For all of Apple’s talk about how private your iPhone is, the company vacuums up a lot of data about you. iPhones do have a privacy setting that is supposed to turn off that tracking. According to a new report by independent researchers, though, Apple collects extremely detailed information on you with its own apps even when you turn off tracking, an apparent direct contradiction of Apple’s own description of how the privacy protection works.
The iPhone Analytics setting makes an explicit promise. Turn it off, and Apple says that it will “disable the sharing of Device Analytics altogether.” However, Tommy Mysk and Talal Haj Bakry, two app developers and security researchers at the software company Mysk, took a look at the data collected by a number of Apple iPhone apps—the App Store, Apple Music, Apple TV, Books, and Stocks. They found the analytics control and other privacy settings had no obvious effect on Apple’s data collection—the tracking remained the same whether iPhone Analytics was switched on or off.
[…]
The App Store appeared to harvest information about every single thing you did in real time, including what you tapped on, which apps you search for, what ads you saw, and how long you looked at a given app and how you found it. The app sent details about you and your device as well, including ID numbers, what kind of phone you’re using, your screen resolution, your keyboard languages, how you’re connected to the internet—notably, the kind of information commonly used for device fingerprinting.
“Opting-out or switching the personalization options off did not reduce the amount of detailed analytics that the app was sending,” Mysk said. “I switched all the possible options off, namely personalized ads, personalized recommendations, and sharing usage data and analytics.”
[…]
Most of the apps that sent analytics data shared consistent ID numbers, which would allow Apple to track your activity across its services, the researchers found.
[…]
In the App Store, for example, the fact that you’re looking at apps related to mental health, addiction, sexual orientation, and religion can reveal things that you might not want sent to corporate servers.
It’s impossible to know what Apple is doing with the data without the company’s own explanation, and as is so often the case, Apple has been silent so far
[…]
You can see what the data looks like for yourself in the video Mysk posted to Twitter, documenting the information collected by the App Store:
The App Store on your iPhone is watching your every move
This isn’t an every-app-is-tracking-me-so-what’s-one-more situation. These findings are out of line with standard industry practices, Mysk says. He and his research partner ran similar tests in the past looking at analytics in Google Chrome and Microsoft Edge. In both of those apps, Mysk says the data isn’t sent when analytics settings are turned off.
In France, solar just got a huge boost from new legislation approved through the Senate this week that requires all parking lots with spaces for at least 80 vehicles – both existing and new – be covered by solar panels.
The new provisions are part of French president Emmanuel Macron’s large-scale plan to heavily invest in renewables, which aims to multiply by 10 the amount of solar energy produced in the country, and to double the power from land-based wind farms.
Starting July 1, 2023, smaller carparks that have between 80 and 400 spaces will have five years to be in compliance with the new measures. Carparks with more than 400 spaces have a shorter timeline: They will need to comply with the new measures within three years of this date, and at least half of the surface area of the parking lot will need to be covered in solar panels.
According to the government, this plan, which particularly targets large parking areas around commercial centers and train stations, could generate up to 11 gigawatts, which is the equivalent of 10 nuclear reactors, powering millions of homes. Public Sénat writes that stipulations were put into place excluding parking lots for trucks carrying heavy goods or parking areas in historic or protected areas, to avoid “distorting” them, according to an amendment to the bill.
Other measures on the table include building large solar farms on vacant land found alongside highways and railways, as well as on agricultural lands where feasible. Macron has said that any bill passed would need to guarantee money that ensures local communities directly benefit from the energy shift.
France’s national rail service SNCF also plans to install some 190,000 square meters of solar panels in 156 stations throughout the country by 2025 and 1.1 million square meters by 2030, all with the aim to reduce energy consumption by 25%.
The government also plans to build around 50 additional wind farms likes the one offshore Saint-Nazaire by 2050 in France. Measures are in place to reduce delays in building offshore wind farms from 10-12 years down to six years, and large solar farms from six years to three years.
This summer, the French government solidified two zones for offshore wind farms off the coast of the Atlantic following a massive public debate involving 15,000 participants, with environmental protection being the biggest concern.
The first wind farm is planned to be sited off the island of Oléron, more than 35 km off the coast of La Rochelle, with a capacity of around 1,000 MW. The second wind farm will likely be located farther out at sea, with both wind farms together producing enough electricity for 1.6 million people.
Despite VR having been hyped up for the last couple of years, not very much has happened in the past two years. The hardware has not really refreshed, but this year at least one new exciting entry has come in and another is promised. Search results of reviews usually have the same group of suspects but usually leave out two important companies that are definitely worth a view. Surprisingly, setting up your VR headset is not a question of plug and play. It’s a bit finicky and takes some time. Games need to be optimised and you will run into strange new terms and things you need to run (Windows Mixed Reality, SteamVR, Windows Mixed Reality for SteamVR, OpenXR) and settings you need to optimise per game. This article offers a primer on that. Despite this, the experience in games is quite amazing!
First you need to make a decision on how you want to use your VR goggles. They come in the types Tethered (which has a cable connected to the PC) or untethered, which uses wireless communication of some sort to send the image signal.
The biggest advantage of tethered is that the cable data throughput is much much higher, allowing for much more detail and higher framerates (which are important for some games, especially simulators. If you are going to use your VR headset in Flight Simulator 2022, Elite Dangerous, Star Citizen, Star Wars Squadrions, driving sims, etc you really will need a tethered headset). The disadvantage is that walking around can be a bit more tricky as there is a cable to mind. Considering the length of cables (6m +) this doesn’t have to be a problem, especially if you are sitting down. There are also pulley arrangements available to have the cable come off the ceiling if you don’t mind how that looks.
The biggest advantage of untethered is that you can wander around easily without tripping on a cable.
Speaking of wandering around, one of the first things you do when you install the headset is set up a border with your headset delineating where you can and can’t walk so you won’t bump into things like your walls, chairs, desk, etc.
Most manufacturers also have a “pro” version which is better. As this article is for gaming, I will leave these out.
Options and Specifications
Then come a plethora of options to look at. For the specifications, higher is usually better (unless you are talking about latency and weight). You do pay for the privilege though:
Resolution – be careful, sometimes it’s a per eye resolution, sometimes it’s a total resolution for both eyes. Sometimes there is just one display and sometimes there are two displays (one for each eye). Two is better.
Field of View (FOV) – this can be both vertical and horizontal and is expressed as an angle.
Camera system – some VR sets (the Quest 2 and the Pico 4) have a camera mounted on the helmet so you can “see” through the headset when turned on (Passthrough). The Pico 4 is colour and very good, the Quest 2 is black and white. Some VR sets offer eye tracking inside your headset. Some systems use these camera’s to see the controllers as a tracking system. (see video from 13 minutes)
Tracking system – an external tracking system (base station) is best (but takes up space) and your controllers won’t lose tracking so often. Camera’s on the headset can be confused if it is too dark or light or if you swing your controllers out of the field of view.
Controllers – some people prefer some controllers to others, eg the HP Reverb G2 has a bad reputation for it’s controllers and the Pico 4 design is praised. Sometimes you can use other system’s controllers, eg you can use the HTC Vive controllers on the HP Reverb G2 and the Valve Index. Check to see if the controllers are in the box you buy (if you want them. If you’re upgrading headset you may not want them).
