Melvin Capital shutters down after trying to kill Gamestop

Posted on by

Melvin Capital, once one of Wall Street’s most successful hedge funds which then lost billions in the meme stock saga, will shut down after it was hit again by this year’s market slump.

Gabe Plotkin, widely regarded as one of the industry’s best traders after posting years of double digit returns, told investors that the last 17 months have been “an incredibly trying time.”
Plotkin had been trying to turn around the firm after being caught out in early 2021 betting against retail favorite GameStop (GME) and after being wrong footed again by tumbling markets this year.
“The appropriate next step is to wind down the Funds by fully liquidating the Funds’ assets and accounts and returning cash to all investors,” Plotkin wrote in a letter reviewed by Reuters on Wednesday.
Melvin Capital had $7.8 billion in assets at the end of April. The fund lost 23% in the first four months of 2022, a person familiar with the fund’s finances said.
This year’s losses come on the heels of steep losses in 2021 when Melvin Capital ended the year down 39%. The firm bet that shares of GameStop would tumble but was battered when retail investors took the other side and sent the stock surging.
The firm had $12.5 billion in assets at the start of 2021.
[…]

Apple will allow some apps to automatically charge you higher subscription prices

Posted on by

Apple has announced an update to its subscription policy that’s supposed to make auto-renews seamless but could also lead to surprise charges. Under the old policy, the tech giant will ask users to opt in before they’re charged for a subscription that has recently raised its price. Going forward, however, it will allow developers to automatically charge higher prices, so long as they meet a set of conditions. Apple will notify users of the price increase in advance via email and push notification, but it’s up to them to unsubscribe before they’re charged.

In its announcement, the company said that developers can use the feature if they don’t increase their price more than once a year. Further, the increase must not exceed $5 and 50 percent of the current subscription pricing, or $50 and 50 percent of the current annual subscription price. Presumably, that means users will automatically get charged $15 for a subscription that was formerly $10. However, they’ll have to opt in for a $30 sub that used to cost just $20, because while that’s 50 percent higher than the old price, the increase is also way higher than $5.

[…]

Source: Apple will allow some apps to automatically charge you higher subscription prices | Engadget

New EU rules would require chat apps to scan private messages for child abuse

Posted on by

The European Commission has proposed controversial new regulation that would require chat apps like WhatsApp and Facebook Messenger to selectively scan users’ private messages for child sexual abuse material (CSAM) and “grooming” behavior. The proposal is similar to plans mooted by Apple last year but, say critics, much more invasive.

After a draft of the regulation leaked earlier this week, privacy experts condemned it in the strongest terms. “This document is the most terrifying thing I’ve ever seen,” tweeted cryptography professor Matthew Green. “It describes the most sophisticated mass surveillance machinery ever deployed outside of China and the USSR. Not an exaggeration.”

Jan Penfrat of digital advocacy group European Digital Rights (EDRi) echoed the concern, saying, “This looks like a shameful general #surveillance law entirely unfitting for any free democracy.” (A comparison of the PDFs shows differences between the leaked draft and final proposal are cosmetic only.)

The regulation would establish a number of new obligations for “online service providers” — a broad category that includes app stores, hosting companies, and any provider of “interpersonal communications service.”

The most extreme obligations would apply to communications services like WhatsApp, Signal, and Facebook Messenger. If a company in this group receives a “detection order” from the EU they would be required to scan select users’ messages to look for known child sexual abuse material as well as previously unseen CSAM and any messages that may constitute “grooming” or the “solicitation of children.” These last two categories of content would require the use of machine vision tools and AI systems to analyze the context of pictures and text messages.

[…]

“The proposal creates the possibility for [the orders] to be targeted but doesn’t require it,” Ella Jakubowska, a policy advisor at EDRi, told The Verge. “It completely leaves the door open for much more generalized surveillance.”

[…]

 

Source: New EU rules would require chat apps to scan private messages for child abuse – The Verge

US secretly issued secret subpoena to access Guardian reporter’s phone records

Posted on by

The US justice department secretly issued a subpoena to gain access to details of the phone account of a Guardian reporter as part of an aggressive leak investigation into media stories about an official inquiry into the Trump administration’s child separation policy at the southern border.

