A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication.
Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. Diachenko believes the trove of data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals in Vietnam, according to the evidence.
[…]
Diachenko immediately notified the internet service provider managing the IP address of the server so that access could be removed. However, Diachenko says the data was also posted to a hacker forum as a download.
Timeline of the exposure
The database was exposed for nearly two weeks before access was removed.
[…]
In total 267,140,436 records were exposed. Most of the affected users were from the United States. Diachenko says all of them seem to be valid. Each contained:
Airbnb will be breathing a sigh of relief today: Europe’s top court has judged it to be an online platform, which merely connects people looking for short-term accommodation, rather than a full-blown estate agent.
The ruling may make it harder for the “home sharing” platform to be forced to comply with local property regulations — at least under current regional rules governing e-commerce platforms.
The judgement by the Court of Justice of the European Union (CJEU) today follows a complaint made by a French tourism association, AHTOP, which had argued Airbnb should hold a professional estate agent licence. And, that by not having one, the platform giant was in breach of a piece of French legislation known as the “Hoguet Law.”
However, the court disagreed — siding with Airbnb’s argument that its business must be classified as an “information society service” under EU Directive 2000/31 on electronic commerce.
Commenting on the ruling in a statement, Luca Tosoni, a research fellow at the Norwegian Research Center for Computers and Law at the University of Oslo, told us: “The Court’s finding that online platforms that facilitate the provision of short-term accommodation services, such as Airbnb, qualify as providers of ‘information society services’ entails strict limitations on the ability to introduce or enforce restrictive measures on similar services by a Member State other than that in whose territory the relevant service provider is established.”
Amsterdam was hoping to make Airbnb collect tourist taxes too, which the county of Amsterdam will now have to do themselves. Also, Amsterdam – a 100% tourist city – is now whining that it doesn’t want tourists any more and is blaming Airbnb for having them.
The problems with the design of current battery technologies like lithium-ion are well known, we just tend to turn a blind eye when it means our smartphones can run for a full day without a charge. In addition to lithium, they require heavy metals like cobalt, manganese, and nickel which come from giant mines that present hazards to the environment, and often to those doing the actual mining. These metals are also a finite resource, and as more and more devices and vehicles switch to battery power, their availability is going to decrease at a staggering pace.
As a potential solution, scientists at IBM Research’s Battery Lab came up with a new design that replaces the need for cobalt and nickel in the cathode, and also uses a new liquid electrolyte (the material in a battery that helps ions move from one end to the other) with a high flash point. The combination of the new cathode and the electrolyte materials was also found to limit the creation of lithium dendrites which are spiky structures that often develop in lithium-ion batteries that can lead to short circuits. So not only would this new battery have less of an impact on the environment to manufacture, but it would also be considerably safer to use, with a drastically reduced risk of fire or explosions.
But the benefits of IBM Research’s design don’t stop there. The researchers believe the new battery would have a larger capacity than existing lithium-ion batteries, could potentially charge to about 80 percent of its full capacity in just five minutes, would be more energy-efficient, and, on top of it all, it would be cheaper to manufacture which in turn means they could help reduce the cost of gadgets and electric vehicles. These results are estimations based on how the battery has performed in the lab so far, but IBM Research is teaming up with companies like Mercedes-Benz Research and Development to further explore this technology, so it will be quite a few years before you’re able to feel a little less guilty about your smartphone addiction.
The log-in credentials for 3,672 Ring camera owners were compromised this week, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras, which are often the same as camera locations, such as “bedroom” or “front door.”
Using the log-in email and password, an intruder could access a Ring customer’s home address, telephone number, and payment information, including the kind of card they have, and its last four digits and security code. An intruder could also access live camera footage from all active Ring cameras associated with an account, as well as a 30- to 60-day video history, depending on the user’s cloud storage plan.
HP is being held liable for damages to 123inkt customers who bought the ink cartridges which they suddenly couldn’t use any more. From personal experience I know how annoying this is as several printers have started doing very sketchy things suddenly which were magically ‘fixed’ by inserting HP ink cartridges. It’s ink, people, there’s no way that another’s ink could break a printer.
It’s not so much being watched. It’s that I don’t really know if I’m being watched or not.
From across the other side of the world, a colleague has just accessed my Ring account, and in turn, a live-feed of a Ring camera in my apartment. He sent a screenshot of me stretching, getting ready for work. Then a second colleague accessed the camera from another country, and started talking to me through the Ring device.
“Joe can you tell I’m watching you type,” they added in a Slack message. The blue light which signals someone is watching the camera feed faded away. But I still couldn’t shake the feeling of someone may be tuning in. I went into another room.
[…]
Last week a wave of local media reports found hackers harassed people through Ring devices. In one case a hacker taunted a child in Mississippi, in another someone hurled racist insults at a Florida family. Motherboard found hackers have made dedicated software for more swiftly gaining access to Ring cameras by churning through previously compromised email addresses and passwords, and that some hackers were live-streaming the Ring abuse on their own so-called podcast dubbed “NulledCast.”
In response to the hacks, Ring put much of the blame for these hacks on its users in a blog post Thursday.