Data throughput – is the data throughput sufficient for your needs?
Refresh rate
Peak Pixel Density (PPD) – Readability on the screen. Some screens are sharper than others
Glare on the screen
Amount of light bleed – light can get into the headset, which is a distraction. How well does the foam sit around your face.
Comfort of the headband – also a function of foam, how easy the straps are to adjust
Weight and balance – a heavier headset can be more comfortable than a lighter one if the headband is more comfortable and better balanced. I haven’t put weight in the table as this is a very subjective experience.
Interpupillary Distance (IPD) or eye seperation configuration – is it easy to adjust this to your eyes?
Software in the ecosystem – Meta has spent some time gaining exclusive software for the Quest 2 to entice you to buy their hardware, so if you buy something else you won’t be able to play their games. the PS5VR system only works on a Playstation 5.
If you wear glasses, check the size of the glasses spacer – sometimes you can find aftermarket spacers.
Sound quality / Microphone
Ease of setup!
I have a comparison table at the end.
The Headsets
I have divided this into 2 parts – the standard list you will have seen everywhere, the extended list contains headsets not so frequently indexed by Google.
The standard list:
Meta Quest 2 for EUR 449,-
Until the coming of the Pico 4 this was the ‘best value’ option. However, you are being tracked in everything you do by Facebook – it requires a Facebook account login, so for me personally, this makes it a no go. It’s a few years old by now and a bit outdated. Enough said.
The affordable option to for the low end of the market. Tethered. $449 headset only, full kit $749.
HTC Vive Pro 2
The better VR Set. This is the high spec standard unit (but not the highest spec on paper!). Tethered. The controllers are often used by owners of the Valve Index and the HP Reverb G2. $799 without kit, $1399 with base station and 2 controllers. You can buy trackers for your arms and legs seperately. Using a wifi kit can be turned into an untethered unit.
Valve Index
The upper midrange unit. Tethered with base station. $1079,- for the full kit, $539,- only the headset.
The extended list
Pico 4
The newest addition to this list – and everyone is raving about it. The new (2022) technology is a step up for everyone. Untethered (unfortunately, as I’m a simmer!). $429,- with 128 GB, $499,- with 256 GB. You only need the extra memory if you want to load games from the eco system on the device. If you PC game apparently this is not necessary. Also see the video above if you want to know more about this device.
Note: It’s a Chinese product created by ByteDance – the owner of TikTok. Whilst there is no proof that I have found yet that this is a data grabbing monster (but please correct me if I am wrong) there is plenty of fingerpointing at ByteDance and TikTok is!
HP Reverb G2v2
Tethered. A very good upper mid range with the sharpest screen and best audio. A very popular choice for simming. $650,- for the complete set. Make sure you get a v2 version – you can recognise this by the cable having a box on it with a button to turn it on and off and the headset itself having 2 magnetically removable pieces (glasses spacers) in front of the screen – they also look different
Left is the G2V2, right is the G2V1
There is a problem with the cable guide which in some cases makes it snap in half. You can contact HP for a RMA for this. There are rumors that HP is getting out of the VR business.
Varjo Aero
The absolute top end, tethered. EUR 1999,-.
Pimax 5K Super
Great specs, but apparently setup is fiddly. EUR 641,- and EUR 289,- for the controllers. Optional hand and eye tracking modules and I am unsure if you need to buy the headphones seperately.
Pimax 8K X
Great specs, but apparently setup is fiddly. $1179,- and EUR 289,- for the controllers. Optional hand and eye tracking modules and I am unsure if you need to buy the headphones seperately.
Pimax 12K
To be released. Hopefully.
Specifications Table
HTC Cosmos Elite
HTC Vive Pro2
Valve Index
Pico 4
HP Reverb G2V2
Varjo Aero
Pimax 5K Super
Pimax 8K X
Resolution
1440 x 1700 pixels per eye (2880 x 1700 pixels combined)
2448 × 2448 pixels per eye (4896 x 2448 pixels combined)
dual 1440×1600 RGB LCDs
2160×2160 per-eye
2160 x 2160 pixels per eye (4320 x 2160 pixels combined). RGB sub-pixels
Dual Mini LED LCD; 2880 x 2720 px per eye
2560 X 1440 pixels per eye (5120 X 1440 pixels combined)
3840 X 2160 pixels per eye (7680 X 2160 pixels combined)
Field of View
Up to 110 degrees
Up to 120 degrees (horizontal)
Optimized eye relief adjustment allows a typical user experience 20º more than the HTC Vive
105 degrees
114 degrees
Horizontal: 115° Diagonal: 134° at 12 mm eye relief
Diagonal 200 degrees
Diagonal 200 degrees
Refresh Rate
90 Hz
90/120 Hz (only 90Hz supported via VIVE Wireless Adapter)
80/90/120/144Hz (144Hz experimental)
72Hz / 90 Hz
90Hz
90Hz
90/120/144/160/180Hz* *Higher refresh rates are only available at lower FOV settings.
60/75/90Hz (native mode) 110Hz (upscaling mode)
Tracking system
6DoF Inside-out Tracking
SteamVR™ Base Station Tracking 2.0
SteamVR 2.0 sensors, compatible with SteamVR 1.0 and 2.0 base stations
6 DoF positioning system
HP Reverb G2 inside/out 6 DOF motion tracking, gyroscope, accelerometer, and magnetometer
SteamVR™ 2.0/1.0 Eye tracking 200 Hz with sub-degree accuracy; 1-dot calibration for foveated rendering
G-sensor, gyroscope, SteamVR 1.0 and 2.0 Tracking System
G-sensor, gyroscope, SteamVR 1.0 and 2.0 Tracking System
Headphone
Stereo Headphone
Hi-Res certified headset (via USB-C analog signal) Hi-Res certified headphones (removable) High impedance headphones support (via USB-C analog signal)
Built-in: 37.5mm off-ear Balanced Mode Radiators (BMR), Frequency Response: 40Hz – 24KHz, Impedance: 6 Ohm, SPL: 98.96 dBSPL at 1cm.
USB 3.0 (or later), DP 1.2, Proprietary Connection to Faceplates
Bluetooth, USB-C port for peripherals, DP 1.2 (DP 1.4 required for full resolution)
5m tether, 1m breakaway trident connector. USB 3.0, DisplayPort 1.2, 12V power, Aux Headphone Out 3.5mm
DisplayPort™ 1.3, USB 3.0 type C, power adapter
Headset adapter and USB-C cable (5-metre) in-box PC connections: DisplayPort and USB-A 3.0
1 x DisplayPort 1.4 1 x USB 3.0 Type A 1 x USB 2.0 Type A
1 x DisplayPort 1.4 1 x USB 3.0 Type A 1 x USB 2.0 Type A
IPD
Adjustable Eye Comfort Setting (IPD)
Adjustable IPD range of 57-70mm
58mm – 70mm range physical adjustment
62 – 72mm best adjustment system
64mm +/- 4mm by hardware slide
Automatic IPD adjustment with motor Supported IPD range: 57–73 mm
60mm – 70mm range physical adjustment ± 2mm with software adjustment
60mm – 70mm range physical adjustment ± 2mm with software adjustment
Camera
Stereo 960 x 960 pixel, global shutter, RGB (Bayer)
2 front-facing cameras and 2 side-facing cameras,
PPD
20.6
35
Software Setup
When you set up a VR headset, you will need to download and install Windows Mixed Reality from the Windows App Store. After setup You most likely will need to install SteamVR. SteamVR allows you to play games, even if they were not bought in the Steam Store (eg in the Epic store). You will also need to install Windows Mixed Reality for Steam. https://learn.microsoft.com/en-us/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality.
