SoylentNews

upstart writes:

Submitted via IRC for Bytram

Massive bank app security holes: You might want to go back to that money under the mattress tactic

A new report^[$]. from a well-regarded payments consulting firm has found a lengthy list of security insanity while examining several major fintech company mobile apps. Although the very nature of apps that manage and move money would suggest presumably strong security, banks and their cohorts tend to adopt new technology slower than almost any other vertical, which puts them in a bad place when it comes to security.

My favorite finding from the Aite Group report: "Several mobile banking apps hard-coded private certificates and API keys into their apps. [Thieves] could exploit this by copying the private certificates to their computers and running any number of free password-cracking programs against them," the report noted. "Should the [attackers] successfully crack the private key, they would be able to decrypt all communication between the back-end servers and mobile devices, among other things. The API keys allow an adversary to then begin targeting the [financial institution's] API servers, gaining them access to data in the back-end databases. This allows [attackers] to authenticate the device with the back-end servers of that app, since this is what APIs use for authentication and authorization."

In other words, these banks have made the attackers' jobs far easier. "One of the directories was actually called 'API Keys,'" said Alissa Knight, the senior analyst with Aite Group's cybersecurity practice who did the research for the report. "My coffee didn't even get cold while I was on that list" trying to find vulnerabilities.

takyon writes:

SpaceX's first batch of operational Starlink satellites will launch no earlier than May 2019:

SpaceX has announced a launch target of May 2019 for the first batch of operational Starlink satellites in a sign that the proposed internet satellite constellation has reached a major milestone, effectively transitioning from pure research and development to serious manufacturing.

R&D will continue as SpaceX Starlink engineers work to implement the true final design of the first several hundred or thousand spacecraft, but a significant amount of the team's work will now be centered on producing as many Starlink satellites as possible, as quickly as possible. With anywhere from 4400 to nearly 12,000 satellites needed to complete the three major proposed phases of Starlink, SpaceX will have to build and launch more than 2200 satellites in the next five years, averaging 44 high-performance, low-cost spacecraft built and launched every month for the next 60 months.

[...] According to SpaceX filings with the FCC, the first group of operational satellites – potentially anywhere from 75 to 1000 or more – will rely on just one band ("Ku") for communications instead of the nominal two ("Ku" and "Ka"), a change that SpaceX says will significantly simplify the first spacecraft. By simplifying them, SpaceX believes it can expedite Starlink's initial deployment without losing a great deal of performance or interfering with constellations from competitors like OneWeb.

Amazon's planned 3,236-satellite broadband constellation, Project Kuiper, is being developed by former SpaceX employees:

Amazon's satellite internet plan is increasingly looking like the one Elon Musk has at SpaceX, with thousands of spacecraft that are compact in size. Among the reasons for the similarities, people tell CNBC, is that Jeff Bezos has hired some of Musk's previous senior management.

Former SpaceX vice president of satellites Rajeev Badyal and a couple members of his team are now leading Amazon's Project Kuiper, people familiar with the situation told CNBC.

[...] Badyal previously ran the "Starlink" division at SpaceX, which launched its first two test satellites last year. [...] Musk fired Badyal in June, one of the people said, confirming reports last year that the SpaceX CEO had become frustrated with the pace of Starlink's development. That was about four months after the launch of the first two Starlink test satellites. According to FCC documents, Starlink will become operational once at least 800 satellites are deployed.

Previously: SpaceX CEO Elon Musk Fired Managers and Employees in June to Shake Up Starlink Project
SpaceX Seeks Approval for 1 Million Starlink Ground Stations, Faces Pentagon Audit
SpaceX and OneWeb Clash Over Proposed Satellite Constellation Orbits

Related: Relativity Space Selected to Launch Satellites for Telesat

Original Submission

RandomFactor writes:

In a spot of dry humor, El Reg has a story up on how the Government of Ridgefield, CT, attempted to remedy a damp baseball field in preparation for a high school game by lighting it on fire with gasoline.

In what could be understatement of the week, a Connecticut town has admitted that "a poor decision was made" when 24 gallons (109 litres) of petrol were poured on a baseball field and set on fire.

According to the town's Facebook page:

Town of Ridgefield, CT
on Saturday

There as been an incident in town that we want [to] make citizens aware of. A RHS baseball game at Governor Park was delayed due to weather conditions on the field this morning. A poor decision was made (and being looked into by the RPD) to “dry the field quicker” and 24 gallons of gasoline was poured and set on fire. Thanks to the RFD, Peter Hill the Director of Public Works, DEEP, the RPD, and our Certified Spill Response Team for their incredible help. No one was injured and no one is in danger. The plan is to excavate the infield, place dirt in a safe container, and add fresh, clean soil to the field. We will update you as we know more.

