the Mictic One are two Bkuetooth bracelets equipped with movement sensors. The bracelets connect to a mobile device (only iOS at the moment, but the Android version is under development). From the Mictic application, we can select different musical instruments and control the sound they produce by moving our hands and arms. Think of an Air Guitar on steroids and you’ll get an idea of how they work. This video helps too.
The fact is that to say that the Mictic One is an Air Guitar simulator is an understatement, because the application of this startup created in Zurich does much more than that. To begin with, the range of musical instruments that we can imitate is quite wide and ranges from the cello to percussion or a DJ’s mixing desk. Each instrument requires you to make different movements with your arms and hands that mimic (to some extent) the actual movements you would make with that instrument.
The app allows you to add (and control) background tracks, and even mix various instruments and record the results. In fact, up to four pairs of bracelets can be connected in case you want to form an augmented reality band. There are also a handful of actual songs, and the company is already making deals with different record labels to add many more. In fact the device is being sponsored by Moby
[…]
wearing the Mictic One is an experience that is as frustrating as it is exciting. It’s frustrating because getting something out that sounds good is harder than it looks. It is not enough to wave your arms like a crazed ape. You have to move with precision and smoothness. Luckily, each instrument has a video tutorial in which we can learn the basic movements. It’s exciting because when you learn to make them sound the feeling is extremely satisfying.
Soon we will be able to offer you an in-depth review of the device, but the first impression is that they are incredibly fun. The Mictic One (sold as a pair and with a double USB-C cable to charge them both at the same time) are already on sale from the company’s website at a price of 139 Swiss francs (about 135 euros). In the future, the company plans to extend the platform so that it can be used with other devices that do not have the necessary motion sensors, such as mobile phones or smart watches.
The National Security Agency (NSA) has released a new report that gives all organizations the most current advice on how to protect their IT network infrastructures from cyberattacks.
NSA’s report ‘Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance‘ is available freely for all network admins and CIOs to bolster their networks from state-sponsored and criminal cyberattacks.
The report covers network design, device passwords and password management, remote logging and administration, security updates, key exchange algorithms, and important protocols such as Network Time Protocol, SSH, HTTP, and Simple Network Management Protocol (SNMP).
The document, from NSA’s cybersecurity directorate, encourages the adoption of ‘zero trust’ networks. Zero trust assumes malicious insiders and threats existing inside and outside classical network boundaries.
Thesis: pretty soon Russia will stop their war. They have linked up the landmass to the Crimea, control access to the Black Sea and that was their goal all along. They don’t have enough soldiers to take over and administer the Ukraine. The police forces in the Ukraine will never align with a Russian puppet government. The threat to Kiev stalled because Putin was never interested in taking the whole of Ukraine. It’s a red herring which allows Putin to consolidate in the East. Once “peace” is worked out and they pull the 65km convoy back up to Russia and empty away from the west of the country, they will be left with that great swathe of land to the east and no-one will be able to remove them. In practical terms they will have annexed a huge land route to the Crimea as they did the Crimea. They will have displaced the Ukranians that were living there and claim that the whole area is inhabited by their Russian brothers. They will “unite” the newly independent Donbas and Luhansk regions and the regions to the south and they will for all intents and purposes be Russian. NATO will never allow the Ukraine to join anyway and neither will the EU, despite pro-Ukranian sentiment. So Ukraine remains a “buffer state”. Win for Russia.
Satish Kumbhani, who is accused of scamming people out of $2.4bn in a cryptocurrency Ponzi scheme, has disappeared while evading an American watchdog, a court was told this week.
The BitConnect founder fled his home nation of India and went to ground in another country as the US Securities and Exchange Commission sought to serve a civil fraud lawsuit on him regarding the alleged scam, it is claimed.
“In October 2021, the commission learned that Kumbhani has likely relocated from India to an unknown address in a different foreign country,” Richard Primoff, general attorney at the SEC, said in a letter [PDF] to US federal district Judge John Koeltl on Monday.
[…]
In September, the regulator claimed BitConnect defrauded folks out of billions of dollars by running a Ponzi-like scheme that promised financial returns of up to 40 per cent per month all thanks to its automated crypto-trading bot.
Instead, people’s digital funds were allegedly secretly pocketed by Kumbhani and his associate Glenn Arcaro, who last year pleaded guilty to conspiring to cheat Bitconnect investors. Arcaro faces up to 20 years behind bars. Kumbhani, however, is still at large.
The country’s forthcoming Online Safety Bill will require citizens to hand over even more personal data to largely foreign-headquartered social media platforms, government minister Nadine Dorries has declared.
“The vast majority of social networks used in the UK do not require people to share any personal details about themselves – they are able to identify themselves by a nickname, alias or other term not linked to a legal identity,” said Dorries, Secretary of State for Digital, Culture, Media and Sport (DCMS).
Another legal duty to be imposed on social media platforms will be a requirement to give users a “block” button, something that has been part of most of today’s platforms since their launch.
“When it comes to verifying identities,” said DCMS in a statement, “some platforms may choose to provide users with an option to verify their profile picture to ensure it is a true likeness. Or they could use two-factor authentication where a platform sends a prompt to a user’s mobile number for them to verify.”
“Alternatively,” continued the statement, “verification could include people using a government-issued ID such as a passport to create or update an account.”
Two-factor authentication is a login technology to prevent account hijacking by malicious people, not a method of verifying a user’s government-approved identity.
“People will now have more control over who can contact them and be able to stop the tidal wave of hate served up to them by rogue algorithms,” said Dorries.
Social networks offering services to Britons don’t currently require lots of personal data to register as a user. Most people see this as a benefit; the government seems to see it as a negative.
Today’s statement had led to widespread concerns that DCMS will place UK residents at greater risk of online identity theft or of falling victim to a data breach.