Do you need to install OpenXR? Use OpenXR From your computer, open the SteamVR app Head to Settings Select Show in Advanced Settings Head to the Developer tab Set Current OpenXR runtime as “OpenXR runtime”
Sign up for betas
This is advised by Microsoft in their guide https://learn.microsoft.com/en-us/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality
In Steam, use the drop-down under the Library menu to filter to Tools. In the list, right-click SteamVR and select Properties. Select the Betas tab. Opt in to “beta – public beta” and select Close to confirm. The beta access code field should be left blank.
In Steam, use the drop-down under the Library menu to filter to Software. In the list, right-click Windows Mixed Reality for SteamVR and select Properties. Select the Betas tab. Opt in to “beta – public beta” and select Close to confirm. The beta access code field should be left blank.
Optimising your Graphics settings
Motion Reprojection
With it entirely off there is a bit of stuttering, but detail clarity is very sharp. With it on motion is fluid
Disable overlays
Epic: C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\Overlay and rename or move the two files: EOSOverlayRenderer-Win64-Shipping.exe EOSOverlayRenderer-Win32-Shipping.exe
Steam: settings>In Game>Enable Steam Overlay while in-game UNCHECK
XBOX: Disable the Xbox Game Bar overlay (yes on windows) Enter windows settings from the start menu, Select Gaming -> Xbox Game Bar -> Toggle the overlay to the off position
https://forums.flightsimulator.com/t/crash-to-desktop-without-error-message/130085 – limit fps in nvidia control panel
https://forums.flightsimulator.com/t/crash-to-desktop-without-error-message/130085/3244 – The HP Reberb G2 goes to sleep after a while despite the change in the registry, and to have prevent the sleep in the device manager. I switch it to VR and it starts again. We are now at 4 hours of flight. And 0 CTD In Device Manager → Universal Serial Bus (USBs) controller go through each device and in the “Power Management Options” tab uncheck “Allow the computer to turn off this device”. SteamVR settigns Startup/Shudown
https://www.reddit.com/r/HPReverb/comments/xo5v2z/holographicshell_processwindows_11_performance/ – Run cmd/terminal and paste ‘logman query HolographicShell -ets’ to see if it’s running. If it is, end it using ‘logman stop HolographicShell -ets’ and check
Can’t see steamVR settings – click on icon in taskbar, right click on settings window, select ‘move’ use the keyboard arrows to move it to main display
If you have a large monitor you can run into the problem that your monitor will move all the icons to the top left when it turns off. To stop this you either need to get an EDID pass through adapter, but a hdmi edid pass through adapter has to work for the given resolution as well as the refresh rate – and for > 60Hz at 4k (HDMI 2.0 specs) must be HDMI 2.1 compatible. There is not much in the >4K@60Hz space and what is there, is expensive.
A team of researchers with members from Universidad Nacional de San Juan, Universidade Federal do Rio Grande do Sul and Universidad Andres Bello has found evidence of a large extragalactic assembly hiding behind one part of the Milky Way galaxy. The group has published a paper describing their findings on the arXiv preprint server while awaiting publication in the journal Astronomy & Astrophysics.
Space scientists have known for some time that there is one part of the night sky that is mostly obscured from view due to a bulge in the galaxy. Known as the “zone of avoidance,” it makes up approximately 10% of the dark sky and has had researchers wondering what might be behind it
[…]
In studying the infrared imagery, the researchers found that they were able to identify several galaxies that exist far beyond the Milky Way. And because of their numbers, the researchers believe that together, they make up what they describe as a massive extragalactic structure. They estimate that there might be as many as 58 galaxies in the structure.
More information: Daniela Galdeano et al, Unveiling a new structure behind the Milky Way, arXiv (2022). DOI: 10.48550/arxiv.2210.16332
In 2018, a blockbuster report detailed the actions of CBP agent Jeffrey Rambo. Rambo apparently took it upon himself to track down whistleblowers and leakers. To do this, he cozied up to a journalist and leveraged the wealth of data on travelers collected by federal agencies in hopes of sniffing out sources.
A few years later, another report delved deeper into the CPB and Rambo’s actions. This reporting — referencing a still-redacted DHS Inspector General’s report — showed the CBP routinely tracked journalists (as well as activists and immigration lawyers) via a national counter-terrorism database. This database was apparently routinely queried for reasons unrelated to national security objectives and the information obtained was used to open investigations targeting journalists.
The State Department is giving law enforcement and intelligence agencies unrestricted access to the personal data of more than 145 million Americans, through information from passport applications that is shared without legal process or any apparent oversight, according to a letter sent from Sen. Ron Wyden to Secretary of State Antony Blinken and obtained by Yahoo News.
The information was uncovered by Wyden during his ongoing probe into reporting by Yahoo News about Operation Whistle Pig, a wide-ranging leak investigation launched by a Border Patrol agent and his supervisors at the U.S. Customs and Border Protection’s National Targeting Center.
On Wednesday, Wyden sent a letter to Blinken requesting detailed information on which federal agencies are provided access to State Department passport information on U.S. citizens.
The letter [PDF] from Wyden points out that the State Department is giving “unfettered” access to at least 25 federal agencies, including DHS components like the CBP. The OIG report into “Operation Whistle Pig” (the one that remains redacted) details Agent Rambo’s actions. Subsequent briefings by State Department officials provided more details that are cited in Wyden’s letter.
More than 25 agencies, but the State Department has, so far refused to identify them.
Department officials declined to identify the specific agencies, but said that both law enforcement and intelligence agencies can access the [passport application] database. They further stated that, while the Department is not legally required to provide other agencies with such access, the Department has done so without requiring these other agencies to obtain compulsory legal process, such as a subpoena or court order.
Sharing is caring, the State Department believes. However, it cannot explain why it feels this passport application database should be an open book to whatever government agencies seek access to it. This is unacceptable, says Senator Wyden. Citing the “clear abuses” by CBP personnel detailed in the Inspector General’s report, Wyden is demanding details the State Department has so far refused to provide, like which agencies have access and the number of times these agencies have accessed the Department’s database.
Why? Because rights matter, no matter what the State Department and its beneficiaries might think.
The Department’s mission does include providing dozens of other government agencies with self-service access to 145 million American’s personal data. The Department has voluntarily taken on this role, and in doing so, prioritized the interests of other agencies over those of law-abiding Americans
That’s the anger on behalf of millions expressed by Senator Wyden. There are also demands. Wyden not only wants answers, he wants changes. He has instructed the State Department to put policies in place to ensure the abuses seen in “Operation Whistle Pig” do not reoccur. He also says the Department should notify Americans when their passport application info is accessed or handed over to government agencies. Finally, he instructs the Department to provide annual statistics on outside agency access to the database, so Americans can better understand who’s going after their data.
