The Linkielist

Linking ideas with the world

The Linkielist

Boeing 787 radio software patch didn’t work, says Qatar, it still turns itself off and changes frequencies by itself.

Posted on by

Boeing issued a software safety patch for the VHF radio systems used on its 787 aircraft, and the update turned out to be ineffective, Qatar Airways has complained.

In February, the US Department of Transportation issued an advisory [PDF] about a problem with the aircraft’s electronics that was causing VHF radio traffic to unexpectedly switch between active and standby mode. In practice, this means pilots constantly have to check their radio settings to make sure all messages from air traffic control are received, and multiple cases of this unwanted switching have been reported.

“The FAA has received reports indicating that VHF radio frequencies transfer between the active and standby windows of the TCP [tuning control panel] without flightcrew input,” the dept said.

“The flightcrew may not be aware of uncommanded frequency changes and could fail to receive air traffic control communications. This condition, if not addressed, could result in missed communications such as amended clearances and critical instructions for changes to flight path and consequent loss of safe separation between aircraft, collision, or runway incursion.”

Boeing issued a free software fix to stop the mode changes and, according to Uncle Sam, the update will take 90 minutes to install with an estimated labor cost of $127.50 per aircraft, with 157 US airplanes reportedly vulnerable. The problem affects 787-8, 787-9, and 787-10 aircraft.

The unsafe condition still exists on airplanes

America’s aviation watchdog the FAA has asked for feedback from airlines by April 14 on the situation, and Qatar Airways isn’t waiting that long. It has already warned the patch isn’t working as it should: The radios still change mode without warning.

“Qatar Airways flight crew are still reporting similar issues from post-mod airplanes. [Qatar Airways] already reported the events to Boeing/Collins aerospace for further investigation and root cause determination,” the airline said.

“As of now, Qatar believes that the issue is not completely addressed, and the unsafe condition still exists on airplanes.”

Neither Qatar, Boeing, or the FAA representative were available for comment on the issue. Collins is a software provider for Boeing.

Source: Boeing 787 radio software patch didn’t work, says Qatar • The Register

Speech now streaming from brains in real-time, code open sourced

Posted on by

Described in a paper published in Nature Neuroscience this week, the neuroprosthesis is intended to allow patients with severe paralysis and anarthria – loss of speech – to communicate by turning brain signals into synthesized words.

“Our streaming approach brings the same rapid speech decoding capacity of devices like Alexa and Siri to neuroprostheses,” said Gopala Anumanchipalli – assistant professor of electrical engineering and computer sciences at University of California, Berkeley and co-principal investigator of the study, done in conjunction with UC San Francisco – in a statement.

“Using a similar type of algorithm, we found that we could decode neural data and, for the first time, enable near-synchronous voice streaming. The result is more naturalistic, fluent speech synthesis.”

The project improves on work published in 2023 by reducing the latency to decode thought and turn it into speech, which at the time took about eight seconds to produce a sentence.

As demonstrated in this video, below, the new process works roughly 8x faster, operating in near real-time.

It begins by reading the patient’s electrical brain signals after the intent to speak has been formed but before the thought has produced a vocal muscle response.

“We are essentially intercepting signals where the thought is translated into articulation and in the middle of that motor control,” said co-lead author Cheol Jun Cho, UC Berkeley PhD student in electrical engineering and computer sciences, in a statement.

“So what we’re decoding is after a thought has happened, after we’ve decided what to say, after we’ve decided what words to use and how to move our vocal-tract muscles.”

The neuroprosthesis works by passing 80ms chunks of electrocorticogram (ECoG) data through a neural encoder and then using a deep learning recurrent neural network transducer model to convert brain signals to sounds. The researchers used a recording of the patient’s pre-injury voice to make the model’s output sound more like natural speech.

While this particular neuroprosthesis requires a direct electrical connection to the brain, the researchers believe their approach is generalizable to other interfaces, including surgically implanted microelectrode arrays (MEAs) and non-invasive surface electromyography (SEMG).

The work builds on research funded by Facebook that the social media biz abandoned four years ago to pursue more market-friendly SEMG wrist sensors. Edward Chang, chair of neurosurgery at the UCSF, who oversaw the Facebook-funded project is the senior co-principal investigator of this latest study.

Code for the Streaming Brain2Speech Decoder has been posted to GitHub, in case anyone is looking to reproduce the researchers’ results.

Source: Speech now streaming from brains in real-time • The Register

Unique Study Is Latest to Show Shingles Vaccine Can Help Prevent Dementia

Posted on by

[…] Scientists at Stanford University led the research, published in Nature. They compared people born before and after they were eligible to take the shingles vaccine in a certain part of the UK, finding that vaccinated people were 20% less likely to be diagnosed with dementia over a seven year period. More research is needed to understand and confirm this link, but the findings suggest shingles vaccination can become a cost-effective preventative measure against dementia.

[…]

the researchers took advantage of a natural experiment that occurred in Wales, UK, over a decade ago. In September 2013, a shingles vaccination program officially began in Wales, with a well-defined age eligibility. People born on or after September 2, 1933 (80 years and under) were eligible for at least one year for the shingles vaccine, whereas people born before then were not.

The clear cutoff date (and the UK’s well-maintained electronic health records) meant that the researchers could easily track dementia rates across the two groups born before or after September 1933. And because the people in these groups were so close together in age, they also shared many other factors in common that could potentially affect dementia risk, such as how often they saw doctors regularly. This divide, in other words, allowed the researchers to study older people in Wales during this time in a manner similar to a randomized trial.

The researchers analyzed the health records of 280,000 residents born between 1925 and 1942. As expected, many vaccine-eligible people immediately took advantage of the new program: 47% of people born after the first week of the eligibility date were vaccinated, while practically no one born before the cutoff date received the vaccine, the researchers noted.

All in all, the researchers calculated that shingles vaccination in Wales was associated with a 20% decline in people’s relative risk of developing dementia over a seven-year period (in absolute terms, people’s risk of dementia dropped by 3.5%). They also analyzed data from England, where a similar cutoff period was enacted, and found the same pattern of reduced dementia risk (and deaths related to dementia) among those vaccinated against shingles.

[…]

“For the first time, we now have evidence that likely shows a cause-and-effect relationship between shingles vaccination and dementia prevention,” Geldsetzer said. “We find these protective effects to be large in size—substantially larger than those of existing pharmacological tools for dementia.”

There are still unanswered aspects about this link. Researchers aren’t sure exactly why the vaccine seems to lower dementia risk, for instance. Some but not all studies have suggested that herpes zoster and other germs that linger in our bodies can overtly cause or worsen people’s dementia, so the vaccine might be having a direct preventative effect there. But it’s also possible the vaccine is triggering changes in the immune system that more broadly keep the brain sharper, and that other vaccines could do the same as well.

Importantly, this latest study only looked at the earlier Zostavax vaccine, which has largely been replaced by the more effective Shingrix vaccine. This might mean that the results seen here are an underestimate of the benefits people can expect today. Just last July, for instance, a study from researchers in the UK found evidence that the Shingrix vaccine reduced people’s risk of dementia noticeably more than Zostavax. This finding, if further supported, would also support the idea that the herpes zoster virus is contributing to dementia.