The Online Safety Bill was renamed from the Online Harms Bill shortly before its formal introduction to Parliament. Widely accepted as a disaster in the making by the technically literate, critics have said the bill risks creating an “algorithm-driven censorship future” through new regulations that would make it legally risky for platforms not to proactively censor users’ posts.
It is also closely linked to strong rhetoric discouraging end-to-end encryption rollouts for the sake of “minors”, and its requirements would mean that tech platforms attempting to comply would have to weaken security measures.
Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year’s Galaxy S21.
Researchers at Tel Aviv University found what they called “severe” cryptographic design flaws that could have let attackers siphon the devices’ hardware-based cryptographic keys: keys that unlock the treasure trove of security-critical data that’s found in smartphones.
What’s more, cyber attackers could even exploit Samsung’s cryptographic missteps – since addressed in multiple CVEs – to downgrade a device’s security protocols. That would set up a phone to be vulnerable to future attacks: a practice known as IV (initialization vector) reuse attacks. IV reuse attacks screw with the encryption randomization that ensures that even if multiple messages with identical plaintext are encrypted, the generated corresponding ciphertexts will each be distinct.
Untrustworthy Implementation of TrustZone
In a paper (PDF) entitled “Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design” – written by by Alon Shakevsky, Eyal Ronen and Avishai Wool – the academics explain that nowadays, smartphones control data that includes sensitive messages, images and files; cryptographic key management; FIDO2 web authentication; digital rights management (DRM) data; data for mobile payment services such as Samsung Pay; and enterprise identity management.
The authors are due to give a detailed presentation of the vulnerabilities at the upcoming USENIX Security, 2022 symposium in August.
The design flaws primarily affect devices that use ARM’s TrustZone technology: the hardware support provided by ARM-based Android smartphones (which are the majority) for a Trusted Execution Environment (TEE) to implement security-sensitive functions.
TrustZone splits a phone into two portions, known as the Normal world (for running regular tasks, such as the Android OS) and the Secure world, which handles the security subsystem and where all sensitive resources reside. The Secure world is only accessible to trusted applications used for security-sensitive functions, including encryption.
Cryptography Experts Wince
Matthew Green, associate professor of computer science at the Johns Hopkins Information Security Institute, explained on Twitter that Samsung incorporated “serious flaws” in the way its phones encrypt key material in TrustZone, calling it “embarrassingly bad.”
“They used a single key and allowed IV re-use,” Green said.
“So they could have derived a different key-wrapping key for each key they protect,” he continued. “But instead Samsung basically doesn’t. Then they allow the app-layer code to pick encryption IVs.” The design decision allows for “trivial decryption,” he said.
Israeli authorities say it should be probed and U.S. authorities are calling for it to be sanctioned, but EU officials have a different idea for how to handle Pegasus spyware: just ban that shit entirely.
That’s the main takeaway from a new memo released by EPDS, the Union’s dedicated data watchdog on Tuesday, noting that a full-on ban across the entire region is the only appropriate response to the “unprecedented risks” the tech poses—not only to people’s devices but “to democracy and the rule of law.”
“As the specific technical characteristics of spyware tools like Pegasus make control over their use very difficult, we have to rethink the entire existing system of safeguards established to protect our fundamental rights and freedoms,” the report reads. “Pegasus constitutes a paradigm shift in terms of access to private communications and devices. This fact makes its use incompatible with our democratic values.”
A “paradigm shift” is a good way to describe the tool, which has been used to target a mounting number of civic actors, activists, and political figures from around the globe, including some notable figures from inside the EU. This past summer, local outlets reported that French president Emmanuel Macron surfaced among the list of potential targets that foreign actors had planned to target with the software, and later reports revealed traces of the tech appearing on phones from Macron’s current staffers. Officials from other EU member states like Hungary and Spain have also reported the tech on their devices, and Poland became the latest member to join the list last month when a team of researchers found the spyware being used to surveil three outspoken critics of the Polish government.
Those images — equivalent to 14 photos for each of the 7 billion people on Earth — would help power a surveillance system that has been used for arrests and criminal investigations by thousands of law enforcement and government agencies around the world. And the company wants to expand beyond scanning faces for the police, saying in the presentation that it could monitor “gig economy” workers and is researching a number of new technologies that could identify someone based on how they walk, detect their location from a photo or scan their fingerprints from afar.
The 55-page “pitch deck,” the contents of which have not been reported previously, reveals surprising details about how the company, whose work already is controversial, is positioning itself for a major expansion, funded in large part by government contracts and the taxpayers the system would be used to monitor. The document was made for fundraising purposes, and it is unclear how realistic its goals might be. The company said that its “index of faces” has grown from 3 billion images to more than 10 billion since early 2020 and that its data collection system now ingests 1.5 billion images a month.
With $50 million from investors, the company said, it could bulk up its data collection powers to 100 billion photos, build new products, expand its international sales team and pay more toward lobbying government policymakers to “develop favorable regulation.”
The article notes that major tech companies like Amazon, Google, IBM and Microsoft have all limited or ended their own sales of facial recognition technology — adding that Clearview’s presentation simple describes this as a major business opportunity for themselves.
In addition, the Post reports Clearview’s presentation brags “that its product is even more comprehensive than systems in use in China, because its ‘facial database’ is connected to ‘public source metadata’ and ‘social linkage’ information.”
A group of lawmakers have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that “would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe,” writes Joe Mullin via the Electronic Frontier Foundation. “It’s a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online — backups, websites, cloud photos, and more — is scanned.” From the report: The bill empowers every U.S. state or territory to create sweeping new Internet regulations, by stripping away the critical legal protections for websites and apps that currently prevent such a free-for-all — specifically, Section 230. The states will be allowed to pass whatever type of law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse. The goal is to get states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services. […]
Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary “best practices” for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill’s sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites — the government will already have access to the user data, through the platform. […] Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.
The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That’s completely false, no matter whether it’s called “client side scanning” or another misleading new phrase. The EARN IT Act doesn’t target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies — from the largest ones to the very smallest ones — as its tools. The strategy is to get private companies to do the dirty work of mass surveillance.
