SoylentNews

An Anonymous Coward writes:

PLEX, this last week pushed out changes to its ROKU users (I am one). That made using PLEX nearly impossible for some people. Light and Dark gray color palate. White text on light gray background, to the point of the PLEX 1/4 screen height logo and spinning-working throbber being lost on the background.

So war ensues... See Plex.tv support forums if you must.

My question to you all, "What is TECH's responsibility to the Handicapped?".

Should good TECH also have a backdoor method allowing those with usability issues to still use the product, when TECH changes directions? What about lifetime pre-paid services that are now unusable? Should there be immediate return of funds, so we can buy the second best solution (now the best choice for us)? Should any change be signed off by a third party auditor to insure continued usability?

So again, asked differently, what is TECH's moral responsibility?

Original Submission

jas writes:

NPM[*], to put it lightly, had a challenging year. A series of high-profile incidents resulted in headaches for system administrators, as a combination of third parties abusing the NPM platform as well as bad deployments from the NPM team themselves causing adverse effects.

In an interview with TechRepublic, NPM director of security Adam Baldwin indicated that NPM, Inc. is working on solutions to improve security. "Users of Javascript in the enterprise share responsibility with NPM. We have a dedicated security team and are building products in 2019 to focus on these efforts," Baldwin said. The product hinted at is tooling being built into NPM, "starting with Enterprise, to help understand what is being run on systems." These changes are tentatively planned to be unveiled in the first half of 2019.

These plans include identifying known vulnerabilities and advanced reporting and visualization of dependency trees, in order to gain a better understanding of what is being used in deployment. In an earlier email with TechRepublic, NPM's Jonathan Cowperthwait noted that the team could improve security by "surfacing information about maintainer transfers," and "driving use of two-factor authentication."

https://www.techrepublic.com/article/heres-how-npm-plans-to-improve-security-and-reliability-in-2019/

[*] https://en.wikipedia.org/wiki/Npm_(software):

npm is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. It consists of a command line client, also called npm, and an online database of public and paid-for private packages, called the npm registry. The registry is accessed via the client, and the available packages can be browsed and searched via the npm website. The package manager and the registry are managed by npm, Inc.

Original Submission

Phoenix666 writes:

Hackaday:

The Internet of Things is eating everything alive, and the world wants to know: how do you make a small, battery-powered, WiFi-enabled microcontroller device? This is a surprisingly difficult problem. WiFi is not optimized for low-power operations. It’s power-hungry, and there’s a lot of overhead. That said, there are microcontrollers out there with WiFi capability, but how do they hold up to running off of a battery for days, or weeks? That’s what [TvE] is exploring in a fantastic multi-part series of posts delving into low-power WiFi microcontrollers.

The idea for these experiments is set up in the first post in the series. Basically, the goal is to measure how long the ESP8266 and ESP32 will run on a battery, using various sleep modes. Both the ESP8266 and ESP32 have deep-sleep modes, a ‘sleep’ mode where the state is preserved, a ‘CPU only’ mode that turns the RF off, and various measures for sending and receiving a packet.

The takeaway from these experiments is that a battery-powered ESP8266 can’t be used for more than a week without a seriously beefy battery or a solar panel.

Power consumption and battery life remain limitations for IoT applications. How can they be overcome?

Original Submission

takyon writes:

Rocket Lab Launches 13 Cubesats on 1st Mission for NASA

Rocket Lab's ramp-up is going well so far. The spaceflight startup launched 13 tiny satellites on its first-ever mission for NASA early this morning (Dec. 16), just a month after acing its first commercial flight.

A Rocket Lab Electron booster lifted off from the company's launch site on New Zealand's Mahia Peninsula at 1:33 a.m. EST today (0633 GMT and 7:33 p.m. local New Zealand time), kicking off the ELaNa-19 mission for NASA. Fifty-three minutes later, all of the payloads had separated from the Electron's "kick stage" and settled successfully into a circular orbit about 310 miles (500 kilometers) above Earth.

Educational Launch of Nanosatellites.

Also at Engadget.

