”Kia Motors America, Inc. is currently experiencing an extended systems outage,” a Kia spokesperson told The Drive via email. “Affected systems includetheKiaOwnersPortal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected customers and are working to resolve the issue as quickly as possible with minimal interruption to our business.”The spokesperson added: “We are also aware of online speculation that Kia is subject to a ‘ransomware’ attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack.”Having said that, the report on Bleeping Computer indicates detailed notes from these purported attackers. The attackers apparently used a Protonmail email address to communicate and display a web page on Tor, an encrypted peer-to-peer network that promotes anonymity, complete with an online chat function in case they need support to pay the ransom. At the time of this writing, the hackers were requesting 404.5412 Bitcoin, which equates to roughly $20.9 million. But the message also warns that as they take longer to pay, the fee goes up, ending in 600 Bitcoin ($31 million) should the automaker not pay up within nine days.Screenshots of the actual notes have been published by Bleeping Computer and can be viewed here. It’s also worth noting that DoppelPaymer is the same malware that was responsible for exfiltrating and encrypting data from Visser, a defense contractor and parts manufacturer for both Tesla and SpaceX, just last year.
A judge has ruled that Citibank can’t claw back more than $500m (£360m) it mistakenly paid out after outsourced staff and a senior manager made a nearly billion-dollar (£700m) user-interface blunder.The error occurred on August 11 last year, when Citibank was supposed to wire $7.8m (£5.6m) in interest payments to lenders who are propping up troubled cosmetics giant Revlon. But a worker at outsourcing mega-org Wipro accidentally checked the wrong combination of on-screen boxes, leading to the repayment of not only the interest but also the $894m (£640m) principal from the bank’s funds.Citibank has a “six-eyes” policy on massive money transfers of this type. In the Revlon fiasco, a Wipro worker in India configured the transfer using software called Flexcube, his local manager approved it, and Vincent Fratta – a Citibank senior manager based in Delaware, USA – gave the final OK for the transfer of funds, all believing the settings were correct.Below is a screenshot of the transfer set up by the first Wipro worker. He should have ticked not just the principal field but also the front and fund fields, and set their values to the necessary clearing account number. By leaving those two boxes unchecked and values empty – and wrongly assuming putting the account number in the principal field was a correct move – the entire principal of the loan, which was set to mature in 2023, was handed back to 315 creditors.UIIncomplete … The Flexcube interface for the infamous transfer. Click to enlarge. Source: US courts systemIt wasn’t until the next day that staff noticed the error, and sent out emails asking for the funds be returned – and hundreds of millions of dollars were. However, a group of 10 creditors refused to hand back their share the cash, amounting to more than $500m, leading Citibank to sue them in New York to recover the dosh.This week, the US federal district court judge presiding over that lawsuit sided with the lenders, saying [PDF] they had reasonable grounds to think that the transfer was legitimate and that they had legal grounds to keep their money.angry lego minifig man turns on anxious lego minifig manBarclays Bank appeared to be using the Wayback Machine as a ‘CDN’ for some JavascriptREAD MORE”The non-returning lenders believed, and were justified in believing, that the payments were intentional,” Judge Jesse Furman ruled.”Indeed, to believe otherwise — to believe that Citibank, one of the most sophisticated financial institutions in the world, had made a mistake that had never happened before, to the tune of nearly $1bn — would have been borderline irrational.”Since the amount sent back repaid the loaned amounts to the cent and no more, the judge ruled Citibank had no right to reclaim the money.”We are extremely pleased with Judge Furman’s thoughtful, thorough and detailed decision,” Benjamin Finestone, representing two lenders, Brigade and HPS Investment Partners, told CNN.That said, the saga isn’t over yet. The disputed funds are going nowhere, and are held under a temporary restraining order, to give Citibank a chance to challenge the ruling. “We strongly disagree with this decision and intend to appeal,” the mega bank said in a statement. “We believe we are entitled to the funds and will continue to pursue a complete recovery of them.”
The use of “invisible” tracking tech in emails is now “endemic”, according to a messaging service that analysed its traffic at the BBC’s request.Hey’s review indicated that two-thirds of emails sent to its users’ personal accounts contained a “spy pixel”, even after excluding for spam.Its makers said that many of the largest brands used email pixels, with the exception of the “big tech” firms.Defenders of the trackers say they are a commonplace marketing tactic.And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.Emails pixels can be used to log: if and when an email is opened how many times it is opened what device or devices are involved the user’s rough physical location, deduced from their internet protocol (IP) address – in some cases making it possible to see the street the recipient is onThis information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles.Hey’s co-founder David Heinemeier Hansson says they amount to a “grotesque invasion of privacy”.