“Customer trust is important to us, and we take the security of our devices and service extremely seriously. As a precaution, we highly encourage all Ring users to follow security best practices to ensure your Ring account stays secure,” it said. To be clear, a user who decides to use a unique password on their Ring device and two-factor authentication is going to be safer than one who is reusing previously hacked credentials from another website. But rather than implementing its own safeguards, Ring is putting this onus on users to deploy security best practices; time and time again we’ve seen that people using mass-market consumer devices aren’t going to know or implement robust security measures at all times.
Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in—entirely common security measures across a wealth of online services.
[…]
A Ring account is not a normal online account. Rather than a username and password protecting messages or snippets of personal information, such as with, say, a video game account, breaking into a Ring account can grant access to exceptionally intimate and private parts of someone’s life and potentially puts their physical security at risk. Some customers install these cameras in their bedrooms or those of their children. Through an issue in the way a Ring-related app functions, Gizmodo found these cameras are installed all across the country. Someone with access can hear conversations and watch people, potentially without alerting the victims that they are being spied on. The app displays a user-selected address for the camera, and the live feed could be used to determine whether the person is home, which could be useful if someone were, for example, planning a robbery. Once a hacker has broken into the account, they can watch not only live streams of the camera, but can also silently watch archived video of people—and families—going about their days.
Remote access, collaboration and password manager provider LogMeIn has been sold to a private equity outfit for $4.3bn.
A consortium led by private equity firm Francisco Partners (along with Evergreen, the PE arm of tech activist investor Elliott Management), will pay $86.05 in cash for each LogMeIn share – a 25 per cent premium on prices before talk about the takeover surfaced in September.
LogMeIn’s board of directors is in favour of the buy. Chief executive Bill Wagner said the deal recognised the value of the firm and would provide for: “both our core and growth assets”.
The sale should close in mid-2020, subject to the usual shareholder and regulatory hurdles. Logmein also has 45 days to look at alternative offers.
In 2018 LogMeIn made revenues of $1.2bn and profits of $446m.
The company runs a bunch of subsidiaries which offer collaboration software and web meetings products, virtual telephony services, remote technical support, and customer service bots as well as several identity and password manager products.
Logmein bought LastPass, which now claims 18.6 million users, for $110m in 2015. That purchase raised concerns about exactly how LastPass’s new owner would exploit the user data it held, and today’s news is unlikely to allay any of those fears.
Amazon, Apple, Google, and the Zigbee Alliance joined together to promote the formation of the Working Group. Zigbee Alliance board member companies IKEA, Legrand, NXP Semiconductors, Resideo, Samsung SmartThings, Schneider Electric, Signify (formerly Philips Lighting), Silicon Labs, Somfy, and Wulian are also on board to join the Working Group and contribute to the project.
The goal of the Connected Home over IP project is to simplify development for manufacturers and increase compatibility for consumers. The project is built around a shared belief that smart home devices should be secure, reliable, and seamless to use. By building upon Internet Protocol (IP), the project aims to enable communication across smart home devices, mobile apps, and cloud services and to define a specific set of IP-based networking technologies for device certification.
The industry Working Group will take an open-source approach for the development and implementation of a new, unified connectivity protocol. The project intends to use contributions from market-tested smart home technologies from Amazon, Apple, Google, Zigbee Alliance, and others. The decision to leverage these technologies is expected to accelerate the development of the protocol, and deliver benefits to manufacturers and consumers faster.
The project aims to make it easier for device manufacturers to build devices that are compatible with smart home and voice services such as Amazon’s Alexa, Apple’s Siri, Google’s Assistant, and others. The planned protocol will complement existing technologies, and Working Group members encourage device manufacturers to continue innovating using technologies available today.
Infrared cameras detect people and other objects by the heat they emit. Now, researchers have discovered the uncanny ability of a material to hide a target by masking its telltale heat properties.
The effect works for a range of temperatures that one day could include humans and vehicles, presenting a future asset to stealth technologies, the researchers say.
What makes the material special is its quantum nature—properties that are unexplainable by classical physics. The study, published today in the Proceedings of the National Academy of Sciences, is one step closer to unlocking the quantum material’s full potential.
The work was conducted by scientists and engineers at the University of Wisconsin-Madison, Harvard University, Purdue University, the Massachusetts Institute of Technology and Brookhaven National Laboratory.
Fooling infrared cameras is not new. Over the past few years, researchers have developed other materials made of graphene and black silicon that toy with electromagnetic radiation, also hiding objects from cameras.
But how the quantum material in this study tricks an infrared camera is unique: it decouples an object’s temperature from its thermal light radiation, which is counterintuitive based on what is known about how materials behave according to fundamental physics laws. The decoupling allows information about an object’s temperature to be hidden from an infrared camera.
The discovery does not violate any laws of physics, but suggests that these laws might be more flexible than conventionally thought.
Quantum phenomena tend to come with surprises. Several properties of the material, samarium nickel oxide, have been a mystery since its discovery a few decades ago.
Shriram Ramanathan, a professor of materials engineering at Purdue, has investigated samarium nickel oxide for the past 10 years. Earlier this year, Ramanathan’s lab co-discovered that the material also has the counterintuitive ability to be a good insulator of electrical current in low-oxygen environments, rather than an unstable conductor, when oxygen is removed from its molecular structure.
Additionally, samarium nickel oxide is one of a few materials that can switch from an insulating phase to a conducting phase at high temperatures. University of Wisconsin-Madison researcher Mikhail Kats suspected that materials with this property might be capable of decoupling temperature and thermal radiation.
