The Linkielist

Linking ideas with the world

The Linkielist

Got Anything To Talk About? These Dutch Hackers Want You To Say It To Them

Posted on by

As we head into another Northern Hemisphere pandemic winter and hope that things won’t be quite as bad this year, next summer seems an extremely long time away in the future. But it will be upon us sooner than we might think, and along with it will we hope come a resumption of full-scale hacker camps. One of the biggest will be in the Netherlands, where MCH 2022 will take lace at the end of July, and if you’re up to casting your minds ahead far enough for that then they’re inviting submissions to their Call for Participation. Their events are always a memorable and relaxed opportunity to spend a few days in the sun alongside several thousand other like-minded individuals, so we’d urge you to give it some consideration.

If you’ve never delivered a conference talk before then it can be a daunting prospect, but in fact a hacker camp can be an ideal place to give it a first try. Unlike a more traditional technology conference where most of the attendees file into the auditorium, at hacker camps there is so much else on offer that many talks are delivered to only that sub group of attendees for whom the subject is of real interest. So there is less of the huge auditorium of anonymous crowds about it, and more of the small and friendly crowd of fellow enthusiasts. The great thing about our community is that there are as many different interests within it as there are individuals, so whatever your product, specialism, or favourite hobby horse might be, you’ll find people at a hacker camp who’d like to hear what you have to say.

If you’re still seeking inspiration, of course you might find it by looking at the schedule from SHA, the last Dutch camp.

Source: Got Anything To Talk About? These Dutch Hackers Want You To Say It To Them | Hackaday

Microsoft will now snitch on you at work like never before

Posted on by

[…]

this news again comes courtesy of Microsoft’s roadmap service, where Redmond prepares you for the joys to come.

This time, there are a couple of joys.

The first is headlined: “Microsoft 365 compliance center: Insider risk management — Increased visibility on browsers.”

It all sounded wonderful until you those last four words, didn’t it? For this is the roadmap for administrators. And when you give a kindly administrator “increased visibility on browsers,” you can feel sure this means an elevated level of surveillance of what employees are typing into those browsers.

In this case, Microsoft is targeting “risky activity.” Which, presumably, has some sort of definition. It offers a link to its compliance center, where the very first sentence has whistleblower built in: “Web browsers are often used by users to access both sensitive and non-sensitive files within an organization.”

And what is the compliance center monitoring? Why, “files copied to personal cloud storage, files printed to local or network devices, files transferred or copied to a network share, files copied to USB devices.”

You always assumed this was the case? Perhaps. But now there will be mysteriously increased visibility.

“How might this visibility be increased?,” I hear you shudder. Well, there’s another little roadmap update that may, just may, offer a clue.

This one proclaims: “Microsoft 365 compliance center: Insider risk management — New ML detectors.”

Yes, your company will soon have extra-special robots to crawl along after you and observe your every “risky” action. It’s not enough to have increased visibility on browsers. You must also have Machine Learning constantly alert for someone revealing your lunch schedule.

Microsoft offers a link to its Insider Risk Management page. This enjoys some delicious phrasing: “Customers acknowledge insights related to the individual user’s behavior, character, or performance materially related to employment can be calculated by the administrator and made available to others in the organization.”

Yes, even your character is being examined here.

[…]

Source: Microsoft will now snitch on you at work like never before | ZDNet

Robinhood Hack Compromises Millions of Customer Email Addresses

Posted on by

Someone recently hacked and attempted to extort Robinhood, the popular investment and trading platform, gaining access to millions of customers’ email addresses and full names in the process.

The platform revealed the security incident in a blog post published Monday, assuring users that nobody had lost any money as a result of the incident.

“An unauthorized third party obtained access to a limited amount of personal information for a portion of our customers,” the company revealed, while emphasizing that the breach had since been contained and that there had been “no financial loss to any customers.”

The incident, which took place on Nov. 3, was apparently the result of a social engineering scheme that targeted a customer support employee. The hacker convinced the employee that they were cleared to access “certain customer support systems,” and subsequently gained access to the email addresses of approximately 5 million customers and the full names of approximately 2 million customers, the company said.

For a much smaller subset of customers, the data breach was substantially more invasive: “We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed,” the company’s blog post says.

Afterward, the criminal attempted to extort the company with the information it had stolen.

[…]

Source: Robinhood Hack Compromises Millions of Customer Email Addresses

Star System With Right-Angled Planets Surprises Astronomers

Posted on by

this report from the New York Times about a “particularly unusual” star about 150 light-years away that’s orbited by three planets: What’s unusual is the inclinations of the outer two planets, HD 3167 c and d. Whereas in our solar system all the planets orbit in the same flat plane around the sun, these two are in polar orbits. That is, they go above and below their star’s poles, rather than around the equator as Earth and the other planets in our system do.

Now scientists have discovered the system is even weirder than they thought. Researchers measured the orbit of the innermost planet, HD 3167 b, for the first time — and it doesn’t match the other two. It instead orbits in the star’s flat plane, like planets in our solar system, and perpendicular to HD 3167 c and d. This star system is the first one known to act like this

The unusual configuration of HD 3167 highlights just how weird and wonderful other stars and their planets can be. “It puts in perspective again what we think we know about the formation of planetary systems,” said Vincent Bourrier from the University of Geneva in Switzerland, who led the discovery published last month in the journal Astronomy & Astrophysics.

“Planets can evolve in really, really different ways.”

