SoylentNews

Arthur T Knackerbracket has found the following story:

Before being colonised by the Vikings, Iceland was lush with forests but the fearsome warriors razed everything to the ground and the nation is now struggling to reforest the island.

The country is considered the least forested in Europe; indeed, forests in Iceland are so rare, or their trees so young, that people often joke that those lost in the woods only need to stand up to find their way.

However, it wasn't always that way.

When seafaring Vikings set off from Norway and conquered the uninhabited North Atlantic island at the end of the ninth century, forests, made up mostly of birch trees, covered more than a quarter of the island.

Within a century, the settlers had cut down 97 percent of the original forests to serve as building material for houses and to make way for grazing pastures.

The forests' recovery has been made all the more difficult by the active volcanoes, which periodically cover the soil with lava and ashes.

According to a report published in 2015 by the United Nations Food and Agriculture Organization (FAO), forests now only cover 0.5 percent of the island's surface.

The lack of trees means there isn't any vegetation to protect the soil from eroding and to store water, leading to extensive desertification despite the country's far northern location.

[...]Reforestation efforts since the 1950s and especially the 1990s have helped the rocky landscape regain some of the greenery and efforts are ongoing.

MrPlow writes:

Submitted via IRC for SoyCow1984

Have your tax returns, Nest videos, and medical info been made public?

When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people's browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head.

DataSpii begins with browser extensions—available mostly for Chrome but in more limited cases for Firefox as well—that, by Google's account, had as many as 4.1 million users. These extensions collected the URLs, webpage titles, and in some cases the embedded hyperlinks of every page that the browser user visited. Most of these collected Web histories were then published by a fee-based service called Nacho Analytics, which markets itself as "God mode for the Internet" and uses the tag line "See Anyone's Analytics Account."

[...] According to the researcher who discovered and extensively documented the problem, this non-stop flow of sensitive data over the past seven months has resulted in the publication of links to:

• Home and business surveillance videos hosted on Nest and other security services
• Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive, Intuit.com, and other online services
• Vehicle identification numbers of recently bought automobiles, along with the names and addresses of the buyers
• Patient names, the doctors they visited, and other details listed by DrChrono, a patient care cloud platform that contracts with medical services
• Travel itineraries hosted on Priceline, Booking.com, and airline websites
• Facebook Messenger attachments and Facebook photos, even when the photos were set to be private.

Original Submission

upstart writes:

Submitted via IRC for AnonymousLuser

There's a big problem with Facebook's Libra cryptocurrency

Since Libra's unveiling, the project has gotten a chilly reception from some policymakers. On Wednesday, Federal Reserve Chairman Jerome Powell signaled skepticism about Facebook's plans for Libra.

"I don't think that the project can go forward ... without there being broad satisfaction with the way the company has addressed money laundering, all of those things," Powell said in testimony before the House Financial Services Committee. He added that the project raised "serious concerns" for regulators.

According to The New York Times, even some of Facebook's official partners are lukewarm on the project. Partners are slated to contribute $10 million each to help fund the launch of the network. But the Times' Nathanial Popper reported in late June that "no money has changed hands so far," and he noted that some of the companies who agreed to lend their names to the project avoided making strong public statements in support of it.

That reflects significant uncertainty about how Libra will actually work—and if it's even possible to launch a network like this within the bounds of the law. Facebook is trying to build a payment system that combines the best characteristics of blockchain and conventional networks. But the result may wind up just being a contradictory mess that leaves almost everyone dissatisfied.

Libra Cryptocurrency

See Also Facebook is backpedaling from its ambitious vision for Libra

Original Submission

"upstart" writes:

Submitted via IRC for Bytram

A Rust-based TLS library outperformed OpenSSL in almost every category

A tiny and relatively unknown TLS library written in Rust, an up-and-coming programming language, outperformed the industry-standard OpenSSL in almost every major category.

The findings are the result of a recent four-part series of benchmarks [1, 2, 3, 4] carried out by Joseph Birr-Pixton, the developer behind the Rustls library.