“There is a promise of engineering thermal radiation to control heat transfer and make it either easier or harder to identify and probe objects via infrared imaging,” said Kats, an associate professor of electrical and computer engineering.
Ramanathan’s lab created films of samarium nickel oxide on sapphire substrates to be compared with reference materials. Kats’ group measured spectroscopic emission and captured infrared images of each material as it was heated and cooled. Unlike other materials, samarium nickel oxide barely appeared hotter when it was heated up and maintained this effect between 105 and 135 degrees Celsius.
“Typically, when you heat or cool a material, the electrical resistance changes slowly. But for samarium nickel oxide, resistance changes in an unconventional manner from an insulating to a conducting state, which keeps its thermal light emission properties nearly the same for a certain temperature range,” Ramanathan said.
Because thermal light emission doesn’t change when temperature changes, that means the two are uncoupled over a 30-degree range.
According to the Kats, this study paves the way for not only concealing information from infrared cameras, but also for making new types of optics and even improving infrared cameras themselves.
“We are looking forward to exploring this material and related nickel oxides for infrared camera components such as tunable filters, optical limiters that protect sensors, and new sensitive light detectors,” Kats said.
More information: Temperature-independent thermal radiation, Proceedings of the National Academy of Sciences (2019). DOI: 10.1073/pnas.1911244116 , https://www.pnas.org/content/early/2019/12/16/1911244116 , https://arxiv.org/abs/1902.00252
Next time you feel the need to justify to a family member, friend, or random acquaintance why you drive an old shitbox instead of a much more comfortable, modern vehicle, here’s another reason for you to trot out: your old shitbox, unlike every modern car, is not spying on you.
That’s the takeaway from a Washington Post investigation that hacked into a 2017 Chevy Volt to see what data the car hoovers up. The answer is: yikes.
Among the trove of data points were unique identifiers for my and Doug’s [the car’s owner] phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.
…
In our Chevy, we probably glimpsed just a fraction of what GM knows. We didn’t see what was uploaded to GM’s computers, because we couldn’t access the live OnStar cellular connection.
And it’s not just Chevy:
Mason has hacked into Fords that record locations once every few minutes, even when you don’t use the navigation system. He’s seen German cars with 300-gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras. Coming next: face data, used to personalize the vehicle and track driver attention.
Perhaps most troublingly, GM wouldn’t even share with the car’s owner what data about him it collected and shared.
And for what? Why are automakers collecting all this information about you? The short answer is they have no idea but are experimenting with the dumbest possible uses for it:
Automakers haven’t had a data reckoning yet, but they’re due for one. GM ran an experiment in which it tracked the radio music tastes of 90,000 volunteer drivers to look for patterns with where they traveled. According to the Detroit Free Press, GM told marketers that the data might help them persuade a country music fan who normally stopped at Tim Horton’s to go to McDonald’s instead.
That’s right, it wants to collect as much information about you as possible so it can take money from fast-food restaurants to target people who like a certain type of music, which is definitely, definitely a real indicator of what type of fast food restaurant you go to.
You should check out the entire investigation, as there are a lot of other fascinating bits in there, like what can be learned about a used infotainment system bought on eBay.
One point the article doesn’t mention, but that I think is important, is how badly this bodes for the electric future, since pretty much by definition every electric car must have at least some form of a computer. Unfortunately, making cars is hard and expensive so it’s unlikely a new privacy-focused electric automaker will pop up any time soon. I mean, hell, we barely even have privacy-focused phones.
Privacy or environmentally friendly: choose one. The future, it is trash.
If you were one of the millions of people that signed up with Unrollme to cut down on the emails from outfits you once bought a product from, we have some bad news for you: it has been storing and selling your data.
On Tuesday, America’s Federal Trade Commission finalized a settlement [PDF] with the New York City company, noting that it had deceived netizens when it promised not to “touch” people’s emails when they gave it permission to unsubscribe from, block, or otherwise get rid of marketing mailings they didn’t want.
It did touch them. In fact, it grabbed copies of e-receipts sent to customers after they’d bought something – often including someone’s name and physical address – and provided them to its parent company, Slice Technologies. Slice then used the information to compile reports that it sold to the very businesses people were trying to escape from.
Huge numbers of people signed up with Unrollme as a quick and easy way to cut down on the endless emails consumers get sent when they either buy something on the web, or provide their email address in-store or online. It can be time-consuming and tedious to click “unsubscribe” on emails as they come into your inbox, so Unrollme combined them in a single daily report with the ability to easily remove emails. This required granting Unrollme access to your inbox.
As the adage goes, if a product is free, you are the product. And so it was with Unrollme, which scooped up all that delicious data from people’s emails, and provided it to Slice, which was then stored and compiled into market research analytics products that it sold.
And before you get all told-you-so and free-market about it, consider this: Unrollme knew that a significant number of potential customers would drop out of the sign-up process as soon as they were informed that the company would require access to their email account, and so it wooed them by making a series of comforting statements about how it wouldn’t actually do anything with that access.
Examples?
Here’s one: “You need to authorize us to access your emails. Don’t worry, this is just to watch for those pesky newsletters, we’ll never touch your personal stuff.”
It’s been about a year since users of Canadian cryptocurrency exchange QuadrigaCX were informed that the company’s CEO unexpectedly died, taking the password that accessed most the money from their accounts with him to the grave. And now, those clients want to know what’s inside that grave.