So, answers and changes, things federal agencies rarely enjoy engaging with. The answers are likely to be long in coming. The requested changes, even more so. But at least this drags the State Department’s dirty laundry out into the daylight, which makes it a bit more difficult for the Department to continue to ignore a problem it hasn’t addressed for more than three years.
To convert heat into electricity, easily accessible materials from harmless raw materials open up new perspectives in the development of safe and inexpensive so-called “thermoelectric materials.”
[…]
The novel synthetic material is composed of copper, manganese, germanium, and sulfur, and it is produced in a rather simple process
[…]
The powders are simply mechanically alloyed by ball-milling to form a precrystallized phase, which is then densified by 600 degrees Celsius. This process can be easily scaled up,
[…]
Thermoelectric materials convert heat to electricity. This is especially useful in industrial processes where waste heat is reused as valuable electric power.
[…]
However, thermoelectric devices used to date make use of expensive and toxic elements such as lead and tellurium, which offer the best conversion efficiency. To find safer alternatives, Emmanuel Guilmeau and his team have turned to derivatives of natural copper-based sulfide minerals. These mineral derivatives are mainly composed of nontoxic and abundant elements, and some of them have thermoelectric properties.
[…]
The team found that replacing a small fraction of the manganese with copper produced complex microstructures with interconnected nanodomains, defects, and coherent interfaces, which affected the material’s transport properties for electrons and heat.
Emmanuel Guilmeau says that the novel material produced is stable up to 400 degrees Celsius, a range well within the waste heat temperature range of most industries. He is convinced that, based on this discovery, cheaper novel and nontoxic thermoelectric materials could be designed to replace more problematic materials.
More information: V. Pavan Kumar et al, Engineering Transport Properties in Interconnected Enargite‐Stannite Type Cu 2+ x Mn 1− x GeS 4 Nanocomposites, Angewandte Chemie International Edition (2022). DOI: 10.1002/anie.202210600
Tesla has initiated a voluntary recall of more than 40,000 Model S and Model X vehicles thanks to a bad firmware update that could cause the cars to lose power steering “due to forces from external road dynamics,” also known as bumps.
According to a recall report [PDF] filed with the US National Highway Traffic Safety Administration (NHTSA), Tesla believes around 1 percent of the 40,168 affected vehicles have the bug, which it said only affects Model S and Model X vehicles manufactured between August 2017 and December 2020 (which includes model year 21).
Those vehicles, when updated to firmware release 2022.36, got new calibration data for their electronic power assist steering (EPAS) system. The offending software rolled out on October 11 and was intended to update the EPAS system “to better detect unexpected steering assist torque,” instead of doing the exact opposite.
Per Tesla’s own investigations as reported to the NHTSA, the software caused at least 314 vehicles to misclassify bumps and potholes as unexpected torque on the EPAS system, leading to “reduced or lost power steering assist,” Tesla said in its NHTSA report.
As anyone who has driven without power steering knows, its absence doesn’t make a vehicle undrivable, but it does make it much more difficult, which Tesla said is the big risk from leaving the firmware unpatched. “Reduced or lost power steering assist does not affect steering control, but could require greater steering effort from the driver, particularly at low speeds,” Tesla said.
[…]
In February the company was forced to recall 578,607 Model S, X and Y vehicles due to potential misuse of the vehicle’s “Boombox” feature that allows Tesla owners to play custom sounds on the outside of the car. The NHTSA forced Tesla to issue a software update that disabled the feature.
Another recall this past September saw Tesla recalling more than one million vehicles because, despite the fact that it’s been a common safety feature for decades, the windows on affected vehicles weren’t properly calibrated to stop and reverse when a limb was inserted.
Tesla even had issues with its $1,900 made-for-kids Cyberquad mini, which was recalled last month due to safety concerns and a lack of compliance with Consumer Product Safety Commission guidelines.
A Dutch foundation is planning to take legal action against social media platform Twitter for illegally collecting and trading in personal details gathered via free apps such as Duolingo and Wordfeud as well as dating apps and weather forecaster Buienradar. Twitter owned advertising platform MoPub between 2013 and January 2022 and that is where the problem lies, the SDBN foundation says. It estimates 11 million people’s information may have been illegally gathered and sold. Between 2013 and 2021, MoPub had access to information gleaned via 30,000 free apps on smartphones and tablets, the foundation says. In essence, the foundation says, consumers ‘paid with their privacy’ without giving permission.
The foundation is demanding compensation on behalf of the apps’ users and if Twitter refuses to pay, the foundation will start a legal case against the company.
Also Shazam was busy with this – that’s an Apple company. It’s pretty disturbing that this kind of news isn’t a surprise at all any more.
But who is SDBN to collect for Dutch people? I don’t recall them starting up a class action for people to subscribe to and I doubt they will be dividing the money out to the Dutch people either.
LG is working to bring the flexibility of OLEDs to smaller devices, and today revealed the world’s first 12-inch panel that’s both flexible and stretchable, like a giant piece of rubber band, improving its ability to survive wear and tear.
Image: LG
The 12-inch panel can display full-color RGB images (LG doesn’t specify exactly how many colors it’s capable of reproducing) and a resolution of 100PPI. That’s a bit behind the resolution of screens like the 12.9-inch panel in the iPad Pro, which hits 264PPI, but drop that iPad onto a sidewalk and you’ll probably wish you had LG’s latest and greatest inside it.
Outside of the rigid frame of a tablet or a desktop display, this 12-inch panel can be stretched a full two inches to 14 inches diagonally, and then snap back to its original size without requiring a warranty claim. Its underlying structure uses S-shaped micro wire structures that act like springs to accommodate the stretching, and while the technology isn’t quite at the point where you can crumble up a tablet and stuff it in your pocket like a handkerchief—it’s tethered by a ribbon cable to electronics that provide power and drive the image on-screen—LG believes it’s one step-closer to expanding the potential use cases for OLED displays.
Prime Minister Kyriakos Mitsotakis has announced that Greece would ban the sale of spyware, after his government was accused in a news report of targeting dozens of prominent politicians, journalists and businessmen for surveillance, and the judicial authorities began an investigation. From a report: The announcement is the latest chapter in a scandal that erupted over the summer, when Mr. Mitsotakis conceded that Greece’s state intelligence service had been monitoring an opposition party leader with a traditional wiretap last year. That revelation came after the politician discovered that he had also been targeted with a spyware program known as Predator.
The Greek government said the wiretap was legal but never specified the reasons for it, and Mr. Mitsotakis said it was done without his knowledge. The government has also asserted that it does not own or use the Predator spyware, and has insisted that the simultaneous targeting with a wiretap and Predator was a coincidence.
A former Apple employee has pled guilty to defrauding the company out of over $17 million. Dhirendra Prasad, who spent most of his decade at Apple working as a buyer in the Global Service Supply Chain department, admitted to “taking kickbacks, inflating invoices, stealing parts and causing Apple to pay for items and services never received,” according to the US Attorney’s Office for the Northern District of California. Prasad started these schemes in 2011 and continued them until 2018.
