The Linkielist

Linking ideas with the world

The Linkielist

Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Spotify resets passwords after a security bug exposed users’ private account information – for 6 months

Posted on by

Spotify said it has reset an undisclosed number of user passwords after blaming a software vulnerability in its systems for exposing private account information to its business partners.

In a data breach notification filed with the California attorney general’s office, the music streaming giant said the data exposed “may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify.” The company did not name the business partners, but added that Spotify “did not make this information publicly accessible.”

Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12. But like most data breach notices, Spotify did not say what the vulnerability was or how user account data became exposed.

“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted,” the letter read.

Spotify spokesperson Adam Grossberg confirmed that a “small subset” of Spotify users are affected, but did not provide a specific figure. Spotify has more than 320 million users, and 144 million subscribers.

It’s the second time in as many months that the company has reset user passwords.

Last month security researchers found an unsecured database, likely operated by hackers, allegedly containing around 300,000 stolen user passwords. The database was probably used to launch credential stuffing attacks, in which lists of stolen passwords are matched against different websites that use the same password.

Although in that case the exposed data did not come from Spotify, the company reset the passwords on affected user accounts.

Source: Spotify resets passwords after a security bug exposed users’ private account information | TechCrunch

‘Save Europe from Software Patents’, Urges Nonprofit FFII – DE is trying for 3rd time using underhanded sneaky tactics

Posted on by

Long-time Slashdot reader zoobab shares this update about the long-standing Foundation for a Free Information Infrastructure, a Munich-based non-profit opposing ratification of a “Unified Patent Court” by Germany: The FFII is crowdfunding a constitutional complaint in Germany against the third attempt to impose software patents in Europe, calling on all software companies, independent software developers and FLOSS authors to donate.

The Unitary Patent and its Court will promote patent trolls, without any appeal possible to the European Court of Justice, which won’t be able to rule on patent law, and software patents in particular. The FFII also says that the proposed court system will be more expensive for small companies then the current national court system.
The stakes are high — so the FFII writes that they’re anticipating some tricky counter-maneuvering: Stopping the UPC in Germany will be enough to kill the UPC for the whole Europe… German government believe that they can ratify before the end of the year, as they consider the UK still a member of the EU till 31st December. The agenda of next votes have been designed on purpose to ratify the UPC before the end of the year. FFII expects dirty agenda and political hacks to declare the treaty “into force”, dismiss “constitutional complaints”, while the presence of UK is still problematic.

Source: ‘Save Europe from Software Patents’, Urges Nonprofit FFII – Slashdot

These have been batted off the table before and for very good reason.

Russia Breached Update Server Used by 300,000 Organizations, Including the NSA

Posted on by

Sunday Reuters reported that “a sophisticated hacking group” backed by “a foreign government” has stolen information from America’s Treasury Department, and also from “a U.S. agency responsible for deciding policy around the internet and telecommunications.”

The Washington Post has since attributed the breach to “Russian government hackers,” and discovered it’s “part of a global espionage campaign that stretches back months, according to people familiar with the matter.” Officials were scrambling over the weekend to assess the extent of the intrusions and implement effective countermeasures, but initial signs suggested the breach was long-running and significant, the people familiar with the matter said. The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service and breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration… [The Washington Post has also reported this is the group responsible for the FireEye breach. -Ed]

All of the organizations were breached through the update server of a network management system called SolarWinds, according to four people familiar with the matter. The company said Sunday in a statement that monitoring products it released in March and June of this year may have been surreptitiously weaponized with in a “highly-sophisticated, targeted…attack by a nation state.” The scale of the Russian espionage operation is potentially vast and appears to be large, said several individuals familiar with the matter. “This is looking very, very bad,” said one person. SolarWinds products are used by more than 300,000 organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website. SolarWinds is also used by the top 10 U.S. telecommunications companies…

APT29 compromised the SolarWinds server that sends updates so that any time a customer checks in to request an update, the Russians could hitch a ride on that update to get into a victim’s system, according to a person familiar with the matter. “Monday may be a bad day for lots of security teams,” tweeted Dmitri Alperovitch, a cybersecurity expert and founder of the Silverado Policy Accelerator think tank.
Reuters described the breach as “so serious it led to a National Security Council meeting at the White House.”

Source: Russia Breached Update Server Used by 300,000 Organizations, Including the NSA – Slashdot

World+dog share in collective panic attack as Google slides off the face of the internet

Posted on by

Google services such as YouTube and Gmail started the week with an almighty bang as the Chocolate Factory’s cloud came crashing to the ground.

Despite an insistence from the company’s various health dashboards that all was fine and dandy, it most definitely was not.

Those seeking distraction in video form were treated to YouTube’s “Something went wrong…” monkey, while others wishing to express their disquiet via Gmail were shown a 502 code or a suggestion to try again in five minutes.

YouTube broken monkey

The issue appears to have afflicted vast swathes of the globe, with users in the Philippines and India joining Europeans and US early birds in being unexpectedly ejected from the Chocolate Factory’s services.

Problems seemed to start at around 11:30 GMT. At time of writing YouTube was inaccessible, Gmail was borked, Drive was down, image search failed (unless an error code was what you were looking for), and Docs didn’t seem happy.

Some things still worked – we found links to existing Google Docs were working and the search for which the company is famed appeared to be running. So there was no need to resort to something like Bing.

Google is no stranger to outages. Pretty much everything from GCP to G Suite fell over into a heap back in August.

As for today’s outage, Google’s Workspace dashboard was aglow with green lights, even if the reality was quite different.

