SoylentNews

An Anonymous Coward writes:

For some Northeast cities, high temperatures on Thanksgiving could be close to the coldest on record no matter what day of the month the holiday was celebrated (e.g. Nov. 22, Nov. 24, Nov. 26, etc.).

New York City has only had three Thanksgivings dating to 1870 when the high temperature failed to rise out of the 20s, according to National Weather Service statistics. The coldest was a high of 26 degrees on Nov. 28, 1901.

While this year may not touch that record in the Big Apple, it could still be just the fourth time when the high on Thanksgiving is only in the 20s.

In southern New England, Boston could come within a couple of degrees of its coldest Thanksgiving high of 24 degrees, also set Nov. 28, 1901.

https://weather.com/forecast/regional/news/2018-11-18-thanksgiving-day-record-cold-northeast

Possibly related:

Solar Minimum is Coming

Noone has seen a sunspot since October 21: http://www.sidc.be/silso/datafiles#total

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

Database leak exposes millions of two-factor codes and reset links sent by SMS

Millions of SMS text messages—many containing one-time passcodes, password reset links, and plaintext passwords—were exposed in an Internet-accessible database that could be read or monitored by anyone who knew where to look, TechCrunch has reported.Password breach teaches Reddit that, yes, phone-based 2FA is that bad

The discovery comes after years of rebukes from security practitioners that text messages are a woefully unsuitable medium for transmitting two-factor authentication (2FA) data. Despite those rebukes, SMS-based 2FA continues to be offered by banks such as Bank of America, cellular carriers such as T-Mobile, and a host of other businesses.

The leaky database belonged to Voxox, a service that claims to process billions of calls and text messages monthly. TechCrunch said that Berlin-based researcher Sébastien Kaul used the Shodan search engine for publicly available devices and databases to find the messages. The database stored texts that were sent through a gateway Voxox provided to businesses that wanted an automated way to send data for password resets and other types of account management by SMS. The database provided a portal that showed two-factor codes and resent links being sent in near real-time, making it potentially possible for attackers who accessed the server to obtain data that would help them hijack other people's accounts.

Original Submission

takyon writes:

Amazon exposed customer names and emails in a 'technical error'

Amazon exposed some customers' names and emails due to a "technical error," according to emails the company sent to affected customers. Several people shared screenshots of the emails online Wednesday morning. BetaNews first reported the incident.

In a statement, Amazon said, "We have fixed the issue and informed customers who may have been impacted."

Despite the exposure, Amazon told the affected customers they did not need to change their passwords. But even with just their names and emails exposed, people could attempt to reset their accounts or target their emails for phishing attacks.

Also at The Register.

US Christmas sales predicted to surpass $1 trillion for the first time this year

Christmas holiday retail sales in the U.S. are expected to climb above the $1 trillion mark for the first time this year, on the back of low unemployment, solid income growth and higher consumer confidence, according to a study released Tuesday.

Total retail sales in the U.S. will hit $1.002 trillion during the holiday period — which it defines as spanning November 1 and December 31 this year — an increase of almost 6 percent from the previous year, marking the "strongest growth since 2011," data from market research firm eMarketer showed.

[...] The research said the sector would see a 4.4 percent gain year-on-year in in-store sales, rising to $878.38 billion, and that brick-and-mortar would be a "bright spot" for the retail industry as a whole for the 2018 Christmas holiday period. [...] E-commerce continues to grow in market share, however, and will capture 12.3 percent of the total sales figure this year, according to eMarketer. Online retail sales are predicted to rise 16.6 percent from the previous year, to $123.73 billion, the study said.

See also: Amazon reverses decision to block international sites in Australia

Original Submission

takyon writes:

Silent and Simple Ion Engine Powers a Plane with No Moving Parts

Behind a thin white veil separating his makeshift lab from joggers at a Massachusetts Institute of Technology indoor track, aerospace engineer Steven Barrett recently test-flew the first-ever airplane powered with ionic wind thrusters—electric engines that generate momentum by creating and firing off charged particles. Using this principle to fly an aircraft has long been, according even to Barrett, a "far-fetched idea" and the stuff of science fiction. But he still wanted to try. "In Star Trek you have shuttlecraft gliding silently past," he says. "I thought, 'We should have aircraft like that.'"