In one scam, Prasad shipped motherboards from Apple’s inventory to CTrends, a company run by a co-conspirator, Don M. Baker (who previously admitted to taking part in the fraudulent schemes). Baker harvested components from the motherboards, then Prasad organized purchase orders for those parts. After Baker shipped the components back to Apple, CTrends filed invoices for which Prasad arranged payment. In the end, the pair got Apple to pay for its own components and they split the proceeds of the scam.
In addition to fleecing Apple, Prasad confessed to engaging in tax fraud. He directed payments from Robert Gary Hansen (another co-conspirator who has admitted to taking part in the schemes) straight to his creditors. In addition, Prasad arranged for a shell company to send sham invoices to CTrends with the aim of covering up illicit payments Baker made to him. This enabled Baker “to claim hundreds of thousands of dollars of unjustified tax deductions,” the US Attorney’s Office said. All told, prosecutors claim that the scams resulted in the IRS losing over $1.8 million.
Prasad will be sentenced in March. He pled guilty to one count of conspiracy to commit mail fraud and wire fraud, which carries a maximum prison sentence of 20 years. Prasad also pled guilty to one count of conspiracy to defraud the United States, which has a maximum sentence of five years’ imprisonment. Moreover, Prasad agreed to forfeit around $5 million worth of assets he accrued as a result of his criminal actions, including real estate properties.
Dr. Jiang, an assistant professor in the UBC faculty of forestry and the Canada Research Chair in Sustainable Functional Biomaterials, started developing a “biofoam” many years ago both to find new uses for wood waste and reduce pollution from packaging foam.
“Styrofoam waste fills up to 30 percent of global landfills and can take more than 500 years to break down. Our biofoam breaks down in the soil in a couple of weeks, requires little heat and few chemicals to make, and can be used as substitute for packaging foams, packing peanuts and even thermal insulation boards,” says Dr. Jiang.
[…]
“Our Nation was trying to create a new economy out of what was left of our forest after the wildfires and the damage caused by the mountain pine beetle epidemic in the 1990s and early 2000s. The amount of timber available for harvest in the next 20 to 60 years was significantly reduced. I have often asked why, when trees are harvested, up to 50 percent of the tree is left behind to just burn. As a Nation, we were also concerned about the losses in habitat, water quality, decline in moose and salmon populations and the acceleration in climate change,”
[…]
“A unique feature of this project is that the intellectual property is shared between UBC and First Nations,”
[…] in Memmott’s new reactor, during and after the nuclear reaction occurs, all the radioactive byproducts are dissolved into molten salt. Nuclear elements can emit heat or radioactivity for hundreds of thousands of years while they slowly cool, which is why nuclear waste is so dangerous (and why in the past, finding a place to dispose of it has been so difficult). However, salt has an extremely high melting temperature — 550°C — and it doesn’t take long for the temperature of these elements in the salt to fall beneath the melting point. Once the salt crystalizes, the radiated heat will be absorbed into the salt (which doesn’t remelt), negating the danger of a nuclear meltdown at a power plant.
Another benefit of the molten salt nuclear reactor design is that it has the potential to eliminate dangerous nuclear waste. The products of the reaction are safely contained within the salt, with no need to store them elsewhere. What’s more, many of these products are valuable, and can be removed from the salt and sold.
[…]
“As we pulled out valuable elements, we found we could also remove oxygen and hydrogen,” Memmott said. “Through this process, we can make the salt fully clean again and reuse it. We can recycle the salt indefinitely.”
[…]
Memmott’s molten salt nuclear reactor is 4 ft x 7ft, and because there is no risk of a meltdown there is no need for a similar large zone surrounding it. This small reactor can produce enough energy to power 1000 American homes. The research team said everything needed to run this reactor is designed to fit onto a 40-foot truck bed; meaning this reactor can make power accessible to even very remote places.
The world’s wealthiest people are responsible for about a million times more emissions than the world’s lowest earners when you take into account their investments, a new report has found. The report, issued Sunday by Oxfam, finds that the world’s 125 wealthiest people—including American billionaires Bill Gates, Jim Walton, Warren Buffett, and Elon Musk—have a combined carbon footprint roughly equivalent to that of the entire country of France.
There’s lots of academic work out there calculating how the personal carbon footprints of the ultra-wealthy differ from the average Joe, and the habits of the world’s superrich certainly jack up their personal emissions. But where billionaires put all that excess money may actually be more important than their private jets or expensive car collections. Past research has shown that financial investments from the world’s top 1% are largely responsible for the size of their overall emissions, rather than their personal lifestyles—between 50% and 70% of their emissions, the Oxfam report estimates. This new report takes into consideration the investments the world’s super rich make and how those investments can enable dirty industries and create even more emissions.
“Emissions from billionaire lifestyles – due to their frequent use of private jets and yachts – are thousands of times the average person, which is already completely unacceptable,” Nafkote Dabi, Climate Change Lead at Oxfam, said in a statement. “But if we look at emissions from their investments, then their carbon emissions are over a million times higher.”
To calculate powerful billionaires’ emissions, researchers at Oxfam first pulled together a list of the world’s wealthiest 220 people, then identified corporations that these people held investments in of at least a 10% equity stake. (Holding a 10% equity stake in a company, as defined by the U.S. Securities and Exchange Commission, makes a person a principal shareholder in that company and much more influential than a normal shareholder in the company’s overall decisions and direction.) Using data from financial services firm Exerica, Oxfam then also calculated the Scope 1 and 2 emissions—direct emissions from operations and indirect emissions from energy, heating, and cooling—of those corporations, and used each billionaire’s investment with these overall emissions to figure out how much they were responsible for.
There were some gaps in the analysis, thanks to a lack of transparency from some of the world’s wealthiest on their investments as well as a similar lack of transparency from corporations on their emissions. However, with the numbers they were able to work with, the Oxfam researchers were still able to figure out that each billionaire out of a final list of 125 was responsible for funding around 3.3 million tons (3 million tonnes) of CO2 emissions in average each year, thanks to their oversize investments in 183 global corporations. The average person in the UK has a pension that finances around 25.4 tons (23 tonnes) of CO2 emissions each year; the world’s poorest 10% of people, meanwhile, produce on average just 3 tons (2.76 tonnes) of CO2 each year.
There are some obvious flaws with this assessment. For one thing, the lack of transparency around emissions as well as missing public information on billionaire equity stakes in certain companies means that the numbers contained here are certainly low, and there’s some notable billionaires missing. (Jeff Bezos, for instance, is not on the final list; we have to wonder what the numbers on his emissions look like.) And someone who is in favor of green capitalism swooping in to save the planet could argue that someone like Gates or Musk’s carbon-intensive investments deserve context, given that their money has gone toward technological solutions to climate change. But the report does emphasize how runaway capitalism and the influence of a powerful and wealthy few can keep the world careening toward disaster, even as the rest of us are increasingly affected—and how relying on the rich and powerful to kick climate action into gear is a losing game.
Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data.
Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left the credentials for an AstraZeneca internal server on code sharing site GitHub in 2021. The credentials allowed access to a test Salesforce cloud environment, often used by businesses to manage their customers, but the test environment contained some patient data, Hussein said.