[…]

Source: World+dog share in collective panic attack as Google slides off the face of the internet • The Register

TSA Oversight Says Agency’s Suspicionless Surveillance Program Is Worthless And The TSA Can’t Prove It Isn’t

Posted on by

The TSA’s “Quiet Skies” program continues to suffer under scrutiny. When details first leaked out about the TSA’s suspicionless surveillance program, even the air marshals tasked with tailing non-terrorists all over the nation seemed concerned. Marshals questioned the “legality and validity” of the program that sent them after people no government agency had conclusively tied to terrorist organizations or activities. Simply changing flights in the wrong country was enough to initiate the process.

First, the TSA lost the support of the marshals. Then it lost itself. The TSA admitted during a Congressional hearing that it had trailed over 5,000 travelers (in less than four months!) but had yet to turn up even a single terrorist. Nonetheless, it stated it would continue to trail thousands of people a year, presumably in hopes of preventing another zero terrorist attacks.

Then it lost the Government Accountability Office. The GAO’s investigation of the program contained more investigative activity than the program itself. According to its report, the TSA felt surveillance was good but measuring the outcome was bad. When you’re trailing 5,000 people and stopping zero terrorists, the less you know, the better. Not being able to track effectiveness appeared to be a feature of “Quiet Skies,” rather than a bug.

Now it’s lost the TSA’s Inspector General. The title of the report [PDF] underplays the findings, stating the obvious while also understating the obvious: TSA Needs to Improve Management of the Quiet Skies Program. A good alternative title would be “TSA Needs to Scrap the Quiet Skies Program Until it Can Come Up with Something that Might Actually Stop Terrorists.”

I mean…

TSA did not properly plan, implement, and manage the Quiet Skies program to meet the program’s mission of mitigating the threat to commercial aviation posed by higher risk passengers.

In slightly more detail, the TSA did nothing to set up the program correctly or ensure it actually worked. The IG says the TSA never developed performance goals or other metrics to gauge the effectiveness of the suspicionless surveillance. It also ignored its internal guidance to more effectively deploy its ineffective program.

Here’s why:

This occurred because TSA lacked sufficient, centralized oversight to ensure the Quiet Skies program operated as intended.

[…]

Source: TSA Oversight Says Agency’s Suspicionless Surveillance Program Is Worthless And The TSA Can’t Prove It Isn’t | Techdirt

EU agency in charge of COVID-19 vaccine approval hacked, vaccine documents stolen

Posted on by

The European Medicines Agency (EMA), the EU regulatory body in charge of approving COVID-19 vaccines, said today it was the victim of a cyber-attack.

In a short two-paragraph statement posted on its website today, the agency discloses the security breach but said it couldn’t disclose any details about the intrusion due to an ongoing investigation.

EMA is currently in the process of reviewing applications for two COVID-19 vaccines, one from US pharma giant Moderna, and a second developed in a collaboration between BioNTech and Pfizer.

[…]

in a follow-up statement released on its own website, BioNTech said that “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed” during the attack, confirming that COVID-19 research was most likely the target of the attack.

Over the past months, numerous companies working on COVID-19 research and vaccines have been the targets of hackers, and especially of state-sponsored hacking groups.

Companies like Johnson & Johnson, Novavax, Genexine, Shin Poong Pharmaceutical, Celltrion, AstraZeneca, Moderna, and Gilead have been targeted by hackers, according to reports from Reuters and the Wall Street Journal.

In November, OS maker and cyber-security giant Microsoft said it detected three nation-state hacking groups (known as APTs) targeting seven companies working on COVID-19 vaccines, singling out Russia’s Strontium (Fancy Bear) and North Korea’s Zinc (Lazarus Group) and Cerium for the attacks.

[…]

Source: EU agency in charge of COVID-19 vaccine approval says it was hacked | ZDNet

Facebook crushed rivals to maintain an illegal monopoly, the entire United States yells in Zuckerberg’s face

Posted on by

Facebook illegally crushed its competition and continues to do so to this day to maintain its monopoly, according to a lawsuit filed on Wednesday by the attorneys general of no fewer than 46 US states plus Guam and DC.

The lawsuit alleges that the social media giant “illegally acquired competitors in a predatory manner and cut services to smaller threats – depriving users from the benefits of competition and reducing privacy protections and services along the way – all in an effort to boost its bottom line through increased advertising revenue.”

America’s consumer watchdog the FTC is also suing the antisocial network in a parallel action, and making the same basic allegations: that Facebook has been “illegally maintaining its personal social networking monopoly through a years-long course of anticompetitive conduct.”

It’s been a long time coming but the, as alleged, privacy-invading, competition-crushing Zuckerberg spin machine that is Facebook has finally been taken on by the United States.

The action is being led by New York’s Attorney General Letitia James, and she wasn’t holding back in her declaration of legal war. “For nearly a decade, Facebook has used its dominance and monopoly power to crush smaller rivals and snuff out competition, all at the expense of everyday users,” she said. “Today, we are taking action to stand up for the millions of consumers and many small businesses that have been harmed by Facebook’s illegal behavior.”

She also highlighted the biggest complaint against Facebook by its users, a complaint that has been commonplace for nearly a decade, that it has made “billions by converting personal data into a cash cow.”

[…]

The 123-page lawsuit [PDF] dives into how what was once just a website among many others became an online monster devouring anything in its path. “Facebook illegally maintains that monopoly power by deploying a buy-or-bury strategy that thwarts competition and harms both users and advertisers. Facebook’s illegal course of conduct has been driven, in part, by fear that the company has fallen behind in important new segments and that emerging firms were ‘building networks that were competitive with’ Facebook’s and could be ‘very disruptive to’ the company’s dominance,” the lawsuit stated.

