Thomas Elias writes in the Los Angeles Daily News that just one week before many California motorists began paying upwards of $4.30 per gallon for gasoline, oil tanker Teesta Spirit left Los Angeles headed for ports on the west coast of Mexico carrying more 300,000 barrels of gasoline refined in California. At a time when oil companies were raising prices by as much as $1 per gallon in some regions, oil companies like Chevron and Phillips 66 shipped about 100 million gallons of gasoline out of California. "Oil refiners have kept the state running on empty and now they are sending fuel refined in California abroad just as the specter of low inventories drives huge price increases," says Jamie Court, president of the Consumer Watchdog advocacy group.
According to Elias as the oil companies were shipping out that fuel, they reaped unprecedented profits reportedly approaching $1.50 for every gallon of gasoline they sold at the higher prices. "Gasoline prices are determined by market forces, and individuals who understand how commodity markets work have recently testified that those markets are working as they should," responded Catherine Reheis-Boyd, President of the Western States Petroleum Association, to charges of price gouging. "All of the many government investigations into gasoline markets in recent years have concluded that supply and demand are the primary reason gas prices go up and down." Kathleen Foote, who heads up the antitrust division at the California attorney general's office, agreed that the industry operates like an oligopoly in the state. But proving price fixing is difficult in a field where only a few players exist. "This system is made to break because oil refineries keep it running on empty," concludes Court. "They have every incentive to create a price spike like this."
Documentation producer Stephen La Riviere, the man behind the documentaries "Full Boost Vertical" and "Filmed in Supermarionation" is at it again. This time, its a project to produce filmed versions of the Thunderbird Century 21 EP stories from the 1960s. The basic idea is to retain the audio from the recordings, but film new Thunderbirds footage in the style of the original show. This means puppets and practical effects. Rather than try to fund it himself, or go to a distributor, he has taken the bold move to go directly to the fans and has created a Kickstarter project with the goal of funding the making of the first three EPs as mini-episodes.
White House spokeswoman and Presidential Advisor on Homeland Security and Counterterrorism Lisa Monaco issued a response to the petition that Edward Snowden receive immunity from any laws he may have broken and be allowed to return to the USA as a free man. Her statement reasserted the Administration's position that Snowden is a criminal, running away from the consequences of his actions and should return to the USA to stand trial (and inevitably serve out the rest of his life in solitary confinement).
Automattic, the company behind content management and blogging platform WordPress, has complained that it can't reveal the full extent of state intelligence agencies' requests to probe users' accounts.
The company's new National Security report reports that the company's recorded zero “national security requests” in 2015's first six months. But the report then offers this observation:
The post goes on to say “By preventing us from sharing a more precise number of requests, the current disclosure rules diminish the trust that our users place in us and our services. For now, we are disclosing the maximum amount of information allowed by law.”
Automattic's unhappy with that so has joined the Twitter-initiated effort (PDF) to get the US attorney-general to change the rules in order to allow more detailed reporting of intelligence agency requests.
That effort could take years to resolve, so until it does it seems safest to assume that even though companies list small quantities of intelligence agency action, the reality may be rather different. ®
A very interesting attack was unveiled in Friday, 24 June by Daniel Gruss, Clémentine Maurice, Stefan Mangard. Maybe the Rowhammer is the next Hearthbleed, or worse?
As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called Rowhammer bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
Full report can be found here (PDF)
Not long ago, schoolchildren chose what they wanted to be when they grew up, and later selected the best college they could gain admission to, spent years gaining proficiency in their fields, and joined a company that had a need for their skills. Careers lasted lifetimes.
Now, by my estimates, the half-life of a career is about 10 years. I [Vivek Wadhwa] expect that it will decrease, within a decade, to five years. Advancing technologies will cause so much disruption to almost every industry that entire professions will disappear. And then, in about 15–20 years from now, we will be facing a jobless future, in which most jobs are done by machines and the cost of basic necessities such as food, energy and health care is negligible — just as the costs of cellphone communications and information are today. We will be entering an era of abundance in which we no longer have to work to have our basic needs met. And we will gain the freedom to pursue creative endeavors and do the things that we really like.