[…]

Source: Unique Study Is Latest to Show Shingles Vaccine Can Help Prevent Dementia

Using the Earth’s atmosphere as a global sensor shows promise

Posted on by

AtmoSense, which began in late 2020, set out to understand the fundamentals of energy propagation from the Earth’s surface to the ionosphere to determine whether the atmosphere can be used as a sensor. A fundamental science effort, AtmoSense aimed to measure acoustic and electromagnetic waves propagating through the atmosphere to see if they could provide clues about the nature, location, and size of a disturbance event that occurred on Earth. Precisely locating illicit underground explosions by a rogue nation or identifying other national security-relevant events could be done in the future just by using signals detected and modeled from the atmosphere. The open-source tools developed under AtmoSense may be the first step toward “reading” — from extended distances — information contained in atmospheric waves propagating from an event happening anywhere in the world.

Benefits for a range of computationally complex problems

“High-resolution surface-to-space simulation of acoustic waves was considered impossible before the program began, but we accomplished it,” said Michael “Orbit” Nayak, DARPA AtmoSense program manager. “We used to call the ionosphere the ‘ignorosphere,’ but AtmoSense made some key interdisciplinary breakthroughs to address what used to be a massively intractable problem. We can now model across six orders of magnitude, in 3D, what happens to the energy emanating from a small, meters-scale disturbance as it expands up into the atmosphere to propagate over thousands of kilometers, and potentially around the world.”

[…]

An unplanned discovery: SpaceX Falcon 9 re-entries detected

Following one of the New Mexico test-range detonations in 2024, a performer team noticed something unusual in their analysis of sensor data.

“As the team was looking at the data, they saw a huge drop in what’s called total electron content that puzzled them,” Nayak said. “Imagine that you have water going through a hose. That’s a flow of electrons, and if you put your fist in front of the hose, you’ll notice a significant drop in water volume coming out of the hose.”

In preparing to analyze their field test data, the team noticed a similar sizable dip in the electron content compared to the background electron readings at a specific location in the atmosphere. As they did more forensics, they correlated the disturbance to a SpaceX Falcon 9 re-entry that happened the same day of the detonation test. Their sensor data had unexpectedly captured the SpaceX reentry into the atmosphere, resulting in the specific drop in electron content.

“Then they decided to pull other SpaceX reentry data, across dozens of launches, to see if they could spot a similar electron drop,” Nayak said. “The phenomenon is highly repeatable. We discovered an unplanned new technique for identifying objects entering the earth’s atmosphere.” The Embry-Riddle University team, led by Jonathan Snively and Matt Zettergren, in collaboration with Pavel Inchin of Computational Physics, Inc., have submitted their novel results for peer-reviewed publication.

[…]

Source: Using the Earth’s atmosphere as a global sensor shows promise | DARPA

EU: These are scary times – let’s backdoor encryption and make everyone unsafe!

Posted on by

The EU has shared its plans to ostensibly keep the continent’s denizens secure – and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner.

While the superstate has made noises about backdooring encryption before, the ProtectEU plan [PDF], launched on Monday, says the European Commission wants to develop a roadmap to allow “lawful and effective access to data for law enforcement in 2025” and a technology roadmap to do so by the following year.

“We are working on a roadmap now, and we will look at what is technically also possible,” said Henna Virkkunen, executive vice-president of the EC for tech sovereignty, security and democracy. “The problem is now that our law enforcement, they have been losing ground on criminals because our police investigators, they don’t have access to data,” she added.

“Of course, we want to protect the privacy and cyber security at the same time; and that’s why we have said here that now we have to prepare a technical roadmap to watch for that, but it’s something that we can’t tolerate, that we can’t take care of the security because we don’t have tools to work in this digital world.”

She claimed that in “85 percent” of police cases, law enforcement couldn’t access the data it needed. The proposal is to amend the existing Cybersecurity Act to allow these changes. You can watch the response below.

According to the document, the EC will set up a Security Research & Innovation Campus at its Joint Research Centre in 2026 to, somehow, work out the technical details. Since it’s impossible to backdoor encryption in a way that can’t be potentially exploited by others, it seems a very odd move to make if security’s your goal.

China, Russia, and the US certainly would spend a huge amount of time and money to find the backdoor. Even American law enforcement has given up on the cause of backdooring, although the UK still seems to be wedded to the idea.

In the meantime, for critical infrastructure (and presumably government communications), the EC wants to deploy quantum cryptography across the state. They want to get this in place by 2030 at the latest.

[…]

Source: EU: These are scary times – let’s backdoor encryption! • The Register

Proton may roll away from the Swiss

The EC’s not alone in proposing changes to privacy – new laws outlined in Switzerland could force privacy-focused groups such as Proton out of the country.

Under today’s laws, police can obtain data from services like Proton if they can get a court order for some crimes. But under the proposed laws a court order would not be required and that means Proton would leave the country, said cofounder Andy Yen.

“Swiss surveillance would be significantly stricter than in the US and the EU, and Switzerland would lose its competitiveness as a business location,” Proton’s cofounder told Swiss title Der Bund. “We feel compelled to leave Switzerland if the partial revision of the surveillance law planned by the Federal Council comes into force.”

The EU keeps banging away at this. They tried in 2018, 2020, 2021, 2023, 2024. And fortunately they keep getting stopped by people with enough brains to realise that you cannot have a safe backdoor. For security to be secure it needs to be unbreakable.

https://www.linkielist.com/?s=eu+encryption

 

T-Mobile SyncUP Bug Reveals Names, Images, and Locations of Random Children

Posted on by

T-Mobile sells a little-known GPS service called SyncUP, which allows users who are parents to monitor the locations of their children. This week, an apparent glitch in the service’s system obscured the locations of users’ own children while sending them detailed information and the locations of other, random children.

404 Media first reported on the extremely creepy bug, which appears to have impacted a large number of users. The outlet notes an outpouring of consternation and concern from web users on social platforms like Reddit and X, many of which claimed to have been impacted. 404 also interviewed one specific user, “Jenna,” who explained her ordeal with the bug:

Jenna, a parent who uses SyncUP to keep track of her three-year-old and six-year-old children, logged in Tuesday and instead of seeing if her kids had left school yet, was shown the exact, real-time locations of eight random children around the country, but not the locations of her own kids. 404 Media agreed to use a pseudonym for Jenna to protect the privacy of her kids.

“I’m not comfortable giving my six-year-old a phone, but he takes a school bus and I just want to be able to see where he is in real time,” Jenna said. “I had put a 500 meter boundary around his school, so I get an alert when he’s leaving.”

Jenna sent 404 Media a series of screenshots that show her logged into the app, as well as the locations of children located in other states. In the screenshots, the address-level location of the children are available, as is their name and the last time the location was updated.

Even more alarmingly, the woman interviewed by 404 claims that the company didn’t show much concern for the bug. “Jenna” says she called the company and was referred to an employee who told her that a ticket had been filed in the system on the issue’s behalf. A follow-up email from the concerned mother produced no response, she said.

[…]

When reached for comment by Gizmodo, a T-Mobile spokesperson told us: “Yesterday we fully resolved a temporary system issue with our SyncUP products that resulted from a planned technology update. We are in the process of understanding potential impacts to a small number of customers and will reach out to any as needed. We apologize for any inconvenience.”