Keith Gill, known as ‘Roaring Kitty’ on YouTube, allegedly duped retail investors into buying inflated stocks while hiding his sophisticated financial background.Mr Gill has downplayed his impact and rebutted claims he violated any laws.Separately, he will testify on Thursday to Congress about the “Reddit rally”.”The idea that I used social media to promote GameStop stock to unwitting investors is preposterous,” Mr Gill said in the prepared testimony.”I was abundantly clear that my channel was for educational purposes only, and that my aggressive style of investing was unlikely to be suitable for most folks checking out the channel.” GameStop: What is it and why is it trending? Real Wolf of Wall Street warns of GameStop losses Share buying mistakes ‘on the rise’Mr Gill allegedly bought GameStop shares for $5 (£3.60) and then used social media to drive shares from around $20 in early January to more than $400 in just two weeks.This violated securities laws against manipulating the market, according to the lawsuit filed by Christian Iovin, a Washington state resident who purchased GameStop stock options.Mr Gill said he used publicly available information to determine GameStop was undervalued, and shared this view with a “tiny” following on social media ahead of January’s huge price surge.The lawsuit also names as defendants Massachusetts Mutual Life Insurance Co and its subsidiary MML Investors Services, which employed Mr Gill until 28 January.The company told Massachusetts regulators it was unaware of Mr Gill’s outside activities.Grilling from lawmakersA number of people involved in the so-called “Reddit rally” are due to appear before Congress on Thursday, including Mr Gill.Others called to testify include Wall Street hedge fund Melvin Capital, along with the chief executive of Reddit.media captionGameStop investors on a wild rideThe chief executive of Robinhood, the trading platform that restricted the purchases of GameStop shares to investors during the trading frenzy, is also expected to testify.The GameStop saga was hailed as a victory of the little guys against big Wall Street hedge funds that were betting against video games retailer GameStop and other struggling businesses.But it is unclear what role hedge funds had in the rally as some are reported to have made millions from the GameStop share rally, that was inspired by Reddit users.
As the U.S. continues to chart the damage from the sweeping “SolarWinds” hack, France has announced that it too has suffered a large supply chain cyberattack. The news comes via a recently released technical report published by the Agence Nationale de la sécurité des systèmes d’information—or simply ANSSI—the French government’s chief cybersecurity agency. Like the U.S., French authorities have implied that Russia is probably involved.According to ANSSI, a sophisticated hacker group has successfully penetrated the Centreon Systems products, a French IT firm specializing in network and system monitoring that is used by many French government agencies, as well as some of the nation’s biggest companies (Air France, among others). Centreon’s client page shows that it partners with the French Department of Justice, Ecole Polytechnique, and regional public agencies, as well as some of the nation’s largest agri-food production firms.Illustration for article titled France Just Suffered a SolarWinds-Style CyberattackThe SolarWinds Hack Just Keeps Getting More WildNow the Chinese are involved. That’s one of the newest allegations to emerge in the SolarWinds…Read moreWhile ANSSI did not officially attribute the hack to any organization, the agency says the techniques used bear similarities to those of the Russian military hacker group “Sandworm” (also known as Unit 74455). The intrusion campaign, which dates back at least to 2017, allowed the hackers to breach the systems of a number of French organizations, though ANSSI has declined to name the victims or say how many were affected.
Now that Apple has officially begun the transition to Apple Silicon, so has malware.
Security researcher Patrick Wardle published a blog detailing that he’d found a malicious program dubbed GoSearch22, a Safari browser extension that’s been reworked for Apple’s M1 processor. (The extension is a variant of the Pirrit adware family, which is notorious on Macs.) Meanwhile, a new report from Wired also quotes other security researchers as finding other, distinct instances of native M1 malware from Wardle’s findings.
The GoSearch22 malware was signed with an Apple developer ID on Nov. 23, 2020—not long after the first M1 laptops were first unveiled. Having a developer ID means a user downloading the malware wouldn’t trigger Gatekeeper on macOS, which notifies users when an application they’re about to download may not be safe. Developers can take the extra step of submitting apps to Apple to be notarized for extra confirmation. However, Wardle notes in his writeup that it’s unclear whether Apple ever notarized the code, as the certificate for GoSearch22 has since been revoked. Unfortunately, he also writes that since this malware was detected in the wild, regardless of whether Apple notarized it, “macOS users were infected.”
In a sign that interest in process mining is heating up, vendor FortressIQ is launching an analytics platform with a novel approach to understanding how users really work – it “videos” their on-screen activity for later analysis.
According to the San Francisco-based biz, its Process Intelligence platform will allow organisations to be better prepared for business transformation, the rollout of new applications, and digital projects by helping customers understand how people actually do their jobs, as opposed to how the business thinks they work.
Celonis works by recording a users’ application logs, and by applying machine learning to data across a number of applications, purports to figure out how processes work in real life. FortressIQ, which raised $30m in May 2020, uses a different approach – recording all the user’s screen activity and using AI and computer vision to try to understand all their behaviour.
Pankaj Chowdhry, CEO at FortressIQ, told The Register that the company had built was a “virtual process analyst”, a software agent which taps into a user’s video card on the desktop or laptop. It streams a low-bandwidth version of what is occuring on the screen to provide the raw data for the machine-learning models.
“We built machine learning and computer vision AI that will, in essence, watch that movie, and convert it into a structured activity,” he said.
In an effort to assure those forgiven for being a little freaked out by the recording of users’ every on-screen move, the company said it anonymises the data it analyses to show which processes are better than others, rather than which user is better. Similarly, it said it guarantees the privacy of on-screen data.
Nonetheless, users should be aware of potential kickbacks when deploying the technology, said Tom Seal, senior research director with IDC.
“Businesses will be somewhat wary about provoking that negative reaction, particularly with the remote working that’s been triggered by COVID,” he said.
At the same time, remote working may be where the approach to process mining can show its worth, helping to understand how people adapt their working patterns in the current conditions.
FortressIQ may have an advantage over rivals in that it captures all data from the users’ screen, rather than the applications the organisation thinks should be involved in a process, said Seal. “It’s seeing activity that the application logs won’t pick up, so there is an advantage there.”