I am not kidding. Change is happening so fast that our children may not even need to learn how to drive. By the late 2020s, self-driving cars will have proven to be so much safer than human-driven ones that we will be debating whether humans should be banned from public roads; and clean energies such as solar and wind will be able to provide for 100 percent of the planet's energy needs and cost a fraction of what fossil fuel– and nuclear-based generation does today.
In other words, every industry is disruptible by technology. Presumably, banking and punditry are forever?
With the non-stop stream of zero-day exploits, website breaches, and criminal hacking enterprises, it's not always easy to know how best to stay safe online. New research from Google highlights three of the most overlooked security practices among security amateurs—installing security updates promptly, using a password manager, and employing two-factor authentication.
The practices are distilled from a comparison of security practices followed by expert and non-expert computer users. A survey found stark discrepancies in the ways the two groups reported keeping themselves secure. Non security experts listed the top security practice as using anti-virus software, followed by using strong passwords, changing passwords frequently, visiting only known websites, and not sharing personal information. Security experts, by contrast, listed the top practice as installing software updates, followed by using unique passwords, using two-factor authentication, choosing strong passwords, and using a password manager.
"Our results show that experts and non-experts follow different practices to protect their security online," the researchers wrote in a research paper [PDF] being presented at this week's Symposium On Usable Privacy and Security. "The experts' practices are rated as good advice by experts, while those employed by non-experts received mix[ed] ratings from experts. Some non-expert practices were considered 'good' by experts (e.g., install anti-virus software, use strong passwords); others were not (e.g. delete cookies, visit only known websites.)"
The most sensitive work environments, like nuclear power plants, demand the strictest security. Usually this is achieved by air-gapping computers from the Internet and preventing workers from inserting USB sticks into computers. When the work is classified or involves sensitive trade secrets, companies often also institute strict rules against bringing smartphones into the workspace, as these could easily be turned into unwitting listening devices.
But researchers in Israel have devised a new method for stealing data that bypasses all of these protections—using the GSM network, electromagnetic waves and a basic low-end mobile phone. The researchers are calling the finding a "breakthrough" in extracting data from air-gapped systems and say it serves as a warning to defense companies and others that they need to immediately "change their security guidelines and prohibit employees and visitors from bringing devices capable of intercepting RF signals," says Yuval Elovici, director of the Cyber Security Research Center at Ben-Gurion University of the Negev, where the research was done.
The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data. Computers, for example, naturally emit electromagnetic radiation during their normal operation, and cell phones by their nature are "agile receivers" of such signals. These two factors combined create an "invitation for attackers seeking to exfiltrate data over a covert channel," the researchers write in a paper about their findings.
The NYT reports that New York Magazine website went off-line hours after posting a story featuring 35 women who have accused the comedian Bill Cosby of sexual abuse and the article was inaccessible on Monday morning. "Our site is experiencing technical difficulties. We are aware of the issue, and working on a fix," the magazine posted to its main Twitter account early Monday morning.
A user called Vikingdom2016 claimed responsibility for a DOS attack on the site and said the attack was based on a hatred for New York, and was not related to the cover that features Mr. Cosby's accusers. As the website remained off-line, editors were working to find other ways to publish the piece, which the magazine said took six months of work.
On Monday morning, the magazine began posting audio related to the cover article on Instagram. The story is available at Web.Archive.Org's Wayback Machine.
This week WordPress released the latest edition of its recurring transparency report, revealing 43 percent of the Digital Millennium Copyright Act (DMCA) take-down requests it received have been rejected in the first six months of 2015. It's the lowest six-month period shown in the report, though it only dates back to 2014. However, WordPress said this headline figure would be even higher if it "counted suspended sites as rejected notices." That change in calculation would bump the WordPress DMCA denial rate to 67 percent between January 1 and June 30, 2015.
In total, the publishing platform received 4,679 DMCA takedown requests as of June 30, identifying 12 percent of those as "abusive." The top three organizations submitting these requests were Web Sheriff, Audiolock, and InternetSecurities. "Not surprisingly, the list is dominated by third party take down services, many of whom use automated bots to identify copyrighted content and generate take-down notices," WordPress noted. The company wrote at length about this practice in April, both explaining and condemning the general procedure.