The privacy implications of such a glitch are obvious and not really worth extrapolating on. That said, it’s also a good reminder that the more digital access you give a company, the more potential there is for that access to fall into the wrong hands.

Source: T-Mobile Bug Reveals Names, Images, and Locations of Random Children

Wealthy Americans have death rates on par with poor Europeans

Posted on by

It’s well-established that, on the whole, Americans die younger than people in most other high-income countries. For instance, an analysis from 2022 found that the average life expectancy of someone born in Switzerland or Spain in 2019 was 84 years. Meanwhile, the average US life expectancy was 78.8, lower than nearly all other high-income countries, including Canada’s, which was 82.3 years. And this was before the pandemic, which only made things worse for the US.

[…]

It is true that money buys you a longer life in the US. In fact, the link between wealth and mortality may be stronger in the US than in any other high-income country. But, if you think American wealth will put life expectancy in league with Switzerland, you’re dead wrong, according to a study in the latest issue of the New England Journal of Medicine.

A stark finding

The study, led by researchers at Brown University, found that the wealthiest Americans lived shorter lives than the wealthiest Europeans. In fact, wealthy Northern and Western Europeans had death rates 35 percent lower than the wealthiest Americans, whose lifespans were more like the poorest in Northern and Western Europe—which includes countries such as France, the Netherlands, and Switzerland.

“The findings are a stark reminder that even the wealthiest Americans are not shielded from the systemic issues in the US contributing to lower life expectancy, such as economic inequality or risk factors like stress, diet or environmental hazards,” lead study author Irene Papanicolas, a professor of health services, policy and practice at Brown, said in a news release.

The study looked at health and wealth data of more than 73,000 adults across the US and Europe who were 50 to 85 years old in 2010. There were more than 19,000 from the US, nearly 27,000 from Northern and Western Europe, nearly 19,000 from Eastern Europe, and nearly 9,000 from Southern Europe. For each region, participants were divided into wealth quartiles, with the first being the poorest and the fourth being the richest. The researchers then followed participants until 2022, tracking deaths.

The US had the largest gap in survival between the poorest and wealthiest quartiles compared to European countries. America’s poorest quartile also had the lowest survival rate of all groups, including the poorest quartiles in all three European regions.

While less access to health care and weaker social structures can explain the gap between the wealthy and poor in the US, it doesn’t explain the differences between the wealthy in the US and the wealthy in Europe, the researchers note. There may be other systemic factors at play that make Americans uniquely short-lived, such as diet, environment, behaviors, and cultural and social differences.

“If we want to improve health in the US, we need to better understand the underlying factors that contribute to these differences—particularly amongst similar socioeconomic groups—and why they translate to different health outcomes across nations,” Papanicolas said.

Source: Wealthy Americans have death rates on par with poor Europeans – Ars Technica

NSA warns about “fast flux” – cycling IP addresses quickly lets attackers keep attacking

Posted on by

[…] fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure. It also provides redundancy. By the time defenders block one address or domain, new ones have already been assigned.

[…]

A key means for achieving this is the use of Wildcard DNS records. These records define zones within the Domain Name System, which map domains to IP addresses. The wildcards cause DNS lookups for subdomains that do not exist, specifically by tying MX (mail exchange) records used to designate mail servers. The result is the assignment of an attacker IP to a subdomain such as malicious.example.com, even though it doesn’t exist.

Fast flux comes in two variations. Single flux creates DNS A records or AAAA records to map a single domain to many IPv4 or IPv6 addresses, respectively. Here’s a diagram illustrating the structure.

 

 

Double flux provides an additional layer of obfuscation and resiliency by, in addition to changing IP addresses, cycling through the DNS name servers used in domain lookups. Defenders have observed double flux using both Name Server (NS) and Canonical Name (CNAME) DNS records. Here’s an illustration of the technique.

 

 

“Both techniques leverage a large number of compromised hosts, usually as a botnet from across the Internet that acts as proxies or relay points, making it difficult for network defenders to identify the malicious traffic and block or perform legal enforcement takedowns of the malicious infrastructure,”

[…]

Source: NSA warns “fast flux” threatens national security. What is fast flux anyway? – Ars Technica

Yes.. And there’s a solution for this one too. Use DNS Pinning on your local DNS resolvers.

Web browsers themselves had to look at this a number of decades ago due to DNS Rebinding Attacks [wikipedia.org]. And the answer I’m pretty sure was to Pin DNS records whose TTL was less than 10 minutes or so to make sure DNS records will be cached for a minimum length of time, even if the TTL has been configured less.

You can handle this on your organization’s DNS servers as well:

For example; if your DNS resolver is Unbound, then set the cache-min-ttl to 24 hours.

cache-min-ttl: seconds
Time to live minimum for RRsets and messages in the cache. If the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more.

Then the “fast flux” attackers can’t be so effective against your infrastructure. Because the DNS records are pinned upon the first lookup.
At least they won’t be able to use DNS for their fast flux network in this case – if your DNS resolvers’ policy prevents fast flux.

Source: Re:It’s been ages (Score:5, Informative)

Scientists pioneer method to tackle PFAS ‘forever chemicals’

Posted on by

Rice University researchers have developed an innovative solution to a pressing environmental challenge: removing and destroying per- and polyfluoroalkyl substances (PFAS), commonly called “forever chemicals.” A study led byJames Tour, the T.T. and W.F. Chao Professor of Chemistry and professor of materials science and nanoengineering, and graduate student Phelecia Scotland unveils a method that not only eliminates PFAS from water systems but also transforms waste into high-value graphene, offering a cost-effective and sustainable approach to environmental remediation. This research was published March 31 in Nature Water.

[…]

“Our method doesn’t just destroy these hazardous chemicals; it turns waste into something of value,” Tour said. “By upcycling the spent carbon into graphene, we’ve created a process that’s not only environmentally beneficial but also economically viable, helping to offset the costs of remediation.”

The research team’s process employs flash joule heating (FJH) to tackle these challenges. By combining granular activated carbon (GAC) saturated with PFAS and mineralizing agents like sodium or calcium salts, the researchers applied a high voltage to generate temperatures exceeding 3,000 degrees Celsius in under one second. The intense heat breaks down the strong carbon-fluorine bonds in PFAS, converting them into inert, nontoxic fluoride salts. Simultaneously, the GAC is upcycled into graphene, a valuable material used in industries ranging from electronics to construction.

The research results yielded more than 96% defluorination efficiency and 99.98% removal of perfluorooctanoic acid (PFOA), one of the most common PFAS pollutants. Analytical tests confirmed that the reaction produced undetectable amounts of harmful volatile organic fluorides, a common byproduct of other PFAS treatments. The method also eliminates the secondary waste associated with traditional disposal methods such as incineration or adding spent carbon to landfills.

[…]

The implications of this research extend beyond PFOA and perfluorooctane sulfonic acid, the two most studied PFAS; it even works on the most recalcitrant PFAS type, Teflon R. The high temperatures achieved during FJH suggest that this method could degrade a wide range of PFAS compounds, paving the way for broader water treatment and waste management applications. The FJH process can also be tailored to produce other valuable carbon-based materials, including carbon nanotubes and nanodiamonds, further enhancing its versatility and economic appeal.