Of course, there is still the possibility that users get around prescribed processes using Post-It notes, whiteboards and phone apps, which nobody should put beyond them.
Celonis and FortressIQ come from very different places. The German firm has a background in engineering and manufacturing, with an early use case at Siemens led by Lars Reinkemeyer who has since joined the software vendor as veep for customer transformation. He literally wrote the book on process mining while at the University of California, Santa Barbara. FortressIQ, on the other hand, was founded by Chowdhry who worked as AI leader at global business process outsourcer Genpact before going it alone.
And it’s not just these two players. Software giant SAP has bought Signavio, a specialist in business process analysis and management, in a deal said to be worth $1.2bn to help understand users’ processes as it readies them for the cloud and application upgrades. ®
Like it or not, connected cars have become a staple of every day life for millions of Americans. The ability to interact with our cars from afar past the key fob has become something we expect to work, but that all relies on the underpinnings of critical IT infrastructure. And when something isn’t working as expected, a minor inconvenience can translate into a customer nightmare.
Someone over at Kia has been having a very bad week. Since Saturday, Kia’s online and connected services have been down, leaving owners unable to pay their bills, remotely unlock their vehicles, or even warm them up in the middle of one of the harshest winters that parts of the U.S. have seen in quite some time.
via Kia, Twitter
Kia’s hamsters have their work cut out for them.
Owners took to Twitter and various online forums to complain about the unscheduled outage, many confused why they couldn’t view the details of their cars on Kia’s website or various phone apps.
Some owners looking to pay their bills also visited Kia’s finance site where they were unable to login and pay their bills, so they resorted to the phonelines which played a message stating that the self-service options were down for scheduled maintenance. Needless to say, that led to a flurry of people tweeting at Kia because they were unsure of the outcome should they miss a payment due to the outage.
via Kia
Now, it’s not just existing Kia drivers that are affected. New buyers are also stuck, unable to set up accounts with Kia’s online services. We confirmed this by trying to create an account on the Kia owners’ portal, but were greeted with an “Internal Server Error” and couldn’t proceed.
For centuries, mapmakers have agonized over how to accurately display our round planet on anything other than a globe.
Now, a fundamental re-imagining of how maps can work has resulted in the most accurate flat map ever made, from a trio of map experts: J. Richard Gott, an emeritus professor of astrophysics at Princeton and creator of a logarithmic map of the universe once described as “arguably the most mind-bending map to date”; Robert Vanderbei, a professor of operations research and financial engineering who created the “Purple America” map of election results; and David Goldberg, a professor of physics at Drexel University.
Their new map is two-sided and round, like a phonograph record or vinyl LP. Like many radical developments, it seems obvious in hindsight. Why not have a two-sided map that shows both sides of the globe? It breaks away from the limits of two dimensions without losing any of the logistical convenience—storage and manufacture—of a flat map.
“This is a map you can hold in your hand,” Gott said.
Princeton professors J. Richard Gott and Robert Vanderbei worked with Drexel professor David Goldberg to create a revolutionary new map: a two-sided disk that can slip inside a textbook or be stacked neatly for storage. It provides more accurate distances than any existing flat map, while keeping visual distortions at a minimum. Credit: Video by J. Richard Gott, Robert Vanderbei and David Goldberg
In 2007, Goldberg and Gott invented a system to score existing maps, quantifying the six types of distortions that flat maps can introduce: local shapes, areas, distances, flexion (bending), skewness (lopsidedness) and boundary cuts (continuity gaps). The lower the score, the better: a globe would have a score of 0.0.
[…]
It can be displayed with the Eastern and Western Hemispheres on the two sides, or in Gott’s preferred orientation, the Northern and Southern Hemispheres, which conveniently allows the equator to run around the edge. Either way, this is a map with no boundary cuts. To measure distances from one side to the other, you can use string or measuring tape reaching from one side of the disk to the other, he suggested.
“If you’re an ant, you can crawl from one side of this ‘phonograph record’ to the other,” Gott said. “We have continuity over the equator. African and South America are draped over the edge, like a sheet over a clothesline, but they’re continuous.”
This double-sided map has smaller distance errors than any single-sided flat map—the previous record-holder being a 2007 map by Gott with Charles Mugnolo, a 2005 Princeton alumnus. In fact, this map is remarkable in having an upper boundary on distance errors: It is impossible for distances to be off by more than ± 22.2%. By comparison, in the Mercator and Winkel Tripel projections, as well as others, distance errors become enormous approaching the poles and essentially infinite from the left to the right margins (which are far apart on the map but directly adjacent on the globe). In addition, areas at the edge are only 1.57 times larger than at the center.
In 2010, the U.S. Department of Defense found thousands of its computer servers sending military network data to China—the result of code hidden in chips that handled the machines’ startup process.
In 2014, Intel Corp. discovered that an elite Chinese hacking group breached its network through a single server that downloaded malware from a supplier’s update site.
And in 2015, the Federal Bureau of Investigation warned multiple companies that Chinese operatives had concealed an extra chip loaded with backdoor code in one manufacturer’s servers.
Each of these distinct attacks had two things in common: China and Super Micro Computer Inc., a computer hardware maker in San Jose, California. They shared one other trait; U.S. spymasters discovered the manipulations but kept them largely secret as they tried to counter each one and learn more about China’s capabilities.
[…]
Around early 2010, a Pentagon security team noticed unusual behavior in Supermicro servers in its unclassified networks.