The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. One key objective: mobilizing public opinion against Facebook’s decision to encrypt its Messenger app.
The Home Office has hired the M&C Saatchi advertising agency — a spin-off of Saatchi and Saatchi, which made the “Labour Isn’t Working” election posters, among the most famous in UK political history — to plan the campaign, using public funds.
According to documents reviewed by Rolling Stone, one the activities considered as part of the publicity offensive is a striking stunt — placing an adult and child (both actors) in a glass box, with the adult looking “knowingly” at the child as the glass fades to black. Multiple sources confirmed the campaign was due to start this month, with privacy groups already planning a counter-campaign.
[…]
Successive Home Secretaries of different political parties have taken strong anti-encryption stances, claiming the technology — which is essential for online privacy and security — will diminish the effectiveness of UK bulk surveillance capabilities, make fighting organized crime more difficult, and hamper the ability to stop terror attacks. The American FBI has made similar arguments in recent years — claims which have been widely debunked by technologists and civil libertarians on both sides of the Atlantic.
The new campaign, however, is entirely focused on the argument that improved encryption would hamper efforts to tackle child exploitation online.
[…]
One key slide notes that “most of the public have never heard” of end-to-end encryption – adding that this means “people can be easily swayed” on the issue. The same slide notes that the campaign “must not start a privacy vs safety debate.”
Online advocates slammed the UK government plans as “scaremongering” that could put children and vulnerable adults at risk by undermining online privacy.
Ireland’s Health Services Executive has published a fresh summary of the devastating ransomware attack that hit the country’s healthcare sector in the summer of 2021 — on the back of a detailed public post-incident report by consultancy PwC. The HSE is Ireland’s largest public sector employer, with 130,000+ staff manning 70,000+ IT devices across 4,000 locations. More than 80% of the HSE’s extensive IT estate was affected by the Conti ransomware attack, which saw 31 of its 54 acute hospitals cancel services ranging from surgery to radiotherapy.
The report notes that:
The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.
It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event.
Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. (The antivirus server was later encrypted in the attack).
There was no security monitoring capability that was able to effectively detect, investigate and respond to security alerts across HSE’s IT environment or the wider National Healthcare Network (NHN).
There was a lack of effective patching (updates, bug fixes etc.) across the IT estate and reliance was placed on a single antivirus product that was not monitored or effectively maintained with updates across the estate. (The initial workstation attacked had not had antivirus signatures updated for over a year.)
Over 30,000 machines were running Windows 7 (out of support since January 2020).
The initial breach came after a HSE staff member interacted with a malicious Microsoft Office Excel file attached to a phishing email; numerous subsequent alerts were not effectively investigated.
PwC’s crisp list of recommendations in the wake of the incident — as well as detail on the business impact of the HSE ransomware attack — may prove highly useful guidance on best practice for IT professionals looking to set up a security programme and get it funded. (PwC’s full 157-page HSE post-incident report is here.)
HSE post-incident report recommendations
HSE’s IT environment had high-risk gaps relating to 25 out of 28 of critical cybersecurity controls . Credit: PwC
Among its recommendations: That the HSE “should establish clear responsibilities for IT and cybersecurity across all parties that connect to the NHN, or share health data, or access shared health services. This formalisation of responsibilities should include specification of Service Level Agreements (SLAs) for centrally-provided services, including availability requirements. The HSE should define a code of connection that defines the minimum acceptable level of security controls necessary to connect into the NHN, to be agreed by all parties connected to the NHN, including requirements for central reporting of cybersecurity alerts and incidents. The HSE should establish a programme to monitor and enforce ongoing compliance with this code of conduct. Compliance with the code of connection should become part of the onboarding process of any connecting organisation.”
The report is in keeping with similar post-incident reports across most major recent cybersecurity incidents, including the ransomware attack on the Colonial Pipeline in the US in 2021 — with that company also having an absence of cybersecurity leadership and a basic lack of security hygiene contributing to the incident’s impact.
received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late.
Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?
(Not that “user error” is a good justification. Any system where making a simple mistake means that you’ve forever lost your privacy isn’t a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click “okay” once.)
EDITED TO ADD: It’s actually worse than I thought. Edge urges users to store passwords, ID numbers, and even passport numbers, all of which get uploaded to Microsoft by default when synch is enabled.
We’ve said it over and over again, if libraries did not exist today, there is no way publishers would allow them to come into existence. We know this, in part, because of their attempts to stop libraries from lending ebooks, and to price ebooks at ridiculous markups to discourage libraries, and their outright claims that libraries are unfair competition. And we won’t even touch on their lawsuit over digital libraries.
But, also, we have publishers getting into the banning business themselves… by trying to capitalize on the sudden new interest in Maus.
Penguin Random House doesn’t want this new interest in Maus to lead to… people taking it out of the library rather than buying a copy. They’re now abusing copyright law to demand the book be removed from the Internet Archive’s lending library, and they flat out admit that they’re doing so for their own bottom line:
A few days ago, Penguin Random House, the publisher of Maus, Art Spiegelman’s Pulitzer Prize-winning graphic novel about the Holocaust, demanded that the Internet Archive remove the book from our lending library. Why? Because, in their words, “consumer interest in ‘Maus’ has soared” as the result of a Tennessee school board’s decision to ban teaching the book. By its own admission, to maximize profits, a Goliath of the publishing industry is forbidding our non-profit library from lending a banned book to our patrons: a real live digital book-burning.
This is just blatant greed laid bare. As the article notes, whatever problems US copyright law has, it has enshrined the concept of libraries, and the right to lend out books as a key element of the public interest. And the publishers — such as giants like Penguin Random House — would do anything possible to stamp that right out.
A flaw in Apple’s software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
QuaDream, the sources said, is a smaller and lower profile Israeli firm that also develops smartphone hacking tools intended for government clients.