“With its promise of zero net cost, scalability and environmental benefits, our method represents a step forward in the fight against forever chemicals,” Scotland said

[…]

Source: Scientists pioneer method to tackle ‘forever chemicals’ | ScienceDaily

Indiana security prof and wife vanish after FBI raid

Posted on by

A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.

On Friday, the FBI with help from the cops searched two properties in Bloomington and Carmel, Indiana, belonging to Xiaofeng Wang, a professor at the Indiana Luddy School of Informatics, Computing, and Engineering – who’s been with the American university for more than 20 years – and Nianli Ma, a lead library systems analyst and programmer also at the university.

The university has removed the professor’s profile from its website, while the Indiana Daily Student reports Wang was axed the same day the Feds swooped. It’s said the college learned the professor had taken a job at a university in Singapore, leading to the boffin’s termination by his US employer. Ma’s university profile has also vanished.

“I can confirm the FBI Indianapolis office conducted court authorized activity at homes in Carmel and Bloomington, Indiana last Friday,” the FBI told The Register. “We have no further comment at this time.”

“The Bloomington Police Department was requested to simply assist with scene security while the FBI conducted court authorized law enforcement activity at the residence,” the police added to The Register, also declining to comment further.

Reading between the lines, Prof Wang and his spouse may not necessarily be in custody, and that the Feds may have raided their homes while one or both of the couple were away and possibly already abroad. According to the student news outlet, the professor hasn’t been seen for roughly the past two weeks.

Prof Wang earned his PhD in electrical and computer engineering from Carnegie Mellon University in 2004 and joined Indiana Uni that same year. Since then, he’s become a well respected member of the IT security community, publishing extensively on Apple security, e-commerce fraud, and adversarial machine learning.

Over the course of his academic career – starting in the 1990s with computer science degrees from universities in Nanjing and Shanghai, China – Prof Wang has led research projects with funding exceeding $20 million. He was named a fellow of the IEEE in 2018, the American Association for the Advancement of Science in 2022, and the Association for Computing Machinery in 2023. He reportedly pocketed more than $380,000 in salaries in 2024, while his wife was paid $85,000.

According to neighbors in Carmel, agents arrived around 0830 on March 28, announcing: “FBI, come out!” Agents were seen removing boxes of evidence and photographing the scene.

“Indiana University was recently made aware of a federal investigation of an Indiana University faculty member,” the institution told us.

“At the direction of the FBI, Indiana University will not make any public comments regarding this investigation. In accordance with Indiana University practices, Indiana University will also not make any public comments regarding the status of this individual.”

While US Immigration and Customs Enforcement, aka ICE, has recently made headlines for detaining academic visa holders, among others, there’s no indication the agency was involved in the Indiana raids. That suggests the investigation likely goes beyond immigration matters.

Context

It wouldn’t be the first time foreign academics have come under federal scrutiny. During Trump’s first term, the Department of Justice launched the so-called “China Initiative,” aimed at uncovering economic espionage and IP theft by researchers linked to China.

The effort was widely seen as a failure, with over 50 percent of investigations dropped, some professors wrongly accused, and a few were ultimately found guilty of nothing more than hoarding pirated porn.

The initiative was also widely criticized as counterproductive, prompting an exodus of Chinese researchers from the US and pushing some American-based scientists to relocate to the Chinese mainland. History has seen this movie before: During the 1950s Red Scare, America booted prominent rocket scientist Qian Xuesen over suspected communist ties. He went on to become the architect of China’s missile and space programs — a move that helped Beijing get its intercontinental ballistic missiles, aka ICBMs.

Wang and Ma are still incommunicado, and presumed innocent. Fellow academics in the security industry have pointed out this kind of action is highly unusual. Matt Blaze, Tor Project board member and the McDevitt Chair of Computer Science and Law at Georgetown University, pointed out that to disappear from the university’s records, archived here, is “especially concerning.”

“It’s hard to imagine what reason there could be for the university to scrub its website as if he never worked there,” Blaze said on Mastodon.

“While there’s a process for removing tenured faculty, it takes more than an afternoon to do it.”

Source: Indiana security prof and wife vanish after FBI raid • The Register

Windows 11 is closing a loophole that let you skip making a Microsoft account

Posted on by

Microsoft is no longer playing around when it comes to requiring every Windows 11 device be set up with an internet-connected account. In its latest Windows 11 Insider Preview, the company says it will take out a well-known bypass script that let end users skip the requirement of connecting to the internet and logging in with a Microsoft account to get through the initialization process of a new PC.

As reported by Windows Central, Microsoft already requires users to connect to the internet, but there’s a way to bypass it: the bypassnro command. For those setting up computers for businesses or secondary users, or simply, on principle refuse to link their computer to a Microsoft account, the command is super simple to activate during the Windows setup process.

Microsoft cites security as one reason it’s making this change:

We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11. This change ensures that all users exit setup with internet connectivity and a Microsoft Account.

Since the bypassnro command is disabled in the latest beta build, it will likely be pushed to production versions within weeks. All hope is not yet lost, as of right now the script can be reactivated with a registry edit by opening a command prompt during the initial setup (Press Shift + F10) and running the command:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f shutdown /r /t 0”

However, there’s no guarantee Microsoft will allow this additional workaround for long. There are other workarounds as well, such as using the unattended.xml automation that lets you skip the initial setup “out-of-box experience.” It’s not straightforward, though, but it makes more sense for IT departments setting up multiple computers.

As of late, Microsoft has been making it harder for people to upgrade to Windows 11 while also nudging them to move on from Windows 10, which will lose support in October. The company is cracking down on the ability to install Windows 11 on older PCs that don’t support TPM 2.0, and hounding you with full-screen ads to buy a new PC. Microsoft even removed the ability to install Windows 11 with old product keys.

Source: Windows 11 is closing a loophole that let you skip making a Microsoft account | The Verge

I don’t want a cloud based user account to run an OS on my own PC.

Scientists May Have Discovered How To Extract Power From the Earth’s Rotation

Posted on by

No more burning fossil fuels, playing with fissile material, damming rivers, erecting wind mills, or making solar panels. All of our energy needs could potentially be supplied by the angular kinetic energy of the Earth — and because of the mass of the planet, doing so would slow its rotation down by a mere 7ms per century. [Which is similar to speed changes caused by natural phenomena such as the Moon’s pull and changing dynamics inside the planet’s core.”]

Normally this would be considered impossible as the Earth’s large and uniform field does not induce a current in conductors, but researchers believe that a hollow cylinder of manganese, zinc and iron can alter the interaction with our planetary magnetic field and allow the extraction of energy from it. So far, the results are positive but still below the level where they cannot be explained by multiple possible causes of experimental error. Further research is required to confirm the effect.
“The effect was identified only in a carefully crafted device and generated just 17 microvolts,” reports Scientific American, “a fraction of the voltage released when a single neuron fires — making it hard to verify that some other effect isn’t causing the observations.”

But if another group can verify the results, the experiment’s lead says the next logical step is trying to scale up the device to generate a useful amount of energy.

Source: Scientists May Have Discovered How To Extract Power From the Earth’s Rotation

Over a million private photos from MAD Mobile dating apps exposed online

Posted on by

Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.

These services are used by an estimated 800,000 to 900,000 people.

M.A.D Mobile was first warned about the security flaw on 20 January but didn’t take action until the BBC emailed on Friday.

