Australia fines Google $42.5 million over misleading location settings

Posted on by

Google is being ordered to pay A$60 million ($42.5 million) in penalties to Australia’s competition and national consumer law regulator regarding the collection and use of location data on Android phones.

The financial slap on the wrist relates to a period between January 2017 and December 2018 and follows court action by the Australian Competition and Consumer Commission (ACCC).

According to the regulators, Google misled consumers through the “Location History” setting. Some users were told, according to the ACCC, that the setting “was the only Google account setting that affected whether Google collected, kept and used personally identifiable data about their location.”

It was not. Another setting titled “Web & App Activity” also permitted data to be collected by Google. And it allowed the collection of “personally identifiable location data when it was turned on, and that setting was turned on by default,” the ACCC said.

The “misleading representations,” according to the ACCC, breach Australian consumer law and could have been viewed by the users of 1.3 million Google accounts in Australia. The figure is, however, a best estimate. We’re sure Google doesn’t collect telemetry showing where Android users navigate to either.

Privacy issues aside, the data could also be used by Google to target ads to consumers who thought they’d said no to collection.

Google “took remedial steps” and addressed the issues by December 20, 2018, but the damage was done and the ACCC instituted proceedings in October 2019. In April 2021, the Federal Court found that Google LLC (the US entity) and Google Australia Pty Ltd had breached Australian consumer law.

[…]

Google has come under fire from other quarters regarding the obtaining of customer location data without proper consent. A group of US states sued the search giant earlier this year over “dark patterns” in the user interface to get hold of location information. Then there was the whole creepy Street View Wi-Fi harvesting debacle.

[…]

Source: Australia fines Google over misleading location settings • The Register

Ring surveillance camera footage exploited for “funny clip” show

Posted on by

[…]Ring Nation, a new twist on the popular clip show genre, from MGM Television, Live PD producer Big Fish Entertainment and Ring.

The series, which will launch on September 26, will feature viral videos shared by people from their video doorbells and smart home cameras.

It’s a television take on a genre that has been increasingly going viral on social media.

The series will feature clips such as neighbors saving neighbors, marriage proposals, military reunions and silly animals.

[…]

Source: Wanda Sykes To Host Syndicated Viral Video Show Featuring Ring – Deadline

How this is not a really scary way to try to normalise the constant and low visibility surveillance enacted by these cameras is a puzzle to me. Making it funny that you’re being spied upon from the doors in the streets.

AI laser probe for prostate cancer enters clinical trials

Posted on by

AI software capable of mapping tumor tissue more accurately to help surgeons treat and shrink prostate cancer using a laser-powered needle will soon be tested in real patients during clinical trials.

The National Cancer Institute estimated that approximately 12.6 percent of men will be diagnosed with prostate cancer at some point in their life. The risk for developing the disease rises over time for men over the age of 50. It’s one of the most curable forms of cancer, considering most cases are caught in the early stages due to regular screening tests.

Treatment for prostate cancer varies depending on the severity of the disease. Patients can undergo hormone therapy, chemotherapy, or surgery to remove tissue. Avenda Health, a medical startup founded in 2017, is developing a new type of treatment that is less invasive. The US Food and Drug Administration (FDA) granted an investigational device exemption (IDE) to the company’s invention this week, meaning it can now be used in a clinical study.

Patients will need to have an MRI scan and a targeted fusion biopsy performed first. The data is processed by Avenda’s AI algorithms in its iQuest software to map where the cancerous cells are located within the prostate. Next, the computer vision-aided model will simulate where best to insert FocalPoint, a probe armed with a laser, to help surgeons treat the patient’s tumor. The heat from the laser gently heats the cancerous cells and kills them with goal of shrinking and removing the whole tumor.

focal_point_iquest_avenda

MRI images where cancer is mapped using iQuest software before and after treatment. Image Credit: Avenda Health

“Historically, prostate cancer treatments of surgery or radiation impacts critical structures like the urethra and nerves which control sexual and urinary function,” Avenda’s CEO and co-founder Shyam Natarajan told The Register. “Our focal laser ablation system, FocalPoint, which is powered by our AI-driven cancer margin software, iQuest, specifically targets tumor tissue and avoids healthy tissue. This means patients no longer lose control over these functions that are so common with traditional treatments, so quality of life is significantly improved.”

The treatment is only effective for men diagnosed with intermediate risk of prostate cancer, a classification that describes tumors being confined within the prostate only. Patients are considered high risk in cases where the cancer has spread beyond the prostate.

“This is one of the benefits of the iQuest software. Not only can it map the cancer, but it also provides decision support for the physician as they determine the best course of treatment for an individual patient. Not every patient is going to be eligible for focal therapy, and it is important for the physician to distinguish between good focal therapy candidates and not.  iQuest provides useful insights for that decision making process,”  Natarajan said.

[…]

Source: AI laser probe for prostate cancer enters clinical trials • The Register

Nuclear Fusion Breakthrough Confirmed: California Team Achieved Ignition

Posted on by

A major breakthrough in nuclear fusion has been confirmed a year after it was achieved at a laboratory in California.

Researchers at Lawrence Livermore National Laboratory’s (LLNL’s) National Ignition Facility (NIF) recorded the first case of ignition on August 8, 2021, the results of which have now been published in three peer-reviewed papers.

Nuclear fusion is the process that powers the Sun and other stars: heavy hydrogen atoms collide with enough force that they fuse together to form a helium atom, releasing large amounts of energy as a by-product. Once the hydrogen plasma “ignites”, the fusion reaction becomes self-sustaining, with the fusions themselves producing enough power to maintain the temperature without external heating.

Ignition during a fusion reaction essentially means that the reaction itself produced enough energy to be self-sustaining, which would be necessary in the use of fusion to generate electricity.

If we could harness this reaction to generate electricity, it would be one of the most efficient and least polluting sources of energy possible. No fossil fuels would be required as the only fuel would be hydrogen, and the only by-product would be helium, which we use in industry and are actually in short supply of.

[…]

In this latest milestone at the LLNL, researchers recorded an energy yield of more than 1.3 megajoules (MJ) during only a few nanoseconds. For reference, one MJ is the kinetic energy of a one tonne mass moving at 100mph.

[…]

In the experiments performed to reach this ignition result, researchers heat and compress a central “hot spot” of deuterium-tritium (hydrogen atoms with one and two neutrons, respectively) fuel using a surrounding dense piston also made from deuterium-tritium, creating a super hot, super pressurized hydrogen plasma.

“Ignition occurs when the heating from absorption of α particles [two protons and two neutrons tightly bound together] created in the fusion process overcomes the loss mechanisms in the system for a duration of time,” said the authors in a paper publishing the results in the journal Physical Review E.