It quotes CEO Mark Zuckerberg directly and notes that the Silicon Valley goliath would ruthlessly buy up companies in order to “build a competitive moat” or “neutralize a competitor” in its bid for dominance. And notes that Facebook has “coupled its acquisition strategy with exclusionary tactics that snuffed out competitive threats and sent the message to technology firms that, in the words of one participant, if you stepped into Facebook’s turf or resisted pressure to sell, Zuckerberg would go into ‘destroy mode’ subjecting your business to the ‘wrath of Mark.’ As a result, Facebook has chilled innovation, deterred investment, and forestalled competition in the markets in which it operates, and it continues to do so.”

The lawsuit is a much tighter and angrier indictment of Facebook than a similar one lodged against Google in October by the Department of Justice. It still relies on traditional antitrust arguments, however, rather than trying to break new ground to deal with the modern internet era.

[…]

Source: Facebook crushed rivals to maintain an illegal monopoly, the entire United States yells in Zuckerberg’s face • The Register

I have been talking about this since the beginning of 2019 and it’s wonderful to see the tsunami of action happening now

Proposed U.S. Law Could Slap Twitch Streamers With Felonies For Broadcasting Copyrighted Material

Posted on by

According to Politico offshoot Protocol, the felony streaming proposal is the work of Republican senator Thom Tillis, who has backed similar proposals previously. It is more or less exactly what it sounds like: A proposal to turn unauthorized commercial streaming of copyrighted material—progressive policy publication The American Prospect specifically points to examples like “an album on YouTube, a video clip on Twitch, or a song in an Instagram story”—into a felony offense with a possible prison sentence. Currently, such violations, no matter how severe, are considered misdemeanors rather than felonies, because the law regards streaming as a public performance. With Twitch currently in the crosshairs of the music industry, such a change would turn up the heat on streamers and Twitch even higher—perhaps to an untenable degree. Other platforms, like YouTube, would almost certainly suffer as well.

“A felony streaming bill would likely be a chill on expression,” Katharine Trendacosta, associate director of policy and activism with the Electronic Frontier Foundation, told The American Prospect. “We already see that it’s hard enough in just civil copyright and the DMCA for people to feel comfortable asserting their rights. The chance of a felony would impact both expression and innovation.”

According to Protocol, House and Senate Judiciary Committees have agreed to package the streaming felony proposal with other controversial provisions that include the CASE act, which would establish a new court-like entity within the U.S. Copyright Office to resolve copyright disputes, and the Trademark Modernization Act, which would give the U.S. Patent and Trademark Office more flexibility to crack down on illegitimate claims from foreign countries.

Alongside the felony streaming proposal, these provisions have drawn ire from civil rights groups, digital rights nonprofits, and companies including the aforementioned Electronic Frontier Foundation, the Internet Archive, the American Library Association, and the Center for Democracy & Technology. Collectively, these groups and others penned a letter to the U.S. Senate last week.

[…]

Source: Proposed U.S. Law Could Slap Twitch Streamers With Felonies For Broadcasting Copyrighted Material

It’s incredible that not only does copyright stifle competition, but it allows a creator to create something once, get lucky and then sit on his / her arse for the rest of their lives – and  their childrens’ doing sweet fuck all and raking in dosh. And that these laws get stronger and stronger for the people who do pretty much nothing.

SpaceX Starship blows up on landing, but Elon Musk says it’s the data that matters and that landed just fine

Posted on by

SpaceX has conducted a test of the Starship it plans to use for flights to Mars, and while the experiment ended badly the flight was judged a success.

Wednesday’s flight used just the Starship – the second stage of SpaceX’s planned heavy lifter. Previous flights had seen the craft ascend to around 500 feet. This time around the goal was a high-altitude test that would take it to 41,000 feet, before returning to terra firma to prove its reusability.

As the video below shows, the vehicle lifted off (at around 1:48:00) and then came down belly-first before pivoting for landing (1:53:00).

SpaceX’s summary of the mission said that Starship “successfully ascended, transitioned propellant, and performed its landing flip maneuver with precise flap control to reach its landing point.”

But not everything went right. The vids above and below show the excitement. Spoiler: big ball of flame!

Despite that excitement, SpaceX founder and CEO Elon Musk was chuffed with the outcome.

Why so upbeat despite the unhappy ending? Musk rated the chances of mission success as one in three, and SpaceX has other prototypes ready to fly. This one didn’t even have the engine configuration planned for the production model. So getting everything right bar the landing is a decent outcome.

Source: SpaceX Starship blows up on landing, but Elon Musk says it’s the data that matters and that landed just fine • The Register

Wall Street Begins Trading Water Futures as a Commodity

Posted on by

Wall Street has begun trading water as a commodity, like gold or oil. The country’s first water market launched on the Chicago Mercantile Exchange this week with $1.1 billion in contracts tied to water prices in California, Bloomberg News reported.

The market allows farmers, hedge funds, and municipalities to hedge bets on the future price of water and water availability in the American West. The new trading scheme was announced in September, prompted by the region’s worsening heat, drought, and wildfires fueled by climate change. There were two trades when the market went live Monday.

“Climate change, droughts, population growth, and pollution are likely to make water scarcity issues and pricing a hot topic for years to come,” RBC Capital Markets managing director and analyst Deane Dray told Bloomberg. “We are definitely going to watch how this new water futures contract develops.”