The majority of QuadrigaCX’s holdings were kept offline in “cold storage,” with a password known only by 30-year-old CEO Gerald Cotten. On January 14, the company posted a Facebook note announcing Cotten had died about month earlier “due to complications with Crohn’s disease” while on a trip to India “where he was opening an orphanage to provide a home and safe refuge for children in need.”
The news meant that 76,000 people lost cryptocurrency and cash that amounted to about $163 million USD, collectively, according to Bloomberg. The story became more suspicious in June when a bankruptcy monitor revealed that Cotten funneled most of the money into fraudulent accounts and spent much of it on his wife and himself. Growing skepticism around the mysterious death has driven lawyers representing Quadriga CX users to request that Cotten’s grave be exhumed.
On Friday, the Nova Scotia Supreme Court-appointed lawyers sent a letter asking Canadian police to conduct an autopsy on the body in Cotten’s grave “to confirm both its identity and the cause of death” citing the “questionable circumstances surrounding Mr. Cotten’s death” and “the need for certainty around the question of whether Mr. Cotten is in fact deceased.”
Richard Niedermayer, a lawyer representing Cotten’s wife Jennifer Robertson told the New York Times in an email that Robertson was “heartbroken to learn” about the exhumation request, adding that Cotten’s death “should not be in doubt.”
The QuadrigaCX users’ counsel is asking that the exhumation and autopsy happen by the Spring of 2020 due to “decomposition concerns.”
Stung by an article mulling Amazon Web Services’ market dominance on Monday, AWS VP Andi Gutmans fired back, complaining the reporter ignored flattering comments from AWS partners – and that “AWS is ‘strip-mining’ open source is silly and off-base.”
“The journalist largely ignores the many positive comments he got from partners because it’s not as salacious copy for him,” Gutmans said in a blog post, as if critical reporting carried with it an obligation to publish a specific quota of marketing copy.
And he insisted that Amazon “contributes mightily to open source projects,” and “AWS has not copied anybody’s software or services.”
In its recent lawsuit against AWS, open source biz Elastic, cited in the New York Times article and a business which is public in its disaffection with Amazon, did not accuse AWS of copying its open source search software – which anyone can copy by virtue of its open source license. Rather, the search biz objects to AWS’ use of its trademark in its Amazon Elasticsearch Service.
But others have been more cutting. Following AWS’ launch of DocumentDB, a cloud database compatible with the MongoDB API, CEO Dev Ittycheria suggested his company’s product had been imitated and copied.
Indeed, among startups like Confluent, Elastic, MongoDB, Neo4J, and Redis Labs that have been trying to turn open source projects into revenue-generating businesses, concern about AWS – and to a lesser extent Microsoft Azure and Google Cloud – is quite common.
In September, at the Open Core Summit, small companies aspiring to be big ones gathered to figure out how they might make a profit in the shadow of AWS and its peers. Worries about AWS have proven broad enough to attract the attention of the US Federal Trade Commission, said to be exploring a possible antitrust case against AWS.
Despite his dissatisfaction with insufficiently rosy AWS coverage, Gutmans has a point: IT customers want what AWS is offering and they are willing to pay for it, regardless of potential problems like vendor lock-in and unpredictable bills.
Yet in his criticism that open source companies see the market as “as a zero-sum game and want to be the only ones able to freely monetize managed services around these open source projects,” he fails to acknowledge that Amazon too takes steps to limit competition and that small firms might need a barrier to entry to convince investors that they can protect their autonomy and revenue stream. Partnering with AWS may be expedient, but that doesn’t give companies a defensible business.
It’s reasonable for companies to want to control their own destiny. But, as open source pioneer Bruce Perens put it in an interview earlier this year, “Open source does not guarantee that you can make money. And that’s the problem that Redis, MongoDB, etc. are all facing right now.”
Then the ads only showed for those who were not Office 365 subscribers, but on this occasion, they are present for everyone and appear non-removable.
The ads are not fixed – when you read your Gmail if offers to let you read your Gmail on mobile, and for Outlook.com accounts it offers the Outlook app for mobile.
Most annoyingly, the ads are still present, even if you use the Outlook app on mobile, and take up considerable vertical space in the menu.
When asked Microsoft said;
“The ads within the app itself will be displayed regardless of which email address you use it with. It is not removable, but you can submit it as a suggestion within the Feedback Hub on Windows 10 here: https://msft.it/6012TVPXG . “
Ads in Mail and Calendar app are of course not in and of themselves evil, but most people feel they have paid for the built-in software in Windows, such as the mail app, when they purchased the computer, and it appears the ads will show even if you use a non-Microsoft email provider.
A preponderance of weak keys is leaving IoT devices at risk of being hacked, and the problem won’t be an easy one to solve.
This was the conclusion reached by the team at security house Keyfactor, which analyzed a collection of 75 million RSA certificates gathered from the open internet and determined that number combinations were being repeated at a far greater rate than they should, meaning encrypted connections could possibly be broken by attackers who correctly guess a key.
Comparing the millions of keys on an Azure cloud instance, the team found common factors were used to generate keys at a rate of 1 in 172 (435,000 in total). By comparison, the team also analyzed 100 million certificates collected from the Certificate Transparency logs on desktops, where they found common factors in just five certificates, or a rate of 1 in 20 million.