[…]

 

Source: Nuclear Fusion Breakthrough Confirmed: California Team Achieved Ignition

Scientists discover how mosquitoes can ‘sniff out’ humans despite masking scents

Posted on by

[…]

esearchers at the Rockefeller University, in New York, were baffled when mosquitoes were somehow still able to find people to bite after having an entire family of human odour-sensing proteins removed from their genome.

The team then examined odour receptors in the antennae of mosquitoes, which bind to chemicals floating around in the environment and signal to the brain via neurons.

“We assumed that mosquitoes would follow the central dogma of olfaction, which is that only one type of receptor is expressed in each neuron,” said Younger. “Instead, what we’ve seen is that different receptors can respond to different odours in the same neuron.”

This means losing one or more receptors does not affect the ability of mosquitoes to pick up on human smells. This backup system could have evolved as a survival mechanism, the researchers say.

“The mosquito Aedes aegypti is specialised to bite humans, and it is believed that they evolved to do that because humans are always close to fresh water and mosquitoes lay their eggs in fresh water. We are basically the perfect meal, so the drive to find humans is extremely strong,” said Younger.

Ultimately, the researchers say, understanding how the mosquito brain processes human odour could be used to intervene in biting behaviour and reduce the spread of mosquito-borne diseases, such as malaria, dengue and yellow fever.

[…]

Source: Scientists discover how mosquitoes can ‘sniff out’ humans | Animal behaviour | The Guardian

Physical buttons outperform touchscreens in new cars, test finds

Posted on by

Vi Bilägare gathered eleven modern cars from different manufacturers at an airfield och measured the time needed for a driver to perform different simple tasks, such as changing the radio station or adjusting the climate control. At the same time, the car was driven at 110 km/h (68 mph). We also invited an ”old-school” car without a touchscreen, a 17-year-old Volvo V70, for comparison.

One important aspect of this test is that the drivers had time to get to know the cars and their infotainment systems before the test started.

The screens in modern cars keep getting bigger. Design teams at most car manufacturers love to ditch physical buttons and switches, although they are far superior safety-wise.

That is the conclusion when Swedish car magazine Vi Bilägare performed a thurough test of the HMI system (Human-Machine Interface) in a total of twelve cars this summer.

Inspiration for the screen-heavy interiors in modern cars comes from smartphones and tablets. Designers want a ”clean” interior with minimal switchgear, and the financial department wants to lower the cost. Instead of developing, manufacturing and keeping physical buttons in stock for years to come, car manufacturers are keen on integrating more functions into a digital screen which can be updated over time.

So in what way have these screens affected safety? Vi Bilägare gathered eleven modern cars from different manufacturers at an airfield och measured the time needed for a driver to perform different simple tasks, such as changing the radio station or adjusting the climate control. At the same time, the car was driven at 110 km/h (68 mph). We also invited an ”old-school” car without a touchscreen, a 17-year-old Volvo V70, for comparison.

One important aspect of this test is that the drivers had time to get to know the cars and their infotainment systems before the test started.

Each moment during the test is timed separately.

No backlighting

Tesla was not the first to introduce a touchscreen, but the American carmaker has always offered bigger touchscreens than most manufacturers, containing more of the car’s features. Even the windshield wipers are controlled through the touchscreen.

BMW iX also offers a touchscreen, but not as big as Tesla’s, and also more physical buttons. But that’s no guarantee for a system which is easy to use. The BMW’s infotainment system has lots of features, but it also has one of the most complex and complicated user interfaces ever designed.

Another sin is committed by Volkswagen and Seat. In order to save money, the touch-sensitive climate controls below the screen in the ID.3 and Leon are not backlit which make them completely invisible at night.

Voice control

The carmakers are keen to point out that many features now can be activated by voice. But the voice control systems are not always easy to use, they can’t control every function and they don’t always work as advertised, which is why the voice control systems were not tested in this experiment.

The results speak for themselves. The worst-performing car needs 1,400 meters to perform the same tasks for which the best-performing car only needs 300 meters.

Big differences

  • The easiest car to understand and operate, by a large margin, is the 2005 Volvo V70. The four tasks is handled within ten seconds flat, during which the car is driven 306 meters at 110 km/h.
  • At the other end of the scale, Chinese electric car MG Marvel R performs far worse. The driver needs 44.6 seconds before all the tasks are completed, during which the car has travelled 1,372 meters – more than four times the distance compared to the old Volvo.
  • BMW iX and Seat Leon perform better, but both are still too complicated. The driver needs almost a kilometer to perform the tasks. Lots can happen in traffic during that time.
  • Dacia Sandero and Volvo C40 perform well although they both have touchscreens. However, they are not overloaded with features. Volvo shows that a touchscreen doesn’t need to be complicated.

[…]

The results

Car Time to perform four tasks, seconds Score, 1–5
BMW iX 30.4 4.0
Dacia Sandero 13.5 3.75
Hyundai Ioniq 5 26.7 3.5
Mercedes GLB 20.2 3.25
MG Marvel R 44.9 2.5
Nissan Qashqai 25.1 4.25
Seat Leon 29.3 3.25
Subaru Outback 19.4 4.0
Tesla Model 3 23.5 3.75
Volkswagen ID.3 25.7 2.25
Volvo C40 13.7 3.5
Volvo V70 (2005) 10.0 4.5

Click to view results

 
  distance to perform task

Source: Physical buttons outperform touchscreens in new cars, test finds | Vi Bilägare

e-HallPass Monitors How Long Kids Are in the Bathroom Is Now in 1,000 American Schools, normalises surveillance

Posted on by

e-HallPass, a digital system that students have to use to request to leave their classroom and which takes note of how long they’ve been away, including to visit the bathroom, has spread into at least a thousand schools around the United States.

The system has some resemblance to the sort of worker monitoring carried out by Amazon, which tracks how long its staff go to the toilet for, and is used to penalize workers for “time off task.” It also highlights how automated tools have led to increased surveillance of students in schools, and employees in places of work.

“This product is just the latest in a growing number of student surveillance tools—designed to allow school administrators to monitor and control student behavior at scale, on and off campus,”

[…]

increased scrutiny offered by surveillance tools “has been shown to be disproportionately targeted against minorities, recent immigrants, LGBTQ kids,” and other marginalized groups.

[…]

Eduspire, the company that makes e-HallPass, told trade publication EdSurge in March that 1,000 schools use the system. Brian Tvenstrup, president of Eduspire, told the outlet that the company’s biggest obstacle to selling the product “is when a school isn’t culturally ready to make these kinds of changes yet.”