Leak investigators issued the subpoena to obtain the phone number of Stephanie Kirchgaessner, the Guardian’s investigations correspondent in Washington. The move was carried out without notifying the newspaper or its reporter, as part of an attempt to ferret out the source of media articles about a review into family separation conducted by the Department of Justice’s inspector general, Michael Horowitz.

It is highly unusual for US government officials to obtain a journalist’s phone details in this way, especially when no national security or classified information is involved. The move was all the more surprising in that it came from the DoJ’s inspector general’s office – the watchdog responsible for ethical oversight and whistleblower protections.

Katharine Viner, the Guardian’s editor-in-chief, decried the action as “an egregious example of infringement on press freedom and public interest journalism by the US Department of Justice”.

[…]

Source: US secretly issued subpoena to access Guardian reporter’s phone records | US news | The Guardian

A colony of blue-green algae can power a computer for six months

Posted on by

Researchers from the University of Cambridge have managed to run a computer for six months, using blue-green algae as a power source.

A type of cyanobacteria called Synechocystis sp. PCC 6803 – commonly known as “blue-green algae,” which produces oxygen through photosynthesis when exposed to sunlight, was sealed in a small container, about the size of an AA battery, made of aluminum and clear plastic.

The research was published in the journal Energy & Environmental Science.

Get more updates on this story and more with The Blueprint, our daily newsletter: Sign up here for free.

Christopher Howe from the University of Cambridge and colleagues claim that similar photosynthetic power generators could be the source of power for a range of small devices in the future, without the need for the rare and unsustainable materials used in batteries.

The computer was placed on a windowsill at one of the researchers’ houses during the lockdown period due to COVID-19 in 2021, and stayed there for six months, from February to August.

The battery made of blue-green algae has provided a continuous current across its anode and cathode that ran a microprocessor.

The computer ran in cycles of 45 minutes. It was used to calculate sums of consecutive integers to simulate a computational workload, which required 0.3 microwatts of power, and 15 minutes of standby, which required 0.24 microwatts.

The microcontroller measured the device’s current output and stored this data in the cloud for researchers to analyze.

Howe suggests that there are two potential theories for the power source. Either the bacteria itself produces electrons, which creates a current, or it creates conditions in which an aluminum anode in the container is corroded in a chemical reaction that produces electrons.

The experiment ran without any significant degrading of the anode and because of that, the researchers believe that the bacteria is producing the bulk of the current.

[…]

Source: A colony of blue-green algae can power a computer for six months

EU governments, lawmakers agree on tougher cybersecurity rules for key sectors

Posted on by

EU countries and lawmakers agreed on Friday to tougher cybersecurity rules for large energy, transport and financial firms, digital providers and medical device makers amid concerns about cyber attacks by state actors and other malicious players.

The European Commission two years ago proposed rules on the cybersecurity of network and information systems called NIS 2 Directive, in effect expanding the scope of the current rule known as NIS Directive.

The new rules cover all medium and large companies in essential sectors – energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, waste water, digital infrastructure, public administration and space.

All medium and large firms in postal and courier services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, motor vehicles, and digital providers such as online market places, online search engines, and social networking service platforms will also fall under the rules.

The companies are required to assess their cybersecurity risk, notify authorities and take technical and organisational measures to counter the risks, with fines up to 2% of global turnover for non-compliance.

EU countries and EU cybersecurity agency ENISA could also assess the risks of critical supply chains under the rules.

[…]

Source: EU governments, lawmakers agree on tougher cybersecurity rules for key sectors | Reuters

Web ad firms scrape email addresses before you press the submit button

Posted on by

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

Some of these firms are said to have also inadvertently grabbed passwords from these forms.

In a research paper scheduled to appear at the Usenix ’22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco.

The boffins created their own software to measure email and password data gathering from web forms – structured web input boxes through which site visitors can enter data and submit it to a local or remote application.

Providing information through a web form by pressing the submit button generally indicates the user has consented to provide that information for a specific purpose. But web pages, because they run JavaScript code, can be programmed to respond to events prior to a user pressing a form’s submit button.