The team believes that the reason for this poor entropy is down to IoT devices. Because the embedded gear is often based on very low-power hardware, the devices are unable to properly generate random numbers.
The result is keys that could be easier for an attacker to break, leaving the device and all of its users vulnerable.
“The widespread susceptibility of these IoT devices poses a potential risk to the public due to their presence in sensitive settings,” Keyfactor researchers Jonathan Kilgallin and Ross Vasko noted.
“We conclude that device manufacturers must ensure their devices have access to sufficient entropy and adhere to best practices in cryptography to protect consumers.”
ICANN is reviewing the pending sale of the .org domain manager from a nonprofit to a private equity firm and says it could try to block the transfer.
The .org domain is managed by the Public Internet Registry (PIR), which is a subsidiary of the Internet Society, a nonprofit. The Internet Society is trying to sell PIR to private equity firm Ethos Capital.
ICANN (Internet Corporation for Assigned Names and Numbers) said last week that it sent requests for information to PIR in order to determine whether the transfer should be allowed. “ICANN will thoroughly evaluate the responses, and then ICANN has 30 additional days to provide or withhold its consent to the request,” the organization said.
ICANN, which is also a nonprofit, previously told the Financial Times that it “does not have authority over the proposed acquisition,” making it seem like the sale was practically a done deal. But even that earlier statement gave ICANN some wiggle room. ICANN “said its job was simply to ‘assure the continued operation of the .org domain’—implying that it could only stop the sale if the stability and security of the domain-name infrastructure were at risk,” the Financial Times wrote on November 28.
In its newer statement last week, ICANN noted that the .org registry agreement between PIR and ICANN requires PIR to “obtain ICANN’s prior approval before any transaction that would result in a change of control of the registry operator.”
ICANN can raise “reasonable” objection
The registry agreement lets ICANN request transaction details “including information about the party acquiring control, its ultimate parent entity, and whether they meet the ICANN-adopted registry operator criteria (as well as financial resources, and operational and technical capabilities),” ICANN noted. ICANN’s 30-day review period begins after PIR provides those details.
Per the registry agreement, ICANN said it will apply “a standard of reasonableness” when determining whether to allow the change in control over the .org domain. As Domain Name Wire noted in a news story, whether ICANN can block the transfer using that standard “might ultimately have to be determined by the courts.”
The agreement between PIR and ICANN designates PIR as the registry operator for the .org top-level domain. It says that “neither party may assign any of its rights and obligations under this Agreement without the prior written approval of the other party, which approval will not be unreasonably withheld.”
Concern about price hikes, transparency
The pending sale comes a few months after ICANN approved a contract change that eliminates price caps on .org domain names. The sale has raised concerns that Ethos Capital could impose large price hikes.
Amazon.com is blocking its third-party sellers from using FedEx’s ground delivery network for Prime shipments, citing a decline in performance heading into the final stretch of the holiday shopping season. The ban on using FedEx’s Ground and Home services starts this week and will last “until the delivery performance of these ship methods improves,” according to an email Amazon sent Sunday to merchants that was reviewed by The Wall Street Journal. Amazon has stopped using FedEx for its own deliveries in the U.S., but third-party merchants had still been able to use FedEx. Such sellers now account for more than half of the merchandise sold on Amazon’s website, including many items listed as eligible for Prime.
FedEx said the decision impacts a small number of shippers but “limits the options for those small businesses on some of the highest shipping days in history.” The carrier said it still expects to handle a record number of packages this holiday season. “The overall impact to our business is minuscule,” a FedEx spokeswoman said. In its email to merchants, Amazon said sellers can use FedEx’s speedier and more expensive Express service for Prime orders or FedEx Ground for non-Prime shipments.
n the 19th and early 20th centuries, millions of weather observations were carefully made in the logbooks of ships sailing through largely uncharted waters. Written in pen and ink, the logs recorded barometric pressure, air temperature, ice conditions and other variables. Today, volunteers from a project called Old Weather are transcribing these observations, which are fed into a huge dataset at the National Oceanic and Atmospheric Administration. This “weather time machine,” as NOAA puts it, can estimate what the weather was for every day back to 1836, improving our understanding of extreme weather events and the impacts of climate change.
despite the fact that all the drivers generally have to do is simply sit on the internet, available when they’re necessary.
Apparently, that isn’t easy enough for Intel. Recently, the chipmaker took BIOS drivers, a boot-level firmware technology used for hardware initialization in earlier generations of PCs, for a number of its unsupported motherboards off its website, citing the fact that the programs have reached an “End of Life” status. While it reflects the fact that Unified Extensible Firmware Interface (UEFI), a later generation of firmware technology used in PCs and Macs, is expected to ultimately replace BIOS entirely, it also leaves lots of users with old gadgets out in a lurch. And as Bleeping Computer has noted, it appears to be part of a broader trend to prevent downloads for unsupported hardware on the Intel website—things that have long lived past their current lives. After all, if something goes wrong, Intel can be sure it’s not liable if a 15-year-old BIOS update borks a system.
In a comment to Motherboard, Intel characterized the approach to and timing of the removals as reflecting industry norms.