Implant in the Startup Process
The machines turned out to be loaded with unauthorized instructions directing each one to secretly copy data about itself and its network and send that information to China, according to six former senior officials who described a confidential probe of the incident. The Pentagon found the implant in thousands of servers, one official said; another described it as “ubiquitous.”
Investigators attributed the rogue code to China’s intelligence agencies, the officials said. A former senior Pentagon official said there was “no ambiguity” in that attribution.
[…]
As military experts investigated the Pentagon breach, they determined that the malicious instructions guiding the Pentagon’s servers were hidden in the machines’ basic input-output system, or BIOS, part of any computer that tells it what to do at startup.
Two people with direct knowledge said the manipulation combined two pieces of code: The first was embedded in instructions that manage the order of the startup and can’t be easily erased or updated. That code fetched additional instructions that were tucked into the BIOS chip’s unused memory, where they were unlikely to be found even by security-conscious customers. When the server was turned on, the implant would load into the machine’s main memory, where it kept sending out data periodically.
Manufacturers like Supermicro typically license most of their BIOS code from third parties. But government experts determined that part of the implant resided in code customized by workers associated with Supermicro, according to six former U.S. officials briefed on the findings.
[…]
By 2014, investigators across the U.S. government were looking for any additional forms of manipulation—anything they might have missed, as one former Pentagon official put it. Within months, working with information provided by American intelligence agencies, the FBI found another type of altered equipment: malicious chips added to Supermicro motherboards.
Warnings Delivered
Government experts regarded the use of these devices as a significant advance in China’s hardware-hacking capabilities, according to seven former American officials who were briefed about them between 2014 and 2017. The chips injected only small amounts of code into the machines, opening a door for attackers, the officials said.
Small batches of motherboards with the added chips were detected over time, and many Supermicro products didn’t include them, two of the officials said.
[…]
“The agents said it was not a one-off case; they said this was impacting thousands of servers,” Kumar said of his own discussion with FBI agents.
It remains unclear how many companies were affected by the added-chip attack. Bloomberg’s 2018 story cited one official who put the number at almost 30, but no customer has acknowledged finding malicious chips on Supermicro motherboards.
Several executives who received warnings said the information contained too few details about how to find any rogue chips. Two former senior officials said technical details were kept classified.
[…]
“This wasn’t a case of a guy stealing a board and soldering a chip on in his hotel room; it was architected onto the final device,” Quinn said, recalling details provided by Air Force officials. The chip “was blended into the trace on a multilayered board,” he said.
“The attackers knew how that board was designed so it would pass” quality assurance tests, Quinn said.
[…]
Corporate investigators uncovered yet another way that Chinese hackers were exploiting Supermicro products. In 2014, executives at Intel traced a security breach in their network to a seemingly routine firmware update downloaded from Supermicro’s website.
[…]
A contact in the U.S. intelligence community alerted the company to the breach, according to a person familiar with the matter. The tip helped Intel investigators determine that the attackers were from a state-sponsored group known as APT 17.
APT 17 specializes in complex supply-chain attacks, and it often hits multiple targets to reach its intended victims, according to cybersecurity firms including Symantec and FireEye. In 2012, the group hacked the cybersecurity firm Bit9 in order to get to defense contractors protected by Bit9’s products.
Intel’s investigators found that a Supermicro server began communicating with APT 17 shortly after receiving a firmware patch from an update website that Supermicro had set up for customers. The firmware itself hadn’t been tampered with; the malware arrived as part of a ZIP file downloaded directly from the site, according to accounts of Intel’s presentation.
[…]
Breaches involving Supermicro’s update site continued after the Intel episode, according to two consultants who participated in corporate investigations and asked not to be named.
In incidents at two non-U.S. companies, one in 2015 and the other in 2018, attackers infected a single Supermicro server through the update site, according to a person who consulted on both cases. The companies were involved in the steel industry, according to the person, who declined to identify them, citing non-disclosure agreements. The chief suspect in the intrusions was China, the person said.
In 2018, a major U.S. contract manufacturer found malicious code in a BIOS update from the Supermicro site, according to a consultant who participated in that probe. The consultant declined to share the manufacturer’s name. Bloomberg reviewed portions of a report on the investigation.
It’s unclear whether the three companies informed Supermicro about their issues with the update site, and Supermicro didn’t respond to questions about them.
Personal information of more than 243 million Brazilians was exposed for more than six months thanks to weakly encoded credentials stored in the source code of the Brazilian Ministry of Health’s website. The data leak exposed both living and deceased Brazilians’ medical records to possible unauthorized access. The incident was the second reported by Brazilian publication Estadão and among several others recently affecting South America’s largest nation’s healthcare system.
Sistema Único de Saúde data leak exposed patients’ medical records
For more than six months, personal data belonging to anyone registered with Sistema Único de Saúde (SUS), Brazil’s national health system, could be viewed.
The data leak exposed people’s full names, addresses, phone numbers, and full medical records of Brazilians that signed up for the government’s public-funded healthcare system.
Approximately 32 million medical records belonged to deceased Brazilians, given that the country’s population was 211 million in 2019.
The database login credentials were encoded using Base64 encoding, which could be easily decoded. Anybody could have viewed the website’s source code and the database credentials using the F12 keyboard shortcut or the “View Source Code” option from the browser’s menu.
Subsequently, the exposed database logins could have allowed anybody access to Brazilians’ medical records.