Sadly for the players, it turns out that fire and grass did not work together as was apparently hoped and the game had to be held elsewhere. A later update on the town's page indicates

Town of Ridgefield, CT
on Saturday

An update to the field fire situation. The field may be closed for the week due to the need for testing to be completed.

Comments on the page are everything you might expect and deserve your attention, for example one individual pointed out that he "would have added the use of a leaf blower to give the fire more oxygen."

Science!

Original Submission

Phoenix666 writes:

CNet:

Libraries are repositioning themselves as cultural and learning centers for the digital age. Many lend out mobile hotspots, often for weeks at a time. Others offer classes in the latest tech, such as 3D printing and music-editing software. And libraries have some of the savviest social media editors around.

On Sunday, libraries across the country began celebrating their evolving mission during National Library Week. Melinda Gates serves as honorary chairwoman of the annual event, which is sponsored by the American Library Association. Gates is an appropriate choice: She and husband Bill began funding computers, internet access and software for libraries in low-income communities through an organization they established in 1997.

Do libraries have a future as makerspaces?

Original Submission

An Anonymous Coward writes:

https://www.express.co.uk/news/world/1110887/nasa-news-yellowstone-volcano-Caldera-eruption-supervolcano-asteroid-end-of-the-world

A NASA thought experiment called, Defending Human Civilisation From Supervolcanic Eruptions, stated that a supervolcano eruption was more likely to happen in the future than an asteroid hitting the earth, according to the Daily Star. It said: “Supervolcanic eruptions occur more frequently than a large asteroid or comet impacts that would have a similarly catastrophic effect to human civilization.” Jet Propulsion Laboratory researchers found that collisions from asteroids which are more than 2km in diameter occurred “half as often as supervolcanic eruptions”.

[...]Yellowstone Caldera[*] is classed as a supervolcano which erupted 60,000 years ago and again 60,000 years before that.

Although there is no guarantee, if the volcano follows the same pattern then it is now due for another eruption.

Researchers have found that if a supervolcano like Yellowstone did erupt, then a “volcanic winter” would ensue which could surpass the “amount of stored food worldwide”.

People living on another continent would not be spared from the aftermath of a supervolcanic eruption.

[*] Wikipedia entry on the Yellowstone Caldera (aka Supervolcano).

The referenced NASA document — Defending Human Civilization From Supervolcanic Eruptions (pdf) — is less sensational; here is the abstract from the paper:

Large volcanic eruptions greater or equal to a magnitude 8 on the Volcanic Explosivity Index (i.e., supervolcanic eruptions) eject >10 15 kg of ash and sulfate aerosols, sufficient to blanket sizeable fractions of continents and create a regional or global "volcanic winter." Such events could seriously reduce worldwide agricultural production for multiple years, causing mass famine. Supervolcanic eruptions occur more frequently than large asteroid or comet impacts that would have a similarly catastrophic effect to human civilization, especially now that many asteroid orbits have been mapped. We assess whether future supervolcanic eruptions could be dampened, delayed, or prevented by engineering solutions.

Original Submission

RandomFactor writes:

New York's attempt to use facial recognition to track and locate terrorists in our midst has not gone so well.

The Wall Street Journal[*] has obtained a Metropolitan Transportation Authority [(MTA)] email showing that a 2018 technology test on New York City's Robert F. Kennedy Bridge not only failed, but failed spectacularly -- it couldn't detect a single face "within acceptable parameters." An MTA spokesperson said the pilot program would continue at RFK as well as other bridges and tunnels, but it's not an auspicious start.

Facial recognition is already a contentious privacy issue and prone to marginal accuracy at the best of times. Having cameras peering into one's vehicle just for driving down the road may be somewhat off-putting for those who have not given up on privacy entirely. Knowing that it borders on worthless with current technology for cars moving at speed capturing faces through windows will be welcome news to some.

The system also, notably

sometimes has trouble recognizing non-white people and women, and it assumes a culprit won't wear a mask or another disguise. While no terrorist detection system is foolproof, there are real concerns that current approaches could generate false positives or let suspects slip through the cracks.

[*] The name of the publication is "The Wall Street Journal" — the word "The" is part of the name of the newspaper, — so here it should have been cited as The Wall Street Journal. --Ed.]

Happy for privacy that it isn't there yet, or sad for law enforcement being less effective as a result.

Which camp do Soylentils fall into?

Original Submission

AnonTechie writes:

There is an instinct among political pundits to confuse caution for practicality — an assumption that those who advocate for incremental change are being reasonable, while those pushing for bold reforms aren’t. This is seen most starkly in the debate around health care reform, despite the fact that the “practical” pushers of limited reform fail to address the real problems in our health care system.