[…]
However, this is a problem for folks who take collecting or use of old technology seriously, such as those on the forum Vogons, which noticed the issue first, though it’s far from anything new. Technology companies come and go all the time, and as things like mergers and redesigns happen, often the software repository gets affected when the technology goes out of date.
A Problem For Consumers & Collectors
Jason Scott, the Internet Archive’s lead software curator, says that Intel’s decision to no longer provide old drivers on its website reflects a tendency by hardware and software developers to ignore their legacies when possible—particularly in the case of consumer software, rather than in the enterprise, where companies’ willingness to pay for updates ensures that needed updates won’t simply sit on the shelf.
[…]
By the mid-90s, companies started to create FTP repositories to distribute software, which had the effect of changing the nature of updates: When the internet made distribution easier and both innovation and security risks grew more advanced, technology companies updated their apps far more often.
FTP’s Pending Fadeout
Many of those FTP servers are still around today, but the news cycle offers a separate, equally disappointing piece of information for those looking for vintage drivers: Major web browsers are planning to sunset support for the FTP protocol. Chrome plans to remove support for FTP sites by version 82, which is currently in the development cycle and will hit sometime next year. And Firefox makers Mozilla have made rumblings about doing the same thing.
The reasons for doing so, often cited for similar removals of legacy features, come down to security. FTP is a legacy service that can’t be secured in much the same way that its successor, SFTP, can.
While FTP applications like CyberDuck will likely exist for decades from now, the disconnect from the web browser will make these servers a lot harder to use. The reason goes back to the fact that the FTP protocol isn’t inherently searchable—but the best way to find information about it is with a web-based search engine … such as Google.
[…]
Earlier this year, I was attempting to get a vintage webcam working, and while I was ultimately unable to get it to work, it wasn’t due to lack of software access. See, Logitech actually kept copies of Connectix’s old webcam software on its FTP site. This is software that hasn’t seen updates in more than 20 years; that only supports Windows 3.1, Windows NT, and Windows 95; and that wasn’t on Logitech’s website.
One has to wonder how soon those links will disappear from Google searches once the two most popular desktop browsers remove easy access to those files. And there’s no guarantee that a company is going to keep a server online beyond that point.
“It was just it was this weird experience that FTP sites, especially, could have an inertia of 15 to 20 years now, where they could be running all this time, untouched,” Scott added. “And just every time that, you know, if the machine dies, it goes away.”
A pentad of bit boffins have devised a way to integrate electronic objects into augmented reality applications using their existing visible light sources, like power lights and signal strength indicators, to transmit data.
In a recent research paper, “LightAnchors: Appropriating Point Lights for Spatially-Anchored Augmented Reality Interfaces,” Carnegie Mellon computer scientists Karan Ahuja, Sujeath Pareddy, Robert Xiao, Mayank Goel, and Chris Harrison describe a technique for fetching data from device LEDs and then using those lights as anchor points for overlaid augmented reality graphics.
As depicted in a video published earlier this week on YouTube, LightAnchors allow an augmented reality scene, displayed on a mobile phone, to incorporate data derived from an LED embedded in the real-world object being shown on screen. You can see it here.
Unlike various visual tagging schemes that have been employed for this purpose, like using stickers or QR codes to hold information, LightAnchors rely on existing object features (device LEDs) and can be dynamic, reading live information from LED modulations.
The reason to do so is that device LEDs can serve not only as a point to affix AR interface elements, but also as an output port for the binary data being translated into human-readable form in the on-screen UI.
“Many devices such as routers, thermostats, security cameras already have LEDs that are addressable,” Karan Ahuja, a doctoral student at the Human-Computer Interaction Institute in the School of Computer Science at Carnegie Mellon University told The Register.
“For devices such as glue guns and power strips, their LED can be co-opted with a very cheap micro-controller (less than US$1) to blink it at high frame rates.”
Verizon, which bought Yahoo In 2017, has suspended email addresses of archivists who are trying to preserve 20 years of content that will be deleted permanently in a few weeks.
The mass deletion includes files, polls, links, photos, folders, database, calendar, attachments, conversations, email updates, message digests, and message histories that was uploaded to Yahoo servers since pre-Google 1990s.
Verizon planned to allow users to download their own data from the site’s privacy dashboard, but apparently it has a problem with the work of The Archive Team who wants to save content to upload it to the non-profit Internet Archive, which runs the popular Wayback Machine site.
“Yahoo banned all the email addresses that the Archive Team volunteers had been using to join Yahoo Groups in order to download data,” reported the Yahoo Groups Archive Team.
“Verizon has also made it impossible for the Archive Team to continue using semi-automated scripts to join Yahoo Groups – which means each group must be rejoined one by one, an impossible task (redo the work of the past four weeks over the next 10 days).”
The Yahoo Groups Archive Team argues that it is facing a near total “80% loss of data” because Verizon is blocking the team members’ email accounts.
The Yahoo Groups site isn’t widely used today but it was in the past. The size of the archive that the group is trying to save is substantial and the group had saved about 1.8 billion messages as of late 2018.
According to the Archive Team: “As of 2019-10-16 the directory lists 5,619,351 groups. 2,752,112 of them have been discovered. 1,483,853 (54%) have public message archives with an estimated number of 2.1 billion messages (1,389 messages per group on average so far). 1.8 billion messages (86%) have been archived as of 2018-10-28.”