Source: Star System With Right-Angled Planets Surprises Astronomers – Slashdot

DIY House Plants Watering System

Posted on by

Build watering system for house plants. In part one of this video series, we will create a sensor that measures soil moisture, ambient temperature and light.

Build watering system for house plants. In part two of this video series, we will create a central unit that takes sensor readings and also waters our plants on command.

Build watering system for house plants. In part two of this video series, we will create a central unit that takes sensor readings and also waters our plants on command.

Source: https://github.com/SasaKaranovic/HousePlantMonitoringSystem

No toilet for returning SpaceX crew, stuck using diapers – had just eaten chilli and tacos

Posted on by

The astronauts who will depart the International Space Station on Sunday will be stuck using diapers on the way home because of their capsule’s broken toilet.

NASA astronaut Megan McArthur described the situation Friday as “suboptimal” but manageable. She and her three crewmates will spend 20 hours in their SpaceX capsule, from the time the hatches are closed until Monday morning’s planned splashdown.

“Spaceflight is full of lots of little challenges,” she said during a news conference from orbit. “This is just one more that we’ll encounter and take care of in our mission. So we’re not too worried about it.”

After a series of meetings Friday, mission managers decided to bring McArthur and the rest of her crew home before launching their replacements. That SpaceX launch already had been delayed more than a week by and an undisclosed medical issue involving one of the crew.

SpaceX is now targeting liftoff for Wednesday night at the earliest.

French astronaut Thomas Pesquet, who will return with McArthur, told reporters that the past six months have been intense up there. The conducted a series of spacewalks to upgrade the station’s , endured inadvertent thruster firings by docked Russian vehicles that sent the station into brief spins, and hosted a private Russian film crew—a first.

They also had to deal with the toilet leak, pulling up panels in their SpaceX capsule and discovering pools of urine. The problem was first noted during SpaceX’s private flight in September, when a tube came unglued and spilled urine beneath the floorboards. SpaceX fixed the toilet on the capsule awaiting liftoff, but deemed the one in orbit unusable.

Engineers determined that the capsule had not been structurally compromised by the urine and was safe for the ride back. The astronauts will have to rely on what NASA describes as absorbent “undergarments.”

On the culinary side, the astronauts grew the first chile peppers in —”a nice moral boost,” according to McArthur. They got to sample their harvest in the past week, adding pieces of the green and red peppers to tacos.

“They have a nice spiciness to them, a little bit of a lingering burn,” she said. “Some found that more troublesome than others.”

Also returning with McArthur and Pesquet: NASA astronaut Shane Kimbrough and Japanese astronaut Akihiko Hoshide. SpaceX launched them to the space station on April 23. Their capsule is certified for a maximum 210 days in space, and with Friday marking their 196th day aloft, NASA is eager to get them back as soon as possible.

One American and two Russians will remain on the space following their departure. While it would be better if their replacements arrived first—in order to share tips on living in space—Kimbrough said the remaining NASA astronaut will fill in the newcomers.

Source: No toilet for returning SpaceX crew, stuck using diapers

Alfa Romeo will debut an all-electric Giulia sedan in 2024

Posted on by
Alfa Romeo Giulia
Alfa Romeo

Italian automaker Alfa Romeo is developing an all-electric version of its four-door Giulia sedan. In an interview with Auto Express, Jean-Philippe Imparato, the company’s CEO, said Alfa Romeo would debut the EV sometime in 2024. Additionally, he revealed the car will be built on the STLA Large platform from its parent company Stellantis.

The conglomerate announced the architecture this past summer. At the time, it said it would allow its cars to go from zero to 60 in as little as two seconds, and allow for a potential range of up to 500 miles. Dodge, one of the other automakers under the Stellantis umbrella, will use the platform in the all-electric muscle car it plans to debut in 2024. Alfa Romeo could also offer a Quadrifoglio variant of the Giulia, but Imparato said that will depend on whether it can get the kind of performance that’s associated with the moniker.

[….]

Source: Alfa Romeo will debut an all-electric Giulia sedan in 2024 | Engadget

Reg reader ditches Samsung smart TV after seeing huge UI ads everywhere

Posted on by

A Register reader triggered a kerfuffle for Samsung after asking the electronics biz if he could disable large and intrusive adverts splattered across his new smart TV’s programme guide.

Ross McKillop bought the telly from UK retailer John Lewis but felt distinctly undersold when he turned it on to find the internet-connected device displaying advertising on its electronic programme guide menu.

Reg reader Ross McKillop's Samsung TV displaying smart ads taking up half the screen space

Ross McKillop’s Samsung TV displaying smart ads taking up half the screen space

“If you press the menu button to change between like TV or Netflix or, or whatever, even different sources, there’s an advert panel,” lamented McKillop to The Reg. “It seems that people accept this.”

Irritated by the giant advert for Samsung’s own wares, McKillop took to Twitter to ask the obvious question. The answer was surprisingly blunt.

“The more annoying [advert],” McKillop told us, “is the one that appears on the application menu, on every menu [level].”

Such a problem is, sadly, not new, as we reported about a year ago when other Samsung TV customers began wondering where the giant adverts splattered all over their TVs’ user interfaces had come from.

“I expect Netflix to promote Netflix’s products or Netflix programming on a service I pay for because it’s a service,” stormed McKillop, adding that he didn’t expect to have his TV’s manufacturer insert unavoidable advertising into his new box.