[…]

Admins can then access data collected through the software, and view a live dashboard showing details on all passes. e-HallPass can also stop meet-ups of certain students and limit the amount of passes going to certain locations, the website adds, explicitly mentioning  “vandalism and TikTok challenges.” Many of the schools Motherboard identified appear to use e-HallPass specifically on Chromebooks, according to student user guides and similar documents hosted on the schools’ websites, though it also advertises that it can be used to track students on their personal cell phones.

EdSurge reported that some people had taken to Change.org with a petition to remove the “creepy” system from a specific school. Motherboard found over a dozen similar petitions online, including one regarding Independence High School signed nearly 700 times which appears to have been written by a group of students.

[…]

 

Source: A Tool That Monitors How Long Kids Are in the Bathroom Is Now in 1,000 American Schools

FIFA 23 Accidentally Sells For Six Cents, EA Honors The Mistake

Posted on by

FIFA 23 is currently up for preorder around the world, and is supposed to be a full-price retail release, but in one particular market on one particular store, customers could get one hell of a bargain.

Last month, anyone browsing the Epic Games Store in India would have seen that while the standard edition of FIFA 23 cost ₹3,499 (USD$44), the Ultimate Edition—which should have been ₹4,799 (USD$60) was instead listed at ₹4.80.

The error was first discovered in late July
The error was first discovered in late July
Image: Twitter

That is not a sale price, that is an error, one where the store has clearly put the decimal point in the wrong spot. ₹4.80 works out to be six cents, and as word spread about the savings, users flocked to the store and bought the game. And not just Indian gamers, either; once news got out, fans were sharing across social media ways for players outside the region to set their accounts to the Indian Epic Games Store so they could get in on the error as well.

Now, this kind of thing isn’t exactly rare in the realms of online shopping, but often stores will cancel orders when the discrepancy is this great, so I don’t think too many people would have been expecting to have actually got hold of the more expensive version of FIFA 23 for six cents.

But they have! Via PC Gamer, EA Sports have this week issued a statement saying:

A few weeks back, we scored a pretty spectacular own-goal when we inadvertently offered FIFA 23 pre-purchase on the Epic Games Store at an incorrect price. It was our mistake, and we wanted to let you know that we’ll be honoring all pre-purchases made at that price.

[…]

Source: FIFA 23 Accidentally Sells For Six Cents, EA Honors The Mistake

Twilio SMS service attacker ‘explicitly’ looked for 3 Signal numbers

Posted on by

The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed.

However, Signal – considered one of the better secured of all the encrypted messaging apps – claims the attacker would not have been able to access the message history, contact lists, profile information, or other personal data associated with these user accounts. The non-profit organization said in a security note on its site that it has identified and is notifying the 1,900 users directly, and prompting them to re-register Signal on their devices.

The company had already come under fire for its practice of SMS verification in the past, something which has rebounded in the wake of the disclosure.

According to Signal, Twilio provides SMS verification services for its platform. Twilio provides messaging, call center and two-factor authentication services, among others, to about 256,000 customers altogether – although it said in an earlier incident report about the breach that only 125 of its customers had data “accessed by malicious actors for a limited period of time.”

The news that Signal was one of the 125 has raised questions about the identity of other Twilio customers, especially as the encrypted comms platform is known for its transparency. Others may be less forthcoming.

According to Signal’s security note, when Twilio was hit by a phishing attack earlier this month, this may potentially have led to the phone numbers of 1,900 Signal users being revealed as registered to a Signal account. The encryption app platform added that the users’ SMS verification codes were also exposed.

It appears that during the window of time that the attacker had access to Twilio’s customer support systems, it would have been possible for them to attempt to re-register the phone numbers they had accessed, transferring the Signal account to another device under their own control, using the SMS verification code. It also stresses that the attacker no longer has this access, and that the attack had been shut down by Twilio.

Intriguingly, Signal states that the attacker explicitly searched for three phone numbers among the 1,900 accessed, and the organization has since received a report from one of those three users that their account was indeed re-registered and hijacked.

[…]

Source: Twilio attacker ‘explicitly’ looked for 3 Signal numbers

How bad the problem with John Deere Tractors really is, how not being open leads to incredibly bad security

Posted on by

Last Saturday, I sat in a crowded ballroom at Caesar’s Forum in Las Vegas and watched Sickcodes jailbreak a John Deere tractor’s control unit live, before an audience of cheering Defcon 30 attendees (and, possibly, a few undercover Deere execs, who often attend Sickcodes’s talks).

The presentation was significant because Deere – along with Apple – are the vanguard of the war on repair, a company that has made wild and outlandish claims about the reason that farmers must pay the company hundreds of dollars every time they fix their own tractors, and then wait for days for an authorized technician to come to their farm and type an unlock code.

Deere’s claims have included the astounding statement that the farmers who spend hundreds of thousands of dollars on tractors don’t actually own those tractors, because the software that animates them is only licensed, not sold:

https://memex.craphound.com/2017/04/22/john-deere-just-told-the-copyright-office-that-only-corporations-can-own-property-humans-can-only-license-it/

They’ve also claimed that locking farmers out of their tractors is for their own good, because otherwise hackers could take over those tractors and endanger the food supply. While it’s true that the John Deere tractor monopoly means that defects in the company’s products could affect farms all around the world, it’s also true that John Deere is very, very bad at information security:

https://pluralistic.net/2021/04/23/reputation-laundry/#deere-john

The company’s insistence that they are guardians of farmers and the agricultural sector is a paper-thin cover for monopolistic practices and rent-seeking. Monopolizing the repair and reconfiguration of Deere products gives the company all kinds of little gifts – for example, they can refuse to fix the tractors of dissatisfied customers unless they agree to gag-orders:

https://pluralistic.net/2022/05/31/dealers-choice/#be-a-shame-if-something-were-to-happen-to-it

And because so few of us understand information security, or monopoly, or agribusiness (let alone all three!) they can spin their dangerous, grossly unfair practices as features, not bugs. Remember when they trumpeted the fact that they’d remotely bricked some Ukrainian Deere products that had been looted by Russian soldiers?

https://doctorow.medium.com/about-those-kill-switched-ukrainian-tractors-bc93f471b9c8

What they didn’t say – and what almost no one pointed out – was that this meant that anyone who could hack John Deere’s system could brick any tractor – including, say, the Russian military’s hacking squads. They also didn’t say that Ukrainian farmers had long chafed under Deere’s corporate control, and had developed illegal third-party tractor firmware that farmers all over the world had covertly installed:

https://www.vice.com/en/article/xykkkd/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware

And that means that the Russian looters who supposedly were foiled by Deere’s corporate remote killswitches can re-activate their tractors, by using the Ukrainian software developed in response to the company’s monopolistic practices.