[…]

Source: Wall Street Begins Trading Water Futures as a Commodity – Yale E360

Flexible color ePaper displays could soon adorn your clothes | Engadget

Posted on by

Whenever the runways of Paris, London, Milan and New York open back up, designers might be showing off looks adorned with flexible color ePaper displays. E Ink has teamed up with Plastic Logic to make the first such panels based on its Advanced Color ePaper (ACeP) tech.

The glass-free organic Thin Film Transistor (oTFT) displays are lightweight and ultra low-power. E Ink claims they’re more durable, thinner and lighter than glass-based TFTs. That, according to the company, makes oTFT displays “ideal” for wearables. For instance, designers could build the Legio-branded displays into smart clothing and jewelry. Until now, ACeP displays have mainly been used for signage, which of course doesn’t require panels to be flexible.

The first Legio panel is a 2.1-inch, 240 x 146-pixel display with support for six colors, including black and white. It’s powered by an Ultrachip UC8156 single-chip controller.

Source: Flexible color ePaper displays could soon adorn your clothes | Engadget

NextMind’s brain-computer interface is ready for developers

Posted on by

NextMind is the latest in a long line of companies trying to harness the brain as a means of controlling our digital world. At first, its take on things may seem familiar: Don a headset which places a sensor on the back of your head, and it’ll detect your brainwaves which can then be translated into digital actions. One area where NextMind differs is that the sensor seems more practical than many we’ve seen and won’t leave you looking like a shower cap-wearing lab rat. In fact, the wearable can just as easily clip onto the rear of a snapback.

Beyond size and aesthetics, NextMind’s technology also seems fairly mature. I tried a demo (via the developer kit which goes on sale today for $399) and was surprised by how polished the whole experience was. Set up involved just one basic “training” exercise and I was up and running, controlling things with my mind. The variety of demos made it clear that NextMind is thinking way beyond simple mental button pushes.

There’s still a slight learning curve to get the “knack” — and it won’t replace your mouse or keyboard just yet. Mostly because we’ll need to wait for a library of apps to be built for it first, but also it’s still a new technology — and it takes some practice to become “fluent” with it, as my terrible performance on a mind-controlled game of Breakout can attest. But the diverse and creative demo applications I experienced do hold a lot of promise.

NextMind brain-computer interface

James Trew / Engadget

Right now, the applications are pretty simple: Mostly controlling media and games and so on, but NextMind’s founder and CEO, Sid Kouider is confident the technology will evolve to the point where you can simply think of an image to search for it, for example. There are also complementary technologies, like AR, where this sort of control not only seems apt, but almost essential. Imagine donning some augmented reality glasses and being able to choose from menu items or move virtual furniture around your room just with a glance.

The technology driving things is familiar enough: The sensor is an EEG that gently rests against the back of your head. This position is key, according to Kouider, as that’s where your visual cortex’s signals can most easily (or comfortably) be reached. And it’s these signals that NextMind uses, interpreting what you are looking at as the item or signal to be acted upon. In its simplest form, this would be a button or trigger, but the demos also show how it can be used to DJ, copy and paste and even augment (instead of simply replace) other inputs, such as that mouse or a game controller you are already using.

Source: NextMind’s brain-computer interface is ready for developers | Engadget

BMW System Malfunction Takes Out Apple CarPlay, Tells Some Owners to Pay for It

Posted on by

BMW’s much-loathed idea to charge owners a subscription fee for Apple CarPlay in its 2019 and 2020 models strikes again, one year after BMW reversed that decision after considerable blowback. Some owners of those cars reported that Apple CarPlay would not work over the weekend, and some were even prompted to pay for the feature, Autoevolution reports.

Some features like CarPlay go through BMW ConnectedDrive Services, which allows users to pair devices, monitor their cars from afar and sign up for additional apps or services. It’s a customer portal, and that’s where some BMW owners whose CarPlay quit working encountered some confusing messages. Bacster007 on Reddit’s r/BMW explained:

I spoke with my sales rep at the dealership and verified issues are going on. Had me check the customer portal website which has the car and all the information/apps on it. It shows that I’m subscribed to CarPlay. He said for some people who lost the feature it shows that they have to pay for the app all of a sudden, and some like myself are still showing a valid subscription.

[…]

Source: BMW System Malfunction Takes Out Apple CarPlay, Tells Some Owners to Pay for It

Hackers are trying to disrupt the COVID-19 vaccine supply chain

Posted on by

Since the start of the coronavirus pandemic, we’ve seen hackers target efforts to develop a COVID-19 vaccine, but it now seems they’re shifting their attention to the supply chain that will distribute those vaccines to people across the world.

IBM says it recently uncovered a highly coordinated global phishing campaign focused on the companies and organizations involved with the upcoming “cold chain” distribution of COVID-19 vaccines. That’s the part of the supply network that ensures those vaccines stay cold enough so that they don’t go bad. It’s a critically important aspect of the two leading vaccine candidates from Pfizer and Moderna, as they need to be kept at minus 94 degrees Fahrenheit and minus 4 degrees Fahrenheit, respectively.

The hackers impersonated an executive with Haier Biomedical, a Chinese company that styles itself as “the world’s only complete cold chain provider.” They sent meticulously researched phishing emails that included an HTML attachment asking the recipient to input their credentials. They could have used that information later to gain access to sensitive networks.