Thinking ionic wind propulsion could fit the bill, he spent eight years studying the technology and then decided to try building a prototype miniature aircraft—albeit one he thought was a little ugly. "It's a kind of dirty yellow color," he says, adding that black paint often contains carbon—which conducts electricity and caused a previous iteration to fry itself. Barrett had slightly higher hopes for the latest prototype, which he dispassionately named Version 2. "Before we started the test flights I thought it had maybe a 50–50 chance," he says. "My colleague at MIT thought it was more like a 1 percent chance it would work."

But unlike its predecessors, which had tumbled to the ground, Version 2 sailed nearly 200 feet through the air at roughly 11 miles per hour (17 kilometers per hour). With no visible exhaust and no roaring jet or whirling propeller—no moving parts at all, in fact—the aircraft seemed silently animated by an ethereal source. "It was very exciting," Barrett says. "Then it crashed into the wall, which wasn't ideal." Still, Version 2 had worked, and Barrett and his colleagues published their results Wednesday in Nature. The flight was a feat others have tried but failed, says Mitchell Walker, an aerospace engineer at Georgia Institute of Technology who did not work on the new plane. "[Barrett] has demonstrated something truly unique," he says.

Now we just need a battery with a 1 GJ/L energy density.

Also at Ars Technica and Engadget.

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

NRL Demonstrates New Nonmechanical Laser Steering Technology

The SEEOR is based on an optical waveguide – a structure that confines light in a set of thin layers with a total thickness of less than a tenth that of a human hair. Laser light enters through one facet and moves into the core of the waveguide. Once in the waveguide, a portion of the light is located in a liquid crystal (LC) layer on top of the core. A voltage applied to the LC through a series of patterned electrodes changes the refractive index (in effect, the speed of light within the material), in portions of the waveguide, making the waveguide act as a variable prism. Careful design of the waveguides and electrodes allow this refractive index change to be translated to high speed and continuous steering in two dimensions.

SEEORs were originally developed to manipulate shortwave infrared (SWIR) light – the same part of the spectrum used for telecommunications – and have found applications in guidance systems for self-driving cars.

"Making a SEEOR that works in the MWIR was a major challenge," Frantz said. "Most common optical materials do not transmit MWIR light or are incompatible with the waveguide architecture, so developing these devices required a tour de force of materials engineering."

To accomplish this, the NRL researchers designed new waveguide structures and LCs that are transparent in the MWIR, new ways to pattern these materials, and new ways to induce alignment in the LCs without absorbing too much light. This development combined efforts across multiple NRL divisions including the Optical Sciences Division for MWIR materials, waveguide design and fabrication, and the Center for Bio/Molecular Science and Engineering for synthetic chemistry and liquid crystal technology.

The resulting SEEORs were able to steer MWIR light through an angular range of 14°×0.6°. The researchers are now working on ways to increase this angular range and to extend the portion of the optical spectrum where SEEORs work even further. Complete details of this research can be found in the December 2018 edition of the Journal of the Optical Society of America, DOI: 10.1364/JOSAB.35.000C29.

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

Police arrest alleged Russian hacker behind huge Android ad scam

Though the exact details of his alleged crimes won't come to light until his extradition to the US -- where he faces a maximum prison sentence of 20 years -- a Crime Russia report claims Zhukhov may have been involved in a fake advertising network that Google shut down last month.

The scam (outed in a Buzzfeed exposé) used bots to mimic user behaviour on a network of 125 Android apps connected to front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, and Bulgaria. This fake traffic was used to con brands out of "hundreds of millions" of ad dollars, according to a "person involved in the scheme." However, Google put the figure at $10 million, while Russian newspaper Kommersant says Zhukhov has been charged with ad fraud of up to $7 million, which took place between September 2014 to 2016. During this time, the hacker reportedly operated a network of 50 servers, renting them out to others, who later used them to inflate video ad views.