We all recognize that the status quo isn’t working. We spend more per person than any other country on health care, but we aren’t getting any bang for our buck. We have lower life expectancy, higher infant mortality rates and more preventable deaths, and too many personal bankruptcies are due at least in part to medical bills.

[...]Time to get real. As an economist who has spent decades studying our health care system, I can tell you that Medicare for All advocates are the only ones who are being reasonable, because theirs is the only plan that will control health care costs while finally achieving universal coverage.

The problem with incremental plans, whether they are public options, buy-ins to Medicare or Medicaid, or pumping more money into subsidies in the Affordable Care Act's individual marketplace, is that they preserve the private health insurance system weighing down our health care. [...]they are leaving the main reason for our system’s dysfunction in place: the multipayer, for-profit financing model.

Commercial insurance companies are nothing more than middle men. They add no value to our system, but they do drive up costs with their bloated claims departments, marketing and advertising budgets and executive salaries. We pay for all of these things before a single dollar is spent on the delivery of care.

They also create extra costs for providers who need large administrative staffs to deal with billing systems, accounting for as much as $100,000 per physician.

Any plans short of Medicare for All leaves these costs in place. In other words, they leave hundreds of billions of dollars a year in savings on the table.

[...]Gerald Friedman, a health care and labor economist, is an economics professor at University of Massachusetts Amherst and the director of The Hopbrook Institute.

Medicare For All

[Related]:
Democrats' promise of Medicare for All is remarkably misguided and unrealistic

Trump wants to drop a neutron bomb on Obamacare. Over to you, 2020 voters.

Take it from me, tweaks won't fix health care. Dems should focus on Medicare for All.

Original Submission

shortscreen writes:

A 2018 FAA (Federal Aviation Administration directive advised pilots to handle MCAS (Maneuvering Characteristics Augmentation System) failure by disabling electric control of stabilizer trim using a pair of cutout switches. Pilots would then need to use a hand crank to move the stabilizer back to the desired position. It's noted that previous 737 models had separate switches to disable autopilot and electric stabilizer control, but the 737 MAX lacked this distinction.

Avionics engineer Peter Lemme explains how aerodynamic forces acting on the stabilizer and elevator in a nose-down situation would oppose pilots' attempts to correct the trim using their manual control.

A 1982 Boeing 737-200 Pilot Training Manual acknowledges this possibility, describing a series of maneuvers which can be used to relieve force on the controls and allow incremental correction of trim. However, it's suggested that the Ethiopian Airline plane had already gained too much speed and lost too much altitude for such a maneuver to be possible.

https://www.moonofalabama.org/2019/04/ethiopian-airline-crash-boeing-and-faa-advice-to-737-max-pilots-was-insufficient-and-flawed.html
https://www.satcom.guru/2019/04/stabilizer-trim-loads-and-range.html

Original Submission

takyon writes:

Apple's 'courage' to remove the headphone jack has created a brave new world

It was barely two years ago when we lamented the loss of the headphone jack on the iPhone. The iPhone 7 had just arrived with a gorgeous jet black color, a solid-state home button, and a dongle in place of the 3.5mm headphone jack. At the iPhone 7 introduction, Apple VP Phil Schiller talked about having the "courage" to make the change, to leave the headphone jack behind.

At the time it was kind of cringe-worthy. Rather than try to convince the audience of the benefits of wireless charging or the annoyances of wired earphones, Schiller basically told the audience that they might not understand now, but one day they will. You could hear the snickers in the auidence when he said that removing the headphone jack required the "courage to move on and do something new that betters all of us." It sounded ridiculous. All we could see was the inconvenience ahead.

But you know what? He was right.

It might have sounded like the reality distortion field on steroids, but Apple's decision to remove the headphone jack from its most popular product wasn't a flippant design whim. It was the start of a new strategy that would bring convenience, simplicity, and downright delight.

The move led to courageous sales of AirPods.

See also: Poll: Looking back now, did Apple exhibit 'courage' in removing the headphone jack from iPhones?

Related: New Moto Z Omits Analog Headphone Jack; Adds Moto Mods
Bring Back the Headphone Jack: Why USB-C Audio Still Doesn't Work
Apple on the Decline

Original Submission

Phoenix666 writes:

NY Times:

Wizards of the Coast, the parent company of Dungeons & Dragons, reported that 8.6 million people played the game in 2017, its biggest year of sales in two decades. That mark was eclipsed in 2018, when D&D sales reportedly grew 30 percent. All of those D&D consumers are snapping up the Fifth Edition, a new rule set released in 2014 that emphasizes a flexible approach to combat and decision-making. New players don’t need to learn as many arcane rules to get started, and sales of D&D starter kits skyrocketed.