And many companies involved in data gathering and advertising appear to believe that they’re entitled to grab the information website visitors enter into forms with scripts before the submit button has been pressed.

[…]

“Furthermore, we find incidental password collection on 52 websites by third-party session replay scripts,” the researchers say.

Replay scripts are designed to record keystrokes, mouse movements, scrolling behavior, other forms of interaction, and webpage contents in order to send that data to marketing firms for analysis. In an adversarial context, they’d be called keyloggers or malware; but in the context of advertising, somehow it’s just session-replay scripts.

[…]

Source: Web ad firms scrape email addresses before you know it • The Register

How we captured first image of the supermassive black hole at centre of the Milky Way

Posted on by

[…]

an international team of astronomers, including a team that I led from the University of Central Lancashire, has unveiled the first image of the object lurking at the centre of the Milky Way – and it is a supermassive black hole.

This means there is now overwhelming evidence for the black hole, dubbed Sagittarius A*. While it might seem a little scary to be so close to such a beast, it is in fact some 26,000 light-years away, which is reassuringly far. In fact, because the black hole is so far away from Earth, it appears to us to have about the same size in the sky as a donut would have on the Moon. Sagittarius A* also seems rather inactive – it is not devouring a lot of matter from its surroundings.

Our team was part of the global Event Horizon Telescope (EHT) Collaboration, which has used observations from a worldwide network of eight radio telescopes on our planet – collectively forming a single, Earth-sized virtual telescope – to take the stunning image. The breakthrough follows the collaboration’s 2019 release of the first ever image of a black hole, called M87*, at the centre of the more distant Messier 87 galaxy.

Looking into darkness

The team observed Sagittarius A* on multiple nights, collecting data for many hours in a row, similar to using a long exposure time on a camera. Although we cannot see the black hole itself, because it is completely dark, glowing gas around it reveals a tell-tale signature: a dark central region (called a “shadow”) surrounded by a bright ring-like structure. The new view captures light bent by the powerful gravity of the black hole, which is four million times more massive than our Sun.

[…]

Source: How we captured first image of the supermassive black hole at centre of the Milky Way

Hackers deface Russian platforms and smart TVs to display anti-war messages

Posted on by

On the same day Russia celebrated its role in defeating Nazi Germany, many of the country’s online platforms were defaced in protest of the war in Ukraine. The Washington Post reported on Monday that Russians with smart TVs saw channel listings replaced with a message implicating them in the ongoing conflict. “The blood of thousands of Ukrainians and hundreds of murdered children is on your hands,” the message read, according to the outlet. “TV and authorities are lying. No to war.”

In addition to smart TVs, the apparent hack targetted some of the country’s largest internet companies, including Yandex. Hackers also went after Rutube, Russia’s alternative to YouTube. “Our video hosting has undergone a powerful cyberattack. At the moment, it is not possible to access the platform,” the service said in a statement it posted on its Telegram channel. Rutube later stated it had isolated the attack and that its content library wasn’t accessed in the incident.

[…]

Source: Hackers deface Russian platforms and smart TVs to display anti-war messages | Engadget

Hackers are now hiding malware in Windows Event Logs

Posted on by

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild.

The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible.

[…]

The dropper copies the legitimate OS error handling file WerFault.exe to ‘C:\Windows\Tasks’ and then drops an encrypted binary resource to the ‘wer.dll’ (Windows Error Reporting) in the same location, for DLL search order hijacking to load malicious code.

[…]

Legezo says that the dropper’s purpose is to loader on the disk for the side-loading process and to look for particular records in the event logs (category 0x4142 – ‘AB’ in ASCII. If no such record is found, it writes 8KB chunks of encrypted shellcode, which are later combined to form the code for the next stager.

“The dropped wer.dll is a loader and wouldn’t do any harm without the shellcode hidden in Windows event logs” – Denis Legezo, lead security researcher at Kaspersky

The new technique analyzed by Kaspersky is likely on its way to becoming more popular as source code for injecting payloads into Windows event logs has been available in the public space for a brief period.

[…]

Source: Hackers are now hiding malware in Windows Event Logs

BIG-IP iControl REST vulnerability offers root commands

Posted on by

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

Security Advisory Status

F5 Product Development has assigned IDs 1033837, 1051561, and 1052837 (BIG-IP) to this vulnerability. This issue has been classified as CWE-306: Missing Authentication for Critical Function.