[…]
Due to an [sic] user error, some data records were temporarily available on a developer platform. We stopped access to this data immediately after we have been [sic] informed. We are investigating the root cause as well as assessing our regulatory obligations.”
Barth declined to say for what reason patient data was stored on a test environment, and if AstraZeneca has the technical means, such as logs, to determine if anyone accessed the data and what, if any, data was exfiltrated.
We present Wi-Peep – a new location-revealing privacy attack on non-cooperative Wi-Fi devices. Wi-Peep exploits loopholes in the 802.11 protocol to elicit responses from Wi-Fi devices on a network that we do not have access to. It then uses a novel time-of-flight measurement scheme to locate these devices. Wi-Peep works without any hardware or software modifications on target devices and without requiring access to the physical space that they are deployed in. Therefore, a pedestrian or a drone that carries a Wi-Peep device can estimate the location of every Wi-Fi device in a building. Our Wi-Peep design costs $20 and weighs less than 10 g. We deploy it on a lightweight drone and show that a drone flying over a house can estimate the location of Wi-Fi devices across multiple floors to meter-level accuracy. Finally, we investigate different mitigation techniques to secure future Wi-Fi devices against such attacks.
The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads the country’s cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.
The goal is to assess UK’s vulnerability to cyber-attacks and to help the owners of Internet-connected systems understand their security posture.
“These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact,” the agency said.
“The NCSC uses the data we have collected to create an overview of the UK’s exposure to vulnerabilities following their disclosure, and track their remediation over time.”
NCSC’s scans are performed using tools hosted in a dedicated cloud-hosted environment from scanner.scanning.service.ncsc.gov.uk and two IP addresses (18.171.7.246 and 35.177.10.231).
The agency says that all vulnerability probes are tested within its own environment to detect any issues before scanning the UK Internet.
“We’re not trying to find vulnerabilities in the UK for some other, nefarious purpose,” NCSC technical director Ian Levy explained.
“We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing (and why we’re doing it).”
How to opt out of vulnerability probes
Data collected from these scans includes any data sent back when connecting to services and web servers, such as the full HTTP responses (including headers).
Requests are designed to harvest the minimum amount of info required to check if the scanned asset is affected by a vulnerability.
If any sensitive or personal data is inadvertently collected, the NCSC says it will “take steps to remove the data and prevent it from being captured again in the future.”
British organizations can also opt out of having their servers scanned by the government by emailing a list of IP addresses they want to be excluded at scanning@ncsc.gov.uk.
“Microsoft’s GitHub Copilot is being sued in a class action lawsuit that claims the AI product is committing software piracy on an unprecedented scale,” reports IT Pro.
Programmer/designer Matthew Butterick filed the case Thursday in San Francisco, saying it was on behalf of millions of GitHub users potentially affected by the $10-a-month Copilot service: The lawsuit seeks to challenge the legality of GitHub Copilot, as well as OpenAI Codex which powers the AI tool, and has been filed against GitHub, its owner Microsoft, and OpenAI…. “By training their AI systems on public GitHub repositories (though based on their public statements, possibly much more), we contend that the defendants have violated the legal rights of a vast number of creators who posted code or other work under certain open-source licences on GitHub,” said Butterick.
These licences include a set of 11 popular open source licences that all require attribution of the author’s name and copyright. This includes the MIT licence, the GNU General Public Licence, and the Apache licence. The case claimed that Copilot violates and removes these licences offered by thousands, possibly millions, of software developers, and is therefore committing software piracy on an unprecedented scale.
Copilot, which is entirely run on Microsoft Azure, often simply reproduces code that can be traced back to open-source repositories or licensees, according to the lawsuit. The code never contains attributions to the underlying authors, which is in violation of the licences. “It is not fair, permitted, or justified. On the contrary, Copilot’s goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall….” Moreover, the case stated that the defendants have also violated GitHub’s own terms of service and privacy policies, the DMCA code 1202 which forbids the removal of copyright-management information, and the California Consumer Privacy Act.
The lawsuit also accuses GitHub of monetizing code from open source programmers, “despite GitHub’s pledge never to do so.”
And Butterick argued to IT Pro that “AI systems are not exempt from the law… If companies like Microsoft, GitHub, and OpenAI choose to disregard the law, they should not expect that we the public will sit still.” Butterick believes AI can only elevate humanity if it’s “fair and ethical for everyone. If it’s not… it will just become another way for the privileged few to profit from the work of the many.”
The article adds that this lawsuit “comes at a time when Microsoft is looking at developing Copilot technology for use in similar programmes for other job categories, like office work, cyber security, or video game design, according to a Bloomberg report.”
Qualcomm and Arm have been engaged in one of those very entertainingly bitter court fist-fights that the industry throws up when friends fall out over money. Briefly, Qualcomm builds its mobile device chips around Arm, for which it pays Arm a lot of money. Qualcomm bought another Arm-licensed company, Nuvia, and inherited Nuvia’s own Arm deals and derived IP. Arm said ‘Nu-uh, can’t do that.’ And into court they tumbled.
This sort of thing is normally lawyers locking horns over profit. Sometimes, though, it feels more like a fight to the death – and in this case, Qualcomm is making the case that a lot more than the details of per-chip licensing costs are involved. It says that Arm is about to make huge changes to its business model, imposing savage new restrictions on how its IP is used and making all its money from device makers, not chip companies. Which would cut Qualcomm off at the knees, if true.
[…]
The move to license device makers instead of chip makers would be massively complicated for everyone, and would give Arm much more power by not having to negotiate with a few very large concerns but a much more diverse market with many smaller clients. Doubtless the market regulators would be very interested in that, but it’s not quite world-beating suicidal madness.
World-beating suicidal madness comes with the other idea – that Arm would refuse to license a design that didn’t use purely Arm intellectual property. You want a GPU design to go with the CPU? Arm. An AI accelerator? Arm or nothing.
The chip industry has always had a fondness for these sorts of shenanigans, but has known better than to write them down. You want a particular CPU? Terribly sorry, but there’s a really long lead time on that part – unless you also buy the rest of our support chips… then we can do business. It’s unethical, usually illegal, and even the biggest names look the other way when their sales teams do it.
[…] Qualcomm’s amended response to Arm’s lawsuit against the US chip giant. Arm is right now trying to stop Qualcomm from developing custom Arm-compatible processors using CPU core designs Qualcomm obtained via its acquisition of Nuvia. According to Arm, Qualcomm should have got, and failed to get, Arm’s permission to absorb Nuvia’s technologies, which were derived from Arm-licensed IP.
Qualcomm counterclaimed that Arm tried to demand at least “tens of millions” of dollars in transfer fees and extra royalties for using the newly acquired Nuvia designs.
[…]
Qualcomm states in its filing [PDF] that Arm has signaled it “will no longer license CPU technology to semiconductor companies” once existing agreements expire.
This would be an incredible transformation for Softbank-owned Arm: how exactly would Arm-based chips get into devices if no more Arm technology licenses are issued to chip designers … unless, perhaps, Arm starts making its own chips, which it’s previously said it has no appetite for, or it gets certain chip designers to make pure Arm-designed processors for it, and the makers of the end products using these components get charged a royalty per device.