Verizon has issued a statement to the group supporting the Archive Team, telling concerned archivists that “the resources needed to maintain historical content from Yahoo Groups pages is cost-prohibitive, as they’re largely unused”.
The telecoms giant also said the people booted from the service had violated its terms of service and suggested the number of users affected was small.
“Regarding the 128 people who joined Yahoo Groups with the goal to archive them – are those people from Archiveteam.org? If so, their actions violated our Terms of Service. Because of this violation, we are unable reauthorize them,” Verizon said.
As reporters raced this summer to bring new details of Ring’s law enforcement contracts to light, the home security company, acquired last year by Amazon for a whopping $1 billion, strove to underscore the privacy it had pledged to provide users.
Even as its creeping objective of ensuring an ever-expanding network of home security devices eventually becomes indispensable to daily police work, Ring promised its customers would always have a choice in “what information, if any, they share with law enforcement.” While it quietly toiled to minimize what police officials could reveal about Ring’s police partnerships to the public, it vigorously reinforced its obligation to the privacy of its customers—and to the users of its crime-alert app, Neighbors.
However, a Gizmodo investigation, which began last month and ultimately revealed the potential locations of up to tens of thousands of Ring cameras, has cast new doubt on the effectiveness of the company’s privacy safeguards. It further offers one of the most “striking” and “disturbing” glimpses yet, privacy experts said, of Amazon’s privately run, omni-surveillance shroud that’s enveloping U.S. cities.
[…]
Gizmodo has acquired data over the past month connected to nearly 65,800 individual posts shared by users of the Neighbors app. The posts, which reach back 500 days from the point of collection, offer extraordinary insight into the proliferation of Ring video surveillance across American neighborhoods and raise important questions about the privacy trade-offs of a consumer-driven network of surveillance cameras controlled by one of the world’s most powerful corporations.
And not just for those whose faces have been recorded.
Examining the network traffic of the Neighbors app produced unexpected data, including hidden geographic coordinates that are connected to each post—latitude and longitude with up to six decimal points of precision, accurate enough to pinpoint roughly a square inch of ground.
[…]
Guariglia and other surveillance experts told Gizmodo that the ubiquity of the devices gives rise to fears that pedestrians are being recorded strolling in and out of “sensitive buildings,” including certain medical clinics, law offices, and foreign consulates. “I think this is my big concern,” he said, seeing the maps.
Accordingly, Gizmodo located cameras in unnerving proximity to such sensitive buildings, including a clinic offering abortion services and a legal office that handles immigration and refugee cases.
It is possible to acquire Neighbors posts from anywhere in the country, in near-real-time, and sort them in any number of ways. Nearly 4,000 posts, for example, reference children, teens, or young adults; two purportedly involve people having sex; eight mention Immigration and Customs Enforcement; and more than 3,600 mention dogs, cats, coyotes, turkeys, and turtles.
While the race of individuals recorded is implicitly suggested in a variety of ways, Gizmodo found 519 explicit references to blackness and 319 to whiteness. A Ring spokesperson said the Neighbors content moderators strive to eliminate unessential references to skin color. Moderators are told to remove posts, they said, in which the sole identifier of a subject is that they’re “black” or “white.”
Ring’s guidelines instruct users: “Personal attributes like race, ethnicity, nationality, religion, sexual orientation, immigration status, sex, gender, age, disability, socioeconomic and veteran status, should never be factors when posting about an unknown person. This also means not referring to a person you are describing solely by their race or calling attention to other personal attributes not relevant to the matter being reported.”
“There’s no question, if most people were followed around 24/7 by a police officer or a private investigator it would bother them and they would complain and seek a restraining order,” said Jay Stanley, senior policy analyst at the American Civil Liberties Union. “If the same is being done technologically, silently and invisibly, that’s basically the functional equivalent.”
[…]
Companies like Ring have long argued—as Google did when it published millions of people’s faces on Street View in 2007—that pervasive street surveillance reveals, in essence, no more than what people have already made public; that there’s no difference between blanketing public spaces in internet-connected cameras and the human experience of walking or driving down the street.
But not everyone agrees.
“Persistence matters,” said Stanley, while acknowledging the ACLU’s long history of defending public photography. “I can go out and take a picture of you walking down the sidewalk on Main Street and publish it on the front of tomorrow’s newspaper,” he said. “That said, when you automate things, it makes it faster, cheaper, easier, and more widespread.”
Stanley and others devoted to studying the impacts of public surveillance envision a future in which Americans’ very perception of reality has become tainted by a kind of omnipresent observer effect. Children will grow up, it’s feared, equating the act of being outside with being recorded. The question is whether existing in this observed state will fundamentally alter the way people naturally behave in public spaces—and if so, how?
“It brings a pervasiveness and systematization that has significant potential effects on what it means to be a human being walking around your community,” Stanley said. “Effects we’ve never before experienced as a species, in all of our history.”
The Ring data has given Gizmodo the means to consider scenarios, no longer purely hypothetical, which exemplify what daily life is like under Amazon’s all-seeing eye. In the nation’s capital, for instance, walking the shortest route from one public charter school to a soccer field less than a mile away, 6th-12th graders are recorded by no fewer than 13 Ring cameras.
Gizmodo found that dozens of users in the same Washington, DC, area have used Neighbors to share videos of children. Thirty-six such posts describe mostly run-of-the-mill mischief—kids with “no values” ripping up parking tape, riding on their “dort-bikes” [sic] and taking “selfies.”