They have since fixed it but not said how it happened or why they failed to protect the sensitive images.

woman in red bondage outfit
This is one of the photos that anyone could have accessed. We have cropped the face and blurred it to enhance privacy

Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services.

He was shocked that he could access the unencrypted and unprotected photos without any password.

[…]

In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring.

But there’s no guarantee that Mr Nazarovas was the only hacker to have found the image stash.

“We appreciate their work and have already taken the necessary steps to address the issue,” a M.A.D Mobile spokesperson said. “An additional update for the apps will be released on the App Store in the coming days.”

The company did not respond to further questions about where the company is based and why it took months to address the issue after multiple warnings from researchers.

Usually security researchers wait until a vulnerability is fixed before publishing an online report, in case it puts users at further risk of attack.

But Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it.

[…]

In 2015 malicious hackers stole a large amount of customer data about users of Ashley Madison, a dating website for married people who wish to cheat on their spouse.

Source: Over a million private photos from dating apps exposed online

Meniscus injuries may soon be treated by customizable hydrogel

Posted on by

Meniscus tears are common knee injuries that have long frustrated patients and doctors due to limited repair options.A new 3D-printed hydrogel made from cow meniscus could transform how these injuries heal, according to results of a pre-clinical study published in Bioactive Materials. from researchers in the Perelman School of Medicine at the University of Pennsylvania.

The meniscus is a complex structure that serves as a critical shock absorber in the knee. and one-size-fits-all treatments aren’t always effective. Through creating a treatment adaptable to the different needs of patients, the researchers believe they may have unlocked a better fix no matter where the injury occurs in a meniscus.

“We developed a hydrogel that can be adjusted based on the patient’s age and the stiffness requirements of the injured tissue, which is important because the meniscus has different biochemical and biomechanical properties that vary depending upon the location in the tissue,” said the study’s senior author, Su Chin Heo, PhD, an assistant professor of Orthopaedic Surgery in the McKay Orthopaedic Research Lab at Penn. “Current treatments, including graft-base methods, do not fully recreate these complex differences, leading to poor healing.”

[…]

“In our animal studies, we’ve seen the hydrogel integrate well with the surrounding tissue, potentially offering patients a more complete recovery,” said the study’s first author Se-Hwan Lee, PhD, a post-doctoral fellow in the McKay Lab. “It’s a more precise, biologically matched solution. We believe this could outperform current treatments.”

The team is now transitioning from small mammal studies to large animal models.

“Our first clinical goal will be to treat smaller, localized meniscus tears,” Heo said. “Once we have success there, I believe we could expand to more complex injuries in the meniscus.”

[…]

Source: Meniscus injuries may soon be treated by customizable hydrogel | ScienceDaily

Your TV is watching you watch and selling that data

Posted on by

[…]Your TV wants your data

The TV business traditionally included three distinct entities. There’s the hardware, namely the TV itself; the entertainment, like movies and shows; and the ads, usually just commercials that interrupt your movies and shows. In the streaming era, tech companies want to control all three, a setup also known as vertical integration. If, say, Roku makes the TV, supplies the content, and sells the ads, then it stands to control the experience, set the rates, and make the most money. That’s business!

Roku has done this very well. Although it was founded in 2002, Roku broke into the market in 2008 after Netflix invested $6 million in the company to make a set-top box that enabled any TV to stream Netflix content. It was literally called the Netflix Player by Roku. Over the course of the next 15 years, Roku would grow its hardware business to include streaming sticks, which are basically just smaller set-top-boxes; wireless soundbars, speakers, and subwoofers; and after licensing its operating system to third-party TV makers, its own affordable, Roku-branded smart TVs

[…]

The shift toward ad-supported everything has been happening across the TV landscape. People buy new TVs less frequently these days, so TV makers want to make money off the TVs they’ve already sold. Samsung has Samsung Ads, LG has LG Ad Solutions, Vizio has Vizio Ads, and so on and so forth. Tech companies, notably Amazon and Google, have gotten into the mix too, not only making software and hardware for TVs but also leveraging the massive amount of data they have on their users to sell ads on their TV platforms. These companies also sell data to advertisers and data brokers, all in the interest of knowing as much about you as possible in the interest of targeting you more effectively. It could even be used to train AI.

[…]

Is it possible to escape the ads?

Breaking free from this ad prison is tough. Most TVs on the market today come with a technology called automatic content recognition (ACR) built in. This is basically Shazam for TV — Shazam itself helped popularize the tech — and gives smart TV platforms the ability to monitor what you’re watching by either taking screenshots or capturing audio snippets while you’re watching. (This happens at the signal level, not from actual microphone recordings from the TV.)

Advertisers and TV companies use ACR tech to collect data about your habits that are otherwise hard to track, like if you watch live TV with an antenna. They use that data to build out a profile of you in order to better target ads. ACR also works with devices, like gaming consoles, that you plug into your TV through HDMI cables.

Yash Vekaria, a PhD candidate at UC Davis, called the HDMI spying “the most egregious thing we found” in his research for a paper published last year on how ACR technology works. And I have to admit that I had not heard of ACR until I came across Vekaria’s research.

[…]

Unfortunately, you don’t have much of a choice when it comes to ACR on your TV. You probably enabled the technology when you first set up your TV and accepted its privacy policy. If you refuse to do this, a lot of the functions on your TV won’t work. You can also accept the policy and then disable ACR on your TV’s settings, but that could disable certain features too. In 2017, Vizio settled a class-action lawsuit for tracking users by default. If you want to turn off this tracking technology, here’s a good guide from Consumer Reports that explains how for most types of smart TVs.

[…]

it does bug me, just on principle, that I have to let a tech company wiretap my TV in order to enjoy all of the device’s features.

[…]

Source: Roku’s Moana 2 controversy is part of a bigger ad problem | Vox

Are Vehicle Infotainment Screens Headed for the Scrap Heap?

Posted on by

[…] As much as carmakers seem to love infotainment screens, consumers are less enthusiastic about them. Just 15% of drivers in 2024 said they would want a full-width infotainment display. Windshield base displays with less functionality are slightly more popular but still appeal to just 18% of those planning on buying a new car.

The growing pushback against vehicle touch screens is ultimately a matter of safety and convenience. While having all your controls in one place sounds useful, navigating between menus to find the right settings can be frustrating, slow, and unsafe if done while driving. It also means basic car functions may be at the mercy of software glitches and lag.

In 2021, Tesla had to recall vehicles because an issue with the flash memory in Tesla infotainment systems made the rearview camera unviewable and took defrost and turn signal functions offline. More recently, a class-action lawsuit against Stellantis alleges that defective infotainment screens led to backup camera failures and distracting audio glitches.

Those same shortcomings, alongside the obvious distracting features of an iPad in your center console, pose safety concerns, too. Navigating between menus takes focus off the road, especially when adjusting a setting takes more steps than it used to. Given that 6,000 pedestrians a year already die in traffic accidents, anything that takes a driver’s eyes off the road isn’t ideal.

Some car brands have started responding to these concerns by toning down the “screenification” of their vehicles. Volkswagen announced it will bring back physical buttons after backlash against its more screen-heavy models. VW CEO Thomas Schäfer said the reliance on touch screens “did a lot of damage” to the brand’s reputation among frustrated drivers.