"These kind of automated systems scour the Web, firing off take-down notifications where unauthorized uses of material are found—so humans don't have to," WordPress wrote. "Sounds great in theory, but it doesn't always work out as smoothly in practice. Much akin to some nightmare scenario from the Terminator, sometimes the bots turn on their creators."
Computers fighting computers, with only human casualties. Sounds like a jurisprudential version of this.
A new NASA challenge is looking for evidence to support a theory that electromagnetic pulses (EMP) may precede an earthquake, potentially offering a warning to those in the quake's path.
The "Quest for Quakes" two-week algorithm challenge seeks to develop new software codes or algorithms to search through data and identify electromagnetic pulses that may precede an earthquake. Some researchers have speculated such pulses originating from the ground near earthquake epicenters could signal the onset of some quakes.
"Developing a reliable approach that can separate potential earthquake-induced electromagnetic pulses from the myriad of natural and anthropogenic sources has been a significant challenge," said Craig Dobson, program scientist at NASA Headquarters in Washington. "We look forward to seeing the innovative ideas from this competition and learning more about this controversial phenomenon."
The challenge opened for registration on Tuesday. Competitors will be able to submit entries from Monday, July 27 at 1 p.m. ET through Monday, Aug. 9 at 1 p.m. ET.
Contestants will be provided with electromagnetic signal data collected over three-month periods from multiple sensors in the proximity of past earthquakes. Control data with no earthquakes also will be included. Coders will have two weeks to develop a new approach to extract the signals and identify potential earthquake precursors. The individuals or teams developing winning approaches will share a $25,000 prize.
FS tells me that Ars Technica reports that Dice is selling the Slashdot and Sourceforge sites. The company in their second quarter earnings announcements stated they have "not successfully leveraged the Slashdot user base to further Dice's digital recruitment business", and are planning to divest this business.
The report goes on to note that in spite of what the report calls "an incredibly loyal and passionate following of tech professionals," Slashdot and SourceForge aren't core to DHI's business and that DHI has partnered with KeyBanc Capital Markets to advise DHI on the sale. There is no buyer lined up yet.
The report also says that Slashdot Media (the aggregate of Slashdot and SourceForge) made $1.7 million in revenue for the second quarter and that it's estimated Slashdot Media will pull somewhere between $15 million and $16 million in revenue for fiscal 2015.
Ars reports on a serious Android exploit to be disclosed at the upcoming BlackHat:
Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message.
The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in "Stagefright," an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.
I wasn't even aware that Razer had an Android gaming division, but apparently it does:
It has bought the software assets of Ouya; and it has acqui-hired the company's technical and developer relations teams to expand Razer's Android TV gaming business, specifically around its Forge TV console and the Cortex gaming platform.
One thing I found odd about the deal: This is only for the software side:
Notably, Razer is not acquiring the hardware part of Ouya's business, specifically the microconsole and controller that helped make Razer's name in the first place.
Isn't Razer mostly know for its gaming hardware? I'm surprised that they wouldn't acquire both sides - unless they really feel that their Android device is that far ahead of Ouya's (which is entirely possible, given the Ouya was a Kickstarter thing to begin with [raised $8.5 million] and as far as I know hasn't had a hardware refresh yet).
The Register explains that Razer has acquired Ouya's employees and assets, but not its hardware division, and will be displacing the Ouya console with its own Android box, Forge TV. It costs $99 or $149 with a controller, the same as Ouya. Methods of migrating to Razer services as well as discounts will be offered to Ouya users. Shaun Nichols notes that this deal comes as China finally ends its 15-year console ban, and a low-cost Android option may gain traction in that market.
Daimler has been road-testing its autonomous trucks in Nevada since May. From the BBC:
Daimler is currently seeking certification for a self-driving truck so it can be tested on public roads in Germany.
[...] "We're testing in Germany on our own proving grounds. The next step is getting real-life experience on German highways as well," [spokesman Wolfgang Bernhard] told the BBC. "We're looking to do that in the second half of the year."
Bernhard is confident Daimler will get certification within weeks. The self-driving trucks use GPS, radar and video cameras to navigate, and there's always a driver present and able to immediately retake control of the truck if needed.
Spotted on The Eponymous Pickle.