Ring’s guidelines state that users are supposed to respect “the privacy of others,” and not upload footage of “individuals or activities where a reasonable person would expect privacy.” Users are left to interpret this directive themselves, though Ring’s content moderators are supposedly actively combing through the posts and users can flag “inappropriate” posts for review.
Ángel Díaz, an attorney at the Brennan Center for Justice focusing on technology and policing, said the “sheer size and scope” of the data Ring amasses is what separates it from other forms of public photography.
[…]
Guariglia, who’s been researching police surveillance for a decade and holds a PhD in the subject, said he believes the hidden coordinates invalidate Ring’s claim that only users decide “what information, if any,” gets shared with police—whether they’ve yet to acquire it or not.
“I’ve never really bought that argument,” he said, adding that if they truly wanted, the police could “very easily figure out where all the Ring cameras are.”
The Guardian reported in August that Ring once shared maps with police depicting the locations of active Ring cameras. CNET reported last week, citing public documents, that police partnered with Ring had once been given access to “heat maps” that reflected the area where cameras were generally concentrated.
The privacy researcher who originally obtained the heat maps, Shreyas Gandlur, discovered that if police zoomed in far enough, circles appeared around individual cameras. However, Ring denied that the maps, which it said displayed “approximate device density,” and instructed police not to share publicly, accurately portrayed the locations of customers.
Nikon is ending its authorized repair program in early 2020, likely leaving more than a dozen repair shops without access to official parts and tools, and cutting the number of places you can get your camera fixed with official parts from more than a dozen independent shops to two facilities at the ends of the U.S.
That means that Nikon’s roughly 15 remaining Authorized Repair Station members are about to become non-authorized repair shops. Since Nikon decided to stop selling genuine parts to non-authorized shops back in 2012, it’s unlikely those stores will continue to have access to the specialty components, tools, software, manuals, and model training Nikon previously provided. But Nikon hasn’t clarified this, so repair shops have been left in the dark.
“This is very big, and we have no idea what’s coming next,” said Cliff Hanks, parts manager for Kurt’s Camera Repair in San Diego, Calif. “We need more information before March 31. We can make contingency plans, start stocking up on stuff, but when will we know for sure?”
In a letter obtained by iFixit, Nikon USA told its roughly 15 remaining Authorized Repair Station members in early November that it would not renew their agreements after March 31, 2020. The letter notes that “The climate in which we do business has evolved, and Nikon Inc. must do the same.” And so, Nikon writes, it must “change the manner in which we make product service available to our end user customers.”
In other words: Nikon’s camera business, slowly bled by smartphones, is going to adopt a repair model that’s even more restrictive than that of Apple or other smartphone makers. If your camera breaks, and you want it fixed with official parts or under warranty, you’ll now have to mail it to one of two ends of the country. This is more than a little inconvenient, especially for professional photographers.
Boring 2D images can be transformed into corresponding 3D models and back into 2D again automatically by machine-learning-based software, boffins have demonstrated.
The code is known as a differentiable interpolation-based renderer (DIB-R), and was built by a group of eggheads led by Nvidia. It uses a trained neural network to take a flat image of an object as inputs, work out how it is shaped, colored and lit in 3D, and outputs a 2D rendering of that model.
This research could be useful in future for teaching robots and other computer systems how to work out how stuff is shaped and lit in real life from 2D still pictures or video frames, and how things appear to change depending on your view and lighting. That means future AI could perform better, particularly in terms of depth perception, in scenarios in which the lighting and positioning of things is wildly different from what’s expected.
Jun Gao, a graduate student at the University of Toronto in Canada and a part-time researcher at Nvidia, said: “This is essentially the first time ever that you can take just about any 2D image and predict relevant 3D properties.”
During inference, the pixels in each studied photograph are separated into two groups: foreground and background. The rough shape of the object is discerned from the foreground pixels to create a mesh of vertices.
Next, a trained convolutional neural network (CNN) predicts the 3D position and lighting of each vertex in the mesh to form a 3D object model. This model is then rendered as a full-color 2D image using a suitable shader. This allows the boffins to compare the original 2D object to the rendered 2D object to see how well the neural network understood the lighting and shape of the thing.
You looking for an AI project? You love Lego? Look no further than this Reg reader’s machine-learning Lego sorter
During the training process, the CNN was shown stuff in 13 categories in the ShapeNet dataset. Each 3D model was rendered as 2D images viewed from 24 different angles to create a set of training images: these images were used to show the network how 2D images relate to 3D models.
Crucially, the CNN was schooled using an adversarial framework, in which the DIB-R outputs were passed through a discriminator network for analysis.
If a rendered object was similar enough to an input object, then DIB-R’s output passed the discriminator. If not, the output was rejected and the CNN had to generate ever more similar versions until it was accepted by the discriminator. Over time, the CNN learned to output realistic renderings. Further training is required to generate shapes outside of the training data, we note.
As we mentioned above, DIB-R could help robots better detect their environments, Nvidia’s Lauren Finkle said: “For an autonomous robot to interact safely and efficiently with its environment, it must be able to sense and understand its surroundings. DIB-R could potentially improve those depth perception capabilities.”
Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.
The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows gamers to overclock their CPUs.
Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.
They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software.