Smart readers (like our man Ross) know that you can kill ads at home with innovations such as the Pi-Hole home network-level adblocker.

Our reader also pointed out that the adverts on his new internet-connected telly were not visible in Samsung’s marketing videos about the product.

We asked Samsung if it wished to comment. The manufacturer failed to respond. McKillop has since returned his TV to retailer John Lewis.

Samsung has been relatively open about what its smart TVs do. A quick look at the “Samsung privacy policy – smart TV supplement” on its UK website reveals that the company hoovers up information about “your TV viewing history” including “information about the networks, channels, websites visited, and programs viewed on your Samsung Smart TV and the amount of time spent viewing them”.

This kind of subtle-but-invasive monitoring was the subject of a warning by an American university professor in 2019 who described it as “a cesspit of surveillance”.

The devices can pose a security risk unless they’re treated like any other internet-connectable device, as the Korean giant itself reminded tellywatchers a couple of years ago (well, they deleted that Twitter missive but El Reg doesn’t forget).

All in all, if you’re buying a Samsung TV, just remember that you’re not only paying for a big panel so you can watch reruns of Friends; you’re also paying to be part of Samsung’s global TV advertising network.

Source: Reg reader ditches Samsung smart TV after seeing huge UI ads • The Register

Kleiman v. Wright: $65 Billion Bitcoin Case Has Started

Posted on by

The civil trial of Ira Kleiman vs. Craig Wright started on Monday in Miami. The estate of David Kleiman is suing Craig Wright, the self declared inventor of bitcoin, for 50% ownership of 1.1 million bitcoins. The estate claims Kleiman was in a partnership with Wright to mine the coins but after Kleiman died in April 2013, Wright denied any partnership. At over $60,000 each per bitcoin, this case is currently worth $65 billion.

Craig Wright has previously claimed he is the inventor of Bitcoin, Satoshi Nakamoto, which has been met with skepticism based on his inability to show any proof. In this case, Wright has made numerous dubious claims. After the case was filed in 2018, Wright claimed he did not have the keys to the coins but that they would be arriving in January 2020 through a “bonded courier.” After January 2020, Wright provided keys to the estate for verification which the estate claims the bitcoins were fake. Expressing skepticism that the courier even existed, the estate asked for more information about the courier. Wright then claimed the identity of the courier and all communications were protected under attorney-client privilege as the courier was an attorney.

Source: Kleiman v. Wright: $65 Billion Bitcoin Case Has Started – Slashdot

Code compiled to WASM may lack standard security defenses

Posted on by

[…]

In a paper titled, The Security Risk of Lacking Compiler Protection in WebAssembly, distributed via ArXiv, the technical trio say that when a C program is compiled to WASM, it may lack anti-exploit defenses that the programmer takes for granted on native architectures.

The reason for this, they explain, is that security protections available in compilers like Clang for x86 builds don’t show up when WASM output is produced.

“We compiled 4,469 C programs with known buffer overflow vulnerabilities to x86 code and to WebAssembly, and observed the outcome of the execution of the generated code to differ for 1,088 programs,” the paper states.

“Through manual inspection, we identified that the root cause for these is the lack of security measures such as stack canaries in the generated WebAssembly: while x86 code crashes upon a stack-based buffer overflow, the corresponding WebAssembly continues to be executed.”

[….]

For those not in the know, a stack is a structure in memory used by programs to store temporary variables and information controlling the operation of the application. A stack canary is a special value stored in the stack. When someone attempts to exploit, say, a buffer overflow vulnerability in an application, and overwrite data on the stack to hijack the program’s execution, they should end up overwriting the canary. Doing so will be detected by the program, allowing it to trap and end the exploitation attempt.

Without these canaries, an exploited WASM program could continue running, albeit at the bidding of whoever attacked it, whereas its x86 counterpart exits for its own protection, and that’s a potential security problem. Stack canaries aren’t a panacea, and they can be bypassed, though not having them at all makes exploitation a lot easier.

And these issues are not necessarily a deal-breaker: WASM bytecode still exists in a sandbox, and has further defenses against control-flow hijacking techniques such as return-oriented programming.

But as the researchers observe, WASM’s documentation insists that stack-smashing protection isn’t necessary for WASM code. The three boffins say their findings indicate security assumptions for x86 binaries should be questioned for WASM builds and should encourage others to explore the consequences of this divergent behavior, as it applies both to stack-based buffer overflows and other common security weaknesses.

[…]

Source: Code compiled to WASM may lack standard security defenses • The Register

Likely Drone Attack On U.S. Power Grid Revealed In New Intelligence Report

Posted on by

U.S. officials believe that a DJI Mavic 2, a small quadcopter-type drone, with a thick copper wire attached underneath it via nylon cords was likely at the center of an attempted attack on a power substation in Pennsylvania last year. An internal U.S. government report that was issued last month says that this is the first time such an incident has been officially assessed as a possible drone attack on energy infrastructure in the United States, but that this is likely to become more commonplace as time goes on. This is a reality The War Zone has sounded the alarm about in the past, including when we were first to report on a still unexplained series of drone flights near the Palo Verde nuclear powerplant in Arizona in 2019.

[…]

“This is the first known instance of a modified UAS [unmanned aerial system] likely being used in the United States to specifically target energy infrastructure,” the JIB states. “We assess that a UAS recovered near an electrical substation was likely intended to disrupt operations by creating a short circuit to cause damage to transformers or distribution lines, based on the design and recovery location.”