The campaign, which IBM says has “the potential hallmarks” of a state-sponsored effort, cast a wide net. The company only named one target explicitly — the European Commission’s Directorate-General for Taxation and Customs Union — but said the campaign targeted at least 10 different organizations, including a dev shop that makes websites for pharmaceutical and biotech companies. The company doesn’t know if any of the attacks were ultimately successful in their goal.

[…]

Source: Hackers are trying to disrupt the COVID-19 vaccine supply chain | Engadget

Japan sticks the landing: Asteroid sample recovered from Hayabusa2 probe

Posted on by

Vids’n’pics Japanese and Australian astroboffins have successfully recovered samples taken from Asteroid Ryugu by the Hayabusa2 probe.

Hayabusa2 has had quite a ride and has more adventures ahead of it.

The probe launched in 2014 and spent three-and-a-half years travelling to near-Earth asteroid 162173 Ryugu, which has a diameter of about 1km and occasionally passes within 100,000km of the planet upon which you are (presumably) reading this story.

Hayabusa2 carried four rovers, one of which was used after the spacecraft shot a bullet at the asteroid to disturb its surface and stir up some matter to bring home in a sealed capsule designed to survive the rigours of re-entry to Earth’s atmosphere.

The probe bade farewell to Ryugu in November 2019 and early on Sunday morning, Australian time, the recovery capsule was spotted streaking across the sky as it made its way towards the Woomera prohibited area for a pre-dawn landing.

[…]

The capsule carried the samples from Ryugu, plus a radar-reflective parachute and a radio beacon designed to make it easier to find in the very hot, dry, and nasty conditions often found in the region.

As it happened, everything worked, and news of the capsule’s retrieval emerged before lunchtime.

[…]

Japan Aerospace Exploration Agency staff approached the capsule wearing protective gear and what looks like some trepidation.

Japanese space agency staff approach the returned sample capsule

Click to enlarge

Before long, the capsule becamse safe to handle and was popped into a shiny box.

The returned sample from Hayabusa2

The sample return capsule in its box.
Click to enlarge

The precious cargo was soon on its way to the facility established to handle the landing.

[…]

Another story we’ll have to wait for is news of Hayabusa2’s ongoing adventures, because the probe skipped off past Earth and has enough fuel aboard to line up a 2026 rendezvous with another asteroid, the mysteriously ruddy 2001 CC. Japan’s space agency has even contemplated a third asteroid visit, in 2030, and even a possible fly-by of Venus. As it flits about the inner solar system, the probe’s cameras will also be used for observations of exoplanets and other phenomena

Source: Japan sticks the landing: Asteroid sample recovered from Hayabusa2 probe • The Register

Data of 243 million Brazilians exposed online via govt website source code

Posted on by

The personal information of more than 243 million Brazilians, including alive and deceased, has been exposed online after web developers left the password for a crucial government database inside the source code of an official Brazilian Ministry of Health’s website for at least six months.

The security snafu was discovered by reporters from Brazilian newspaper Estadao, the same newspaper that last week discovered that a Sao Paolo hospital leaked personal and health information for more than 16 million Brazilian COVID-19 patients after an employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub.

Estadao reporters said they were inspired by a report filed in June by Brazilian NGO Open Knowledge Brasil (OKBR), which, at the time, reported that a similar government website also left exposed login information for another government database in the site’s source code.

Since a website’s source code can be accessed and reviewed by anyone pressing F12 inside their browser, Estadao reporters searched for similar issues in other government sites.

They found a similar leak in the source code of e-SUS-Notifica, a web portal where Brazilian citizens can sign up and receive official government notifications about the COVID-19 pandemic

[…]

Source: Data of 243 million Brazilians exposed online via website source code | ZDNet

Alphabet’s internet Loon balloon kept on station in the sky using AI that beat human-developed control code

Posted on by

Loon, known for its giant billowing broadband-beaming balloons, says it has figured out how to use machine-learning algorithms to keep its lofty vehicles hovering in place autonomously in the stratosphere.

The 15-metre-wide balloons relay internet connections between people’s homes and ground stations that could be thousands of kilometres apart. To form a steady network that can route data over long distances reliably, the balloons have to stay in place, and do so all by themselves.

Loon’s AI-based solution to this station-keeping problem has been described in a research paper published in Nature on Wednesday, and basically it works by adjusting the balloons’ altitude to catch the right wind currents to ensure they are where they need to be.

The machine-learning software, we’re told, managed to successfully keep the Loon gas bags bobbing up and down in the skies above in the Pacific Ocean in an experiment that lasted 39 days. Previously, the Loon team used a non-AI controller that used a handcrafted algorithm known as StationSeeker to do the job, though decided to experiment to see whether it could find a more efficient method using machine learning.

“As far as we know, this is the world’s first deployment of reinforcement learning in a production aerospace system,” said Loon CTO Salvatore Candido.

The AI is built out of a feed-forward neural network that learns to decide whether a balloon should fly up or go down by taking into account variables, such as wind speed, solar elevation, and how much power the equipment has left. The decision is then fed to a controller system to move the balloon in place.

By training the model in simulation, the neural network steadily improved over time using reinforcement learning as it repeated the same task over and over again under different scenarios. Loon tested the performance of StationSeeker against the reinforcement learning model in simulation.

“A trial consists of two simulated days of station-keeping at a fixed location, during which controllers receive inputs and emit commands at 3-min intervals,” according to the paper. The performance was then judged by how long the balloons could stay within a 50km radius of a hypothetical ground station.

The AI algorithm scored 55.1 per cent efficiency, compared to 40.5 per cent for StationSeeker. The researchers reckon that the autonomous algorithm is near optimum performance, considering that the best theoretical models reach somewhere between 56.8 to 68.7 per cent.