Just last month, Estadão also reported another data leak exposing more than 16 million Brazilian COVID-19 patients’ medical records. The breach occurred after an employee uploaded on GitHub a spreadsheet containing usernames, passwords, and the E-SUS-VE system access keys.
We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks. It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers.
It’s a clever system. The players are the user, a traditional mobile network operator (MNO) like AT&T or Verizon, and a new mobile virtual network operator (MVNO). MVNOs aren’t new. They’re intermediaries like Cricket and Boost.
Here’s how it works:
One-time setup: The user’s phone gets a new SIM from the MVNO. All MVNO SIMs are identical.
Monthly: The user pays their bill to the MVNO (credit card or otherwise) and the phone gets anonymous authentication (using Chaum blind signatures) tokens for each time slice (e.g., hour) in the coming month.
Ongoing: When the phone talks to a tower (run by the MNO), it sends a token for the current time slice. This is relayed to a MVNO backend server, which checks the Chaum blind signature of the token. If it’s valid, the MVNO tells the MNO that the user is authenticated, and the user receives a temporary random ID and an IP address. (Again, this is now MVNOs like Boost already work.)
On demand: The user uses the phone normally.
The MNO doesn’t have to modify its system in any way. The PGPP MVNO implementation is in software. The user’s traffic is sent to the MVNO gateway and then out onto the Internet, potentially even using a VPN.
All connectivity is data connectivity in cell networks today. The user can choose to be data-only (e.g., use Signal for voice), or use the MVNO or a third party for VoIP service that will look just like normal telephony.
The group prototyped and tested everything with real phones in the lab. Their approach adds essentially zero latency, and doesn’t introduce any new bottlenecks, so it doesn’t have performance/scalability problems like most anonymity networks. The service could handle tens of millions of users on a single server, because it only has to do infrequent authentication, though for resilience you’d probably run more.
Swarm, developer of the world’s lowest-cost live satellite communications network, today announced that the Swarm network is now commercially live and available for customers to begin using. Swarm is the first low-cost satellite provider to offer commercial services to every point in the world, and companies in markets ranging from agriculture, to logistics to maritime can now globally scale their business with Swarm overnight for only $5/month per device.
The new rules formalise an earlier anti-monopoly draft law released in November and clarify a series of monopolistic practices that regulators plan to crack down on.
The guidelines are expected to put new pressure on the country’s leading internet services, including e-commerce sites such as Alibaba Group’s Taobao and Tmall marketplaces or JD.com. They will also cover payment services like Ant Group’s Alipay or Tencent Holding’s WeChat Pay.
The rules, issued by the State Administration for Market Regulation (SAMR) on its website, bar companies from a range of behaviour, including forcing merchants to choose between the country’s top internet players, a long-time practice in the market.
SAMR said the latest guidelines would “stop monopolistic behaviours in the platform economy and protect fair competition in the market.”
The notice also said it will stop companies from price fixing, restricting technologies and using data and algorithms to manipulate the market.
In a Q&A accompanying the notice, SAMR said reports of internet-related anti-monopoly behaviour had been increasing, and that it was facing challenges regulating the industry.
“The behaviour is more concealed, the use of data, algorithms, platform rules and so on make it more difficult to discover and determine what are monopoly agreements,” it said.
China will set up a new information platform to allow the public to track the emissions of polluting enterprises and help authorities prosecute those that break the rules or try to “evade supervision”, the environment ministry said.
A total of 2.36 million companies, industrial facilities and institutions in China are legally obliged to obtain permits to emit pollutants like sulphur dioxide or wastewater.
But China has struggled to collect the information required to make the system work, and has also faced obstruction and data fraud from some polluting firms.
According to the environment ministry, the new information platform will allow authorities and members of the public to monitor real-time emission levels and check historical data in order to determine whether rules are being breached. It is set to come into effect on March 1.
Apple only lets you access iPhone apps through its own App Store, which it says keeps everything safe. It appeared to bolster that idea when it announced in 2020 that it would ask app makers to fill out what are essentially privacy nutrition labels. Just like packaged food has to disclose how much sugar it contains, apps would have to disclose in clear terms how they gobble your data. The labels appear in boxes toward the bottom of app listings. (Click here for my guide on how to read privacy nutrition labels.)
But after I studied the labels, the App Store is now a product I trust less to protect us. In some ways, Apple uses a narrow definition of privacy that benefits Apple — which has its own profit motivations — more than it benefits us.
Apple’s big privacy product is built on a shaky foundation: the honor system. In tiny print on the detail page of each app label, Apple says, “This information has not been verified by Apple.”
The first time I read that, I did a double take. Apple, which says caring for our privacy is a “core responsibility,” surely knows devil-may-care data harvesters can’t be counted on to act honorably. Apple, which made an estimated $64 billion off its App Store last year, shares in the responsibility for what it publishes.
It’s true that just by asking apps to highlight data practices, Apple goes beyond Google’s rival Play Store for Android phones. It has also promised to soon make apps seek permission to track us, which Facebook has called an abuse of Apple’s monopoly over the App Store.
In an email, Apple spokeswoman Katie Clark-AlSadder said: “Apple conducts routine and ongoing audits of the information provided and we work with developers to correct any inaccuracies. Apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don’t come into compliance.”
My spot checks suggest Apple isn’t being very effective.
And even when they are filled out correctly, what are Apple’s privacy labels allowing apps to get away with not telling us?