Original Submission

upstart writes in with a submission via IRC for SoyCow1984:

Virgin Orbit flies its rocket into the skies for the first time

For the first time, Virgin Orbit has strapped its 21-meter rocket to a modified 747 aircraft and taken to the skies. The company performed this "captive-carry" test flight on Sunday in Victorville, located to the northeast of Los Angeles.

"The vehicles flew like a dream today," Virgin Orbit Chief Pilot Kelly Latimer said in a news release. "Everyone on the flight crew and all of our colleagues on the ground were extremely happy with the data we saw from the instruments on-board the aircraft, in the pylon, and on the rocket itself. From my perspective in the cockpit, the vehicles handled incredibly well, and perfectly matched what we've trained for in the simulators."

[...] Earlier this month, the company had conducted a series of tests that involved mating the LauncherOne rocket to the aircraft, nicknamed Cosmic Girl, and then performing taxiing tests. But Sunday's flight represents a new phase of airborne tests that will include "several more" flights of the aircraft with and without the rocket attached. These tests will ensure that Cosmic Girl and the rocket behave as anticipated during flight.

The final step before an actual in-air rocket launch will involve at least one drop test, in which the carbon-fiber rocket will be released from the 747 aircraft without firing its engine, in order to gather data about its free-fall performance through the atmosphere.

The linked article has several photos showing the rocket hanging from the 747 as viewed from a variety of different perspectives. A little-know tidbit is that the 747 was designed to have a 5th hardpoint on its wing. The actual engines would be attached to hardpoints 1-4; the 5th was designed for ferrying a spare engine to a remote location. It is to this (reinforced) hardpoint that the LauncherOne rocket was attached.

They are aiming to achieve orbit in 2019.

Original Submission

upstart writes in with a submission via IRC for SoyCow1984:

Ivanka Trump used personal email for official White House business

First daughter and presidential advisor Ivanka Trump used a personal email account dozens of times to conduct official White House business, The Washington Post reports, citing an internal White House investigation. It's an ironic revelation given her father's obsession with Hillary Clinton's own use of a private email server during the 2016 presidential campaign.

Federal law requires government officials to preserve written records of their activities—and that includes email. Government email systems are set up to comply with these laws, and federal IT guidelines require government officials to use their official email accounts for all official business. The use of official email accounts may also reduce the risk of sensitive communications being intercepted by foreign intelligence agencies.

[...] Ivanka Trump's use of a personal email account was discovered in September 2017. Ivanka said she was simply unfamiliar with rules requiring official business to be conducted via official email accounts—despite the fact that her father had made Hillary Clinton's violation of the same rules a central theme of his campaign.

Last year Politico reported that Ivanka Trump's husband, Jared Kusher, had been conducting official business using an email address on the same ijkfamily.com domain. But at the time it wasn't known if Ivanka was doing the same thing. We learned about Ivanka's use of the ijkfamily.com domain for government business last November, but until now we didn't know the extent of Ivanka's use of this activity.

Original Submission

upstart writes in with a submission via IRC for SoyCow1984:

Charter, Comcast don't have 1st Amendment right to discriminate, court rules

A US appeals court ruling today said that cable companies do not have a First Amendment right to discriminate against minority-run TV channels.

Charter, the second-largest US cable company after Comcast, was sued in January 2016 by Byron Allen's Entertainment Studios Networks (ESN), which alleged that Charter violated the Civil Rights Act of 1866 by refusing to carry TV channels run by the African-American-owned ESN. Allen, a comedian and producer, founded ESN in 1993 and is its CEO; the lawsuit seeks more than $10 billion in damages from Charter.

Charter argued that the case should be dismissed, claiming that the First Amendment bars such claims because cable companies are allowed "editorial discretion." But Charter's motion to dismiss the case was denied by the US District Court for the Central District of California, and the District Court's denial was upheld unanimously today by a three-judge panel at the US Court of Appeals for the 9th Circuit.