The findings showed that Rustls was 10% faster when setting up and negotiating a new server connection, and between 20 and 40% faster when setting up a client connection.

But while handshake speeds for new TLS connections are important, most TLS traffic relies on resuming previously negotiated handshakes. Here, too, Rustls outperformed the aging OpenSSL, being between 10 and 20% in resuming a connection on the server-side, and being between 30 and 70% quicker to resume a client connection.

Furthermore, Rustls also fared better in sheer bulk performance -- or the speed at which data is transferred over the TLS connection. Birr-Pixton said Rustls could send data 15% faster than OpenSSL, and receive it 5% faster as well.

Last, but not least, the Rustls creator also said his library only used half of the memory required to run OpenSSL, a major advantage.

In the past, OpenSSL has been often criticized for its large memory footprint and the large number of security bugs found in its code. Because Rustls was coded in Rust, the issues with security flaws are largely addressed by the design of the Rust language itself, which was designed from the ground-up to avoid memory-related security bugs.

Based on the results of these benchmarks, Rustls appears to have also addressed the issue of performance, making it an ideal replacement for web services that still rely on the old OpenSSL.

Original Submission

martyb writes:

As the week draws to a close, I thought the community would appreciate a little levity to wind things up. This story made me chuckle; hope you find it as ridiculous as I did!

On July 19, cnet reported that 1.7 Million Want to Raid Area 51 to 'See Them Aliens', subtitled -- "They can't stop us all.":

Are UFOs real? Well over a million people have pledged to find out. A Facebook event named Storm Area 51, They Can't Stop All of Us has become an internet sensation. Even though the US Air Force is strongly advising against it, more than 1.7 million people have signed up to attend the Sept. 20 event in the Nevada desert, and an additional 1.3 million are "interested" in attending (read: cowards).

[...] Area 51 is a highly classified zone around 150 miles from Las Vegas, Nevada, a detachment of the famed Edwards Air Force Base. No one really knows what the base is used for, though it's speculated to be a location for aircraft development, and as such Area 51 has become synonymous with alien conspiracies. The most popular ones involve alien spaceships or aliens themselves, all allegedly housed within the classified zone.

upstart writes:

Submitted via IRC for Bytram

Dropbox silently installs new file manager app on users' systems [Updated]

Update 4:06pm ET: Dropbox says this was a mistake. "We recently announced a new desktop app experience that is now currently available in Early Access. Due to an error, some users were accidentally exposed to the new app for a short period of time. The issue has been resolved, though there might be a short lag for some users to see resolution. We apologize for any inconvenience this has caused."

Original Post: Hey Dropbox users, how has Dropbox been for you lately? Major changes are coming to the Dropbox desktop app. The company announced its "New Desktop Experience" in June, and previously it was opt-in. Recently, though, a number of users on Twitter and at the Ars Orbiting HQ have reported silently being "upgraded" to this radically different version of Dropbox.

This new version of Dropbox wants to be... a file manager? Instead of the minimal sync app, the Dropbox icon now opens a big, multi-panel, blue and white window showing all your Dropbox files. It kind of looks like Slack, if Slack was a file manager. You can now "star" folders as important so they show up in the left panel (again, like a Slack chat room). The middle panel shows your Dropbox files, and the right panel shows a file preview with options for comments and sharing. You can search for files, sort by name or date, and do all the usual file operations like cut, copy, and paste. It's a file manager.

A big part of the appeal of Dropbox is (was?) that it's a dead-simple product: it's a folder, in the cloud! Put your stuff in the folder, and it seamlessly gets backed up and synced to all your other computers. Part of using Dropbox means installing the sync app to your computer, and to keep everything fresh and up to date, Dropbox has the ability to silently update this app from time to time. Using this mechanism to silently install a bigger, more bloated, completely different version of the Dropbox app onto people's computers seems... wrong, especially with no notice whatsoever. Updates are one thing, but manyusers (your author included) feel like there was a lack of consent here.

Dropbox's direction and attitude have been clear for a while now:

They don't see this as MY computer.