Which brings me back to Sickcodes and his awesome presentation at Defcon 30 this weekend. I watched from the front row, sitting next to the repair champion Kyle Wiens, founder of Ifixit, who turned his notes into an excellent Twitter thread:

https://twitter.com/kwiens/status/1558688970799648769

As Kyle points out, Deere has repeatedly told state and federal lawmakers and regulators that farmers can’t be trusted to repair or modify their own tractors. This is obviously nonsense: indeed, for decades, Deere product development consisted of sending engineers out to document the improvements farmers had made to their tractors so the company could copy them:

https://securityledger.com/2019/03/opinion-my-grandfathers-john-deere-would-support-our-right-to-repair/

Writing for Wired, Lily Hay Newman provides some great technical details on the hack, including how Sickcodes acquired (and accidentally broke!) several 2630 and 4240 touchscreen control units, eventually demounting the main controller and soldering it into a new board that he used to probe the system:

https://www.wired.com/story/john-deere-tractor-jailbreak-defcon-2022/

He discovered that the system was designed to send an extraordinary amount of data to John Deere – his control unit tried to exfiltrate 1.5GB worth of data once he brought it online. He also discovered that as soon as he was able to conjure up a terminal, he had root access to the system.

This was great news for Sickcodes, but it raises serious questions about Deere’s information security practices. As Kyle points out, this entire system ran on deprecated, unpatched, elderly GNU/Linux software and Windows CE, an operating system that was end-of-lifed in 2018, and which was so bad that people forced to use it typically called it “Wince.”

Sickcodes discovered all kinds of security worst-practices in John Deere’s security – even in the parts of its security that were intended to secure the company’s profits from its own customers’ best interests. For example, at one point Sickcodes put the control unit into maintenance mode by repeatedly rebooting it, so that it refused to allow him to do anything until he brought it to a dealer. He discovered that all it took to convince the computer that he was a dealer was to create an empty text file on its hard-drive whose filename was something like “IAmADealer.txt” (I didn’t write down the exact filename, alas, but that’s not far off!).

Another revelation from Sickcodes: the company made extensive use of free/open source software but seems to be gravely out-of-compliance with the license terms (I’m told that organizations that do legal enforcement of free/open licenses are now aware of this).

So to recap: the company says it has to block farmers from having the final say over their own tractors because they could create security risks and also threaten Deere’s copyrights (the company even claims that locking down tractors is necessary to preventing music infringement, as though a farmer would spend $600k on a tractor so they could streamrip Spotify tracks).

But in reality, the company itself is a dumpster-fire of information security worst practices, whose unpatched, badly configured, out-of-date tractors are a bonanza of vulnerabilities and unforced errors. What’s more, the company – which claims to be staunch defenders of copyright – use their copyright locks to hide the fact that they are committing serious breaches of software copyright.

In serious information security circles, it’s widely understood that “there is no security in obscurity” – that is, hiding how a system works doesn’t make it secure. Usually, this is understood to be grounded in the fact that if you hide your work, you might make mistakes that others would spot and point out to you:

https://doctorow.medium.com/como-is-infosec-307f87004563

But there’s another problem with security through obscurity: when you don’t have to show your work to others, you can be sloppy. Whereas, if your work is open to inspection, your own aversion to being seen as slapdash will impose a rigor on your process, which will make the whole thing better:

https://doctorow.medium.com/the-memex-method-238c71f2fb46

With Deere’s security through obscurity, we see both pathologies on display. The company uses its opacity to commit sloppy security bugs, and also to cover up its violations of copyright law – and then, of course, it accuses its critics of being guilty of those two exact sins. Takes one to know one:

https://doctorow.medium.com/takes-one-to-know-one-104d7d749408

Sickcodes closed out by saying that while his hack required a lot of fiddling with the hardware, he was already scheming to build a little tool that could access and jailbreak a tractor without ripping chips off a board or doing a lot of soldering.

And then he played a custom, farm-themed version of Doom on his jailbroken tractor controller.

Source: Pluralistic: 15 Aug 2022 – Pluralistic: Daily links from Cory Doctorow

A New Jailbreak for John Deere Tractors wants Right-to-Repair insecure and outdated tech in them

Posted on by

farmers around the world have turned to tractor hacking so they can bypass the digital locks that manufacturers impose on their vehicles. Like insulin pump “looping” and iPhone jailbreaking, this allows farmers to modify and repair the expensive equipment that’s vital to their work, the way they could with analog tractors. At the DefCon security conference in Las Vegas on Saturday, the hacker known as Sick Codes is presenting a new jailbreak for John Deere & Co. tractors that allows him to take control of multiple models through their touchscreens.

The finding underscores the security implications of the right-to-repair movement. The tractor exploitation that Sick Codes uncovered isn’t a remote attack, but the vulnerabilities involved represent fundamental insecurities in the devices that could be exploited by malicious actors or potentially chained with other vulnerabilities.

[…]

Sick Codes, an Australian who lives in Asia, presented at DefCon in 2021 about tractor application programming interfaces and operating system bugs. After he made his research public, tractor companies, including John Deere, started fixing some of the flaws. “The right-to-repair side was a little bit opposed to what I was trying to do,” he tells WIRED. “I heard from some farmers; one guy emailed me and was like ‘You’re fucking up all of our stuff!’ So I figured I would put my money where my mouth is and actually prove to farmers that they can root the devices.”

This year, Sick Codes says that while he is primarily concerned about world food security and the exposure that comes from vulnerable farming equipment, he also sees important value in letting farmers fully control their own equipment. “Liberate the tractors!” he says.

[…]

Facing mounting pressure, John Deere announced in March that it would make more of its repair software available to equipment owners. The company also said at the time that it will release an “enhanced customer solution” next year so customers and mechanics can download and apply official software updates for Deere equipment themselves, rather than having John Deere unilaterally apply the patches remotely or force farmers to bring products to authorized dealerships.

“Farmers prefer the older equipment simply because they want reliability. They don’t want stuff to go wrong at the most important part of the year when they have to pull stuff out of the ground,” Sick Codes says. “So that’s what we should all want too. We want farmers to be able to repair their stuff for when things go wrong, and now that means being able to repair or make decisions about the software in their tractors.”

[…]

He found that when the system thought it was in such an environment, it would offer more than 1.5 GB worth of logs that were meant to help authorized service providers diagnose problems. The logs also revealed the path to another potential timing attack that might grant deeper access. Sick Codes soldered controllers directly onto the circuit board and eventually got his attack to bypass the system’s protections.

“I launched the attack, and two minutes later a terminal pops up,” Sick Codes says of the program used to access a computer’s command-line interface. “I had root access, which is rare in Deere land.”