Original Submission

Phoenix666 writes:

Smithsonian.com:

From around 420 to 350 million years ago, when land plants were still the relatively new kids on the evolutionary block and “the tallest trees stood just a few feet high,” giant spires of life poked from the Earth. “The ancient organism boasted trunks up to 24 feet (8 meters) high and as wide as three feet (one meter),” said National Geographic in 2007. With the help of a fossil dug up in Saudi Arabia scientists finally figured out what the giant creature was: a fungus. (We think.)

At last we know what wiped out the Sleestak--they kept licking the shrooms.

Original Submission

Phoenix666 writes:

ArsTechnica:

London's Metropolitan Police Service will be testing facial recognition technology in a handful of locations across the central core of the British capital on both Monday and Tuesday for eight hours each day.

This trial marks the seventh such trial in London since 2016. In addition to the December 17-18 tests, authorities have said there will be three more tests that have yet to be scheduled.

Time to break out the Guy Fawkes masks, Londoners.

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets' accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.

"In other words, they check victims' usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too," Certfa Lab researchers wrote.

In an email, a Certfa representative said company researchers confirmed that the technique successfully breached accounts protected by SMS-based 2fa. The researchers were unable to confirm the technique succeeded against accounts protected by 2fa that transmitted one-time passwords in apps such as Google Authenticator or a compatible app from Duo Security "We've seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they've managed to do such a thing or not," the Certfa representative wrote. "For sure, we know hackers have bypassed 2fa via SMS."

Original Submission

RandomFactor writes:

The Boston Globe has a story out about a ruling in US District court this week that narrows the scope of a 50-year old Massachusetts law that restricted recording of police and other government officials.

The law, and similar ones still in effect in 10 other states, was implemented long before the advent of now ubiquitous cell phones. It and similar laws criminalized recordings made of police and public officials in public even in performance of their duties, as felonies and have caught large numbers of individuals, activists, and journalists doing the same thing they always do in their net. (Most states are covered already by rulings which find such recording legal on first amendment grounds.)

But a ruling issued Monday by US District Court Judge Patti Saris found, "On the core constitutional issue, the Court holds that secret audio recording of government officials, including law enforcement officials, performing their duties in public is protected by the First Amendment, subject only to reasonable time, place, and manner restrictions." And so, she added, the law "is unconstitutional in those circumstances."

The attorney general's office is reviewing the decision so challenge or appeal may still be forthcoming. However, as the Globe notes

this is one law whose time has come and gone. Challenges to the law go back to at least 2001, when a spirited dissent in a case then before the Supreme Judicial Court insisted that the "legislative intent" was to regulate government surveillance, not that of private citizens trying to monitor police conduct in a public place.

This case was clearly a win for greater transparency — and that's all to the good. It should be allowed to stand.

More information on recording public officials is available here and here.

Quis custodiet ipsos custodes? Maybe now we can, just a little bit more, in Massachusetts.

Good one Skippy.

Previously: Right to Record Police Established in U.S. Fifth Circuit
Right to Record Police Established in U.S. Third Circuit

Related: New Bill in Colorado Would Protect the Right to Record Police
PINAC Correspondent Found Guilty of Trespassing on Public Road
China Says it's OK for Members of the Public to Record the Police

Original Submission

hendrikboom writes:

I found an old memoir by someone who had worked with Richard Feynman way back in the 80's.

Those days seem to presage a lot of things that have become commercial hot topics these days -- highly parallel computers and neural nets.

One day in the spring of 1983, when I was having lunch with Richard Feynman, I mentioned to him that I was planning to start a company to build a parallel computer with a million processors. (I was at the time a graduate student at the MIT Artificial Intelligence Lab). His reaction was unequivocal: "That is positively the dopiest idea I ever heard." For Richard a crazy idea was an opportunity to prove it wrong—or prove it right. Either way, he was interested. By the end of lunch he had agreed to spend the summer working at the company.

In his last years, Feynman helped build an innovative computer. He had great fun with computers. Half the fun was explaining things to anyone who would listen.

I was alive those days; might I be as old as aristarchus?