Trust but verify
A tip from a tech-savvy Washington Post reader helped me realize something smelled fishy. He was using a journaling app that claimed not to collect any data but, using some technical tools, he spotted it talking an awful lot to Google.
[…]
To be clear, I don’t know exactly how widespread the falsehoods are on Apple’s privacy labels. My sample wasn’t necessarily representative: There are about 2 million apps, and some big companies, like Google, have yet to even post labels. (They’re only required to do so with new updates.) About 1 in 3 of the apps I checked that claimed they took no data appeared to be inaccurate. “Apple is the only one in a position to do this on all the apps,” says Jackson.
But if a journalist and a talented geek could find so many problems just by kicking over a few stones, why isn’t Apple?
Even after I sent it a list of dubious apps, Apple wouldn’t answer my specific questions, including: How many bad apps has it caught? If being inaccurate means you get the boot, why are some of the ones I flagged still available?
[…]
We need help to fend off the surveillance economy. Apple’s App Store isn’t doing enough, but we also have no alternative. Apple insists on having a monopoly in running app stores for iPhones and iPads. In testimony to Congress about antitrust concerns last summer, Apple CEO Tim Cook argued that Apple alone can protect our security.
Other industries that make products that could harm consumers don’t necessarily get to write the rules for themselves. The Food and Drug Administration sets the standards for nutrition labels. We can debate whether it’s good at enforcement, but at least when everyone has to work with the same labels, consumers can get smart about reading them — and companies face the penalty of law if they don’t tell the truth.
Apple’s privacy labels are not only an unsatisfying product. They should also send a message to lawmakers weighing whether the tech industry can be trusted to protect our privacy on its own.
Since late January, most users running a pre-installed Lenovo image of Windows 10 has been bitten by a bug in Lenovo’s System Update Service (SUService.exe) causing it to constantly occupy a CPU thread. This was noticed by many ThinkPad and IdeaPad users as an unexpected increase in fan noise, but many desktop users might not notice the problem. I’m submitting this story to Slashdot because Lenovo does not provide an official support venue for their software, and the problem has persisted for several weeks with no indication of a patch forthcoming. While this bug continues to persist, anyone with a preinstalled Lenovo image of Windows 10 will have greatly reduced battery life on a laptop, and greatly increased power consumption in any case. As a thought experiment, if this causes 1 million systems to increase their idle power consumption by 40 watts, this software bug is currently wasting 40 megawatts, or about 1/20th the output of a typical commercial power station. On my ThinkPad P15, this bug actually wastes 80 watts of power, so the indication is that 40 watts per system is a very conservative number.
Lenovo’s official forums and unofficial reddit pages have seen several threads pop up since late January with confused users noticing the issue, but so far Lenovo is yet to issue an official statement. Users have recommended uninstalling the Lenovo System Update Service as a workaround, but that won’t stop this power virus from eating up megawatts of power around the world for those who don’t notice this power virus’s impact on system performance.
German software designer Jonas Strehle has published a proof of concept on GitHub that he says demonstrates a method in which the favicon’s cache can be used to store a unique identifier for a user that is readable “in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the system, using a VPN or installing AdBlockers.”As Motherboard points out, Strehle started building the project after reading a research paper from the University of Illinois at Chicago that describes the technique. The basic gist of the method starts with the fact that favicon’s get cached in your browser the first time you visit a website. When you return to the site, the browser checks to see if the favicon has been stored in its own special home on your machine that’s called the F-Cache. If the data is out of date or missing, the browser requests data from the website’s servers. Strehle explained what happens next in a write up on his website: A web server can draw conclusions about whether a browser has already loaded a favicon or not: So when the browser requests a web page, if the favicon is not in the local F-cache, another request for the favicon is made. If the icon already exists in the F-Cache, no further request is sent. By combining the state of delivered and not delivered favicons for specific URL paths for a browser, a unique pattern (identification number) can be assigned to the client. When the website is reloaded, the web server can reconstruct the identification number with the network requests sent by the client for the missing favicons and thus identify the browser.
A new company called Metalenz, which emerges from stealth mode today, is looking to disrupt smartphone cameras with a single, flat lens system that utilizes a technology called optical metasurfaces. A camera built around this new lens tech can produce an image of the same if not better quality as traditional lenses, collect more light for brighter photos, and can even enable new forms of sensing in phones, all while taking up less space.
[…]
“The optics usually in smartphones nowadays consists of between four and seven lens elements,” says Oliver Schindelbeck, innovation manager at the optics manufacturer Zeiss, which is known for its high-quality lenses. “If you have a single lens element, just by physics you will have aberrations like distortion or dispersion in the image.”
More lenses allow manufacturers to compensate for irregularities like chromatic aberration (when colors appear on the fringes of an image) and lens distortion (when straight lines appear curved in a photo). However, stacking multiple lens elements on top of each other requires more vertical space inside the camera module.
[…]
Phone makers like Apple have increased the number of lens elements over time, and while some, like Samsung, are now folding optics to create “periscope” lenses for greater zoom capabilities, companies have generally stuck with the tried-and-true stacked lens element system.
[…]
Instead of using plastic and glass lens elements stacked over an image sensor, Metalenz’s design uses a single lens built on a glass wafer that is between 1×1 to 3×3 millimeter in size. Look very closely under a microscope and you’ll see nanostructures measuring one-thousandth the width of a human hair. Those nanostructures bend light rays in a way that corrects for many of the shortcomings of single-lens camera systems.