UPDATE: The appeals court also ruled against Comcast in a similar civil rights case in which ESN seeks more than $20 billion. Comcast had argued in a brief that "the First Amendment prohibits plaintiffs from suing to alter Comcast's selection of a programming lineup." But today's ruling allows ESN's lawsuit against Comcast to proceed as well.

upstart writes:

Submitted via IRC for SoyCow1984

Dogs know when they don't know

In the field of comparative psychology, researchers study animals in order to learn about the evolution of various traits and what this can tell us about ourselves. At the DogStudies lab at the Max Planck Institute for the Science of Human History, project leader Juliane Bräuer studies dogs to make these comparisons. In a recent study published in the journal Learning & Behavior, Bräuer and colleague Julia Belger, now of the Max Planck Institute for Human Cognitive and Brain Sciences, explore whether dogs have metacognitive abilities -- sometimes described as the ability to "know what one knows" -- and in particular whether they are aware of what information they have learned and whether they need more information.

To test this, the researchers designed an apparatus involving two V-shaped fences. A reward, either food or a toy, would be placed by one researcher behind one of the two fences while another researcher held the dog. In some cases, the dog could see where the reward was placed, while in others the dog could not. The researchers then analyzed how frequently the dogs looked through a gap in the fence before choosing an option. The question was whether, like chimps and humans, the dog would "check" through the gap when he or she had not seen where the reward was placed. This would indicate that the dog was aware that he or she did not know where the reward was -- a metacognitive ability -- and would try to get more information before choosing a fence.

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

One of the fathers of AI is worried about its future

Alongside Geoff Hinton and Yan LeCun, Bengio is famous for championing a technique known as deep learning that in recent years has gone from an academic curiosity to one of the most powerful technologies on the planet.

Deep learning involves feeding data to large neural networks that crudely simulate the human brain, and it has proved incredibly powerful and effective for all sorts of practical tasks, from voice recognition and image classification to controlling self-driving cars and automating business decisions.

Bengio has resisted the lure of any big tech company. While Hinton and LeCun joined Google and Facebook, respectively, he remains a full-time professor at the University of Montreal. (He did, however, cofound Element AI in 2016, and it has built a very successful business helping big companies explore the commercial applications of AI research.)

Bengio met with MIT Technology Review's senior editor for AI, Will Knight, at an MIT event recently.

[Ed. note: They talk about an AI race between different countries, collaboration between countries, a few companies dominating the AI field, military uses of AI, and more.]

[Ed note: Added 'Science' as a topic 22Nov0933.]

Original Submission

upstart writes:

Submitted via IRC for SoyCow0824

E-commerce site is infected not by one, but two card skimmers

Payment card skimming that steals consumers’ personal information from e-commerce sites has become a booming industry over the past six months, with high-profile attacks against Ticketmaster, British Airways, Newegg, and Alex Jones’ InfoWars, to name just a few. In a sign of the times, security researcher Jérôme Segura found two competing groups going head to head with each other for control of a single vulnerable site.

The site belongs to sportswear seller Umbro Brasil, which as of Tuesday morning was infected by two rival skimmer groups. The first gang planted plaintext JavaScript on the site that caused it to send payment card information to the attackers as customers were completing a sale. The malicious JavaScript looked like this: [image]

A second gang exploited either the same or a different website vulnerability as the first. The second group then installed much more advanced JavaScript that was encoded in a way to prevent other programs from seeing what it did. This is what it looked like: [image]

The obfuscated JavaScript actively tampered with the less-sophisticated payment skimmer installed by the first gang. Specifically, it replaced the last digit of a credit card number with a randomly generated digit before being sent to the first group. As a result, there was a 90 percent chance that the number obtained by the first group would be incorrect. Because the first group used unobfuscated JavaScript, the skimmer is much more vulnerable to tampering by rivals.

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

MPAA: Making All Domain WHOIS Data Public Will Advance Privacy

Anti-piracy groups witnessed their work becoming more complicated this year after the EU's new privacy regulations limited access to domain name WHOIS data. This measure is supposed to increase privacy for registrants but in a submission to the US Government, Hollywood's MPAA stresses that restoring full access increases the privacy of the public at large.