Like NSO, QuaDream sold a “zero-click” exploit that could completely compromise a target’s phones. We’re using the past tense not because QuaDream no longer exists, but because this particular exploit (the basis for NSO’s FORCEDENTRY) has been patched into uselessness by Apple.
But, like other NSO competitors (looking at you, Candiru), QuaDream has no interest in providing statements, a friendly public face for inquiries from journalists, or even a public-facing website. Its Tel Aviv office seemingly has no occupants and email inquiries made by Reuters have gone ignored.
QuaDream doesn’t have much of a web presence. But that’s changing, due to this report, which builds on earlier reporting on the company by Haaretz and Middle East Eye. But even the earlier reporting doesn’t go back all that far: June 2021. That report shows the company selling a hacking tool called “Reign” to the Saudi government. But that sale wasn’t accomplished directly, apparently in a move designed to further distance QuaDream from both the product being sold and the government it sold it to.
[…]
Reign is apparently the equivalent of NSO’s Pegasus, another powerful zero-click exploit that appears to still be able to hack most iPhone models. But it’s not a true equivalent. According to this report, the tool can be rendered useless by a single system software update and, perhaps more importantly, cannot be remotely terminated by the entity deploying it, should the infection be discovered by the target. This means targeted users have the opportunity to learn a great deal about the exploit, its deployment, and possibly where it originated
For the past decade, unidentified miscreants have been planting incriminating evidence on the devices of human-rights advocates, lawyers, and academics in India seemingly to get them arrested.
That’s according to SentinelOne, which has named the crew ModifiedElephant and described the group’s techniques and targets since 2012 in a report published on Wednesday.
“The objective of ModifiedElephant is long-term surveillance that at times concludes with the delivery of ‘evidence’ – files that incriminate the target in specific crimes – prior to conveniently coordinated arrests,” said Tom Hegel, threat researcher at SentinelOne, in a blog post.
Hegel said the group has operated for years without attracting the attention of the cybersecurity community because of its limited scope of operations, its regionally-specific targeting, and its relatively unsophisticated tools.
ModifiedElephant prefers phishing with malicious Microsoft Office attachments to attack targets, and infect them with Windows malware.
In 2013, its messages relied on executable file attachments with deceptive double extensions in the file name (eg filename.pdf.exe). After 2015, the group used .doc, .pps, .docx, .rar, and password protected .rar files. In 2019, its attack vector involved links to hosted malicious files, and the group is also said to have employed large .rar archives to avoid detection.
The gang was also observed throwing Android malware at victims.
“There’s something to be said about how mundane the mechanisms of this operation are,” said Juan Andrés Guerrero-Saade, threat researcher at SentinelOne and adjunct professor at Johns Hopkins SAIS, via Twitter. “The malware is either custom garbage or commodity garbage. There’s nothing technically impressive about this threat actor, instead we marvel at their audacity.”
[…]
SentinelOne does not explicitly state that ModifiedElephant acts on behalf of the Indian government but notes how the group’s activities are consistent with the government’s interests.
“We observe that ModifiedElephant activity aligns sharply with Indian state interests and that there is an observable correlation between ModifiedElephant attacks and the arrests of individuals in controversial, politically-charged cases,” wrote Hegel.
According to the report, ModifiedElephant’s web infrastructure overlaps with Operation Hangover, a surveillance effort dating back to 2013 against targets of interest to Indian national security. The security firm also said that Wilson had been targeted by a second threat group, known as SideWinder [PDF], which has attacked government, military, and private sector organizations across Asia.
Hegel observes that SentinelOne last year reported on a threat actor operating in and around Turkey, dubbed EGoManiac, that planted incriminating evidence on the devices of journalists to support arrests made by the Turkish National Police.
On Feb. 3, SpaceX launched 49 small satellites into low earth orbit as a part of its Starlink program, an advanced satellite internet service that, as with many other products and services pioneered by American billionaire Elon Musk, is at least a little controversial. The satellites were carried into the atmosphere without a problem and were deployed into their intended orbit, however, once they were orbiting, there was an anomaly in the earth’s atmosphere that caused the loss of all but nine of the quarter-ton satellites.
In a press release, SpaceX claims that a “geomagnetic storm” is the culprit. According to the company, this storm warmed and increased the density of the atmosphere at the 210-kilometer height the satellites were deployed at, increasing the drag on the orbiting hardware to an unsustainable degree. Measures were taken in an attempt to remedy this increase in drag, but these were mostly unsuccessful. Of the 49 satellites launched, 40 have allegedly either already fallen out of orbit or are in the process of doing so
[…]
SpaceX insists that they will not end up as space junk or indeed even impact the ground. It says that the lost hardware poses “zero collision risk with other satellites,” and that by design they will “demise upon atmospheric reentry.” So far, there have been no reported instances of Starlink units causing any damage to life or infrastructure on the ground. However, with plans to eventually launch over ten thousand of the small satellites into low earth orbit, the risk of a collision with an object in space will increase.
At the same time car companies are fighting the right to repair movement (and the state and federal legislation popping up everywhere), they’re continuing the quest to turn everyday features — like heated seats — into something users have to pay a recurring fee for.
In 2019, BMW had to abandon a plan to charge $80 per year for Apple CarPlay. The company, having learned nothing, began floating the idea of charging a subscription for features back in 2020, when it proposed making heated seats and heated steering wheels something you pay a permanent monthly fee for. Last December, Toyota proposed imposing a monthly fee for customers who wanted to be able to remotely start their vehicles.
Each and every time these proposals come forward the consumer response is swift and overwhelmingly negative. But with $20 billion in annual additional potential revenue on the table between now and 2030, the industry seems poised to ignore consumers:
“Still, automakers see dollar signs. Stellantis (formerly Fiat Chrysler), Ford, and GM each aim to generate at least $20 billion in annual revenue from software services by 2030. Over-the-air capabilities open up huge opportunities for carmakers to introduce new subscription or pay-per use features over time, Wakefield, of AlixPartners, said. Someday, you may be able to fork over extra to make your car more efficient, sportier, or — in an electric vehicle — unlock extra range for road trips.”