-- hendrik

Original Submission

stretch611 writes:

From NPR:

The audit found that as of Oct. 1 CBP had paid Accenture Federal Services approximately $13.6 million of a $297 million contract to recruit and hire 7,500 applicants, including Customs and Border Protection officers, Border Patrol agents, and Air and Marine Interdiction agents. But 10 months into the first year of a five-year contract Accenture had only processed "two accepted job offers," according to the report.

[...] When it became clear the company would miss a 90-day deadline to reach the "full operation phase" outlined in the agreement, the agency modified the contract granting Accenture another three months to ramp up operations to meet the terms of the contract.

CBP also allowed the company to use the government agency's applicant tracking system when Accenture failed to deploy its own, leading to another contract revision.

Original Submission

An Anonymous Coward writes:

https://www.pri.org/stories/2018-12-12/judge-halts-keystone-xl-pipeline-citing-complete-disregard-climate

In his ruling, Judge Brian Morris said “the Trump administration completely disregarded the climate effects of building the Keystone pipeline,” according to Vermont law professor Pat Parenteau.

“The Trump administration dismissed, with barely a paragraph in the decision document they issued, the whole idea that the pipeline would be contributing to climate change and the judge said that's not good enough,” Parenteau explains. “[He said], ‘You really do have to take into account the growing body of science that we all know and you have to explain why it makes sense, given that, to authorize yet another major piece of fossil fuel infrastructure that will take 40 years to pay off.’”

Morris is a former justice on the Montana Supreme Court and is considered a “very moderate judge,” Parenteau adds. “He’s hardly a radical environmentalist. There are some judges on the federal bench who are more pro-environment ..., but Judge Morris isn’t in that same category.”

Original Submission

takyon writes:

How the global trade in tear gas is booming

Non-lethal weapons are a multibillion-dollar-a-year business and the industry seems to be growing. The industry could be worth more than $9bn by 2022, according to Allied Market Research, a company that does industry forecasting. [Combined Systems, Inc (CSI)] supplies not only Egypt, but also Israel, Bahrain and US police departments, like the one in Ferguson, Missouri.

According to Amnesty International and internal letters published by the Egypt Independent newspaper, Combined Systems, Inc shipped tens of thousands of rounds of tear gas to the Egyptian government between 2011 and 2013, even as the crackdown on protesters became more deadly. The backlash against tear gas grew as more was sent to the country. After a particularly brutal series of clashes in 2011, dock workers in Suez refused a shipment of tear gas from CSI, saying they did not want to participate in further pain or death.

"Almost everywhere [that] we see images of large-scale protest, we will see on the streets a Combined Systems, Inc product," said Anna Feigenbaum, who wrote a book on the history of tear gas.

It's a common name for a family of chemical irritants, not actually gases, but fine powders dispersed by spray or aerosol. Tear gas doesn't just make your eyes water; it causes a burning sensation, difficulty breathing, chest pain and skin irritation. It can lead to nausea and vomiting. It's considered a chemical weapon.

[...] The 1993 Chemical Weapons Convention banned the use of tear gas in war, but many countries, including the US, still deploy it against domestic uprisings and unrest. Worldwide, the use of tear gas seems to be on the rise, but governments don't track its use so getting hard numbers can be difficult. [...] [Protesters] have died from tear gas - in Egypt, in Gaza, in Bahrain. Some died from asphyxiation, when gas was fired in too concentrated a dose in too small a space. And some died from the canisters themselves.

Original Submission

takyon writes:

Johnson & Johnson's stock slammed after report it knew of asbestos in baby powder

Shares of Johnson & Johnson tumbled Friday, after a Reuters report that the drug and consumer-products company knew for decades that its baby talcum powder was contaminated with asbestos, a known carcinogen, that is alleged to have caused cancer in thousands of its customers.

The stock ended 10% lower on Friday, marking its largest one-day percentage decline in 16 years and lowest close in nearly four months, according to FactSet data. It led decliners on the Dow Jones Industrial Average and the S&P 500 on the day, and accounted for about 101 points of the Dow's 497-point loss.

[...] Reuters said an examination of internal company memos and other documents found the New Jersey–based company was aware of the presence of small amounts of asbestos in its products from as early as 1971 but failed to disclose that fact to regulators or to the general public.