A few weeks ago, the US National Telecommunications and Information Administration (NTIA), asked the public for input on ways to improve consumer privacy. [...] The request came a few months after the EU's new privacy regulation, the GDPR, was implemented. The GDPR requires many online services and tools to tighten their privacy policies, which also affects domain registrars.

As of June 2018, ICANN implemented a temporary measure to restrict access to personal data that would previously have been available through WHOIS, unless explicit permission is given. A welcome privacy change to many domain registrants, but anti-piracy groups are not happy. While the limited WHOIS data is supposed to improve user privacy, the MPAA tells the NTIA that the opposite is true. They believe that opening it up again "will advance privacy while protecting prosperity and innovation," in line with NTIA's aims.

[...] The MPAA says that when it comes to WHOIS data, sharing more personal data in public – as it was in the past – benefits the public at large. Sharing personal data of all website owners allows visitors to check who they are dealing with. "Users are not 'reasonably informed' or 'empowered to meaningfully express privacy preferences' if they cannot determine the entity behind a website," the MPAA explains. [...] Concerns about limited WHOIS data are not new. Previously, a group of 50 organizations warned that it makes pirates harder to catch, which is of course the MPAA's main stake in the matter.

Original Submission

An Anonymous Coward writes:

As part of the company's Supercomputing 2018, a new FPGA accelerator card was announced by Xilinx. The Xilinx Alveo U280 is one of the company's pre-ACAP 16nm UltraScale+ architecture FPGA products. The U280 features 8GB of Samsung High Bandwidth Memory (HBM2) plus 32GB of DDR4 memory. The goal of the new card is to accelerate database search and analytics, machine learning inference, and other memory-bound applications.

Buried in the documentation for the card is a nugget of extremely interesting information:

"The U280 acceleration card includes CCIX support to leverage existing server interconnect infrastructure for high bandwidth, low latency cache coherent shared memory access with CCIX enabled processors including Arm and AMD." (Source: Xilinx Alveo U280 whitepaper WP50 (v1.0) accessed 16 November 2018)

We were recently at the AMD Next Horizon Event and STH friend Dr. Ian Dr. Ian Cutress at Anandtech (not a typo, that is what his SC18 badge said) touched upon this in his interview with AMD CTO Mark Papermaster. Neither in the Rome disclosure nor the interview did AMD confirm CCIX support. However, AMD publicly supports CCIX and Gen-Z and when we asked if this means Rome supports CCIX all we received was that AMD supports CCIX but has not announced a product with it yet. Arm may have chips derived from its IP with CCIX support, but AMD has a more well-defined roadmap.

https://www.servethehome.com/xilinx-alveo-u280-launched-possibly-with-amd-epyc-ccix-support/

Original Submission

takyon writes:

Jeff Bezos' new 'shadow' adviser at Amazon is a female executive of Chinese descent

Amazon CEO Jeff Bezos has a new "shadow" adviser, a role that's highly coveted inside the company because it involves following around the billionaire founder for a year or two and learning all aspects of the business.

The position is now held by Wei Gao, a female executive of Chinese descent, whose LinkedIn profile says she's had the role of "VP, Technical Advisor to CEO" since July. Gao, only the second female to shadow Bezos, replaced Jeffrey Helbling, who was named technical adviser in early 2017. CNBC learned of the change from two people familiar with the matter who asked not to be named because they're not authorized to speak for the company.

Gao, who was most recently a vice president of forecasting, has filled various roles during her 13 years at Amazon, including senior positions in the Kindle and inventory planning teams.

The shadow job, which entails sticking by Bezos' side and accompanying him to all of his meetings, often portends good things for those who are picked. Maria Renz, who left the position in 2017, is now vice president of delivery experience. Other high-profile shadows from the past include Andy Jassy, now CEO of Amazon Web Services, Greg Hart, vice president of of[sic] Prime Video, and Dilip Kumar, vice president of Amazon Go.

The richest man in the world (on paper) casts a big shadow.

Original Submission