When VW pivoted to a touch screen-centric interface, Capital One’s Auto Navigator called the controls “aggravating,” as did many other reviewers. Yahoo Autos called it the worst infotainment system they had ever come across. In light of these responses, it’s easy to see why VW would want to move back to physical buttons.

Given this growing push against infotainment touch screens, automakers will likely respond. However, how they choose to balance demands for safety and convenience with new tech is less certain.

Some companies think the solution is to keep digital displays but change how they operate. BMW unveiled a new heads-up display (HUD) at CES 2025 that puts more information along the bottom of the windshield instead of keeping it on the dash. As BMW board member Frank Weber explained, this system means “the driver decides themselves which information they want to display in their own field of vision.” Infotainment-style customization remains present, but it stays within the line of sight while looking at the road.

BMW’s new HUD also lets drivers control these settings through physical buttons on the steering wheel, not just a touch screen. That way, hands can remain on the wheel and eyes can remain forward. Hyundai and Kia have followed a similar approach, giving users a choice between touch or analog controls.

Voice commands have emerged as another alternative. Mercedes introduced ChatGPT-backed voice controls in 2023, and Apple gave CarPlay voice functionality with iOS 18. These don’t make screens go away, but they do offer a way to use them that doesn’t require taking your hands off the wheel or eyes off the road.

As the industry explores these voice-activated solutions, it’s clear that the evolution of infotainment systems is far from over. Growing attention on common issues should kick-start some much-needed changes.

Source: Are Vehicle Infotainment Screens Headed for the Scrap Heap?

Voice commands are spotty at best and incredibly frustrating to use. BMW decided to go buttonless only last year and is sadly sticking to its’ guns whilst the rest of the world is moving on.

Bring back the buttons!

Turkish F-16s Are Using Tablets To Control Locally Made Weapons

Posted on by

Turkey has begun using tablet computers in the cockpits of its F-16 fighters to help with the rapid integration of new locally-developed weapons. This has interesting parallels with Ukraine’s use of such devices to allow its Soviet-era jets to employ Western air-to-ground weapons — something you can read more about here.

The tablet can be seen in the cockpit of an F-16 in a recent video showing a test launch of the domestically developed SOM-J standoff missile. The tablet is mounted on the Input Control Panel (ICP), which is located on the center console beneath the head-up display. The ICP is used to select weapons, navigation settings, and radio communications, among other functions. At the same time, the pilot has another tablet on their knee, something that has become increasingly common, augmenting the information available via the aircraft’s mission systems and helping eliminate cumbersome paper books in the cockpit.

In this context, the tablet is part of the UBAS, also known in English as the Aircraft Independent Firing System. Using Turkish-designed software, the UBAS provides a weapons interface for the use of Turkish-made stores, like the SOM-J.

[…]

Tablet-based workarounds to integrate new weapons on existing aircraft platforms are now something of a growth area.

In the case of Ukraine, which we have explored in depth in the past, its Soviet-era fighters lack the kinds of data bus interfaces that would ensure seamless compatibility with Western-made weapons.

Cockpit of a Ukrainian Su-27 Flanker fitted with a tablet device. via X

Last year, U.S. Undersecretary of Defense for Acquisition and Sustainment Dr. William LaPlante explained:

“There’s also a series of … we call it ‘air-to-ground,’ it’s what we call it euphemistically … think about the aircraft that the Ukrainians have, and not even the F-16, but they have a lot of the Russian and Soviet-era aircraft. Working with the Ukrainians, we’ve been able to take many Western weapons and get them to work on their aircraft, where it’s basically controlled by an iPad by the pilot. And they’re flying it in conflict like a week after we get it to him.”

As well as tablets in the cockpit, Ukrainian aircraft are also using specialized pylons on which the Western-made weapons are carried. You can read more about those here.

[…]

For Turkey, the situation is essentially reversed, with the problem being how to integrate new Turkish-made weapons onto older U.S.-made F-16s.

Turkey has a fairly unusual position regarding the kind of upgrades it can make to its F-16 fleet, a result of the sometimes-strained relations between Ankara and Washington.

[…]

Now, thanks to UBAS, these aircraft can also carry a range of Turkish-made ordnance and this can be added without having to modify the F-16’s software, which features proprietary updates released in the form of ‘tapes.’ Even without access to the software, Turkey can add new weapons to the jets using UBAS.

While the system has been shown to be used for employment of the SOM-J, it likely provides a similar interface with other locally developed stores.

[…]

As well as appearing in the cockpits of Turkish F-16s, UBAS has been installed in Soviet-era Su-25 Frogfoot attack jets operated by Azerbaijan, as part of a Turkish upgrade.

In the first part of this upgrade, known as Merhale-1, the Su-25 adds the UBAS system that allows it to employ Turkish-made KGK-82/83 and TEBER-82 precision-guided bombs, as well as SOM-B1 standoff missiles.

[…]

The Azerbaijan example underscores the unique position Turkey has, thanks to its rapidly exploding defense aerospace sector, especially in terms of munitions and drones — this was not nearly the case in the past. Were UBAS to open up a gateway for integration of multiple weapons on U.S.-made fighters, this would be a huge deal on multiple levels. For export, especially, it could be very significant, allowing foreign operators a quick and rapid way of integrating Turkish weapons, for example, on their U.S.-made aircraft.

Overall, these developments in Turkey underscore the fact that tablets are increasingly providing a vital interface between aircraft and weapons of different origins. Tablets also look like they are becoming critical to the control of Collaborative Combat Aircraft (CCA) drones and other uncrewed platforms, at least initially. They also now play a major role in a variety of training applications.

As such, tablets are proving to be a useful way of adding a host of new capabilities to older platforms and doing so relatively cheaply and quickly.

Source: Turkish F-16s Are Using Tablets To Control Locally Made Weapons

Yes, let’s “Make it Fair” – by recognising that copyright has failed to reward creators properly

Posted on by

A few weeks ago, the UK’s regional and national daily news titles ran similar front covers, exhorting the government there to “Make it Fair”. The campaign Web site explained:

Tech companies use creative content, such as news articles, books, music, film, photography, visual art, and all kinds of creative work, to train their generative AI models.

Publishers and creators say that doing this without proper controls, transparency or fair payment is unfair and threatens their livelihoods.

Under new UK proposals, creators will be able to opt out of their works being used for training purposes, but the current campaign wants more than that:

Creators argue this [opt-out] puts the burden on them to police their work and that tech companies should pay for using their content.

The campaign Web site then uses a familiar trope:

Tech giants should not profit from stolen content, or use it for free.

But the material is not stolen, it is simply analysed as part of the AI training. Analysing texts or images is about knowledge acquisition, not copyright infringement. Once again, the copyright industries are trying to place a (further) tax on knowledge. Moreover, levying that tax is completely impractical. Since there is no way to determine which works were used during training to produce any given output, the payments would have to be according to their contribution to the training material that went into creating the generative AI system itself. A Walled Culture post back in October 2023 noted that the amounts would be extremely small, because of the sheer quantity of training data that is used. Any monies collected from AI companies would therefore have to be handed over in aggregate, either to yet another inefficient collection society, or to the corporate intermediaries. For this reason, there is no chance that creators would benefit significantly from any AI tax.