Keep in mind these are decisions being made during a pandemic when most households continue to struggle.
This sort of nickel-and-diming works well in the telecom sector where captive subscribers often can’t switch to a different competitor. But in the auto space, companies risk opening the door to competitors gaining inroads by… not being nickel-and-diming assholes. Many companies may also be overestimating their own product quality; one JD Power survey found that 58% of people who use an automaker’s smartphone app wouldn’t be willing to pay for it. At the same time, as with gaming microtransactions, if enough people are willing to pay to make it worth it, it may not matter what the majority of car consumers think.
Leicester space scientists have discovered a never-before-seen mechanism fuelling huge planetary aurorae at Saturn.
Saturn is unique among planets observed to date in that some of its aurorae are generated by swirling winds within its own atmosphere, and not just from the planet’s surrounding magnetosphere.
At all other observed planets, including Earth, aurorae are only formed by powerful currents that flow into the planet’s atmosphere from the surrounding magnetosphere. These are driven by either interaction with charged particles from the Sun (as at the Earth) or volcanic material erupted from a moon orbiting the planet (as at Jupiter and Saturn).
This discovery changes scientists’ understanding of planetary aurorae and answers one of the first mysteries raised by NASA’s Cassini probe, which reached Saturn in 2004: why can’t we easily measure the length of a day on the Ringed Planet?
When it first arrived at Saturn, Cassini tried to measure the bulk rotation rate of the planet, that determines the length of its day, by tracking radio emission ‘pulses’ from Saturn’s atmosphere. To the great surprise of those making the measurements, they found that the rate appeared to have changed over the two decades since the last spacecraft to have flown past the planet—Voyager 2, also operated by NASA—in 1981.
Leicester Ph.D. researcher Nahid Chowdhury is a member of the Planetary Science Group within the School of Physics and Astronomy and corresponding author for the study, published in Geophysical Research Letters. He said:
“Saturn’s internal rotation rate has to be constant, but for decades researchers have shown that numerous periodic properties related to the planet—the very measurements we’ve used at other planets to understand the internal rotation rate, such as the radio emission—tend to change with time. What’s more, there are also independent periodic features seen in the northern and southern hemispheres which themselves vary over the course of a season on the planet.
“Our understanding of the physics of planetary interiors tells us the true rotation rate of the planet can’t change this quickly, so something unique and strange must be happening at Saturn. Several theories have been touted since the advent of the NASA Cassini mission trying to explain the mechanism/s behind these observed periodicities. This study represents the first detection of the fundamental driver, situated in the upper atmosphere of the planet, which goes on to generate both the observed planetary periodicities and aurorae.
Simplified figure showing the direction of winds within layers of Saturn’s atmosphere. Credit: Nahid Chowdhury/University of Leicester
“It’s absolutely thrilling to be able to provide an answer to one of the longest standing questions in our field. This is likely to initiate some rethinking about how local atmospheric weather effects on a planet impact the creation of aurorae, not just in our own Solar System but farther afield too.”
[…]
They measured infrared emissions from the gas giant’s upper atmosphere using the Keck Observatory in Hawai’i and mapped the varying flows of Saturn’s ionosphere, far below the magnetosphere, over the course of a month in 2017.
This map, when fixed against the known pulse of Saturn’s radio aurorae, showed that a significant proportion of the planet’s aurorae are generated by the swirling pattern of weather in its atmosphere and are responsible for the planet’s observed variable rate of rotation.
Researchers believe the system is driven by energy from Saturn’s thermosphere, with winds in the ionosphere observed between 0.3 and 3.0 kilometres per second.
[…]
recently, many researchers have focused on the possibility that it is Saturn’s upper atmosphere that causes this variability.
“This search for a new type of aurora harks back to some of the earliest theories about Earth’s aurora. We now know that aurorae on Earth are powered by interactions with the stream of charged particles driven from the Sun. But I love that the name Aurora Borealis originates from the ‘the Dawn of the Northern Wind’. These observations have revealed that Saturn has a true Aurora Borealis—the first ever aurora driven by the winds in the atmosphere of a planet.”
Dr. Kevin Baines, a JPL-Caltech-based co-author of the study and a member of the Cassini Science Team, added:
“Our study, by conclusively determining the origin of the mysterious variability in radio pulses, eliminates much of the confusion into Saturn’s bulk rotation rate and the length of the day on Saturn.”
Because of the variable rotation rates observed at Saturn, scientists have been prevented from using the regular pulse of radio emission to calculate the bulk internal rotation rate. Fortunately, a novel method was developed by Cassini scientists using gravity-induced perturbations in Saturn’s complex ring system, which now seems to be the most accurate means of measuring the planet’s bulk rotational period, which was determined in 2019 to be 10 hours, 33 minutes and 38 seconds.
Knox describes herself as “one of the most outspoken sex workers, particularly for crypto.” Her interest kicked off in 2014, which is when she says several vendors, including PayPal, Square Cash, and Venmo, shut down her accounts because of red flags related to sex work.
So Knox started accepting cryptocurrencies instead. Her first exchange of bitcoin for content was pretty casual.
It started on a Skype call with a client. “I had a Coinbase account at the time, and he said, ‘Hold your QR code right to this camera here,’ and he sent it through the camera. And I got it,” she explained.
It took 15 minutes, and there were no chargebacks, no website commission fees, and no bank intermediaries to turn down the transaction – all major pluses in her industry. But the biggest attraction was having total and irreversible ownership over the money she had earned.
[…]
“The majority of sex work in the U.S. is legal. It’s not dealt with fairly, but it’s still legal,” explained Kristen DiAngelo, an activist and Sacramento-based sex worker who has spent over four decades in the industry. “Stripping is legal…massage is legal…escorting is legal. The only thing that’s really illegal in the U.S. is the honest exchange of sexual activity for remuneration, for money.”