It's THEIR computer, and they're doing whatever they need to boost whatever initiative or growth targets they're trying to maximize this month.

I'm just along for the ride.

— Marco Arment (@marcoarment) July 17, 2019

Original Submission

martyb writes:

SpaceX Falcon 9 Will Blast off for the ISS in July:

SpaceX's Falcon 9 static fire test has been completed, with the spacecraft eyeing a July 24 launch for a resupply mission to the International Space Station (ISS). The Dragon had previously visited the ISS in April 2015 and December 2017 for resupply missions.

"Space Dragon flies thrice," Elon Musk tweeted Friday afternoon, adding in response to another tweet that the Texas and Florida Starship prototypes will fly in two to three months.

According to SpaceFlightNow's Launch Schedule:

NET[*] July 24   Falcon 9 • SpaceX CRS 18
Launch time: Approx. 2024 GMT (6:24 p.m. EDT)
Launch site: SLC-40, Cape Canaveral Air Force Station, Florida
A SpaceX Falcon 9 rocket will launch the 20th Dragon spacecraft mission on its 18th operational cargo delivery flight to the International Space Station. The flight is being conducted under the Commercial Resupply Services contract with NASA. Delayed from May 7, July 8, July 18, July 21 and July 22. [July 19]

[*] NET: No Earlier Than

Original Submission

Arthur T Knackerbracket has found the following story:

[A] new study suggests that unrestrained deforestation, converting rainforest to agricultural land, could expand the areas at risk of wildfires by more than 70 percent by the end of the century.

[...] It showed that policies such as the construction and paving of new highways, increased deforestation and reducing the effectiveness of protected areas could dramatically increase the risk of wildfires.

Crucially, when coupled with the IPCC´s CMIP5 pessimistic climate change scenario, which projects increased greenhouse gas (GHG) emissions throughout the 21st century, the area with high probability of wildfires could increase by up to 110%.

[...] According to the DETER/INPE deforestation alerts, between July 2018-2019, 5,364 km² of forests—an area the size of the island of Trinidad—were cleared, and another 4,405 km² were affected forest fires.

[...] Conservation units and indigenous lands may not be safe. The results from the model indicate that more than 1 million km² within indigenous lands or protected areas would be subject to an increased likelihood of occurrence of wildfires, threatening both ecosystems and human populations in these areas.

The adoption of measures aimed at reducing deforestation and GHG emissions, however, can significantly reduce the probability of wildfires, even with the intensification of droughts in the Amazon by the end of the century.

Original Submission

Arthur T Knackerbracket has found the following story:

Metal-organic frameworks (MOFs) are a special class of sponge-like materials with nano-sized pores. The nanopores lead to record-breaking internal surface areas, up to 7800 m² in a single gram. This feature makes MOFs extremely versatile materials with multiple uses, such as separating petrochemicals and gases, mimicking DNA, hydrogen production and removing heavy metals, fluoride anions, and even gold from water—to name a few.

One of the key features is pore size. MOFs and other porous materials are classified based on the diameter of their pores: MOFs with pores up to 2 nanometers in diameter are called "microporous," and anything above that is called "mesoporous." Most MOFs today are microporous, so they are not useful in applications that require them to capture large molecules or catalyze reactions between them—basically, the molecules don't fit the pores.

So more recently, mesoporous MOFs have come into play, because they show a lot of promise in large-molecule applications. Still, they aren't problem-free: When the major focus in the field is finding innovative ways to maximize MOF surface areas and pore sizes, addressing the collapsing problem is top priority.

[...] After adding the polymer to the MOFs, their high surface areas and crystallinity were maintained even after heating the MOFs at 150°C—temperatures that would previously be unreachable due to pore collapse. This new stability provides access to many more open metal coordination sites, which also increases the reactivity of the MOFs.

Original Submission

aristarchus writes:

Story at CNN:

The first footsteps on the moon belonged to two men, but they may never have made it there if not for Margaret Hamilton.

The software engineer developed the onboard computer programs that powered NASA's Apollo missions, including the 1969 moon landing.