When Loon and Google ran the controller in the real experiment, which involved a balloon hovering above the Pacific Ocean, they found: “Overall, the [reinforcement learning] system kept balloons in range of the desired location more often while using less power… Using less power to steer the balloon means more power is available to connect people to the internet, information, and other people.”

[…]

Source: Alphabet’s internet Loon balloon kept on station in the sky using AI that beat human-developed control code • The Register

China’s first fully driverless robotaxis hit the streets of Shenzhen

Posted on by

Fully driverless robotaxis are now a practical reality on Chinese roads. AutoX has become the first company to put a fleet of the completely driver-free vehicles on the country’s streets, with the cars now roaming Shenzhen. They’re not yet available to the public, a spokesperson told TechCrunch, but it’s still a significant move.

AutoX claims this is possible thanks to a “5th generation” autonomous driving system that includes a pair of LiDAR sensors on the sides, “4D” radar sensors and thorough blind spot sensing. The robotaxis can react to even the smaller objects around them, and the company is touting a battle-tested platform that knows how to navigate everything from illegally-parked cars through to unprotected U-turns.

The firm’s machines have been in testing in other places, including California, but a “much larger number of road users” in China helped it rapidly refine its technology.

Self-driving taxis are still far from becoming ubiquitous. Regulations in the US and many other parts of the world have yet to adapt, and the cars themselves are unsurprisingly using exotic, expensive hardware. AutoX’s rollout is a large step forward, though, and it might just be a question of when you hop into an unoccupied taxi rather than “if.”

Source: China’s first fully driverless robotaxis hit the streets of Shenzhen | Engadget

The first phone with an under-display camera goes on sale December 21st

Posted on by

You won’t have to wait much longer to buy the first phone with an under-display camera — if you live in the right country. ZTE now plans to release the Axon 20 5G in 11 countries and regions on December 21st, including the UK, European Union, Japan and South Korea. The company didn’t reveal pricing, but said it would be available “soon.”

The centerpiece remains an uninterrupted 6.92-inch FHD+ OLED screen that uses a combination of materials, display syncing and a “special matrix” to hide a 32-megapixel selfie camera. You won’t find a cutout or notch here. It’s a thoroughly mid-range phone beyond that, though. The Axon 20 5G runs on a Snapdragon 765G chip with 8GB of RAM, and its stand-out features beyond the front camera include a 90Hz refresh rate and DTS:X Ultra 3D sound.

You can expect a 64MP main rear camera, an 8MP ultra-wide, a 2MP macro cam and a 2MP depth sensor. The 4,220mAh battery is also unspectacular given the size and 5G, although 30W fast charging should help it top up quickly.

5G, although 30W fast charging should help it top up quickly.

Source: The first phone with an under-display camera goes on sale December 21st | Engadget

Good stuff! I absolutely hate the cut out notch!

As if Productivity Score wasn’t creepy enough, Microsoft has patented tech for ‘meeting quality monitoring devices’ – PS is being defanged though

Posted on by

The slightly creepy “Productivity Score” may not be all that’s in store for Microsoft 365 users, judging by a trawl of Redmond’s patents.

One that has popped up recently concerns a “Meeting Insight Computing System“, spotted first by GeekWire, created to give meetings a quality score with a view to improving upcoming get-togethers.

It all sounds innocent enough until you read about the requirement for “quality parameters” to be collected from “meeting quality monitoring devices”, which might give some pause for thought.

Productivity Score relies on metrics captured within Microsoft 365 to assess how productive a company and its workers are. Metrics include the take-up of messaging platforms versus email. And though Microsoft has been quick to insist the motives behind the tech are pure, others have cast more of a jaundiced eye over the technology.

[…]

Meeting Insights would take things further by plugging data from a variety of devices into an algorithm in order to score the meeting. Sampling of environmental data such as air quality and the like is all well and good, but proposed sensors such as “a microphone that may, for instance, detect speech patterns consistent with boredom, fatigue, etc” as well as measuring other metrics, such as how long a person spends speaking, could also provide data to be stirred into the mix.

And if that doesn’t worry attendees, how about some more metrics to measure how focused a person is? Are they taking care of emails, messaging or enjoying a surf of the internet when they should be paying attention to the speaker? Heck, if one is taking data from a user’s computer, one could even consider the physical location of the device.

[…]

Talking to The Reg, one privacy campaigner who asked to remain anonymous said of tools such as Productivity Score and the Meeting Insight Computing System patent: “There is a simple dictum in privacy: you cannot lose data you don’t have. In other words, if you collect it you have to protect it, and that sort of data is risky to start with.

“Who do you trust? The correct answer is ‘no one’.”

Source: As if Productivity Score wasn’t creepy enough, Microsoft has patented tech for ‘meeting quality monitoring devices’ • The Register

Since then, Microsoft will remove user names from ‘Productivity Score’ feature after privacy backlash ( Geekwire )

Microsoft says it will make changes in its new Productivity Score feature, including removing the ability for companies to see data about individual users, to address concerns from privacy experts that the tech giant had effectively rolled out a new tool for snooping on workers.

“Going forward, the communications, meetings, content collaboration, teamwork, and mobility measures in Productivity Score will only aggregate data at the organization level—providing a clear measure of organization-level adoption of key features,” wrote Jared Spataro, Microsoft 365 corporate vice president, in a post this morning. “No one in the organization will be able to use Productivity Score to access data about how an individual user is using apps and services in Microsoft 365.”