ABC and other outlets have reported that the JIB says that this assessment is based in part on other unspecified incidents involving drones dating back to 2017.

[…]

Beyond the copper wire strung up underneath it, the drone reportedly had its camera and internal memory card removed. Efforts were taken to remove any identifying markings, indicating efforts by the operator or operators to conceal the identifies and otherwise make it difficult to trace the drone’s origins.

[…]

 

Source: Likely Drone Attack On U.S. Power Grid Revealed In New Intelligence Report

US bans trade with security firm NSO Group over Pegasus spyware

Posted on by

Surveillance software developer NSO Group may have a very tough road ahead. The US Commerce Department has added NSO to its Entity List, effectively banning trade with the firm. The move bars American companies from doing business with NSO unless they receive explicit permission. That’s unlikely, too, when the rule doesn’t allow license exceptions for exports and the US will default to rejecting reviews.

NSO and fellow Israeli company Candiru (also on the Entity List) face accusations of enabling hostile spying by authoritarian governments. They’ve allegedly supplied spyware like NSO’s Pegasus to “authoritarian governments” that used the tools to track activists, journalists and other critics in a bid to crush political dissent. This is part of the Biden-Harris administration’s push to make human rights “the center” of American foreign policy, the Commerce Department said.

The latest round of trade bans also affects Russian company Positive Technologies and Singapore’s Computer Security Initiative Consultancy, bot of which were accused of peddling hacking tools.

[…]

Source: US bans trade with security firm NSO Group over Pegasus spyware (updated) | Engadget

UK Schools Normalizing Biometric Collection By Using Facial Recognition For Meal Payments

Posted on by

Subjecting students to surveillance tech is nothing new. Most schools have had cameras installed for years. Moving students from desks to laptops allows schools to monitor internet use, even when students aren’t on campus. Bringing police officers into schools to participate in disciplinary problems allows law enforcement agencies to utilize the same tech and analytics they deploy against the public at large. And if cameras are already in place, it’s often trivial to add facial recognition features.

The same tech that can keep kids from patronizing certain retailers is also being used to keep deadbeat kids from scoring free lunches. While some local governments in the United States are trying to limit the expansion of surveillance tech in their own jurisdictions, governments in the United Kingdom seem less concerned about the mission creep of surveillance technology.

Some students in the UK are now able to pay for their lunch in the school canteen using only their faces. Nine schools in North Ayrshire, Scotland, started taking payments using biometric information gleaned from facial recognition systems on Monday, according to the Financial Times. [alt link]

The technology is being provided by CRB Cunningham, which has installed a system that scans the faces of students and cross-checks them against encrypted faceprint templates stored locally on servers in the schools. It’s being brought in to replace fingerprint scanning and card payments, which have been deemed less safe since the advent of the COVID-19 pandemic.

According to the Financial Times report, 65 schools have already signed up to participate in this program, which has supposedly dropped transaction times at the lunchroom register to less than five seconds per student. I assume that’s an improvement, but it seems fingerprints/cards weren’t all that slow and there are plenty of options for touchless payment if schools need somewhere to spend their cafeteria tech money.

CRB says more than 97% of parents have consented to the collection and use of their children’s biometric info to… um… move kids through the lunch line faster. I guess the sooner you get kids used to having their faces scanned to do mundane things, the less likely they’ll be to complain when demands for info cross over into more private spaces.

The FAQ on the program makes it clear it’s a single-purpose collection governed by a number of laws and data collection policies. Parents can opt out at any time and all data is deleted after opt out or if the student leaves the school. It’s good this is being handled responsibly but, like all facial recognition tech, mistakes can (and will) be made. When these inevitably occur, hopefully the damage will be limited to a missed meal.

The FAQ handles questions specifically about this program. The other flyer published by the North Ayrshire Council explains nothing and implies facial recognition is harmless, accurate, and a positive addition to students’ lives.

We’re introducing Facial Recognition!

This new technology is now available for a contactless meal service!

Following this exciting announcement, the flyer moves on to discussing biometric collections and the tech that makes it all possible. It accomplishes this in seven short “land of contrasts” paragraphs that explain almost nothing and completely ignore the inherent flaws in these systems as well as the collateral damage misidentification can cause.

The section titled “The history of biometrics” contains no history. Instead, it says biometric collections are already omnipresent so why worry about paying for lunch with your face?

Whilst the use of biometric recognition has been steadily growing over the last decade or so, these past couple of years have seen an explosion in development, interest and vendor involvement, particularly in mobile devices where they are commonly used to verify the owner of the device before unlocking or making purchases.

If students want to learn more (or anything) about the history of biometrics, I guess they’ll need to do their own research. Because this is the next (and final) paragraph of the “history of biometrics” section:

We are delighted to offer this fast and secure identification technology to purchase our delicious and nutritious school meals

Time is a flattened circle, I guess. The history of biometrics is the present. And the present is the future of student payment options, of which there are several. But these schools have put their money on facial recognition, which will help them raise a generation of children who’ve never known a life where they weren’t expected to use their bodies to pay for stuff.