Source: BIG-IP iControl REST vulnerability CVE-2022-1388

Rechargeable Molten Salt Battery Freezes Energy in Place for Long-Term Battery Storage

Posted on by

[…]

In a recent paper published in Cell Reports Physical Science, they demonstrated how freezing and thawing a molten salt solution creates a rechargeable battery that can store energy cheaply and efficiently for weeks or months at a time.

[…]

Most conventional batteries store energy as chemical reactions waiting to happen. When the battery is connected to an external circuit, electrons travel from one side of the battery to the other through that circuit, generating electricity. To compensate for the change, charged particles called ions move through the fluid, paste or solid material that separates the two sides of the battery. But even when the battery is not in use, the ions gradually diffuse across this material, which is called the electrolyte. As that happens over weeks or months, the battery loses energy. Some rechargeable batteries can lose almost a third of their stored charge in a single month.

“In our battery, we really tried to stop this condition of self-discharge,” says PNNL researcher Guosheng Li, who led the project. The electrolyte is made of a salt solution that is solid at ambient temperatures but becomes liquid when heated to 180 degrees Celsius—about the temperature at which cookies are baked. When the electrolyte is solid, the ions are locked in place, preventing self-discharge. Only when the electrolyte liquifies can the ions flow through the battery, allowing it to charge or discharge.

[…]

Right now the experimental technology is aimed at utility-scale and industrial uses. Sprenkle envisions something like tractor-trailer truck containers with massive batteries inside, parked next to wind farms or solar arrays. The batteries would be charged on-site, allowed to cool and driven to facilities called substations, where the energy could be distributed through power lines as needed.

[…]

Source: Rechargeable Molten Salt Battery Freezes Energy in Place for Long-Term Storage – Scientific American

Vaccine skeptics and anti-maskers who invoked ‘my body, my choice’ in the pandemic are now lining up to support the end of Roe v. Wade

Posted on by
  • People against vaccine and mask mandates have argued that they impose on a person’s bodily autonomy.
  • That rallying cry of “my body, my choice” was rooted in the abortion-rights battles of Roe v. Wade.
  • Yet those people against vaccine and mask mandates are now encouraging the potential demise of abortion rights.

The leak of the Supreme Court draft opinion that would end Roe v. Wade has been met with approval by many conservatives who championed the very same notion of bodily autonomy and personal choice throughout the pandemic.

Rep. Paul Gosar of Arizona, for example, urged the justices to move ahead with the decision on Tuesday.

Yet, while railing against vaccine mandates last June, he said that they ultimately mean that “personal autonomy means nothing. It is no longer your body, it is no longer your choice.”

[…]

Source: Vaccine skeptics and anti-maskers who invoked ‘my body, my choice’ in the pandemic are now lining up to support the end of Roe v. Wade

Indian Government Now Wants VPNs To Collect And Turn Over Personal Data On Users

Posted on by

The government of India still claims to be a democracy, but its decade-long assault on the internet and the rights of its citizens suggests it would rather be an autocracy.

The country is already host to one of the largest biometric databases in the world, housing information collected from nearly every one of its 1.2 billion citizens. And it’s going to be expanded, adding even more biometric markers from people arrested and detained.

The government has passed laws shifting liability for third-party content to service providers, as well as requiring them to provide 24/7 assistance to the Indian government for the purpose of removing “illegal” content. Then there are mandates on compelled access — something that would require broken/backdoored encryption. (The Indian government — like others demanding encryption backdoors — refuses to acknowledge this is what it’s seeking.)

In the name of cybersecurity, the Indian government is now seeking to further undermine the privacy of its citizens.

[…]

The new directions issued by CERT-In also require virtual asset, exchange, and custodian wallet providers to maintain records on KYC and financial transactions for a period of five years. Companies providing cloud, virtual private network (VPN) will also have to register validated names, emails, and IP addresses of subscribers.