Some escorts – who charge anywhere from $1,700 an hour to $11,000 for a full 24 hours – now explicitly say in their ads that they prefer to be paid in bitcoin or ethereum.
[…]
Allie Rae is a 37-year-old mother of three boys who says she went from making about $84,000 a year as an ICU nurse in Boston to $1.3 million, thanks to her work on OnlyFans, which has more than 130 million users.
[…]
DiAngelo tells CNBC she will never forget the first time her bank account was closed without warning.
It happened when she was on a trip to Washington, D.C. over a decade ago.
“I had just gone into the bank, made a deposit, and I went to buy lunch in Dupont Circle,” said DiAngelo. “I gave him my card, and it was declined. I gave him my card, and it was declined again. And I gave my card again, and it was declined again. And I was like, ‘No, no, no, no, that can’t be right. There’s something wrong.’”
DiAngelo called Citibank and learned that her account had been frozen and she should tear up her credit card. DiAngelo says the customer service rep told her that they weren’t “at liberty” to tell her why it had happened, and she would have to write a formal letter to request additional details.
They did, however, say that she was still responsible for any money owed.
[…]
So DiAngelo did what other sex workers do: She “platform hopped,” meaning that she brought her money to another bank. When they also flagged and closed her account, she moved on to the next. After being shut out of a third bank, DiAngelo says she turned exclusively to bitcoin for her online banking needs.
Nearly every sex worker interviewed for this story mentioned platform hopping. The government has a set of anti-trafficking guidelines drawn up by the Financial Crimes Enforcement Network, or FinCEN, and the banks and big payment apps keep an eye out for activity deemed suspicious by those guidelines. Those red flags include making cash deposits frequently – a hallmark of the sex work profession.
[…]
In 2014, for example, PayPal booted her because of a payment for her used socks that was large enough to get red-flagged. Knox says neither she nor the buyer were refunded. (PayPal tells CNBC that her account was “closed due to policy violations.”)
Later, in 2016, Coinbase closed her account and blocked her from making others. (Coinbase acknowledged to CNBC that its terms of service prohibit the use of its “commerce or retail services connected to adult content.”)
“We’re the ones being punished – not the traffickers, not those that are actually abusing workers,” said Alana Evans, who has been an adult performer since the late 90′s. Evans is currently president of the Adult Performance Artists Guild, or APAG, a federally recognized union within the adult industry that represents all workers from adult film set actors, to content creators.
“They’ve attacked our banking; our ability to operate like the rest of the world,” explained DiAngelo. “You don’t exist if you can’t use the banking system.”
[…]
One hazard of the trade are chargebacks, in which a transaction is reversed when a consumer claims they have been fraudulently charged for a good or service they did not receive. It is a tool designed to protect consumers, but many sex workers say it is a tool that is abused in their industry by clients who dispute a transaction for a product or service they have already received.
Take OnlyFans. There are some customers who will dispute a transaction once they’ve already received custom video clips, or photos. OnlyFans’ official policy on its website says the creator, not the company, foots the bill for a chargeback. (OnlyFans did not respond to requests for comment.)
Many models have taken to forums like Reddit to share their experiences, in which they say these alleged scammers will sometimes put in for a chargeback six months after receiving pictures or videos.
Transactions in cryptocurrencies are final, rendering chargebacks impossible.
[…]
UK-based escort agency VIP Passion started to accept bitcoin in 2013. Two years later, Backpage made a similar move into bitcoin, litecoin, and dogecoin after Visa and Mastercard refused to process payments for its “adult” section.
Visa said at the time that the company’s rules prohibited the network from “being used for illegal activity” and that Visa had a “long history of working with law enforcement to safeguard the integrity of the payment system.” Mastercard issued a similar statement, saying that the card company has rules prohibiting its cards from “being used for illegal or brand-damaging activities.”
[…]
Stabile warns there are still barriers to mass crypto adoption among sex workers.
For one, there’s a steep learning curve for both workers and customers. Sex workers have written and circulated guides online on how to use crypto, but a sizable knowledge gap remains.
It is also difficult to get some customers to spend their bitcoin on adult content.
“They generally use it as a store of value,” says Stabile. “It’s a speculative currency.”
Knox says often clients choose not to pay her in crypto.
“That’s the hurdle that we’re at right now. We can take it all day long, but until people start using it and start paying us with it, it’s not going to really take off for adoption,” said Knox.
Sex workers who do accept crypto also have to contend with volatile prices, which can cut into their earnings. For instance, bitcoin is down more than 40% from its November all-time high.
[…]
DiAngelo says that in the early days of crypto, she would use bitcoin ATMs at liquor stores and gas stations to deposit cash to buy bitcoin. These machines charge commissions above and beyond the cost of the transaction.
Another major problem relates to the rules that govern cryptocurrency exchanges. Many platforms like Coinbase require know-your-customer, or KYC compliance. In practice, that means having to connect an ID and bank account to the platform – a non-starter for many working in the industry.
Because of this, some workers later find they can’t cash out the crypto they have earned for products or services rendered.
[…]
“For people like me making millions of dollars, a thirty day notice from OnlyFans would be the end of us. Crypto really feels like it’s kinda it, otherwise we’re going to be controlled forever and who knows the kind of content they’re going to continue to ban. They can turn you off tomorrow.”
The Dutch antitrust watchdog on Monday fined apple Apple (AAPL.O) 5 million euros ($5.72 million) for a third time for failing to allow software application makers in the Netherlands to use non-Apple payment methods for dating apps listed in the company’s App Store.
The Authority for Consumers and Markets (ACM) has been levying weekly fines of 5 million euros on Apple since the company missed a Jan. 15 deadline to make changes ordered by the watchdog.
Apple, which could not immediately be reached for comment, has twice published information on its own blog about changes it is making to comply with the Dutch order. However, the ACM said on Monday it was not receiving enough information from the U.S. company to assess whether Apple was actually complying.