Source: UK Schools Normalizing Biometric Collection By Using Facial Recognition For Meal Payments | Techdirt

Nintendo Killed Emulation Sites Then Released Garbage N64 Games For The Switch

Posted on by

[…]

You will recall that a couple of years back, Nintendo opened up a new front on its constant IP wars by going after ROM and emulation sites. That caused plenty of sites to simply shut themselves down, but Nintendo also made a point of getting some scalps to hang on its belt, most famously in the form of RomUniverse. That site, which very clearly had infringing material not only on the site but promoted by the site’s ownership, got slapped around in the courts to the tune of a huge judgement against, which the site owners simply cannot pay.

But all of those are details and don’t answer the real question: why did Nintendo do this? Well, as many expected from the beginning, it did this because the company was planning to release a series of classic consoles, namely the NES mini and SNES mini. But, of course, what about later consoles? Such as the Nintendo 64?

Well, the answer to that is that Nintendo has offered a Nintendo Switch Online service uplift that includes some N64 games that you can play there instead.

After years of “N64 mini” rumors (which have yet to come to fruition), Nintendo announced plans to honor its first fully 3D gaming system late last month in the form of the Nintendo Switch Online Expansion Pack. Pay a bit extra, the company said, and you’d get a select library of N64 classics, emulated by the company that made them, on Switch consoles as part of an active NSO subscription.

One month later, however, Nintendo’s sales proposition grew more sour. That “bit extra” ballooned to $30 more per year, on top of the existing $20/year fee—a 150 percent jump in annual price. Never mind that the price also included an Animal Crossing expansion pack (which retro gaming fans may not want) and Sega Genesis games (which have been mostly released ad nauseam on every gaming system of the past decade). For many interested fans, that price jump was about the N64 collection.

So, a bit of a big price tag and a bunch of extras that are mostly besides the point from the perspective of the buyer. Buy, hey, at least Nintendo fans will finally get some N64 games to play on their Switch consoles, right?

Well, it turns out that Nintendo’s offering cannot come close to matching the quality of the very emulators and ROMs that Nintendo has worked so hard to disappear. The Ars Technica post linked above goes into excruciating details, some of which we’ll discuss for the purpose of giving examples, but here are the categories that Nintendo’s product does worse than an emulator on a PC.

 

  • Game options, such as visual settings for resolution to fit modern screens
  • Visuals, such as N64’s famous blur settings, and visual changes that expose outdated graphical sprites
  • Controller input lag
  • Controller configuration options
  • Multiplayer lag/stutter

 

If that seems like a lot of problems compared with emulators that have been around for quite a while, well, ding ding ding! We’ll get into some examples briefly below, but I’ll stipulate that none of the issues in the categories above are incredibly bad. But there are so many of them that they all add up to bad!

[….]

Source: Nintendo Killed Emulation Sites Then Released Garbage N64 Games For The Switch | Techdirt

NFI decrypts Tesla’s hidden driving data

Posted on by

[…] The Netherlands Forensic Institute (NFI) said it discovered a wealth of information about Tesla’s Autopilot, along with data around speed, accelerator pedal positions, steering wheel angle and more. The findings will allow the government to “request more targeted data” to help determine the cause of accidents, the investigators said.

The researchers already knew that Tesla vehicles encrypt and store accident related data, but not which data and how much. As such, they reverse-engineered the system and succeeded in “obtaining data from the models S, Y, X and 3,” which they described in a paper presented at an accident analysis conference.

[….]

With knowledge of how to decrypt the storage, the NFI carried out tests with a Tesla Model S so it could compare the logs with real-world data. It found that the vehicle logs were “very accurate,” with deviations less than 1 km/h (about 0.6 MPH).

[…]

It used to be possible to extract Autopilot data from Tesla EVs, but it’s now encrypted in recent models, the investigators said. Tesla encrypts data for good reason, they acknowledged, including protecting its own IP from other manufacturers and guarding a driver’s privacy. It also noted that the company does provide specific data to authorities and investigators if requested.

However, the team said that the extra data they extracted would allow for more detailed accident investigations, “especially into the role of driver assistance systems.” It added that it would be ideal to know if other manufacturers stored the same level of detail over long periods of time. “If we would know better which data car manufacturers all store, we can also make more targeted claims through the courts or the Public Prosecution Service,” said NFI investigator Frances Hoogendijk. “And ultimately that serves the interest of finding the truth after an accident.”

Source: The Dutch government claims it can decrypt Tesla’s hidden driving data | Engadget

Protecting your IP this way basically means things like not being able to use the data for legitimate reasons – such as investigating accidents – as well as halting advancements. This whole IP thing has gotten way out of hand to the detriment of the human race!

Also, this sounds like non-GDPR compliant data collection

Commercial and Military Applications and Timelines for Quantum Technology | RAND

Posted on by

This report provides an overview of the current state of quantum technology and its potential commercial and military applications. The author discusses each of the three major categories of quantum technology: quantum sensing, quantum communication, and quantum computing. He also considers the likely commercial outlook over the next few years, the major international players, and the potential national security implications of these emerging technologies. This report is based on a survey of the available academic literature, news reporting, and government-issued position papers.

Most of these technologies are still in the laboratory. Applications of quantum sensing could become commercially or militarily ready within the next few years. Although limited commercial deployment of quantum communication technology already exists, the most-useful military applications still lie many years away. Similarly, there may be niche applications of quantum computers in the future, but all known applications are likely at least ten years away. China currently leads the world in the development of quantum communication, while the United States leads in the development of quantum computing.