In response to Qualcomm’s filing, Arm’s veep of external communication Phil Hughes didn’t directly address the allegations about licensing changes, but said the filing is “riddled with inaccuracies, and we will address many of these in our formal legal response that is due in the coming weeks.”
[…]
Thus, Qualcomm is claiming a whole range of manufacturers – from those in the embedded electronics space to personal computing – using Arm-compatible chips may need to directly pay Arm a royalty for every device sold. And if they don’t, they’ll need to shop elsewhere for a system-on-chip architecture, which could be unfortunate for them because Arm has few rivals. In fields like smartphones, few alternatives exist. Ironically, Qualcomm acquired Nuvia to make itself a better alternative to Intel and AMD in laptops.
[…]
The language in Qualcomm’s filing is specific and nuanced. It talks of threats by Arm, and Arm indicating it intends to do certain things. At first read, Qualcomm’s filing appears to state outright that Arm will change its business model; on second read, it appears more that Qualcomm is claiming Arm is threatening it will overhaul its licensing approach – to the detriment of Qualcomm – so as to scare Qualcomm into agreeing to Arm’s terms regarding the Nuvia acquisition and its licensed technologies.
Qualcomm previously complained Arm is trying to steer it onto higher royalty rates, by making it renegotiate its licensing agreements following the acquisition of Nuvia and its Arm-derived technologies.
Meanwhile, no matter how unfair Qualcomm believes Arm has acted, Qualcomm still has to answer Arm’s initial complaint: that Qualcomm transferred Nuvia’s Arm license and Arm-derived technology to itself after the acquisition, whereas the fine print of Nuvia’s agreement with Arm is that any such transfer must be negotiated with Arm, and that Qualcomm allegedly failed to do so and is in breach of contract.
Qualcomm says this assertion is simply wrong.
Whatever happens, this case has the potential to shine a light into some dark corners of the semiconductor industry – and this filing suggests whatever we find down there will be fascinating
Less than 1% of used clothing gets recycled into new garments, overwhelming countries like Ghana with discards. From a report: It’s a disaster decades in the making, as clothing has become cheaper, plentiful and ever more disposable. Each year the fashion industry produces more than 100 billion apparel items, roughly 14 for every person on Earth and more than double the amount in 2000. Every day, tens of millions of garments are tossed out to make way for new, many into so-called recycling bins. Few are aware that old clothes are rarely recycled into new ones because the technology and infrastructure don’t exist to do that at scale.
Instead, discarded garments enter a global secondhand supply chain that works to prolong their life, if only a little, by repurposing them as cleaning rags, stuffing for mattresses or insulation. But the rise of fast fashion — and shoppers’ preference for quantity over quality — has led to a glut of low-value clothing that threatens to tank the economics of that trade and inordinately burdens developing countries. Meanwhile, the myth of circularity spreads, shielding companies and consumers from the inconvenient reality that the only way out of the global textile waste crisis is to buy less, buy better and wear longer. In other words, to end fast fashion.
[…] Globally, less than 1% of used clothing is actually remade into new garments, according to the Ellen MacArthur Foundation, a UK nonprofit. (In contrast, 9% of plastic and about half of paper gets recycled.) The retailers have vowed that what they collect will never go to landfill or waste. But the reality is far messier. Garments dropped at in-store take-back programs enter the multibillion-dollar global secondhand supply chain, joining a torrent of discards from charity bins, thrift stores and online resale platforms like ThredUp and Sellpy. The complex task of sorting through that waste stream falls to a largely invisible global industry of brokers and processors. Their business depends on exporting much of the clothing to developing countries for rewear. It’s the most profitable option and, in theory, the most environmentally responsible, because reusing items consumes less resources than recycling them.
[…]An important clinical trial is now underway in the UK. The study is the first to transfuse red blood cells grown in the lab from donated stem cells into humans. Should this research pay off, these blood cells would be incredibly valuable for people with rare blood types, though they wouldn’t replace the need for traditional blood donation.
The RESTORE trial, as it’s known, is being conducted by scientists from the UK’s National Health Services and various universities. At least 10 healthy volunteers are expected to be enrolled in the study. All of them will receive two mini-transfusions, spaced four months apart and in random order, of the lab-grown blood cells and standard cells, both of which are derived from the same donor. As of early Monday, two participants have already gotten the lab-grown blood cells and so far appear to have experienced no side-effects.
The first-of-its-kind experiment is a Phase I trial, meaning that it’s primarily designed to test the safety of a novel or experimental treatment. But the lab-grown cells are theoretically fresher than the mix of newer and older blood cells taken from a typical blood donation (on average, red blood cells live for about 120 days). So the researchers are hoping that the lab-grown cells survive longer than the standard cells in their recipients.
“If our trial, the first such in the world, is successful, it will mean that patients who currently require regular long-term blood transfusions will need fewer transfusions in [the] future, helping transform their care,” said chief researcher Cedric Ghevaert, a hematologist and a professor in transfusion medicine at the University of Cambridge, in a statement released by the NHS.
[…]
Should this project turn out to be a success, lab grown blood cells still won’t replace the donated supply anytime soon. The team’s process is much less efficient than what the human body can do. Currently, for instance, they need about 24 liters of their nutrient solution to filter out one to two tablespoons of red blood cells. Meanwhile, about 45% of our blood is composed of red blood cells.
Even if mass-produced lab-grown blood cells are a far off possibility, they may still be able to help many people in the near future. This technology could one day provide a more reliable and longer-lasting supply of blood cells to people who have a rare mix of blood types or who have developed conditions that make it difficult to receive standard transfusions, such as sickle cell disease.
A new experiment has shown that zapping clouds with electrical charge can alter droplet sizes in fog or, potentially, help a constipated cloud to rain.
Last year Giles Harrison, from the University of Reading, and colleagues from the University of Bath, spent many early mornings chasing fogs in the Somerset Levels, flying uncrewed aircraft into the gloop and releasing charge. Their findings, published in Geophysical Research Letters, showed that when either positive or negative charge was emitted, the fog formed more water droplets.
“Electric charge can slow evaporation, or even – and this is always amazing to me – cause drops to explode because the electric force on them exceeds the surface tension holding them together,” said Harrison.
The findings could be put to good use in dry regions of the world, such as the Middle East and north Africa, as a means of encouraging clouds to release their rain. Cloud droplets are larger than fog droplets and so more likely to collide, and Harrison and his colleagues believe that adding electrical charge to a cloud could help droplets to stick together and become more weighty.
China’s government-owned utility State Power Investment Corporation (SPIC) has launched the world’s first commercial offshore floating solar that’s paired with an offshore wind turbine.
SPIC is one of five major electrical utility companies in China, and the world’s largest photovoltaic power generation enterprise. The pilot is located off the coast of Haiyang, a city in Shandong, eastern China.
The project uses Norway-based Ocean Sun‘s patented floating solar power technology.
The two solar floaters (see the photo above) have an installed capacity of 0.5 megawatts peak. They’re connected to a transformer on a SPIC-owned wind turbine and then a subsea cable runs from the wind turbine to the power grid.
If the pilot is successful, the plan is to build a 20 MW floating wind-solar farm in 2023 using Ocean Sun’s technology.