[…]

 

Source: A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave | WIRED

Video-Ident hacked by CCC

Posted on by

Services offering Video-Ident allow users to prove their identity to them by transmitting video showing themselves and an identity document for verification by an operator or by software. Once identified, individuals can proceed to sign up for cell phone contracts, create electronic signatures which are legally binding throughout the EU (QES), apply for credit and open bank accounts – or access their German personal health record (ePA).

A specially devised choreography designed to reveal circumstancial evidence such as visible security holograms or facial expressions is supposed to answer two critical questions in every Video-Ident session: Is the identity document genuine? Is the person in front of the camera genuine? Video-Ident service providers claim that their solutions reliably detect fraud attempts.

Open source software and a little watercolour

Martin Tschirsich, a security researcher with the CCC, demonstrates the failure to keep that promise in his report published today (all links refer to sources in German). In 2019 Tschirsich had already demonstrated how unauthorized individuals could acquire German medical insurance cards as well as special doctors’ and clinics’ electronic ID cards.

[…]

Links and further information

Source: CCC | Chaos Computer Club hacks Video-Ident

Stiff, achy knees? Lab-made cartilage gel outperforms the real thing

Posted on by

[…] Writing in the journal Advanced Functional Materials, a Duke University-led team says they have created the first gel-based cartilage substitute that is even stronger and more durable than the real thing.

Mechanical testing reveals that the Duke team’s hydrogel—a material made of water-absorbing polymers—can be pressed and pulled with more force than natural cartilage, and is three times more resistant to wear and tear.

[…]

To make this material, the Duke team took thin sheets of cellulose fibers and infused them with a polymer called —a viscous goo consisting of stringy chains of repeating molecules—to form a gel.

The act like the collagen fibers in natural cartilage, Wiley said—they give the gel strength when stretched. The polyvinyl alcohol helps it return to its original shape. The result is a Jello-like material, 60% water, which is supple yet surprisingly strong.

Natural cartilage can withstand a whopping 5,800 to 8,500 pounds per inch of tugging and squishing, respectively, before reaching its breaking point. Their lab-made version is the first hydrogel that can handle even more. It is 26% stronger than natural cartilage in tension, something like suspending seven grand pianos from a key ring, and 66% stronger in compression—which would be like parking a car on a postage stamp.

[…]

In the past, researchers attempting to create stronger hydrogels used a freeze-thaw process to produce crystals within the gel, which drive out water and help hold the polymer chains together. In the new study, instead of freezing and thawing the hydrogel, the researchers used a heat treatment called annealing to coax even more crystals to form within the polymer network.

By increasing the crystal content, the researchers were able to produce a gel that can withstand five times as much stress from pulling and nearly twice as much squeezing relative to freeze-thaw methods.

The improved strength of the annealed gel also helped solve a second design challenge: securing it to the joint and getting it to stay put.

Cartilage forms a thin layer that covers the ends of bones so they don’t grind against one another. Previous studies haven’t been able to attach hydrogels directly to bone or cartilage with sufficient strength to keep them from breaking loose or sliding off. So the Duke team came up with a different approach.

Their method of attachment involves cementing and clamping the hydrogel to a titanium base. This is then pressed and anchored into a hole where the damaged cartilage used to be. Tests show the design stays fastened 68% more firmly than natural cartilage on bone.

[…]

In wear tests, the researchers took artificial cartilage and natural cartilage and spun them against each other a million times, with a pressure similar to what the knee experiences during walking. Using a high-resolution X-ray scanning technique called micro-computed tomography (micro-CT), the scientists found that the surface of their lab-made version held up three times better than the real thing. Yet because the mimics the smooth, slippery, cushiony nature of real cartilage, it protects other joint surfaces from friction as they slide against the implant.

[…]

From the lab, the first cartilage-mimicking gel that’s strong enough for knees
More information: Jiacheng Zhao et al, A Synthetic Hydrogel Composite with a Strength and Wear Resistance Greater than Cartilage, Advanced Functional Materials (2022). DOI: 10.1002/adfm.202205662

Journal information: Advanced Functional Materials

Source: Stiff, achy knees? Lab-made cartilage gel outperforms the real thing

A new method boosts wind farms’ energy output, without new equipment

Posted on by

Virtually all wind turbines, which produce more than 5 percent of the world’s electricity, are controlled as if they were individual, free-standing units. In fact, the vast majority are part of larger wind farm installations involving dozens or even hundreds of turbines, whose wakes can affect each other.

Now, engineers at MIT and elsewhere have found that, with no need for any new investment in equipment, the energy output of such installations can be increased by modeling the wind flow of the entire collection of turbines and optimizing the control of individual units accordingly.

The increase in energy output from a given installation may seem modest—it’s about 1.2 percent overall, and 3 percent for optimal wind speeds. But the algorithm can be deployed at any wind farm, and the number of is rapidly growing to meet accelerated climate goals. If that 1.2 percent energy increase were applied to all the world’s existing wind farms, it would be the equivalent of adding more than 3,600 new , or enough to power about 3 million homes, and a total gain to power producers of almost a billion dollars per year, the researchers say. And all of this for essentially no cost.

[…]

“Essentially all existing utility-scale turbines are controlled ‘greedily’ and independently,” says Howland. The term “greedily,” he explains, refers to the fact that they are controlled to maximize only their own power production, as if they were isolated units with no detrimental impact on neighboring turbines.

But in the real world, turbines are deliberately spaced close together in wind farms to achieve economic benefits related to land use (on- or offshore) and to infrastructure such as access roads and transmission lines. This proximity means that turbines are often strongly affected by the turbulent wakes produced by others that are upwind from them—a factor that individual -control systems do not currently take into account.

[…]

a new flow model which predicts the power production of each turbine in the farm depending on the incident winds in the atmosphere and the control strategy of each turbine. While based on flow-physics, the model learns from operational wind farm data to reduce predictive error and uncertainty. Without changing anything about the physical turbine locations and hardware systems of existing wind farms, they have used the physics-based, data-assisted modeling of the flow within the wind farm and the resulting power production of each turbine, given different wind conditions, to find the optimal orientation for each turbine at a given moment. This allows them to maximize the output from the whole farm, not just the individual turbines.

[…]

In a months-long experiment in a real utility-scale wind farm in India, the was first validated by testing a wide range of yaw orientation strategies, most of which were intentionally suboptimal. By testing many control strategies, including suboptimal ones, in both the real farm and the model, the researchers could identify the true optimal strategy. Importantly, the model was able to predict the farm power production and the optimal control strategy for most wind conditions tested, giving confidence that the predictions of the model would track the true optimal operational strategy for the farm. This enables the use of the model to design the optimal control strategies for new wind conditions and new wind farms without needing to perform fresh calculations from scratch.