Key Findings

Quantum technology is grouped into three broad categories: quantum sensing, quantum communication, and quantum computing

  • Quantum sensing refers to the ability to use quantum mechanics to build extremely precise sensors. This is the application of quantum technology considered to have the nearest-term operational potential.
  • The primary near-term application of quantum communication technology is security against eavesdroppers, primarily through a method known as quantum key distribution (QKD). Longer-term applications include networking together quantum computers and sensors.
  • Quantum computing refers to computers that could, in principle, perform certain computations vastly more quickly than is fundamentally possible with a standard computer. Certain problems that are completely infeasible to solve on a standard computer could become feasible on a quantum computer.

Every subfield of quantum technology potentially has major implications for national security

  • Some of the primary applications for quantum sensing include position, navigation, and timing and possibly intelligence, surveillance, and reconnaissance.
  • Quantum communication technology could use QKD to protect sensitive encrypted communications against hostile interception, although some experts consider other security solutions to be more promising.
  • Quantum computing could eventually have the most severe impact on national security. A large-scale quantum computer capable of deploying Shor’s algorithm on current encryption would have a devastating impact on virtually all internet security.

There is no clear overall world leader in quantum technology

  • The United States, China, the European Union, the United Kingdom, and Canada all have specific national initiatives to encourage quantum-related research.
  • The United States and China dominate in overall spending and the most-important technology demonstrations, but Canada, the United Kingdom, and the European Union also lead in certain subfields.
  • China is the world leader in quantum communication, and the United States is the world leader in quantum computing.

The highest-impact quantum technologies are still many years away

  • Applications of quantum sensing could become commercially or militarily ready within the next few years.
  • Limited commercial deployment of quantum communication technology already exists, but the most-useful military and commercial applications still lie many years away.
  • There may be niche applications of quantum computers over the next few years, but all currently known applications are likely at least ten years away.

Source: Commercial and Military Applications and Timelines for Quantum Technology | RAND

Google pays fines to Russia over banned content – because fine is paltry

Posted on by

 U.S. tech giant Google has paid Russia more than 32 million roubles ($455,079) in fines for failing to delete content Moscow deems illegal, the company and a Russian lawmaker said after talks on Monday.

[…]

In 2020, Google’s compliance with requests to delete content was 96.2%, Pancini said, and in the first half of this year, it removed over 489,000 videos, but Russia said too much banned content still remained available.

Piskarev said last week that this included child pornography. Russia has ordered other foreign tech firms to delete posts promoting drug abuse and dangerous pastimes, information about homemade weapons and explosives, as well as ones by groups it designates as extremist or terrorist.

Around 2,650 pieces of illegal content on Google’s internet resources remained undeleted as of the start of October, the RIA news agency cited Piskarev as saying.

“Work has been carried out, as we see, however it is still very far from ideal,” he said.

Piskarev said Pancini had cited technical difficulties for Google’s failure to remove all the banned content.

Source: Google pays fines to Russia over banned content

As soon as you hear about child pornography alarm bells should be ringing – someone is trying to do something else which is totally unacceptable

5 notable Facebook fuckups in the recent relevations

Posted on by

The Facebook Papers are based on leaks from former Facebook staffer Frances Haugen and other inside sources. Haugen has appeared before US Congress, British Parliament, and given prominent television interviews. Among the allegations raised are that Facebook:

  • Knows that its algorithms lead users to extreme content and that it employs too few staff or contractors to curb such content, especially in languages other than English. Content glorifying violence and hate therefore spreads on Facebook – which really should know better by now after the The New York Times in 2018 reported that Myanmar’s military used Facebook to spread racist propaganda that led to mass violence against minority groups;
  • Enforces its rules selectively, allowing certain celebrities and websites to get away with behavior that would get others kicked off the platform. Inconsistent enforcement means users don’t get the protection from harmful content Facebook has so often promised, implying that it prioritises finding eyeballs for ads ahead of user safety;
  • Planned a special version of Instagram targeting teenagers, but cancelled it after Haugen revealed the site’s effects on some users – up to three per cent of teenage girls experience depression or anxiety, or self-harm, as a result of using the service;
  • Can’t accurately assess user numbers and may be missing users with multiple accounts. The Social Network™ may therefore have misrepresented its reach to advertisers, or made its advertising look more super-targeted than it really is – or both;
  • Just isn’t very good at spotting the kind of content it says has no place on its platform – like human trafficking – yes, that means selling human beings on Facebook. At one point Apple was so upset by the prevalence of Facebook posts of this sort it threatened to banish Zuckerberg’s software from the App Store.

Outlets including AP News and The Wall Street Journal have more original reporting on the leaks.

Source: Facebook labels recent revelations unfair • The Register

Google deliberately throttled ad load times to promote AMP, locking advertisers into it’s own advertising market place

Posted on by

More detail has emerged from a 173-page complaint filed last week in the lawsuit brought against Google by a number of US states, including allegations that Google deliberately throttled advertisements not served to its AMP (Accelerated Mobile) pages.

The lawsuit – as we explained at the end of last week – was originally filed in December 2020 and concerns alleged anti-competitive practice in digital advertising. The latest document, filed on Friday, makes fresh claims alleging ad-throttling around AMP.

Google introduced AMP in 2015, with the stated purpose of accelerating mobile web pages. An AMP page is a second version of a web page using AMP components and restricted JavaScript, and is usually served via Google’s content delivery network. Until 2018, the AMP project, although open source, had as part of its governance a BDFL (Benevolent Dictator for Life), this being Google’s Malte Ubl, the technical lead for AMP.