[…]
Light passes through these patterned nanostructures, which look like millions of circles with differing diameters at the microscopic level. “Much in the way that a curved lens speeds up and slows down light to bend it, each one of these allows us to do the same thing, so we can bend and shape light just by changing the diameters of these circles,” Devlin says.
[…]
nd the design doesn’t just conserve space. Devlin says a Metalenz camera can deliver more light back to the image sensor, allowing for brighter and sharper images than what you’d get with traditional lens elements.
Another benefit? The company has formed partnerships with two semiconductor leaders (that can currently produce a million Metalenz “chips” a day), meaning the optics are made in the same foundries that manufacture consumer and industrial devices—an important step in simplifying the supply chain.
New Forms of Sensing
Metalenz will go into mass production toward the end of the year. Its first application will be to serve as the lens system of a 3D sensor in a smartphone. (The company did not give the name of the phone maker.)
Late on Wednesday, a moderator of the popular Reddit message board WallStreetBets posted several screenshots on the chat app Discord. They showed that other moderators had quietly started talking among themselves about landing a movie deal.
“What’s our cut?” one of the moderators had asked in a Discord chat, according to the screenshots.
By Thursday morning, that quest for Hollywood riches had exploded into an ugly battle, giving a glimpse into the unruly nature of a suddenly famous Reddit community.
That was when the WallStreetBets moderators who were considering the film deal began booting out other moderators who had questioned them for secretly trying to profit from the forum’s success. Eventually, employees at Reddit weighed in to try to quell the unrest.
“Can you all discuss with me what is going on?” a Reddit employee with the screen name sodypop asked, according to screenshots of the conversation shared with The New York Times.
The WallStreetBets fight is the latest twist in the saga of an online army of investors who have roiled Wall Street over the past 10 days.
[…]
Over the last week, several top moderators, who have administrative control of the message board, met in a private chat room on Discord to discuss the business opportunities arising from their sudden fame.
One moderator said he was in touch with Ben Mezrich, an author of the book that became the movie “The Social Network,” who last week secured deals to write a book and help with a movie about the GameStop saga, according to screenshots from the forum shared with The Times.
“Oof we gotta go fast i think,” another moderator wrote back. “While the studios are competing.”
None of the six moderators The Times interviewed were willing to give their real names, but The Times verified the people were in control of the board’s moderator accounts.
The conversation heated up after Mr. Rogozinski announced that he had sold the rights to his own story to a movie studio this week. Mr. Rogozinski did not respond to requests for comment.
One longtime moderator of the group, known as zjz, saw the conversation and took issue. He posted images of the conversation in a broader chat room for all the moderators.
“We suddenly find out these formerly inactive moderators are trying to *literally* sell the story of how they built the subreddit and undermine us,” zjz wrote in an email to The Times.
In a post to WallStreetBets on Wednesday night, which was quickly removed, zjz also wrote: “We’ve been taken hostage by the top mods. They left for years and came back when they smelled money.”
That led to escalating recriminations and insults that soon went beyond a movie deal. Some began criticizing the top moderators for moves they had made to raise their profile, like creating a Twitter account and hiring a public relations representative. Some also made death threats.
Late Wednesday and early Thursday, the top moderators began removing lower-ranking moderators who were asking questions.
[…]
On Thursday afternoon, Reddit stepped in to remove the top WallStreetBets moderators. They put the moderators who had sided with zjz back in control, though zjz himself was not restored.
Mr. Cormier, who has been unemployed since March when he lost his job in a shop specializing in the game Magic the Gathering, said he was dismayed by the fighting on WallStreetBets.
Researchers at the University of Maryland have turned ordinary sheets of wood into transparent material that is nearly as clear as glass, but stronger and with better insulating properties. It could become an energy efficient building material in the future.
Wood is made of two basic ingredients: cellulose, which are tiny fibres, and lignin, which bonds those fibres together to give it strength.
Tear a paper towel in half and look closely along the edge. You will see the little cellulose fibres sticking up. Lignin is a glue-like material that bonds the fibres together, a little like the plastic resin in fibreglass or carbon fibre. The lignin also contains molecules called chromophores, which give the wood its brown colour and prevent light from passing through.
Early attempts to make transparent wood involved removing the lignin, but this involved hazardous chemicals, high temperatures and a lot of time, making the product expensive and somewhat brittle. The new technique is so cheap and easy it could literally be done in a backyard.
Starting with planks of wood a metre long and one millimetre thick, the scientists simply brushed on a solution of hydrogen peroxide using an ordinary paint brush. When left in the sun, or under a UV lamp for an hour or so, the peroxide bleached out the brown chromophores but left the lignin intact, so the wood turned white.
Researchers demonstrated after brushing a coat of hydrogen peroxide on the opaque wood material, and exposing it to one hour of sunlight, it turns transparent. (Qinqin Xia, University of Maryland/Science Advances)
Next, they infused the wood with a tough transparent epoxy designed for marine use, which filled in the spaces and pores in the wood and then hardened. This made the white wood transparent.
You can see a similar effect by taking that same piece of paper towel, dip half of it in water and place it on a patterned surface. The white paper towel will become translucent with light passing through the water and cellulose fibres without being scattered by refraction.
The epoxy in the wood does an even better job, allowing 90 per cent of visible light to pass through. The result is a long piece of what looks like glass, with the strength and flexibility of wood.