Taking the “P” out of “VPN:” that’s the way forward for the Indian government, which has apparently decided to emulate China’s strict control of internet use. And it’s yet another way the Indian government is stripping citizens of their privacy and anonymity. The government of India wants to know everything about its constituents while remaining vague and opaque about its own actions and goals.

Source: Indian Government Now Wants VPNs To Collect And Turn Over Personal Data On Users | Techdirt

Russian Cinemas Are Showing Pirated Movies Downloaded From Torrents

Posted on by

In response to Russia’s invasion of Ukraine, several Hollywood studios announced the immediate suspension of new releases in Russia. Unexpectedly, some Russian theaters are still able to show movies such as The Batman on the big screen but this isn’t down to the studios. The movies are sourced from illegal torrent sites and few seem afraid to admit it.

[…]

 

Source: Russian Cinemas Are Showing Pirated Movies Downloaded From Torrents * TorrentFreak

New technique shows in detail where drug molecules hit their targets in the body

Posted on by

Scientists at Scripps Research have invented a way to image, across different tissues and with higher precision than ever before, where drugs bind to their targets in the body. The new method could become a routine tool in drug development.

Described in a paper in Cell on April 27, 2022, the new method, called CATCH, attaches fluorescent tags to molecules and uses chemical techniques to improve the fluorescent signal. The researchers demonstrated the method with several different experimental drugs, revealing where—even within —the drug molecules hit their targets.

[…]

The CATCH method involves the insertion of tiny chemical handles into drug molecules. These distinct chemical handles don’t react with anything else in the body, but do allow the addition of fluorescent tags after the have bound to their targets. In part because human or animal tissue tends to diffuse and block the light from these fluorescent tags, Ye and his team combined the tagging process with a technique that makes tissue relatively transparent.

[…]

In other tests demonstrating the unprecedented precision and versatility of the new method, the scientists showed that they could combine drug-target imaging with separate fluorescent-tagging methods to reveal the cell types to which a drug binds. They also could distinguish drug-target engagement sites in different parts of neurons. Finally, they could see how modestly different doses of a drug often strikingly affect the degree of target engagement in different brain areas.

[…]

Source: New technique shows in detail where drug molecules hit their targets in the body

VR Researches Simulate Kisses With Ultrasonic Transducers

Posted on by

Without adding any hardware that actually makes contact with the wearer’s face, researchers from Carnegie Mellon University’s Future Interfaces Group have modified an off-the-shelf virtual reality headset so that it recreates the sensation of touch in and around a user’s mouth, finally fulfilling virtual reality’s inevitable one true purpose.

Aside from handheld controllers that occasionally vibrate, most consumer-ready virtual reality devices ignore senses like taste, smell, and touch, and instead focus on visuals and sounds. It’s enough to make virtual reality experiences far more compelling than they were decades ago, but not enough to truly fool the brain into thinking that what your eyes are seeing is possibly a real-life experience.

Researchers working to evolve and improve virtual reality hardware have come up with some truly unique hardware and accessories over the years to make virtual reality feel as real as it looks, but none truly reflect where virtual reality is inevitably going like the research being done at Carnegie Mellon University in regards to mouth haptics. You might not be able to reach out and feel realistic fur on a virtual dog just yet, but experiencing the sensation of drinking from a virtual drinking fountain could be just around the corner—in addition to other experiences that don’t require too much imagination.

The researchers upgraded what appears to be a Meta Quest 2 headset with an array of ultrasonic transducers that are all focused on the user’s mouth, and it works without the need for additional accessories, or other hardware set up around the wearer. We’ve seen ultrasonic transducers used to levitate and move around tiny particles by blasting them with powerful sound waves before, but in this application, they create the feeling of touch on the user’s lips, teeth, and even their tongue while their mouth is open.

A giant virtual spider rains down a flood of poison on the user which they can feel splashing across their lips.
A giant virtual spider rains down a flood of poison on the user which they can feel splashing across their lips.
Image: Carnegie Mellon University Future Interfaces Group

The transducers can do more than just simulate a gentle touch. By pulsing them in specific patterns, they can recreate the feeling of an object sliding or swiping across the lips, or persistent vibrations, such as the continuous splashing of water when leaning down to sip from a virtual drinking fountain.