Adding to the newfound popularity are thousands of D&D games broadcast on YouTube and the live-stream service Twitch. “Critical Role,” a popular livestream and podcast, features actors playing the game.

[...]What makes D & D[sic] different is that we can never forget about the human beings behind the avatars. When a member of my group makes a bad choice, I can’t look into his face and shout insults the way I would if we were playing online. He’s a person, and my friend, even if he also inexplicably decided to open an obviously booby-trapped trunk, get a faceful of poison and use up my last remaining healing spell.

My 50th-level Magic-User Ferrick the Magnificent scoffs at these neophytes...

Original Submission

takyon writes:

More jails replace in-person visits with awful video chat products

After April 15, inmates at the Adult Detention Center in Lowndes County, Mississippi will no longer be allowed to visit with family members face to face. Newton County, Missouri, implemented an in-person visitor ban last month. The Allen County Jail in Indiana phased out in-person visits earlier this year.

All three changes are part of a nationwide trend toward "video visitation" services. Instead of seeing their loved ones face to face, inmates are increasingly limited to talking to them through video terminals. Most jails give family members a choice between using video terminals at the jail—which are free—or paying fees to make calls from home using a PC or mobile device.

Even some advocates of the change admit that it has downsides for inmates and their families. Ryan Rickert, jail administrator at the Lowndes County Adult Detention Center, acknowledged to The Commercial Dispatch that inmates were disappointed they wouldn't get to see family members anymore. Advocates of this approach point to an upside for families: they can now make video calls to loved ones from home instead of having to physically travel to the jail.

These services are ludicrously expensive. Video calls cost 40¢ per minute in Newton County, 50¢ per minute in Lowndes County, and $10 per call in Allen County. Outside of prison, of course, video calls on Skype or FaceTime are free.

A previous story on Ars Technica noted "grainy and jerky" video quality that periodically froze up altogether.

Related: Company That Handles Prison Phone Calls is Surveilling People Who Aren't in Prison

Original Submission

Phoenix666 writes:

Phys.org:

A team of engineers at Tufts University has developed a series of 3-D printed metamaterials with unique microwave or optical properties that go beyond what is possible using conventional optical or electronic materials. The fabrication methods developed by the researchers demonstrate the potential, both present and future, of 3-D printing to expand the range of geometric designs and material composites that lead to devices with novel optical properties. In one case, the researchers drew inspiration from the compound eye of a moth to create a hemispherical device that can absorb electromagnetic signals from any direction at selected wavelengths.

Science can now fabricate artificial fly eyes.

Original Submission

Phoenix666 writes:

Bloomberg:

Western Europe’s biggest petroleum producer is falling out of love with oil.

To the dismay of the nation’s powerful oil industry and its worker unions, the opposition Labor Party over the weekend decided to withdraw its support for oil exploration offshore the sensitive Lofoten islands in Norway’s Arctic, creating a solid majority in parliament to keep the area off limits for drilling.

The dramatic shift by Norway’s biggest party is a significant blow to the support the oil industry has enjoyed, and could signal that the Scandinavian nation is coming closer to the end of an era that made it one of the world’s most affluent.

How will Norway pay for its social safety network without oil revenues?

Original Submission

An Anonymous Coward writes:

For April Fools' Day 2019, McDonald's offered up a tantalizing treat for pickle lovers with its McPickle Burger. Sadly, for lovers of pickles, it was all a sham to put one over the public on the first day of April. In response, a staunch pickle-holic decided to take them at their word successfully ordering the nonexistent April Fools' pickle burger. A McDonald's staff member recognized the request from seeing the prank posted earlier that day and helped the man in getting his dream burger. The burger was eaten "reasonably quickly" to the horror and astonishment of onlookers, but the man won't be having another any time soon.

Well done, Sir.

Original Submission

takyon writes:

Microsoft Announces PowerShell 7

Microsoft has just announced PowerShell 7, a new major release that comes only a few days after the company originally introduced version 6.2

And while it naturally makes more sense for the company to roll out PowerShell 6.3 rather than a whole new version 7.0, the company explains in a blog post that it's all as part of the efforts to align the versions of all platforms.

Steve Lee, Principal Software Engineer Manager, PowerShell, explains that Microsoft noticed a growing usage pattern on Linux, but not on Windows.

"Windows usage has not been growing as significantly, surprising given that PowerShell was popularized on the Windows platform," Lee explains. [...] The next version of PowerShell will thus be available on Windows, Linux, and macOS, and the company explains it'll be available with LTS (Long Term Servicing) and non-LTS plans.

Also at ZDNet.

Previously: MS Releases Powershell SDC - to Manage Config for.... Linux
Powershell for Linux
Your wget (and curl) is Broken and Should DIE, GitHubbers Tell Microsoft

Original Submission