In 2018, Ubl posted that this changed “from a single Tech lead to a Technical Steering Committee”. The TSC sets its own membership and has a stated goal of “no more than 1/3 of the TSC from one employer”, though currently has nine members, of whom four are from Google, including operating director Joey Rozier.

According to the Friday court filing, representing the second amended complaint [PDF] from the plaintiffs, “Google ad server employees met with AMP employees to strategize about using AMP to impede header bidding.” Header bidding, as described in our earlier coverage, enabled publishers to offer ad space to multiple ad exchanges, rather than exclusively to Google’s ad exchange. The suit alleges that AMP limited the compatibility with header bidding to just “a few exchanges,” and “routed rival exchange bids through Google’s ad server so that Google could continue to peek at their bids and trade on inside information”.

The lawsuit also states that Google’s claims of faster performance for AMP pages “were not true for publishers that designed their web pages for speed”.

A more serious claim is that: “Google throttles the load time of non-AMP ads by giving them artificial one-second delays in order to give Google AMP a ‘nice comparative boost’. Throttling non-AMP ads slows down header bidding, which Google then uses to denigrate header bidding for being too slow.”

The document goes on to allege that: “Internally, Google employees grappled with ‘how to [publicly] justify [Google] making something slower’.”

Google promoted AMP in part by ranking non-AMP pages below AMP pages in search results, and featuring a “Search AMP Carousel” specifically for AMP content. This presented what the complaint claims was a “Faustian bargain,” where “(1) publishers who used header bidding would see the traffic to their site drop precipitously from Google suppressing their ranking in search and re-directing traffic to AMP-compatible publishers; or (2) publishers could adopt AMP pages to maintain traffic flow but forgo exchange competition in header bidding, which would make them more money on an impression-by-impression basis.”

The complaint further alleges that “According to Google’s internal documents, [publishers made] 40 per cent less revenue on AMP pages.”

A brief history of AMP

AMP was controversial from its first inception. In 2017 developer Jeremy Keith described AMP as deceptive, drawing defensive remarks from Ubl. Keith later joined the AMP advisory committee, but resigned in August saying that “I can’t in good faith continue to advise on the AMP project for the OpenJS Foundation when it has become clear to me that AMP remains a Google product, with only a subset of pieces that could even be considered open source.”

One complaint is that the AMP specification requires a link to Google-hosted JavaScript.

In May 2020 Google stated it would “remove the AMP requirement from Top Stories eligibility”.

This was confirmed in April 2021, when Google posted about an update to its “page experience” whereby “the Top Stories carousel feature on Google Search will be updated to include all news content, as long as it meets the Google News policies. This means that using the AMP format is no longer required.” In addition, “we will no longer show the AMP badge icon to indicate AMP content.” Finally, Google Search signed exchanges, which pre-fetches content to speed page rendering on sites which support the feature, was extended to all web pages where it was previously restricted to AMP pages.

This is evidence that Google is pulling back from its promotion of AMP, though it also said that “Google continues to support AMP”.

As for the complaint, it alleges that Google has an inherent conflict of interest. According to the filing: “Google was able to demand that it represent the buy-side (i.e., advertisers), where it extracted one fee, as well as the sell-side (i.e., publishers), where it extracted a second fee, and it was also able to force transactions to clear in its exchange, where it extracted a third, even larger, fee.”

The company also has more influence than any other on web standards, thanks to the dominant Chrome browser and Chromium browser engine, and on mobile technology, thanks to Android.

That Google would devise a standard from which it benefited is not surprising, but the allegation of deliberately delaying ads on other formats in order to promote it is disturbing and we have asked the company to comment.

Source: Google deliberately throttled ad load times to promote AMP, claims new court document • The Register

Monopolies eh!

UK government hands secret services cloud contract to AWS

Posted on by

The UK’s intelligence services are to store their secret files in the AWS cloud in a deal inked earlier this year, according to reports.

The GCHQ organisation (electrical/radio communications eavesdropping), MI5 (domestic UK intelligence matters), MI6 (external UK intel) and also the Ministry of Defence (MoD) will access their data in the cloud, albeit in UK-located AWS data centres.

The news was first reported in the Financial Times newspaper (paywall), which said GCHQ drove the deal that was signed earlier this year, and the data will be stored in a high-security way. It is claimed by unknown sources that AWS itself will not have access to the data.

Apparently the three agencies plus the MoD will be able to access information faster and share it more quickly when needed. This is presumably in contrast to each agency storing its own information on its own on-premises computer systems.

[…]

The US’s CIA signed a $600m AWS Cloud contract in 2013. That contract was upgraded in 2020 and involved AWS, Google, IBM, Microsoft and Oracle in a consortium.

Of course, for the US, AWS is a domestic firm. The French government is setting up its own sovereign public cloud called Bleu for sensitive government data. This “Cloud de Confiance” will be based on Microsoft’s Azure platform – and will include Microsoft 365 – but will apparently be “delivered via an independent environment” that has “immunity from all extraterritorial legislation and economic independence” from within an “isolated infrastructure that uses data centres located in France.”

In GCHQ’s reported view, no UK-based public cloud could provide the scale or capabilities needed for the security services data storage requirements.

[….]

Source: UK government hands secret services cloud contract to AWS • The Register

Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year

Posted on by

Hackers have stolen an estimated $130 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.

The incident, detected earlier today by blockchain security firms PeckShield and SlowMist, was confirmed by the Cream Finance team earlier today.