The company rolled out its new “Productivity Score” feature as part of Microsoft 365 in late October. It gives companies data to understand how workers are using and adopting different forms of technology. It made headlines over the past week as reports surfaced that the tool lets managers see individual user data by default.

As originally rolled out, Productivity Score turned Microsoft 365 into a “full-fledged workplace surveillance tool,” wrote Wolfie Christl of the independent Cracked Labs digital research institute in Vienna, Austria. “Employers/managers can analyze employee activities at the individual level (!), for example, the number of days an employee has been sending emails, using the chat, using ‘mentions’ in emails etc.”

The initial version of the Productivity Score tool allowed companies to see individual user data. (Screenshot via YouTube)

Spataro wrote this morning, “We appreciate the feedback we’ve heard over the last few days and are moving quickly to respond by removing user names entirely from the product. This change will ensure that Productivity Score can’t be used to monitor individual employees.”

DeepMind’s A.I. can now predict protein shapes from their DNA sequences | Fortune

Posted on by

Researchers have made a major breakthrough using artificial intelligence that could revolutionize the hunt for new medicines.

The scientists have created A.I. software that uses a protein’s DNA sequence to predict its three-dimensional structure to within an atom’s width of accuracy.

The achievement, which solves a 50-year-old challenge in molecular biology, was accomplished by a team from DeepMind, the London-based artificial intelligence company that is part of Google parent Alphabet.

[…]

Across more than 100 proteins, DeepMind’s A.I. software, which it called AlphaFold 2, was able to predict the structure to within about an atom’s width of accuracy in two-thirds of cases and was highly accurate in most of the remaining one-third of cases, according to John Moult, a molecular biologist at the University of Maryland who is director of the competition, called the Critical Assessment of Structure Prediction, or CASP. It was far better than any other method in the competition, he said.

[…]

DeepMind had not yet determined how it would provide academic researchers with access to the protein structure prediction software or whether it would seek commercial collaborations with pharmaceutical and biotechnology firms. He said the company would announce “further details on how we’re going to be able to give access to the system in a scalable way” sometime next year.

“This computational work represents a stunning advance on the protein-folding problem,” Venki Ramakrishnan, a Nobel Prize–winning structural biologist who is also the outgoing president of the Royal Society, Britain’s most prestigious scientific body, said of AlphaFold 2.

Janet Thornton, an expert in protein structure and former director of the European Molecular Biology Laboratory’s European Bioinformatics Institute, said that DeepMind’s breakthrough opened up the way to mapping the entire “human proteome”—the set of all proteins found within the human body. Currently, only about a quarter of human proteins have been used as targets for medicines, she said. Now, many more proteins could be targeted, creating a huge opportunity to invent new medicines.

[…]

As part of CASP’s efforts to verify the capabilities of DeepMind’s system, Lupas used the predictions from AlphaFold 2 to see if it could solve the final portion of a protein’s structure that he had been unable to complete using X-ray crystallography for more than a decade. With the predictions generated by AlphaFold 2, Lupas said he was able to determine the shape of the final protein segment in just half an hour.

AlphaFold 2 has also already been used to accurately predict the structure of a protein called ORF3a that is found in SARS-CoV-2, the virus that causes COVID-19, which scientists might be able to use as a target for future treatments.

Lupas said he thought the A.I. software would “change the game entirely” for those who work on proteins. Currently, DNA sequences are known for about 200 million proteins, and tens of millions more are being discovered every year. But 3D structures have been mapped for less than 200,000 of them.

AlphaFold 2 was only trained to predict the structure of single proteins. But in nature, proteins are often present in complex arrangements with other proteins. Jumper said the next step was to develop an A.I. system that could predict complicated dynamics between proteins—such as how two proteins will bind to one another or the way that proteins in close proximity morph one another’s shapes.

[…]

Source: DeepMind’s A.I. can now predict protein shapes from their DNA sequences | Fortune

How use science to fight back against anti-maskers, climate deniers and anti-vaxxers? Let people read their research

Posted on by

[..]

The shift to online science communication from conventional news platforms has been going on for a while. There is a need for credible and accurate reporting because the miscommunication of science in the media is causing lasting damage to the public’s understanding of science.

Misinformation has consequences, as seen during the ongoing COVID-19 pandemic. Ignoring public health advice to wear masks and physically distance has cost thousands of lives and livelihoods in countries such as the United States, Brazil and Russia. Yet, resources in science journalism are dwindling. Budget cuts have slashed the number of journalists in conventional news outlets; this often affects specialized reporters like science journalists.

We need to equip scientists with science journalism skills. At Concordia University,

[…]

This withdrawal of conventional news outlets from conducting science journalism and the increasing role of universities and scientists doing so introduce new challenges.

[…]

Because there are fewer science journalists in conventional news outlets, the public is less able to access the scientific information they need to make informed decisions. This is further exacerbated by the flaws of the existing model.

Currently, scientists communicate their research via private publishing groups. Due to paywalls, this research is very hard to access by the taxpayers who fund that research. Meanwhile, research funded by industry is freely accessible to the public via the publication of patents

Open access is often discussed as a way to ease public access to scientific findings. However, some publishing groups lobby against possible open access government regulation.

But scientists are fighting back. Psychologist Tal Yarkoni, who has been an outspoken critic of the academic publishing model, and other researchers are boycotting journals that engage in this lobbying. In January 2019, the entire editorial board at Elsevier’s Journal of Infometrics resigned in protest of commercial control of scholarly work.