Ocean Sun signed an agreement to license its proprietary floating solar technology for the project in July. This project is fully funded by SPIC, and Ocean Sun’s first “truly offshore installation.”
In July, Børge Bjørneklett, CEO and founder of Ocean Sun, said [translation edited for clarity]:
Shandong Province is projecting 42GW of floating solar installations in the next few years, and Ocean Sun will now be a contender for some of this volume. These waters see challenging annual typhoons, and all involved parties are aware of the risks. Ocean Sun will improve our product with learnings from this exposed site.
A wind-solar hybrid system potentially offers the advantage of improving power output reliability. Solar peaks during the day, and whereas offshore wind turbines typically generate most of their power in the afternoon and evening.
The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web.
The miscreant then repeatedly tried to log into the contractor’s Uber account, triggering the two-factor login approval request that the contractor initially denied, blocking access. However, eventually the contractor accepted one of many push notifications, enabling the attacker to log into the account and get access to Uber’s corporate network, systems, and data.
[…]
Microsoft and Cisco Systems were also victims of MFA fatigue – also known as MFA spamming or MFA bombing – this year, and such attacks are rising rapidly. According to Microsoft, between December 2021 and August, the number of multi-factor MFA attacks spiked. There were 22,859 Azure Active Directory Protection sessions with multiple failed MFA attempts last December. In August, there were 40,942.
[…]
In an MFA fatigue situation, the attacker uses the stolen credentials to try to sign into an protected account over and over, overwhelming the user with push notifications. The user may initially tap on the prompt saying it isn’t them trying to sign in, but eventually they wear down from the spamming and accept it just to stop their phone going off. They may assume it’s a temporary glitch or an automated system causing the surge in requests.
[…]
sometimes the attacker will pose as part of the organization’s IT staff, messaging the employee to accept the access attempt.
[…]
Ensuring authentication apps can’t be fat-fingered and requests wrongly accepted before they can be fully evaluated, for instance, would be handy. Adding intelligent handling of logins, so that there’s a cooling off period after a bout of MFA spam, is, again, useful, too.
And on top of this, some forms of MFA, such as one-time authentication tokens, can be phished along with usernames and passwords to allow a miscreant to login as their victim. Finding and implementing a phish-resistant MFA approach is something worth thinking about.
[…]
Some companies are on the ball. Microsoft, for instance, is making number matching a default feature in its Authenticator app. This requires a user who responds to an MFA push notification using the tool to type in a number that appears on their device’s screen to approve a login. The number will only be sent to users who have been enabled for number matching, according to Microsoft.
They’re also adding other features to Authenticator, including showing users what application they’re signing into and the location of the device, based on its IP address, that is being used for signing in. If the user is in California but the device is in Europe, that should raise a big red flag. That also ought to be automatically caught by authentication systems, too.
[…]
As to limiting the number of unsuccessful MFA authentication requests: Okta limits that number to five; Microsoft and Duo offer organizations the ability to implement it in their settings and adjust the number of failed attempts before the user’s account is automatically locked. With Microsoft Authenticator, enterprises also can set the number of minutes before an account lockout counter is reset.
Back in 2013, Techdirt wrote about “the monster lurking inside free trade agreements”. Formally, the monster is known as Investor-State Dispute Settlement (ISDS), but here on Techdirt we call it “corporate sovereignty“, because that is what it is: a system of secret courts that effectively places companies above a government, by allowing them to sue a nation if the latter takes actions or brings in laws that might adversely affect their profits.
In 2015, we warned that corporate sovereignty would threaten EU plans to protect the environment in the TAFTA/TTIP trade deal between the US and the EU. TAFTA/TTIP never happened, but fossil fuel companies were able to to use other treaties to demand over $18 billion as “compensation” for the potential loss of future profits as the result of increasing government action to tackle climate change.
Chief among those treaties with corporate sovereignty provisions was the Energy Charter Treaty (ECT), which is designed to protect investments in the energy sector. Research by the International Institute for Sustainable Development (IISD) shows that the fossil fuel industry accounts for almost 20% of known ISDS cases, making it the most litigious group. Recently there has been a wave of corporate sovereignty cases brought by fossil fuel companies, with most settled in their favor. The average amount awarded was over $600 million, almost five times the amount given in non-fossil fuel cases.
It has become clear that corporate sovereignty represents a serious threat to countries’ plans to tackle the climate crisis. The obvious solution is simply to withdraw from the ECT, but there’s a problem. Article 47 of the treaty states:
The provisions of this Treaty shall continue to apply to Investments made in the Area of a Contracting Party by Investors of other Contracting Parties or in the Area of other Contracting Parties by Investors of that Contracting Party as of the date when that Contracting Party’s withdrawal from the Treaty takes effect for a period of 20 years from such date.
This “sunset clause” means any of the 53 signatories to the ECT can be sued in the secret ISDS courts for 20 years after withdrawing from the treaty. As a result of this, the EU in particular has been pushing for the ECT to be “modernized”, and recently announced an “agreement in principle” to achieve that. However, it still contains a corporate sovereignty tribunal system:
The modernised ECT will allow the Contracting Parties to exclude new fossil fuel related investments from investment protection and to phase out protection for the already existing investments. This phasing out of protection for fossil fuel investments will take place within a shorter timeframe than in the case of a withdrawal from the ECT, for both existing and new investments: existing fossil fuel investments will be phased out after 10 years under modernised rules (instead of 20 years under current rules) and new investment in fossil fuels will be excluded after 9 months.
Countries that later withdraw from the modernized ECT can be sued for 10 years, rather than the current 20 years. Several EU countries have decided that is not good enough, and have announced their intention to withdraw from the treaty immediately, as Politico reports:
Spain, the Netherlands and Poland have all declared their intention to exit the Energy Charter Treaty (ECT). Italy left in 2015. Germany, France and Belgium are examining their options, officials from those countries said.
France has confirmed that it will be pulling out, as has Belgium. For those countries that leave before the “modernized” ECT comes into force, companies can potentially use the sunset clause to sue them during the full 20 years afterwards. The only solution that addresses the serious threat of corporate sovereignty is to remove the sunset clause completely from the ECT. According to one analysis from the IISD, that’s possible if a group of ECT’s contracting parties agree to the move amongst themselves (“inter se”) as part of a joint withdrawal:
There is a legal basis for a withdrawal from the ECT with an inter se neutralization of the survival clause. In contrast to the continued protection of existing and certain future fossil fuel investments under the EU’s amendment proposal, such a withdrawal would put an immediate end to treaty-based fossil fuel protection and ISDS among all withdrawing states. In the short term, this would significantly reduce ISDS risks, given that 60% of the cases based on the ECT are intra-EU. It would also enable the EU and its member states to comply with the EU’s climate objectives and EU law. If further contracting states were to join, the ISDS risk to strong climate action would be further reduced and could pave the way for a fresh, unencumbered negotiation of a truly modern energy treaty that would support the expedited phase-out from fossil fuels and the transition to renewable energy.
It’s an imperfect solution, but better than the half-hearted “modernized” ECT proposed by the EU. The current mess shows that the issue should have been addressed ten years ago, when the problems of the “lurking monster” of corporate sovereignty first became apparent.