So, it's only fitting that in honor of the 50th anniversary of the Apollo 11 mission, a portrait of the bespectacled pioneer reflected the light of the moon.

Not just Hidden Figures? Click on the full article to see the display.

Hamilton effectively invented the term "software engineer" with her work developing the Apollo guidance computer, the lifeline for astronauts that controlled the spacecraft, Google said in announcing the artistic honor.

She regularly brought her young daughter, Lauren, to work with her on weekends, according to the search giant. Lauren played in the simulator that her mother built to test in-flight programs and inadvertently led Hamilton to rethink her strategy.

Lauren once crashed the simulator, ending the mission prematurely by hitting a button while the craft was in flight.

So, Hamilton programmed backstops to prevent an astronaut from doing the same midflight, a mistake that would yield far more dire consequences in space, Google says.

"There was no second chance. We knew that," Hamilton wrote in 2009 for MIT. "We had to find a way and we did."

Whatever you do, do not push the big red button, M'kay?

See also: These 6 Accidents Nearly Derailed Apollo 11's Mission to the Moon
How to celebrate the 50th anniversary of the Moon landing

Original Submission   Alternate Submission #1   Alternate Submission #2

Arthur T Knackerbracket has found the following story:

Galaxies come in many shapes and sizes. One of the key galaxy types we see in the universe is the spiral galaxy, as demonstrated in an especially beautiful way by the subject of this Hubble Space Telescope image, NGC 2985. NGC 2985 lies over 70 million light-years from the solar system in the constellation of Ursa Major (the Great Bear).

The intricate, near-perfect symmetry on display here reveals the incredible complexity of NGC 2985. Multiple tightly wound spiral arms widen as they whirl outward from the galaxy's bright core, slowly fading and dissipating until these majestic structures disappear into the emptiness of intergalactic space, bringing a beautiful end to their starry splendor.

[...] The image (1.7MB) can be found here.

Original Submission

takyon writes:

Ex-NSA Contractor Who Stole Top Secret Documents Is Sentenced To 9 Years In Prison

A former National Security Agency contractor who pleaded guilty to stealing vast troves of classified material over the course of two decades has been sentenced to nine years in prison.

Harold Martin III, 54, apologized before U.S. District Judge Richard Bennett handed down the sentence on Friday.

"My methods were wrong, illegal and highly questionable," Martin told the court in Baltimore, according to The Associated Press.

Earlier this year, he pleaded guilty to "willful retention of national defense information," a crime that carries a punishment of anywhere from no jail time to a maximum prison sentence of 10 years. His plea agreement called for a sentence of nine years in prison.

Previously: NSA Contractor Harold Martin III Arrested
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
Former NSA Contractor Harold Martin Indicted

Original Submission

Arthur T Knackerbracket has found the following story:

Mission planners at NASA and ESA's Operations Centre (ESOC) have spent months debating the pros and cons of different orbits, and have now decided on the path of the Lunar Gateway.

Like the International Space Station, the Gateway will be a permanent and changeable human outpost. Instead of circling our planet however, it will orbit the moon, acting as a base for astronauts and robots exploring the lunar surface.

Like a mountain refuge, it will also provide shelter and a place to stock up on supplies for astronauts en route to more distant destinations, as well as providing a place to relay communications and a laboratory for scientific research.

Mission analysis teams at ESOC are continuing to work closely with international partners to understand how this choice of orbit affects vital aspects of the mission—including landing, rendezvous with future spacecraft and contingency scenarios needed to keep people and infrastructure safe.

The Gateway, it has recently been decided, will follow a near-rectilinear halo orbit, or NRHO.

Instead of orbiting around the moon in a low lunar orbit like Apollo, the Gateway will follow a highly 'eccentric' path. At is closest, it will pass 3000 km from the lunar surface and at its furthest, 70 000 km. The orbit will actually rotate together with the moon, and as seen from the Earth will appear a little like a lunar halo.