Then, a second months-long experiment at the same farm, which implemented only the optimal control predictions from the model, proved that the algorithm’s effects could match the overall energy improvements seen in simulations. Averaged over the entire test period, the system achieved a 1.2 percent increase in at all wind speeds, and a 3 percent increase at speeds between 6 and 8 meters per second (about 13 to 18 miles per hour).

[…]

Source: A new method boosts wind farms’ energy output, without new equipment

Hubble sees supergiant Betelgeuse slowly recovering after blowing its top

Posted on by

Following the titanic mass ejection of a large piece of its visible surface. The escaping material cooled to form a cloud of dust that temporarily made the star look dimmer, as seen from Earth. This unprecedented stellar convulsion disrupted the monster star’s 400-day-long oscillation period that astronomers had measured for more than 200 years. The interior may now be jiggling like a plate of gelatin dessert. Credit: NASA, ESA, Elizabeth Wheatley (STScI)

Analyzing data from NASA’s Hubble Space Telescope and several other observatories, astronomers have concluded that the bright red supergiant star Betelgeuse quite literally blew its top in 2019, losing a substantial part of its visible surface and producing a gigantic Surface Mass Ejection (SME). This is something never before seen in a normal star’s behavior.

The sun routinely blows off parts of its tenuous outer atmosphere, the corona, in an event known as a Coronal Mass Ejection (CME). But the Betelgeuse SME blasted off 400 billion times as much mass as a typical CME.

The monster star is still slowly recovering from this catastrophic upheaval. “Betelgeuse continues doing some very unusual things right now; the interior is sort of bouncing,” says Andrea Dupree of the Center for Astrophysics | Harvard & Smithsonian.

These new observations yield clues as to how red stars lose mass late in their lives as their nuclear fusion furnaces burn out, before exploding as supernovae. The amount of mass loss significantly affects their fate. However, Betelgeuse’s surprisingly petulant behavior is not evidence the star is about to blow up anytime soon. So the mass loss event is not necessarily the signal of an imminent explosion

[…]

The titanic outburst in 2019 was possibly caused by a convective plume, more than a million miles across, bubbling up from deep inside the star. It produced shocks and pulsations that blasted off the chunk of the photosphere leaving the star with a large cool surface area under the dust cloud that was produced by the cooling piece of photosphere. Betelgeuse is now struggling to recover from this injury.

Weighing roughly several times as much as our moon, the fractured piece of photosphere sped off into space and cooled to form a that blocked light from the star as seen by Earth observers. The dimming, which began in late 2019 and lasted for a few months, was easily noticeable even by backyard observers watching the star change brightness. One of the brightest stars in the sky, Betelgeuse is easily found in the right shoulder of the constellation Orion.

Even more fantastic, the supergiant’s 400-day pulsation rate is now gone, perhaps at least temporarily. For almost 200 years astronomers have measured this rhythm as evident in changes in Betelgeuse’s brightness variations and surface motions. Its disruption attests to the ferocity of the blowout.

[…]

Betelgeuse is now so huge now that if it replaced the sun at the center of our solar system, its outer surface would extend past the orbit of Jupiter. Dupree used Hubble to resolve hot spots on the star’s in 1996. This was the first direct image of a star other than the sun.

[…]

Source: Hubble sees supergiant Betelgeuse slowly recovering after blowing its top

Researchers find way to shrink a 3D holographic VR headset down to normal glasses size using pancake lenses and a waveguide

Posted on by

Researchers from Stanford University and Nvidia have teamed up to help develop VR glasses that look a lot more like regular spectacles. Okay, they are rather silly looking due to the ribbons extended from either eye, but they’re much, much flatter and compact than your usual goggle-like virtual reality headsets today.

“A major barrier to widespread adoption of VR technology, however, is the bulky form factor of existing VR displays and the discomfort associated with that,” the research paper published at Siggraph 2022 (opens in new tab) says.

These aptly named “Holographic Glasses” can deliver a full-colour 3D holographic image using optics that are only 2.5mm thick. Compared to the traditional way a VR headset works, in which a lens magnifies a smaller display some distance away from it, shrinking all the prerequisite parts down to such a small size is quite the spectacular step forward for VR.

The Holographic Glasses prototype uses pancake lenses, which is a concept that has been thrown around a couple of times in the past few years. These pancake lenses not only allow for a much smaller profile but reportedly they have a few other benefits, too:  the resolution they can offer is said to be unlimited, meaning you can crank up the resolution for VR headsets, and they offer a much wider field of view at up to 200°.

[…]

The research paper lists the glasses as such: “a coherent light source that is coupled into a pupil-replicating waveguide, which provides the illumination for a phase-only SLM that is mounted on the waveguide in front of the user’s eye. This SLM creates a small image behind the device, which is magnified by a thin geometric phase (GP) lens.”

[…]

(Image credit: Nvidia, Stanford University)

 

the final result is a very small VR device that could be game-changing if made a reality outside of the lab. It also only weighs 60g, which is notably far lighter than even the Meta Quest 2 (opens in new tab), which rolls in at 503g.

[…]

You can read up on the whole project in the recently published research paper titled “Holographic Glasses for Virtual Reality (opens in new tab)” by Jonghyun Kim, Manu Gopakumar, Suyeon Choi, Yifan Peng, Ward Lopes, and Gordon Wetzstein.

[…]

Source: Researchers find way to shrink a VR headset down to normal glasses size | PC Gamer

Open Cybersecurity Schema Framework released

Posted on by

The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes.

OVERVIEW

The framework is made up of a set of data types, an attribute dictionary, and the taxonomy. It is not restricted to the cybersecurity domain nor to events, however the initial focus of the framework has been a schema for cybersecurity events. OCSF is agnostic to storage format, data collection and ETL processes. The core schema for cybersecurity events is intended to be agnostic to implementations. The schema framework definition files and the resulting normative schema are written as JSON.

Refer to the white paper Understanding the Open Cybersecurity Schema Framework for an introduction to the framework and schema. A schema browser for the cybersecurity schema can be found at OCSF Schema, where the user can easily navigate the schema, apply profiles and extensions, and browse the attributes, objects and event classes.

Source: Github / ocsf

Still a lot of work to be done in the schema but it’s a start

Math error: A new study overturns 100-year-old understanding of color perception

Posted on by

A new study corrects an important error in the 3D mathematical space developed by the Nobel Prize-winning physicist Erwin Schrödinger and others, and used by scientists and industry for more than 100 years to describe how your eye distinguishes one color from another. The research has the potential to boost scientific data visualizations, improve TVs and recalibrate the textile and paint industries.