The researchers have come up with other custom virtual reality experiences that demonstrate how their mouth haptics hardware can introduce more realism, including a hike through a spooky forest where spider webs can be felt across the face, a race where the user can feel the wind in their face, and even virtual eating experiences where food and drinks can be felt inside the mouth. But if and when someone runs with this idea and commercializes the mouth haptics hardware, we’re undoubtedly going to see the world’s first virtual reality kissing booth realized, among other experiences the researchers are probably wisely tip-toeing around.

Source: VR Researches Simulate Kisses With Ultrasonic Transducers

Ubisoft Shut Down 91 Games Since 2021

Posted on by

Ubisoft has turned off online services for 91 games, including Far Cry 2, Splinter Cell, Just Dance, and more across multiple console and PC platforms. These shutdowns have since been gathered together in one list by Ubisoft.

This news comes from a blog Ubisoft posted on April 22 listing 91 different games that have had their online services and multiplayer features shut off since 2021. The plan to shut down online services for many of these Ubisoft games was first announced last year.

The company explained that all in-game news, updates, player statistics, and online multiplayer features would no longer work in any of these titles. Also, any of the 91 games that use Ubisoft’s Connect platform can no longer earn its ”Units” points to unlock in-game rewards. Weirdly, Ubisoft explained that PC players will lose access to previously unlocked content, but console players will be able to keep it so long as they keep their old game save.

[…]

Source: All The Ubisoft Games That Have Been Shut Down Since 2021

This is a great feature of Cloud!

Hackers are reportedly using emergency data requests to extort women and minors

Posted on by

In response to fraudulent legal requests, companies like Apple, Google, Meta and Twitter have been tricked into sharing sensitive personal information about some of their customers. We knew that was happening as recently as last month when Bloomberg published a report on hackers using fake emergency data requests to carry out financial fraud. But according to a newly published report from the outlet, some malicious individuals are also using the same tactics to target women and minors with the intent of extorting them into sharing sexually explicit images and videos of themselves.

It’s unclear how many fake data requests the tech giants have fielded since they appear to come from legitimate law enforcement agencies. But what makes the requests particularly effective as an extortion tactic is that the victims have no way of protecting themselves other than by not using the services offered by those companies.

[…]

Part of what has allowed the fake requests to slip through is that they abuse how the industry typically handles emergency appeals. Among most tech companies, it’s standard practice to share a limited amount of information with law enforcement in response to “good faith” requests related to situations involving imminent danger.

Typically, the information shared in those instances includes the name of the individual, their IP, email and physical address. That might not seem like much, but it’s usually enough for bad actors to harass, dox or SWAT their target. According to Bloomberg, there have been “multiple instances” of police showing up at the homes and schools of underage women.

[…]

Source: Hackers are reportedly using emergency data requests to extort women and minors | Engadget

MIT Invents Ultra-Thin Speakers For Wall Mounting (can also noise cancel)

Posted on by

[…] MIT have developed a paper-thin speaker that can be applied to almost any surface like wallpaper, turning objects like walls into giant noise-cancelling speakers.

[…]

Researchers at MIT’s Organic and Nanostructured Electronics Laboratory have created a new kind of thin-film speaker that’s as thin and flexible as a sheet of paper, but is also able to generate clear, high-quality sound, even when bonded to a rigid surface like a wall. This is not the first time researchers have created ultra-thin lightweight speakers, but previous attempts have resulted in a film that needs to be freestanding and unencumbered to produce sound. When mounted to a rigid surface, past thin speakers’ ability to vibrate and move air is greatly reduced, which limits where and how they can be used. But MIT’s researchers have now come up with a new manufacturing process that solves that problem.

Instead of designing a thin-film speaker that requires the entire panel to vibrate, the researchers started with a sheet of lightweight PET plastic that they perforated with tiny holes using a laser. A layer of thin piezoelectric material called PVDF was then laminated to the underside of the sheet, and then the researchers subjected both layers to a vacuum and 80 degrees Celsius heat, which caused the piezoelectric layer to bulge and push through the laser-cut holes in the top layer. This created a series of tiny domes that are able to pulse and vibrate when an electric current is applied, regardless of whether or not the panel is bonded to a rigid surface. The researchers also added a few extra layers of the durable PET plastic to create a spacer to ensure that the domes can vibrate freely, and to protect them from abrasion damage.