[…]

When it comes to communicating research, there is an inherent conflict of interest between scientists and the universities that employ them.

That’s not to say that universities have sinister intentions. Universities are heavily invested in enhancing their reputations, which is closely tied to their success in raising funds through student recruitment, government grants and philanthropic endowments.

Universities view science communication as a fundraising activity, directed at funding sources, rather than the general public.

[…]

Universities should equip scientists with the knowledge-translation skills necessary to communicate their own science critically and credibly

[…]

Universities should also find a way to engage students in scientific communication. For example, there should be funding for internships for communications students, where those hired can manage Twitter accounts and blogs for research labs, update websites and write research publications in a more compelling, accessible and critical way

[…]

Source: Here’s how to fight back against anti-maskers, climate deniers and anti-vaxxers, according to scientists

Defeat COVID-19: put positive spin to a grim 2020 by showing global covid recoveries on screen

Posted on by

The campaign was conceived by DOOH firm Orb Screen, produced by Creative Conscience and L&CO, developed by Voodooh and Nicole Yershon, and designed by advertising graduate Megan Williams. It has now made its way to Asia, with Location Media Xchange (LMX), the supply-focused arm of Moving Walls Group, amplifying the creatives on partner screens across Singapore, Malaysia, Indonesia, Philippines and India.

The displays run a tally of individuals known to have recovered from COVID-19 worldwide, while showcasing inspiring messages of how survivors have defeated it by refocusing some of the grim language often associated with the pandemic. A+M has reached out to Moving Walls for comment.

image 7.0 jalan maluri by spectrum outdoorimage 7.0 jalan maluri by spectrum outdoorimage 7.0 jalan maluri by spectrum outdoorimage 7.0 jalan maluri by spectrum outdoor

Among the list of media owners in Asia Pacific that ran the dynamic creatives include Dana Intelek, VGI Global Media Malaysia, Visual Retale, Vestigia Malaysia, LOOKhere Network, Titanium Compass, Spectrum Outdoor Marketing, 3thirds Inc, LEDtronics Media, Danendra Abyudaya Adika, KALMS, Pitchworks Incorporated Philippines and Nexyite Entertainment.

Source: Defeat COVID-19: APAC OOH firms put positive spin to a grim 2020

The data comes from John Hopkins University and apparently you can find a PDF brief from Orbscreen containing HTML code.

Poland’s Bid To Get Upload Filters Taken Out Of The EU Copyright Directive Suddenly Looks Much More Hopeful

Posted on by

one of the biggest defeats for users of the Internet — and for online freedom of expression — was the passage of the EU Copyright Directive last year. The law was passed using a fundamentally dishonest argument that it did not require upload filters, because they weren’t explicitly mentioned in the text. As a result, supporters of the legislation claimed, platforms would be free to use other technologies that did not threaten freedom of speech in the way that automated upload filters would do. However, as soon as the law was passed, countries like France said that the only way to implement Article 17 (originally Article 13) was through upload filters, and copyright companies started pushing for legal memes to be blocked because they now admitted that upload filters were “practically unworkable“.

This dishonesty may come back to bite supporters of the law. Techdirt reported last August that Poland submitted a formal request for upload filters to be removed from the final text. The EU’s top court, the Court of Justice of the European Union (CJEU) has just held a public hearing on this case, and as the detailed report by Paul Keller makes abundantly clear, there are lots of reason to be hopeful that Article 17’s upload filters are in trouble from a legal point of view.

The hearing was structured around four questions. Principally, the CJEU wanted to know whether Article 17 meant that upload filters were mandatory. This is a crucial question because the court has found in the past that a general obligation to monitor all user uploads for illegal activities violates the fundamental rights of Internet users and platform operators. This is why proponents of the law insisted that upload filters were not mandatory, but simply one technology that could be applied

[…]

Poland also correctly pointed out that the alternatives presented by the European institutions, such as fingerprinting, hashing, watermarking, Artificial Intelligence or keyword search, all constitute alternative methods of filtering, but not alternatives to filtering.

This is the point that every expert has been making for years: there are no viable alternatives to upload filters, which means that Article 17 necessarily imposes a general monitoring requirement, something that is not permitted under current EU law. The fact that the Advocate General Øe, who will release his own recommendations on the case early next year, made his comment about the lack of any practical alternative to upload filters is highly significant. During the hearing, representatives of the French and Spanish governments claimed that this doesn’t matter, for the following remarkable reason:

The right to intellectual property should be prioritized over freedom of expression in cases of uncertainty over the legality of user uploads, because the economic damage to copyright-holders from leaving infringements online even for a short period of time would outweigh the damage to freedom of expression of users whose legal uploads may get blocked.

The argument here seems to be that as soon as even a single illegal copy is placed online, it will be copied rapidly and spread around the Internet. But this line of reasoning undermines itself. If placing a single illegal copy online for even a short time really is enough for it to be shared widely, then it only requires a copy to be placed on a site outside the EU’s reach for copies to spread around the entire Internet anyway — because copying is so easy — which makes the speed of the takedown within the EU irrelevant.

[…]

In other words, what seemed at the time like a desperate last attempt by Poland to stop the awful upload filters, with little hope of succeeding, now looks to have a decent chance because of the important general issues it raises — something explored at greater length in a new study written by Reda and others (pdf). That’s not to say that Article 17’s upload filters are dead, but it seems like the underhand methods used to force this legislation through could turn out to be their downfall.

Source: Poland’s Bid To Get Upload Filters Taken Out Of The EU Copyright Directive Suddenly Looks Much More Hopeful | Techdirt