“ACM is disappointed in Apple’s behaviour and actions,” it said in a statement. It noted that Dutch courts have upheld its decision, which found that Apple’s behaviour violated competition law.
One of the better sites forfinancial data is Yahoo Finance. This makes it a prime target for web scraping by finance enthusiasts. There are nearly daily questions on StackOverflow that reference some sort of data retrieval (oftentimes through web scraping) from Yahoo Finance.
Web Scraping Problem #1
trying to test a code that scrap from yahoo finance
I’m a python beginner but I like to learn the language by testing it and trying it. so there is a yahoo web scraper…
stackoverflow.com
The OP is trying to find the current price for a specific stock, Facebook. Their code is below:
And that code produced the following output:
the current price: 216.08
It’s a pretty simple problem with an also simple web scraping solution. However, it’s not lazy enough. Let’s look at the next one.
Web Scraping Problem #2
Web Scraping Yahoo Finance Statistics — Code Errors Out on Empty Fields
I found this useful code snippet: Web scraping of Yahoo Finance statistics using BS4 I have simplified the code as per…
stackoverflow.com
The OP is trying to extract data from the statistics tab, the stock’s enterprise value and the number of shares short. His problem actually revolves around retrieving nested dictionary values that may or may not be there, but he seems to have found a better solution as far as retrieving data.
Take a look at line 3: the OP was able to find the data he’s looking for inside a variable in the javascript:
root.App.main = { .... };
From there, the data is retrieved pretty simply by accessing the appropriate nested keys within the dictionary, data. But, as you may have guessed, there is a simpler, lazier solution.
The lazy alternatives simply altered the request from utilizing the front-end URL to a somewhat unofficial API endpoint, which returns JSON data. It’s simpler and results in more data! What about speed though (pretty sure I promised simpler, more data, and a faster alternative)? Let’s check:
web scraping #1 min time is 0.5678426799999997
lazy #1 min time is 0.11238783999999953
web scraping #2 min time is 0.3731000199999997
lazy #2 min time is 0.0864451399999993
The lazy alternatives are 4x to 5x faster than their web scraping counterparts!
You might be thinking though, “That’s great, but where did you find those URLs?”.
The Lazy Process
Think about the two problems we walked through above: the OP’s we’re trying to retrieve the data after it had been loaded into the page. The lazier solutions went right to the source of the data and didn’t bother with the front-end page at all. This is an important distinction and, I think, a good approach whenever you’re trying to extract data from a website.
Step 1: Examine XHR Requests
An XHR (XMLHttpRequest) object is an API available to web browser scripting languages such as JavaScript. It is used to send HTTP or HTTPs requests to a web server and load the server response data back into the script. Basically, it allows the client to retrieve data from a URL without having to do a full page refresh.
I’ll be using Chrome for the following demonstrations, but other browsers will have similar functionality.
Open Chrome’s developer console. To open the developer console in Google Chrome, open the Chrome Menu in the upper-right-hand corner of the browser window and select More Tools > Developer Tools. You can also use the shortcut Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux).
Select the “Network” tab
Then filter the results by “XHR”
Your results will be similar but not the same. You should notice though that there are a few requests that contain “AAPL”. Let’s start by investigating those. Click on one of the links in the left-most column that contain the characters “AAPL”.
After selecting one of the links, you’ll see an additional screen that provides details into the request you selected. The first tab, Headers, provides details into the request made by the browser and the response from the server. Immediately, you should notice the Request URL in the Headers tab is very similar to what was provided in the lazy solutions above. Seems like we’re on the right track.
If you select the Preview tab, you’ll see the data returned from the server.
Perfect! It looks like we just found the URL to get OHLC data for Apple!
Step 2: Search
Now that we’ve found some of the XHR requests that are made via the browser, let’s search the javascript files to see if we can find any more information. The commonalities I’ve found with the URLs relevant to the XHR requests are “query1” and “query2”. In the top-right corner of the developer’s console, select the three vertical dots and then select “Search” in the dropdown.
Search for “query2” in the search bar:
Select the first option. An additional tab will pop-up containing where “query2” was found. You should notice something similar here as well:
It’s the same variable that web scraping solution #2 targeted to extract their data. The console should give you an option to “pretty-print” the variable. You can either select that option or copy and paste the entire line (line 11 above) into something like https://beautifier.io/ or if you use vscode, download the Beautify extension and it will do the same thing. Once it’s formatted appropriately, paste the entire code into a text editor or something similar and search for “query2” again. You should find one result inside something called “ServicePlugin”. That section contains the URLs that Yahoo Finance utilizes to populate data in their pages. The following is taken right out of that section:
This is the same URL that is utilized in the lazy solutions provided above.
TL;DR
While web scraping can be necessary because of how a website is structured, it’s worth the effort investigating to see if you can find the source of the data. The resulting code is simpler and more data is extracted faster.
Finding the source of a website’s data is often found by searching through XHR requests or by searching through the site’s javascript files utilizing your browser’s developer console.
More Information
What if you can’t find any XHR requests? Check out The Alternative to Web Scraping, Part II: The DRY approach to retrieving web data
The Alternative to Web Scraping, Part II
The DRY approach to retrieving web data
towardsdatascience.com
If you’re interested specifically in the Yahoo Finance aspect of this article, I’ve written a python package, yahooquery, that exposes most of those endpoints in a convenient interface. I’ve also written an introductory article that describes how to use the package as well as a comparison to a similar one.
The (Unofficial) Yahoo Finance API
A Python interface to endless amounts of data
towardsdatascience.com
Please feel free to reach out if you have any questions or comments
A team of researchers from Beihang University, the Peking University School and Hospital of Stomatology and the Michigan Institute of Translational Nanotechnology has developed a synthetic enamel with properties similar to natural tooth enamel. In their paper published in the journal Science, the group describes their enamel and how well it compared to natural enamel when tested.