The domes are just “one-sixth the thickness of a human hair” in height and move a mere half micron up and down when they vibrate. Thousands are needed to produce audible sounds, but the researchers also discovered that changing the size of the laser-cut holes, which also alters the size of the domes produced, allows the sound produced by the thin-film panel to be tuned to be louder. Because the domes have such minute movement, just 100 milliwatts of electricity were needed to power a single square meter of the material, compared to more than a full watt of electricity needed to power a standard speaker to create a comparable level of sound pressure.

[…]

Source: MIT Invents Ultra-Thin Speakers For Wall Mounting

Brave’s De-AMP feature bypasses harmful Google AMP pages

Posted on by

Brave announced a new feature for its browser on Tuesday: De-AMP, which automatically jumps past any page rendered with Google’s Accelerated Mobile Pages framework and instead takes users straight to the original website. “Where possible, De-AMP will rewrite links and URLs to prevent users from visiting AMP pages altogether,” Brave said in a blog post. “And in cases where that is not possible, Brave will watch as pages are being fetched and redirect users away from AMP pages before the page is even rendered, preventing AMP / Google code from being loaded and executed.”

Brave framed De-AMP as a privacy feature and didn’t mince words about its stance toward Google’s version of the web. “In practice, AMP is harmful to users and to the Web at large,” Brave’s blog post said, before explaining that AMP gives Google even more knowledge of users’ browsing habits, confuses users, and can often be slower than normal web pages. And it warned that the next version of AMP — so far just called AMP 2.0 — will be even worse.

Brave’s stance is a particularly strong one, but the tide has turned hard against AMP over the last couple of years. Google originally created the framework in order to simplify and speed up mobile websites, and AMP is now managed by a group of open-source contributors. It was controversial from the very beginning and smelled to some like Google trying to exert even more control over the web. Over time, more companies and users grew concerned about that control and chafed at the idea that Google would prioritize AMP pages in search results. Plus, the rest of the internet eventually figured out how to make good mobile sites, which made AMP — and similar projects like Facebook Instant Articles — less important.

A number of popular apps and browser extensions make it easy for users to skip over AMP pages, and in recent years, publishers (including The Verge’s parent company Vox Media) have moved away from using it altogether. AMP has even become part of the antitrust fight against Google: a lawsuit alleged that AMP helped centralize Google’s power as an ad exchange and that Google made non-AMP ads load slower.

[…]

Source: Brave’s De-AMP feature bypasses ‘harmful’ Google AMP pages – The Verge

Amazon (AMZN) Europe Unit Pays No Taxes on $55 Billion Sales in 2021

Posted on by

Amazon.com Inc.’s main European retail business reported 1.16 billion euros ($1.26 billion) of losses in 2021, which allowed the company to pay no income tax and receive 1 billion euros in tax credits, corporate filings seen by Bloomberg show.

The Luxembourg-based business recorded sales of 51.3 billion euros last year, up 17% from 43.8 billion euros in 2020. The unit, called Amazon EU Sarl, includes revenue generated by its e-commerce activities in the U.K, Germany, France, Italy, Spain, Poland, Sweden and the Netherlands.

Amazon has been a target of European regulators over its tax arrangements. The Seattle-based company won an appeal on a 250 million-euro ($280 million) tax bill imposed after regulators said agreements with Luxembourg dating back to 2003 amounted to illegal state aid. Last year, the European Commission appealed in the European Court of Justice.

An Amazon spokesperson said the company is subject to taxes in all its European branches, and that revenues, profits and taxes are recorded and reported directly to local tax authorities in those countries.

The filings provide a rare regional breakdown into Amazon’s finances. Over 2021 the group posted in global income of $33.36 billion, up from $21.3 billion the year previous. However the company does not break out income and sales from e-commerce in every country in its financial reports.