Reuters stands by J&J report, says it was based 'entirely' on Johnson & Johnson documents

Reuters reporter Lisa Girion stands by her report that Johnson & Johnson knew for decades that asbestos was in its baby powder. "Our report on the fact that J&J was aware of small amounts of asbestos in its talc, in its baby power, in the ore that it mined in Vermont to make baby power, is based entirely on their documents," Girion told CNBC's "Power Lunch" on Friday.

The Reuters story sent J&J shares down 9 percent on Friday and prompted a response from the health-care company that called the article "one-sided, false and inflammatory." "Simply put, the Reuters story is an absurd conspiracy theory, in that it apparently has spanned over 40 years, orchestrated among generations of global regulators, the world's foremost scientists and universities, leading independent labs, and J&J employees themselves," the company said in a statement.

See also: Asbestos Opens New Legal Front in Battle Over Johnson's Baby Powder
Those J&J Baby-Powder Lawsuits Aren't Going Away
Johnson & Johnson loses $39.8 billion in market value in one day after report claims it knew about asbestos in its baby powder

Previously: The Baby Powder Trials: How Courts Deal with Inconclusive Science
Johnson & Johnson Ordered to Pay $417m in Latest Talc Cancer Case
$417 Million Talc Cancer Verdict Against Johnson & Johnson Tossed Out
Johnson & Johnson Loses New Jersey Talc Cancer Case

Original Submission

takyon writes:

In a first, Isro will make dead rocket stage 'alive' in space for experiments (alt)

Can a dead rocket in space be anything but debris? Isro believes it might actually be useful. Feted for its frugality and tech savvy, the Indian Space Research Organisation (Isro) is working on a new technology where it will use the last stage of the PSLV rocket for space experiments. It will perform a technology demonstration of this new system when it launches the PSLV C44 rocket in January.

Talking to [Times of India] here, Isro chairman K Sivan said, "Normally, the last stage of a PSLV rocket after releasing the primary satellite in space becomes dead and categorised as debris. It remains in the same orbit as that of the released satellite. Now, we are working on a new technology where we will give life to this "dead" last stage of PSLV, also called PS4 stage, for six months after its launch. This rocket stage will double up as a satellite. This will be the most cost-effective way to perform experiments in space as we don't have to launch a separate rocket for the purpose." He said that "India is the only country in the world that is working on this new technology".

Polar Satellite Launch Vehicle (PSLV).

Original Submission

upstart writes:

Submitted via IRC for SoyCow1984

FCC panel wants to tax Internet-using businesses and give the money to ISPs

A Federal Communications Commission advisory committee has proposed a new tax on Netflix, Google, Facebook, and many other businesses that require Internet access to operate.

If adopted by states, the recommended tax would apply to subscription-based retail services that require Internet access, such as Netflix, and to advertising-supported services that use the Internet, such as Google and Facebook. The tax would also apply to any small- or medium-sized business that charges subscription fees for online services or uses online advertising. The tax would also apply to any provider of broadband access, such as cable or wireless operators.

The collected money would go into state rural broadband deployment funds that would help bring faster Internet access to sparsely populated areas. Similar universal service fees are already assessed on landline phone service and mobile phone service nationwide. Those phone fees contribute to federal programs such as the FCC's Connect America Fund, which pays AT&T and other carriers to deploy broadband in rural areas.

The state tax proposal comes from the FCC's Broadband Deployment Advisory Committee (BDAC), a group criticized by San Jose Mayor Sam Liccardo—who quit the committee—"for advancing the interests of the telecommunications industry over those of the public." BDAC members include AT&T, Comcast, Google Fiber, Sprint, other ISPs and industry representatives, researchers, advocates, and local government officials.

The BDAC tax proposal is part of a "State Model Code for Accelerating Broadband Infrastructure Deployment and Investment." Once finalized by the BDAC, each state would have the option of adopting the code.

An AT&T executive who is on the FCC advisory committee argued that the recommended tax should apply even more broadly, to any business that benefits financially from broadband access in any way. The committee ultimately adopted a slightly more narrow recommendation that would apply the tax to subscription services and advertising-supported services only.

Original Submission