[…]
Prior research has shown that the reason that human enamel is so strong and yet also slightly elastic is because it consists of tiny rods made of calcium that are packed tightly together like pencils in a box. In their new effort, the researchers attempted to mimic tooth enamel as closely as possible by producing a material using AIP-coated hydroxyapatite nanowires that were aligned in parallel using a freezing technique that involved applying polyvinyl alcohol.
The researchers applied the enamel to a variety of shapes, including human teeth, and then tested how well it performed. They found it had a high degree of stiffness, was strong and was also slightly elastic. They also found that on most of their tests, the synthetic enamel outperformed natural enamel.
The researchers plan to keep testing their material to make sure it will hold up under harsh environments such as those found in the human mouth. They will also have to show that it is safe for use in humans and that it can be mass produced. They note that if their enamel passes all such tests, it could be used in more than just dentistry—they suggest it could be used to coat pacemakers, for example, or to shore up bones that have been damaged or that have eroded due to use or disease.
In December 2021,27,591 aircraft took off or landed at Frankfurt airport—890 every day. But this winter, many of them weren’t carrying any passengers at all. Lufthansa, Germany’s national airline, which is based in Frankfurt, has admitted to running 21,000 empty flights this winter, using its own planes and those of its Belgian subsidiary, Brussels Airlines, in an attempt to keep hold of airport slots.
Although anti-air travel campaigners believe ghost flights are a widespread issue that airlines don’t publicly disclose, Lufthansa is so far the only airline to go public about its own figures. In January, climate activist Greta Thunberg tweeted her disbelief over the scale of the issue. Unusually, she was joined by voices within the industry. One of them was Lufthansa’s own chief executive, Carsten Spohr, who said the journeys were “empty, unnecessary flights just to secure our landing and takeoff rights.” But the company argues that it can’t change its approach: Those ghost flights are happening because airlines are required to conduct a certain proportion of their planned flights in order to keep slots at high-trafficked airports.
A Greenpeace analysis indicates that if Lufthansa’s practice of operating no-passenger flights were replicated equally across the European aviation sector, it would mean that more than 100,000 “ghost flights” were operating in Europe this year, spitting out carbon dioxide emissions equivalent to 1.4 million gas-guzzling cars. “We’re in a climate crisis, and the transport sector has the fastest-growing emissions in the EU,” says Greenpeace spokesperson Herwig Schuster. “Pointless, polluting ‘ghost flights’ are just the tip of the iceberg.”
Aviation analysts are split on the scale of the ghost flight problem. Some believe the issue has been overhyped and is likely not more prevalent than the few airlines that have admitted to operating them. Others say there are likely tens of thousands of such flights operating—with their carriers declining to say anything because of the PR blowback.
“The only reason we have [airport] slots is that it recognizes a shortage of capacity at an airport,” says John Strickland of JLS Consulting, an aviation consultant. “If there wasn’t any shortage of capacity, airlines could land and take off within reason whenever they want to.” However, a disparity between the volume of demand for takeoff and landing slots and the number of slots available at key airports means that airlines compete fiercely for spaces. In 2020, 62 million flights took place at the world’s airports, according to industry body Airports Council International. While that number sounds enormous, it’s down nearly 40 percent year on year. To handle demand, more than 200 airports worldwide operate some kind of slot system, handling a combined 1.5 billion passengers. If you board a flight anywhere in the world, there’s a 43 percent chance your flight is slot managed.
Airlines even pay their competitors to take over slots: Two highly prized slots at London Heathrow airport reportedly changed hands for $75 million in 2016, when tiny cash-rich airline Oman Air made Air France-KLM an offer it couldn’t refuse for a sleepy 5.30 am arrival from Muscat to the UK capital.
One leading developer described the move as ‘vile,’ while another said Apple is deliberately ensuring it would cost developers more to opt-out of Apple’s payment system than it would to remain within it …
Background
Dutch regulators, like those in South Korea, ordered that Apple allow developers to opt-out of the App Store payment platform. Apple initially said that it would comply, but didn’t give any details.
The company today announced that it would reduce its commission by only three percent for those who chose to do so, and would also impose onerous administrative overheads – such as applying for permission to use a specific API, maintaining a separate version of the app, and filing reports with Apple.
[…]
Marco Arment highlighted the conditions imposed by Apple:
Separate app, only available in Netherlands
Cannot also support IAP
Must display scary sheets before payment
Website links are all to a single URL specified in Info.plist with no parameters
Must submit monthly report to Apple listing EVERY external transaction
Adding:
And after you pay your ~3% to your payment processor, Apple’s 27% commission takes you right back up to 30%. Glorious. Come on, THIS is comedy. Amazing, ridiculous comedy. I’d be surprised if a single app ever took them up on this. (And that’s exactly by design.)
Crisis Text Line, one of the nation’s largest nonprofit support options for the suicidal, is in some hot water. A Politico report last week highlighted how the company has been caught collecting and monetizing the data of callers… to create and market customer service software. More specifically, Crisis Text Line says it “anonymizes” some user and interaction data (ranging from the frequency certain words are used, to the type of distress users are experiencing) and sells it to a for-profit partner named Loris.ai. Crisis Text Line has a minority stake in Loris.ai, and gets a cut of their revenues in exchange.
As we’ve seen in countless privacy scandals before this one, the idea that this data is “anonymized” is once again held up as some kind of get out of jail free card:
“Crisis Text Line says any data it shares with that company, Loris.ai, has been wholly “anonymized,” stripped of any details that could be used to identify people who contacted the helpline in distress. Both entities say their goal is to improve the world — in Loris’ case, by making “customer support more human, empathetic, and scalable.”
But as we’ve noted more times than I can count, “anonymized” is effectively a meaningless term in the privacy realm. Study after study after study has shown that it’s relatively trivial to identify a user’s “anonymized” footprint when that data is combined with a variety of other datasets. For a long time the press couldn’t be bothered to point this out, something that’s thankfully starting to change.