[…]

Source: Amazon (AMZN) Europe Unit Pays No Taxes on $55 Billion Sales in 2021 – Bloomberg

Insteon is down and may not be coming back – yay cloud, your hardware is now a paperweight

Posted on by

Is your Insteon smart home system down? I’m getting reports from dozens of Insteon users that as of Friday their smart home hubs have stopped working. So far, none of them have heard from the company, and Insteon’s Twitter account hasn’t been updated since June 2021. I reached out to Rob Lilleness, the president and chairman of Smartlabs, the company that owns Insteon and have not yet heard back.

However, Lilleness no longer lists Smartlabs/Smarthome/Insteon anywhere on his LinkedIn profile and other members of the Insteon management team have also appeared to decamp Smartlabs based on their LinkedIn profiles. Mike Nunes, the former CIO at Smartlabs lists his role at Insteon/Smartlabs ending in April 2022. Dan Cregg, the chief research officer lists his role at Smartlabs as ending in 2022. Matt Kowalec the president and COO lists his role at Smartlabs as ending in 2020;  and Tom Carter, the CIO doesn’t list his role in the company at all.

Image courtesy of Insteon.

Smartlabs is a combination of smart home brands that include Insteon and  Nokia Smart Lighting, which Smartlabs purchased last year. It also owns the smarthome.com web site where consumers can buy Insteon gear. An email to Smartlabs’ corporate office in Irvine, Calif. has not been returned and a call to the listen phone number returns a message saying Verizon could not complete the call and asking me to check the number before trying again. Multiple tries return the same message each time.

[…]

With the current outage, Insteon’s app doesn’t work which means users will be hard pressed to change their device settings and add new gear. I’m hopeful to see if the folks over at Home Assistant or Hubitat can perhaps help stranded Insteon users transfer over to their platforms. It might be possible.

Further reading: With Insteon down, possibly for good, what options do you have for your devices?

Source: Insteon is down and may not be coming back – Stacey on IoT | Internet of Things news and analysis

ESET uncovers 3 vulnerabilities in Lenovo laptops

Posted on by

Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972. The latter two are particularly embarrassing since they are related to UEFI firmware drivers used in the manufacturing process and can be used to disable SPI flash protections or the UEFI Secure Boot feature.

“UEFI threats can be extremely stealthy and dangerous,” said ESET researcher Martin Smolár, who discovered the vulnerabilities. “They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their operating system payloads from being executed.”

For the devices affected by CVE-2021-3971 and CVE-2021-3972 (consumer Lenovo Notebook hardware, by the look of things), Lenovo’s advice is to grab an update for the firmware. Some updates, however, will not be available until May.

CVE-2021-3970, which ESET researchers uncovered while digging into the other vulnerabilities, is a memory corruption issue, which could lead to deployment of an SPI flash implant.

Lenovo’s advisory describes CVE-2021-3970 as a “potential vulnerability in Lenovo Variable SMI Handler due to insufficient validation in some Lenovo Notebook models [that] may allow an attacker with local access and elevated privileges to execute arbitrary code.”

Source: ESET uncovers vulnerabilities in Lenovo laptops • The Register

Boris Johnson, Catalan Activists Hit With NSO Spyware: Report

Posted on by

Spyware manufactured by the NSO Group has been used to hack droves of high-profile European politicians and activists, The New Yorker reports. Devices associated with the British Foreign Office and the office of British Prime Minister Boris Johnson are allegedly among the targeted, as well as the phones of dozens of members of the Catalan independence movement.

The magazine’s report is partially based on a recently published analysis by Citizen Lab, a digital research unit with the University of Toronto that has been at the forefront of research into the spyware industry’s shadier side.

Citizen Lab researchers told The New Yorker that mobile devices connected to the British Foreign Office were hacked with Pegasus five times between July 2020 and June 2021. A phone connected to the office of 10 Downing Street, where British Prime Minister Boris Johnson works, was reportedly hacked using the malware on July 7, 2020. British government officials confirmed to the New Yorker that the offices appeared to have been targeted, while declining to specify NSO’s involvement.

Citizen Lab researchers also told The New Yorker that the United Arab Emirates is suspected to be behind the spyware attacks on 10 Downing Street. The UAE has been accused of being involved in a number of other high-profile hacking incidents involving Pegasus spyware.

[…]

Source: Boris Johnson, Catalan Activists Hit With NSO Spyware: Report