We’ve been here before. Five years ago, I wrote a post about the EU Copyright Directive’s plans for an ancillary copyright, also known as the snippet or link tax. One of the key arguments by the newspaper publishers was that this new tax was needed so that journalists were compensated when their writing appeared in search results and elsewhere. As I showed back then, the amounts involved would be negligible. In fact, few EU countries have even bothered to implement the provision on allocating a share to journalists, underlining how pointless it all was. At the time, the European Commission insisted on behalf of its publishing friends that ancillary copyright was absolutely necessary because:

The organisational and financial contribution of publishers in producing press publications needs to be recognised and further encouraged to ensure the sustainability of the publishing industry.

Now, on the new Make it Fair Web site we find a similar claim about sustainability:

We’re calling on the government to ensure creatives are rewarded properly so as to ensure a sustainable future for AI and the creative industries.

As with the snippet tax, an AI tax is not going to do that, since the sums involved as so small. A post on the News Media Association reveals what is the real issue here:

The UK’s creative industries have today launched a bold campaign to highlight how their content is at risk of being given away for free to AI firms as the government proposes weakening copyright law.

Walled Culture has noted many times it is a matter of dogma for the industries involved that copyright must only ever get stronger, as if they were a copyright ratchet. The fear is evidently that once it has been “weakened” in some way, a precedent would be set, and other changes might be made to give more rights to ordinary people (perish the thought) rather than to companies. It’s worth pointing out that the copyright world is deploying its usual sleight of hand here, writing:

The government must stand with the creative industries that make Britain great and enforce our copyright laws to allow creatives to assert their rights in the age of AI.

A fair deal for artists and writers isn’t just about making things right, it is essential for the future of creativity and AI.

Who could be against this call for the UK government to defend the poor artists and writers? No one, surely? But the way to do that, according to Make it Fair, is to “stand with the creative industries”. In other words, give the big copyright companies more power to act as gatekeepers, on the assumption that their interests are perfectly aligned with those of the struggling creators.

They are not. As Walled Culture the book explores in some detail (free digital versions available), the vast majority of those “artists and writers” invoked by the “Make it Fair” campaign are unable to make a decent living from their work under copyright. Meanwhile, huge global corporations enjoy fat profits as a result of that same creativity, but give very little back to the people who did all the work.

There are serious problems with the new AI offerings, and big tech companies definitely need to be reined in for many things, but not for their basic analysis of text and images. If publishers really want to “Make it Fair”, they should start by rewarding their own authors fairly, with more than the current pittance. And if they won’t do that, as seems likely given their history of exploitation, creators should explore some of the ways they can make a decent living without them. Notably, many of these have no need for a copyright system that is the epitome of unfairness, which is precisely why publishers are so desperate to defend it in this latest coordinated campaign.

Source: Yes, let’s “Make it Fair” – by recognising that copyright has failed to reward creators properly – Walled Culture

I won’t connect my dishwasher to your stupid cloud – why not just use buttons? Also planned obsolesence is a bitch

Posted on by

I bought a Bosch 500 series because that’s what Consumer Reports recommended, and more importantly, I could find one in stock.

Bosch dishwasher open control panel

After my dad and I got it installed, I went to run a rinse cycle, only to find that that, along with features like delayed start and eco mode, require an app.

Bosch dishwasher Home Connect logo

Not only that, to use the app, you have to connect your dishwasher to WiFi, set up a cloud account in something called Home Connect, and then, and only then, can you start using all the features on the dishwasher.

Video

This blog post is a lightly-edited transcript of my latest YouTube video on Level 2 Jeff:

GE Dishwasher – Planned Obsolescence

So getting back first to that old GE dishwasher, it was, I don’t know, I think that planned obsolescence is something that applies to many consumer products today.

Companies know if they design something to last only 5 or 10 years, that means in 5 or 10 years someone’s going to have to buy a whole new one.

And on my GE Amana dishwasher, it started having weird power issues, like the controls would just not light up unless I reset the circuit breaker for a few minutes. That started happening more often, and this past Saturday it just wouldn’t come on no matter what, even after I tested and re-wired it all the way from the panel up to the dishwasher’s internal power connector.

So it was dead.

Next up, I looked at what it took to get a control board. Well… $299 for a control board that was ‘special order’ and might not even fix the problem? That’s a non-starter for my $600, 8-year-old dishwasher.

Even if I got it fixed, the front panel was starting to rust out at the hinge points (leaving some metal jaggies that my soon-to-be-crawling 6 month old could slice his fingers on), and other parts of the machine were showing signs of rust/potential future leaks…

[…]

The touch sensor, you kind of touch it and the firmware—like this new dishwasher actually takes time to boot up! I had to reset it like three times and my wife meanwhile was like laughing at me like look at this guy who does tech stuff and he can’t even figure out how to change the cycle on it.

That took about five minutes, sadly.

But eventually I pulled out the manual book because I was like… “this is actually confusing.”

It should be like: I touch the button and it changes to that mode! But that was not how it was working.

I wanted to run just a rinse cycle to make sure the water would go in, the water would pump out through the sump, and everything worked post-install.

But I couldn’t find a way to do a rinse cycle on the control panel.

So I looked in the manual and found this note:

Bosch dishwasher manual mention of Home Connect

It says options with an asterisk—including Rinse, Machine Care (self-cleaning), HalfLoad, Eco, and Delay start, are “available through Home Connect app only and depending on your model.”

The 500 series model I bought isn’t premium enough to feature a 7-segment display like the $400-more-expensive 800 series, so these fancy modes are hidden behind an app and cloud service.

I was like, “Okay, I’ll look up this app and see if I can use it over Bluetooth or locally or whatever.”

Nope! To use the app, you have to connect your dishwasher to your Wi-Fi, which lets the dishwasher reach out on the internet to this Home Connect service.

You have to set up an account on Home Connect, set up the Home Connect app on your phone, and then you can control your dishwasher through the Internet to run a rinse cycle.

That doesn’t make any sense to me.

[…]

What should be done?

When I posted on social media about this, a lot of people told me to return it.

But I spent four hours installing this thing built into my kitchen.

I hooked it up to the water, it’s running through cycles… it is working. I’ll give them that. It does the normal stuff, but you know, there are some features that don’t work without the app.

At a minimum, I think what Bosch should do is make it so that the dishwasher can be accessed locally with no requirement for a cloud account. (Really, it’d be even better to have all the functions accessible on the control panel!)

Anyone building an IoT device, here is my consumer-first, e-waste-reduction maxim:

First local, then cloud.

Cloud should be an add-on.

It should be a convenience for people who don’t know how to do things like connect to their dishwasher with an app locally.

And it’s not that hard.

A little ESP32, a little $1 chip that you can put in there could do all this stuff locally with no cloud requirement at all.

I think that there might be some quants or people who want to make a lot of money building all these cloud services.

[…]

Source: I won’t connect my dishwasher to your stupid cloud | Jeff Geerling

what the actual fuck. I don’t want to connect my dishwasher, fridge, washing machine, dryer, whatever to the cloud either.