The attackers are believed to have found a vulnerability in the platform’s lending system —called flash loaning— and used it to steal all of Cream’s assets and tokens running on the Ethereum blockchain, according to blockchain security firm BlockSec, which also posted an explanation of the security flaw on Twitter earlier today.

A breakdown of the stolen funds is available below, courtesy of the SlowMist team.

CreamFinance-hack-SlowMist
Image: SlowMist

Roughly six hours after the attack, Cream Finance said it fixed the bug exploited in the hack with the help of cryptocurrency platform Yearn.

Even if the attacker’s initial wallet, used to exfiltrate a large chunk of the funds, has been identified, the funds have already been moved to new accounts, and there appears to be a small chance the stolen crypto can be tracked down and returned to the platform.

Third time’s a charm

Today’s hack marks the third time Cream Finance has been hacked this year after the company lost $37 million in February and another $29 million in August.

All attacks were flash loan exploits, a common way through which most DeFi platforms have been hacked over the past two years.

DeFi related hacks have accounted for 76% of all major hacks in 2021, and users have lost more than $474 million to attacks on DeFi platforms this year, CipherTrace said in a report in August.

Similarly, DeFi hacks also made up 21% of all the 2020 cryptocurrency hacks and stolen funds after being almost inexistent a year before, in 2019, the same CipherTrace said in a report last year.

The Cream heist also marks the second-largest cryptocurrency hack this year after DeFi platform Poly Network lost $600 million in August. However, the individual behind the Poly hack eventually returned all the stolen funds two weeks later on the promise the company won’t seek charges.

Source: Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year – The Record by Recorded Future

Ultraleap launches its 5th Gen hand tracking platform Gemini

Posted on by

Ultraleap’s fifth-generation hand tracking platform, known as Gemini, is fully available on Windows. The most robust, flexible hand tracking ever, it’s already powering amazing experiences from Varjo, been integrated into Qualcomm’s Snapdragon XR2 platform, and is bringing touchless technology to self-service solutions around the world. 

The Gemini Windows release is the first step in making the world’s best hand tracking easier to access and more flexible for multiple platforms, camera systems and third-party hardware.

Ultraleap have rebuilt their tracking engine from the ground up to be able to improve hand tracking across various aspects including:

  1. Improved two-handed interaction
  2. Faster initialization and hand detection
  3. Improved robustness to challenging environmental conditions
  4. Better adaptation to hand anatomy

Ultraleap have also made significant changes to the tracking platform to able to extend hand-tracking to different platforms and hardware. Varjo’s XR-3 and VR-3 headsets and Qualcomm’s XR2 chipset are two variations already announced, with more in the pipeline.

[…]

Meet Ultraleap Gemini – the best hand tracking ever. Fast initialization, interaction with two hands together, tracks diverse hand sizes, works in challenging environments.

Hand tracking will be to XR what touchscreens were to mobile

The Windows release is the first time full Gemini has been made available to all and the first full hand tracking release from the company in three years. Since a preview of the release went out earlier in the year, Ultraleap have been further refining the software ahead of full launch.

[…]

Source: Ultraleap launches its 5th Gen hand tracking platform – Gemini | Ultraleap

Giant, free index to world’s research papers released online

Posted on by

In a project that could unlock the world’s research papers for easier computerized analysis, an American technologist has released online a gigantic index of the words and short phrases contained in more than 100 million journal articles — including many paywalled papers.

The catalogue, which was released on 7 October and is free to use, holds tables of more than 355 billion words and sentence fragments listed next to the articles in which they appear. It is an effort to help scientists use software to glean insights from published work even if they have no legal access to the underlying papers, says its creator, Carl Malamud. He released the files under the auspices of Public Resource, a non-profit corporation in Sebastopol, California, that he founded.

[….]

Computer scientists already text mine papers to build databases of genes, drugs and chemicals found in the literature, and to explore papers’ content faster than a human could read. But they often note that publishers ultimately control the speed and scope of their work, and that scientists are restricted to mining only open-access papers, or those articles they (or their institutions) have subscriptions to. Some publishers have said that researchers looking to mine the text of paywalled papers need their authorization.

And although free search engines such as Google Scholar have — with publishers’ agreement — indexed the text of paywalled literature, they only allow users to search with certain types of text queries, and restrict automated searching. That doesn’t allow large-scale computerized analysis using more specialized searches, Malamud says.

[…]

Michael Carroll, a legal researcher at the American University Washington College of Law in Washington DC, says that distributing the index should be legal worldwide because the files do not copy enough of an underlying article to infringe the publisher’s copyright — although laws vary by country. “Copyright does not protect facts and ideas, and these results would be treated as communication of facts derived from the analysis of the copyrighted articles,” he says.

The only legal question, Carroll adds, is whether Malamud’s obtaining and copying of the underlying papers was done without breaching publishers’ terms. Malamud says that he did have to get copies of the 107 million articles referenced in the index to create it; he declined to say how,

 

Source: Giant, free index to world’s research papers released online

It is sad indeed that much research – lots of it probably paid for by tax payers and all of it eventually subsidised by customers of the companies who paid for it – is impossible or very hard for scientists to look up: because of copyright. This is a clear impediment to growth of wealth and knowledge and it’s not very strange to understand why countries like China who don’t allow people to sit on their copyrighted arses but make them innovate for a living are doing much better at growth than the legally quagmired west.