A researcher holds up a square of transparent wood material against a green leaf. (USDA Forest Service)
As window material, it would be much more resistant to accidental breakage. The clear wood is lighter than glass, with better insulating properties, which is important because windows are a major source of heat loss in buildings. It also might take less energy to manufacture clear wood because there are no high temperatures involved.
Transparent wood could become an alternative to glass in energy efficient buildings, or perhaps coverings for solar panels in harsh environments. There could be no end of uses.
What do you do if Google disables your cloud life? Andrew Spinks, co-author of the Terraria game and president of Re-Logic Games, does not know either, but has declared Google “a liability” and cancelled the port of Terraria to its Stadia platform.Terraria, co-designed by Spinks, was first released for Windows in 2011 and has sold over 30 million copies across PC, consoles, and mobile devices, states a post on the official forums last year.The problems started, according to the official Twitter account, when Re-Logic Games received an email concerning its YouTube channel “saying there was a TOS [Terms of Service] violation but that it was likely accidental and as such, the account would receive no strikes.”Three days later, the entire Google account (YT, Gmail, all Google apps, even every purchase made over 15 years on Google Play Store) was disabled with no warning or recourse. This account links into many business functions and as such the impact to us is quite substantial,” said Re-Logic.The YouTube channel itself was not disabled, only the access to it.The complaint was spotted on Twitter by YouTube support, which provided a link to the standard Google Account Recovery process. “We have attempted this process twice and received an automated response declining our request,” said Re-Logic.That was late last month. Now it seems the problem is still not fixed. “My account has now been disabled for over 3 weeks. I still have no idea why, and after using every resource I have to get this resolved you have done nothing but given me the runaround,” said Spinks. “My phone has lost access to thousands of dollars of apps on Google Play. I had just bought LOTR 4K and can’t finish it. My Google Drive data is completely gone. I can’t access my YouTube channel. The worst of all is losing access to my gmail address of over 15 years.”I absolutely have not done anything to violate your terms of service, so I can take this no other way than you deciding to burn this bridge. Consider it burned. Terraria for Google Stadia is canceled. My company will no longer support any of your platforms moving forward. I will not be involved with a corporation that values their customers and partners so little. Doing business with you is a liability.”The incident would be unremarkable except that Spinks is not the first to complain of shoddy treatment in the one-sided relationship users have with tech giants and Google in particular. Users complain that it is challenging getting past automated responses, or equally uninformative responses from support, and that discovering and correcting the real reason for bans and blocks is challenging.
We’ve been promised hydrogen-powered engines for some time now. One downside though is the need for hydrogen vehicles to have heavy high-pressure tanks. While a 700 bar tank and the accompanying fuel cell is acceptable for a city bus or a truck, it becomes problematic with smaller vehicles, especially ones such as scooters or even full-sized motorcycles. The Fraunhofer Institute wants to run smaller vehicles on magnesium hydride in a paste form that they call POWERPASTE.The idea is that the paste effectively stores hydrogen at normal temperature and pressure. At 250C, the paste decomposes and releases its hydrogen. While your motorcycle may seem hot when parked in the sun, it isn’t getting quite to 250C.Interestingly, the paste only provides half the available hydrogen. The rest is from water added start a reaction to release the hydrogen. Fraunhofer claims the energy density available is greater than that of a 700 bar tank in a conventional hydrogen system and ten times more than current battery technology.One thing that’s attractive is that the paste is easy to store and pump. A gas station, for example, could invest $20-30,000 and dispense the paste from a metal drum to meet low demand and then scale up as needed. A hydrogen pumping setup starts at about $1.2 million. Fraunhofer is building a pilot production plant that will produce about four tons of the material a year.
I was confused, annoyed and sad trying to understand what had happened. I was removed by the senior moderator at r/wallstreetbets who is u/turdled . I messaged him asking for an explanation, but have still not been given one. It was at this same time that several other moderators were removed and getting banned left and right. I had some of my posts removed as well.
I was also starting to receive chat requests and messages from people seeing u/zjz‘s post and asking what was going on, and accusing me of being a rogue/plant mod.
I’ve been looking around the accounts of the mods of the new subreddit and these are indeed the old mods.
NB r/wallstreetbetsnew seems to be the Gamestonk holdout with the memes. r/wallstreetbetstest is where the “real” wsb crowds who aren’t solely obsessed with GME are hanging around.
If you want to know about the dark history and why the founder was kicked out, read here
tl;dr on tl;dr: Founder bad, greedy, got banned for being greedy. Being greedy again with new spotlight on the sub.
tl;dr, in 2020 the original founder (after being gone for years and did nothing to contribute to the sub), along with a couple of mods, attempted to monetize the sub for personal gains. Users and other mods fought back. Hundreds of users got mass banned for speaking out, mods who spoke out got removed as mods. With some help from users, mods found precedent of another sub creator getting banned for trying to monetize a sub and sent plea to Reddit admins. Reddit admins banned offenders and gave sub back to the good mods.
u/SpeaksInBooleans (RIP) investigated the circumstance of the events and made video exposing the offenders:
It’s important to know/remember this now, because the same person that got exiled for being a tyrant is doing a media circus, trying to ride the current spotlight for personal gain, again. Hey CNN and WSJ, stop interviewing that dipshit. The sub has always been about its people, and what you guys wanted to do (as retarded as you are). No single person speaks for the sub and controls its destiny. It is in good hands with u/zjz aka u/SwineFluPandemic
via Kia, Twitter