[…]

“Our research shows that the current mathematical model of how the eye perceives color differences is incorrect. That model was suggested by Bernhard Riemann and developed by Hermann von Helmholtz and Erwin Schrödinger—all giants in mathematics and physics—and proving one of them wrong is pretty much the dream of a scientist,” said Bujack.

[…]

the team was surprised when they discovered they were the first to determine that the longstanding application of Riemannian geometry, which allows generalizing straight lines to curved surfaces, didn’t work.

This visualization captures the 3D mathematical space used to map human color perception. A new mathematical representation has found that the line segments representing the distance between widely separated colors don’t add up correctly using the previously accepted geometry. The research contradicts long-held assumptions and will improve a variety of practical applications of color theory. Credit: Los Alamos National Laboratory

To create industry standards, a precise mathematical model of perceived is needed. First attempts used Euclidean spaces—the familiar geometry taught in many high schools; more advanced models used Riemannian geometry. The models plot red, green and blue in the 3D space. Those are the colors registered most strongly by light-detecting cones on our retinas, and—not surprisingly—the colors that blend to create all the images on your RGB computer screen.

In the study, which blends psychology, biology and mathematics, Bujack and her colleagues discovered that using Riemannian geometry overestimates the perception of large color differences. That’s because people perceive a big difference in color to be less than the sum you would get if you added up small differences in color that lie between two widely separated shades.

Riemannian geometry cannot account for this effect.

“We didn’t expect this, and we don’t know the exact of this new space yet,” Bujack said. “We might be able to think of it normally but with an added dampening or weighing function that pulls long distances in, making them shorter. But we can’t prove it yet.”

Source: Math error: A new study overturns 100-year-old understanding of color perception

More information: Roxana Bujack et al, The non-Riemannian nature of perceptual color space, Proceedings of the National Academy of Sciences (2022). DOI: 10.1073/pnas.2119753119

Journal information: Proceedings of the National Academy of Sciences

AI ethics: we haven’t thought about including non-human animals

Posted on by

[…] The ethical implications of AI have sparked concern from governments, the public, and even companies.Footnote 1 According to some meta-studies on AI ethics guidelines, the most frequently discussed themes include fairness, privacy, accountability, transparency, and robustness [1,2,3]. Less commonly broached, but not entirely absent, are issues relating to the rights of potentially sentient or autonomous forms of AI [4, 5]. One much more significant, and more immediately present, issue has, however, been almost entirely neglected: AI’s impact on non-human animals.Footnote 2 There have, we acknowledge, been discussions of AI in connection with endangered species and ecosystems,Footnote 3 but we are referring to questions relating to AI’s impact on individual animals. As we will show in more detail below, many AI systems have significant impacts on animals, with the total number of animals affected annually likely to reach the tens or even hundreds of billions. We therefore argue that AI ethics needs to broaden its scope in order to deal with the ethical implications of this very large-scale impact on sentient, or possibly sentient, beings.

[…]

The structure of the paper forms a series of step-by-step arguments, leading to the conclusion that there needs to be AI ethics concerning animals.

  1. 1. Animals matter morally, at least to some degree (Sect. 2).
  2. 2. AI systems do in fact impact animals.
  3. 3. These impacts are huge in scale and severe in intensity, and therefore important. (Sect. 3.2).
  4. 4. Conclusion: AI ethics needs to include consideration of impact of AI on animals

[…]

it is reasonable to claim that having the capacity to experience pain and pleasure is sufficient to give a being moral status [14,15,16].Footnote 4The capacity to experience pain and pleasure is not, of course, sufficient for moral agency, but it is sufficient to make it wrong to do certain things to the being. This is now recognized in the increasing tendency of many countries to pass legislation granting animals the status of “sentient being,” a position between that of a person and that of a thing.Footnote 5

[…]

we need to distinguish three ways in which AI systems can impact animals: because they are designed to interact with animals; because they unintentionally (that is, without the designers’ intent) interact with animals; and because they impact animals indirectly without interacting with animals at all.

[…]

Of the hundreds of AI ethics relatedFootnote 31 papers we reviewed in this project, we only found four that concern the impacts of AI on animals, in a general way,Footnote 32 and discuss the relevant ethical implications.

[…]

These four papers have, in our opinion, quite different focuses than ours. We differ from these authors by discussing in greater detail how AI affects the lives of animals and especially the negative impact, or in other words the suffering AI might cause animals. As far as we are aware, this is the first paper to argue for the general principle that animals, because of their capacity to suffer or enjoy their lives, should be part of the concern of AI ethics.Footnote 34

We aim to supplement these four papers by providing the following additional elements:

  • An analysis of the ethical implications of AI’s impact on animals.
  • A sample analysis of the philosophical issues that will need to be considered if the scope of AI ethics is extended to animals.
  • A sample analysis of the philosophical issues that will need to be considered if we want AI systems to make ethically sound decisions in relation to animals.
  • A defense of the claim that the field of AI ethics is obliged to actively deal with the ethical issues of AI’s impact on animals.

[…]

 

Source: AI ethics: the case for including animals | SpringerLink

Subsurface water on Mars defy expectations: Physics connects seismic data to properties of rocks and sediments

Posted on by

A new analysis of seismic data from NASA’s Mars InSight mission has revealed a couple of surprises.

The first surprise: the top 300 meters of the subsurface beneath the near the Martian equator contains little or no ice.

“We find that Mars’ crust is weak and porous. The sediments are not well-cemented. And there’s no ice or not much ice filling the pore spaces,” said geophysicist Vashan Wright of Scripps Institution of Oceanography at the University of California San Diego. Wright and three co-authors published their analysis in Geophysical Research Letters.

“These findings don’t preclude that there could be grains of ice or small balls of ice that are not cementing other minerals together,” said Wright. “The question is how likely is ice to be present in that form?”

The second surprise contradicts a leading idea about what happened to the water on Mars. The red planet may have harbored oceans of water early in its history. Many experts suspected that much of the water became part of the minerals that make up underground cement.

“If you put water in contact with rocks, you produce a brand-new set of minerals, like clay, so the water’s not a liquid. It’s part of the mineral structure,” said study co-author Michael Manga of the University of California Berkeley. “There is some cement, but the rocks are not full of cement.”

“Water may also go into minerals that do not act as cement. But the uncemented subsurface removes one way to preserve a record of life or ,” Wright said. Cements by their very nature hold rocks and sediments together, protecting them from destructive erosion.

The lack of cemented sediments suggests a water scarcity in the 300 meters below InSight’s landing site near the equator. The below-freezing average temperature at the Mars equator means that conditions would be cold enough to freeze water if it were there.