Turns out that sharks do actually make sounds

Posted on by

Elasmobranchs are an evolutionarily ancient group of cartilaginous fishes that can hear underwater sounds but are not historically viewed as active sound producers. Three recent reports of several species of rays producing clicks in response to approaching divers have cast doubt on this long prevailing view and resulted in calls for more research into sound production in elasmobranchs. This study shows that the rig, Mustelus lenticulatus, produces clicks (mean SPLrms = 156.3 dB re. 1 μPa ± 0.9 s.e.m. at approx. 30 cm) when handled underwater, representing the first documented case of deliberate sound production by a shark

[…]

Source: Evidence of active sound production by a shark | Royal Society Open Science

The sun has literally set on the British Empire

Posted on by

[…]thanks to cosmic geometry, a major chapter in world history has just now come to a close. As first highlighted last year on Reddit, the spring equinox on March 20 marked the sun’s passage over the celestial equator, kicking off half a year of darkness around the South Pole. And given last year’s deal with Mauritius, this means Thursday night at 10:50 PM EST (2:50 AM on March 21 in London), the sun finally, literally set on the British empire.

A world map with shaded middle region indicating night
The spring equinox on March 20 prededed the British empire’s literal sunset. Credit: Reddit / TuTiempo.net

It didn’t stay dark for Britain too long, however. About an hour after dusky conditions on the Pitcairn Islands, light began to peek over the horizon roughly 10,000 miles away in Akrotiri and Dhekelia, two non-contiguous British territories located on the island of Cyprus.

[…]

Source: The sun has literally set on the British Empire | Popular Science

How much foreign aid is spent domestically rather than overseas?

Posted on by

Much of foreign aid is spent on goods that are shipped overseas: food supplies, medicines, or humanitarian assistance in emergency situations.

But a surprising amount of what’s reported as foreign aid is not sent abroad; it’s spent domestically. Foreign aid budgets in rich countries can include the costs of hosting refugees, some scholarships to foreign students, and some administrative costs that are spent domestically. These domestic expenses are reported by countries to the OECD, which tracks and measures foreign aid allocations, so they are included in the widely quoted aid figures you’ll typically see. We’ll refer to these combined costs as “aid money spent at home”.

In 2023, 22% of total foreign aid for all countries was spent at home. The DAC countries are a group of 32 high-income countries; from this point onwards, we’ll refer to them as “rich donor countries”.

In this article, we’ll look at how aid money spent at home varies across countries and categories, how this has changed over time, and what this means for the amount of money available for support overseas.

More foreign aid is spent domestically, mostly to host refugees

So, in 2023, 22% of foreign aid was spent domestically in rich donor countries. That was a record year, both in absolute and relative terms. Domestic spending has more than tripled from $14 billion to $48 billion since 2010. As a share of total aid, it has increased from 10% to 22%.

[…]

Source: How much foreign aid is spent domestically rather than overseas? – Our World in Data

Personal info feared stolen from sperm bank California Crybank

Posted on by

[…]The IT break-in occurred between April 20 and April 22, last year, according to a notification filed this month with the US state’s attorney general’s office. California Cryobank spotted unauthorized activity on certain computers on April 21, isolated the affected machines, and launched an investigation.

The sperm bank hasn’t disclosed how many individuals were affected, but says the files potentially accessed or acquired include names, Social Security numbers, driver’s license numbers, financial account details, and health insurance information [PDF].

California Cryobank has touted itself as having the largest sperm supply in the world, distributing to all 50 US states and more than 30 countries internationally.

The biz did not immediately respond to The Register‘s questions about the break-in, including how many customers were affected and if the miscreants deployed ransomware and demanded an extortion payment. One wonders why it’s taken almost a year for this all to come to light, so to speak.

[…]

Source: Personal info feared stolen from sperm bank • The Register

Cyberattack on nonprofit affects over 500k PA school workers

Posted on by

The Pennsylvania State Education Association (PSEA) says a July 2024 “security incident” exposed sensitive personal data on more than half a million individuals, including financial and health info.

The nonprofit, which represents more than 178,000 education professionals in the US state of Pennsylvania, confirmed data was stolen during a July 6 attack. According to The Office of the Maine Attorney General, the breach affected a total of 517,487 people

[…]

The org’s disclosure notice stated: “…we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network.

“We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted. We want to make the impacted individuals aware of the incident and provide them with steps they can take to further protect their information.”

Although PSEA’s disclosure didn’t explicitly mention ransomware or extortion, it did say that steps were taken to ensure the stolen data was deleted — a claim that typically implies some level of communication with the attackers, often seen in double extortion cases.

Adding weight to that suspicion, the Rhysida ransomware gang publicly claimed responsibility for the attack in September 2024, suggesting ransomware was involved.

[…]

PSEA emphasized that not every individual had the same data elements compromised. The exposed information may include an individual’s full name in combination with one or more other type of personal data.

The possible data types stolen include the usual personally identifiable information (PII) such as full names and dates of birth, and identity documents such as driver’s licenses, state IDs, and social security numbers (SSNs).

In addition to basic PII, the nonprofit also said account numbers, account PINs, security codes, passwords, routing numbers, payment card numbers, card PINs, and expiration dates might have been taken.

The list doesn’t stop there: Passport numbers, taxpayer ID numbers, usernames and passwords, health insurance information, and finally medical information are potentially in the hands of cybercriminals.

[…]

Source: Cyberattack on nonprofit affects over 500k PA school workers • The Register

HP settles lawsuit for $0 after bricking printers that don’t use HP ink

Posted on by

HP Inc. has settled a class action lawsuit in which it was accused of unlawfully blocking customers from using third-party toner cartridges – a practice that left some with useless printers – but won’t pay a cent to make the case go away.

One of the named plaintiffs in the case is called Mobile Emergency Housing Corp (MEHC) and works with emergency management organizations and government agencies to provide shelters for disaster victims and first responders across the US and Caribbean.

According to court documents [PDF], MEHC bought an HP Color LaserJet Pro M254 in August 2019. In October 2020, the org used toner cartridges from third-party supplier Greensky rather than pay for HP’s premium-priced toner.

A month later, HP sent or activated a firmware update – part of its so-called “Dynamic Security” measures – rendering MEHC’s printers incompatible with third-party toner cartridges like those from Greensky.

When MEHC’s CEO Joseph James tried to print out a document, he got the following error message.

hp

The same thing happened to another plaintiff, Performance Automotive, which purchased an HP Color LaserJet Pro MFP M281fdw in 2018 and also installed a firmware update that prevented the machine from working when third-party toner cartridges were present.

HP is not shy about why it does this: In 2024 CEO Enrique Lores told the Davos World Economic Forum “We lose money on the hardware, we make money on the supplies.”

[…]

Incidentally, HP’s printing division reported $4.5 billion in net revenue in fiscal year 2024.

Lores has also argued that using third-party suppliers is a security risk, claiming malware could theoretically be slipped into cartridge controller chips. The Register is unaware of this happening outside a lab. He’s also pitched HP’s own gear as the greener choice, pointing to its cartridge recycling program.

MEHC, Performance Automotive, (and many readers) disagree and would like to choose their own toner.

Thus, a lawsuit was launched, but rather than fight its case in court, HP has, once again, chosen to settle the case privately with no admission of guilt.

“HP denies that it did anything wrong,” its settlement notice reads. “HP agrees under the Settlement to continue making certain disclosures about its use of Dynamic Security, and to continue to provide printer users with the option to either install or decline to install firmware updates that include Dynamic Security.”

[…]

Source: HP settles lawsuit after killing first responder’s printers • The Register