Orbits like this are possible because of the interplay between the Earth and moon's gravitational forces. As the two large bodies dance through space, a smaller object can be 'caught' in a variety of stable or near-stable positions in relation to the orbiting masses, also known as libration or Lagrange points.

Such locations are perfect for planning long-term missions, and to some extent dictate the design of the spacecraft, what it can carry to and from orbit, and how much energy it needs to get—and stay—there.

Original Submission

"upstart" writes for SoyCow7671:

GDPR Shows Its Teeth, Goes After Breached Companies

In 2018, the European Union (EU) General Data Protection Regulation (GDPR) heralded in the most important change in data privacy regulation in 20 years.

[...] EU regulators have long warned that non-compliance with GDPR would result in hefty penalties. Beginning as early as 2018, tech giants Facebook and Google faced scrutiny for a lack of transparency about the data they collect. They were eventually fined €56 million.

But tech companies aren't the only ones in the spotlight. CIO Dive reports that in July 2019, the UK's Information Commissioner's Office announced plans to fine British Airways and Marriott International $230 million and $124 million, respectively, for data breaches reported in 2018.

This action is a huge red flag for all companies. It signifies that GDPR is far more broad reaching than most firms had anticipated.

"The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today's data-driven world," states the regulation. "Under the GDPR, breach notifications are now mandatory in all member states where a data breach is likely to 'result in a risk for the rights and freedoms of individuals.' This must be done within 72 hours of first having become aware of the breach."

The penalties are severe. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million, whichever is greater. In the case of British Airways and Marriott, the fines were stiffer than those incurred by tech companies.

Ironically, the breach doesn't have to come from within to incur the wrath of GDPR enforcers. Marriott was never directly breached. The attack came from an already compromised server inherited during Marriott's 2016 acquisition of the Starwood Hotels group.

Marriott is not alone. Today, 59% of breaches originate with third-party vendors and 53% of acquiring businesses say they've encountered a cybersecurity issue or incident that put an M&A deal in jeopardy.

Original Submission

martyb writes:

Over the years I have viewed many a video on YouTube. I quickly noticed an "ID" string that appeared in each video URL. Here's an example: https://www.youtube.com/watch?v=ShvnDSgjfXw -- see that string "ShvnDSgjfXw"? What characters are permitted? How long is it?

Along the way, I came upon an amazingly useful utility: youtube-dl. I accidentally discovered that it will happily download a YouTube video given just the Video ID. (Don't let the name of the utility mislead you; it seems to work fine with Instagram, Twitter, Sound Cloud... it's amazing!)

Now with my curiosity suitably piqued, I started a genuine search for what the parameters were that defined a valid YouTube Video ID. This question on "Web Applications Stack Exchange" was most helpful. Especially this response.

It appears that the Video ID (and the Channel ID) are modified base64 encodings of 64-bit (and 128-bit) integers. The primary change is that the base64 encoding produces two characters that are verboten in URLs. A generated "/" is replaced with "-" and a generated "+" is replaced with a "_".

There is no official documentation claiming that the ID lengths are guaranteed to always be 11 or 22 characters long, but empirical evidence suggests that is the current, de-facto standard.

There is even mention of " the maximally-constrained regular expression (RegEx) for the videoId" being:

[0-9A-Za-z_-]{10}[048AEIMQUYcgkosw]

Things get even more interesting if you are using Windows. Under NTFS, file names default to be case-preserving, but case-insensitive. Say I create a file called "Foo.txt" and then get a directory listing. Sure enough, I see: "Foo.txt" displayed. The fun comes if I do "DIR foo.txt" or "DIR FOO.TXT" or any other variation... they all find the same file: "Foo.txt"; this is counter to Unix where filenames are case-sensitive and each of those variations would be treated as separate and distinct files. Though it is possible to make an NTFS volume case-sensitive, it is not for the faint of heart!

One could, therefore, reverse-engineer the integer that produced the Video ID and use that in addition (or for the adventuresome: instead of) the Video ID.

The whole discussion was well-worth the read and highly recommended for anyone who would like more information on where it came from and how it came about.

Original Submission