Many , including Manga, have long suspected that the Martian subsurface would be full of ice. Their suspicions have melted away. Still, big ice sheets and frozen ground ice remain at the Martian poles.

[…]

Source: Subsurface water on Mars defy expectations: Physics connects seismic data to properties of rocks and sediments

Chinese tickers scam ($HKD and more!) for collateral already down 92%: from $.5 Trillion to $43B

Posted on by

✅ chinese tickers scam for collateral already down 92%: from $.5 Trillion to $43B ✔ (something big is coming) ✅
byu/Money-Maker111 inSuperstonk

This is a follow up to the big chinese ticker scam, which became the highest by-market-crap-on-the-books crime in human history, as well as another recent ticker scam.

Firstly, good job for staying away from these. MSM did try hard to call them ‘mEmE StOcKs’. MSM tried even harder to push innocent investors like you and me into them. These pieces of illicit trash were, and still are, uninvestable. Remain clear of these pump and dumps, they’re junk. They are not meme stocks; they’ll never be.

Let’s take a look at where things are today:

Ticker Book Value a week ago (in Billions of USD) Book Value today (in Billions of USD)
HKD 477.00 39.23
AMTD 16.70 2.81
QRTEB 4.60 1.36
LTRPB 0.40 0.15
MEGL 4.91 0.25
Total: 504 43

Let’s remember that this criminal balloon was developed beginning July 15th during the GameStop split/dividend process that was defrauded by DTCC into a split. Also remember that Loop Capital, a GameStop short seller who is a stones throw away from Citadel in Chicago, underwrote the major one above.

These tickers, just last week, were able to be used as half a Trillion USD in collateral [for margin requirements] on the books. Now down 92% overnight to $43B, which is less than the margin alert received by Susquehanna.

Source: https://www.reddit.com/r/Superstonk/comments/wkecks/chinese_tickers_scam_for_collateral_already_down/

Slack exposed hashed passwords for years

Posted on by

[…]

The issue occurred when a user created or revoked a shared invitation link for their workspace. The good news is that the password wasn’t plaintext, and it wasn’t visible in any Slack clients. The bad news is that it could be picked up by monitoring encrypted traffic from Slack’s servers, and it appears that all users who created or revoked those links between April 17, 2017, and July 17, 2022, are affected.

Slack said only 0.5 percent of users were affected, which doesn’t sound too terrible until you consider how many Slack users are out there. While getting a definitive user figure for any chat platform is tricky and varies depending on what measure the vendor is using, it is safe to assume Slack has 10 million or more daily active users, meaning that at least 50,000 could have been affected. We asked the company to confirm this, and will update if there is a response.

Slack lays claim to over 169,000 paid customers and says “millions of people around the world use Slack to connect their teams.”

The company was informed of the issue by an independent security researcher on July 17, and swiftly fixed the issue before assessing the scale of the impact. “We have no reason to believe that anyone was able to obtain plaintext passwords because of this issue,” it insisted, but has still reset the passwords of affected users regardless.

It also recommends the inevitable move to two-factor authentication and the use of unique passwords for every service in use.

[…]

Source: Slack exposed hashed passwords for years • The Register

Some Epson Printers Programmed to Eventually Self-Brick

Posted on by

[…] Haven recently took to Twitter to share a frustrating experience with their wife’s “very expensive @EpsonAmerica printer” which, seemingly out of the blue, displayed a warning message stating that “it had reached the end of its service life.” It then simply stopped working, requiring either a servicing to bring it back from the dead, or a full-on replacement.

So what was the issue with the printer? A dead motor? A faulty circuit board? Nope. The error message was related to porous pads inside the printer that collect and contain excess ink. These wear out over time, leading to potential risks of property damage from ink spills, or potentially even damage to the printer itself. Usually, other components in the printer wear out before these pads do, or consumers upgrade to a better model after a few years, but some high-volume users may end up receiving this error message while the rest of the printer seems perfectly fine and usable.

According to the Fight to Repair Substack, the self-bricking issue affects the Epson L130, L220, L310, L360, and L365 models, but could affect other models as well, and dates back at least five years. There’s already videos on YouTube showing other Epson users manually replacing these ink pads to bring their printers back to life. The company does provide a Windows-only Ink Pad reset utility that will extend the life of the printer for a short period of time, but it can only be used once, and afterwards, the hardware will either need to be officially serviced, or completely replaced.

A few years ago, Epson released its EcoTank line of printers, which were specifically designed to address the extremely high cost of replacing the ink cartridges for color inkjet printers. The printers featured large ink reservoirs which could be easily refilled with cheaper bottles of ink, and although Epson’s EcoTank printers were more expensive as a result, in the long run they would be cheaper to operate, especially for those printing a lot of color imagery. But that assumes they actually keep working for the long run. Videos of users manually replacing their Epson printers’ ink pads seem to indicate that the company could redesign the hardware to make this part easily user-serviceable, which would extend the life of the hardware considerably. But as it stands, the company’s solution runs the risk of contributing to an ever-growing e-waste problem and forcing consumers to shell out for new hardware long before they really need to.

[…]

As it stands now, there are undoubtedly many users getting an error message like this that simply replace their printers entirely, when they’d certainly be happy to instead pay for a $15 maintenance kit that quickly gets them running again, keeping more devices out of recycling facilities or garbage dumps.

Source: Some Epson Printers Programmed to Eventually Self-Brick

SW186 antibody neutralizes SARS-CoV-1 and SARS-CoV-2 (all variants) by binding to a conserved spike epitope outside the receptor binding motif

Posted on by

[…] Here, we used the LIBRA-seq technology, which identified SARS-CoV-2 specific B cells via DNA-barcoding and subsequently single cell sequenced BCRs, to identify an antibody, SW186, which could neutralize major SARS-CoV-2 variants of concern, including Beta, Delta, and Omicron, as well as SARS-CoV-1. The cryo-EM structure of SW186 bound to the receptor-binding domain (RBD) of the viral spike protein showed that SW186 interacted with an epitope of the RBD that is not at the interface of its binding to the ACE2 receptor but highly conserved among SARS coronaviruses. This epitope encompasses a glycosylation site (N343) of the viral spike protein. Administration of SW186 in mice after they were infected with SARS-CoV-2 Alpha, Beta, or Delta variants reduced the viral loads in the lung. These results demonstrated that SW186 neutralizes diverse SARS coronaviruses by binding to a conserved RBD epitope, which could serve as a target for further antibody development.

[…]

Source: An antibody that neutralizes SARS-CoV-1 and SARS-CoV-2 by binding to a conserved spike epitope outside the receptor binding motif – Science Immunology