SoylentNews

MrPlow writes:

Submitted via IRC for SoyCow1984

When thousands of people converge on Tokyo for the 2020 Olympic and Paralympic Games, the city's infrastructure will be tested. Toyota is getting into the mix to handle some of the ways people will get around the city and the Olympics venue.

Toyota unveiled Thursday a new product called APM, or Accessible People Mover, which is designed for the Olympics and Paralympic Games.

The aim, according to Toyota, is for this vehicle to provide "mobility for all" and to solve the so-called "last mile" problem. In Toyota's view, that means a vehicle that can transport as many people as possible, including elderly, pregnant women, families with young children and people with disabilities.

Toyota will deploy 200 of these vehicles, which will operate in and around the event. There will be two models — basic and relief — in the fleet. The basic version is a low-speed short-distance battery electric vehicle that will be used to transport visitors and staff within the Olympic grounds. Each vehicle will hold six people, including the driver. When used for passengers in wheelchairs, the configuration can be modified by folding the seats to allow the wheelchair rider in the second row.

The "relief" model will be used for emergencies. The rows can be moved to provide space for a stretcher and two relief stretchers.

Source: https://techcrunch.com/2019/07/18/this-is-one-way-toyota-plans-to-shuttle-people-around-during-the-2020-olympics/

Original Submission

upstart writes:

Submitted via IRC for Bytram

DOJ to approve T-Mobile/Sprint merger despite 13 states trying to block it

The Justice Department plans to approve the T-Mobile/Sprint merger as part of a settlement involving the sale of spectrum licenses, wholesale access, and a prepaid wireless business to Dish Network, The Wall Street Journal reported today.

"The companies have spent weeks negotiating with antitrust enforcers and each other over the sale of assets to Dish to satisfy concerns that the more than $26 billion merger of the No. 3 and No. 4 wireless carriers by subscribers would hurt competition," the Journal wrote, citing people familiar with the matter.

As a result of those negotiations, the DOJ is "poised to approve" the merger and could announce a settlement with T-Mobile and Sprint "as soon as this week, but the timing remains uncertain," the Journal wrote.

Even if the DOJ approves the merger, T-Mobile and Sprint will still have to defend it in court because of a lawsuit filed against them by 13 states and the District of Columbia.

Would you rather they each fail and get gobbled up by AT&T and Verizon, or join forces to have a chance to compete against them... and join in a battle against the the consumer?

Original Submission

upstart writes for SoyCow7671:

Malware that hides in EXIF headers of images was reported by Sucuri a few years ago and has been known for some time, so it’s not new, but we are seeing new ways of implementation. For example, a Cisco Umbrella user reported receiving a seemingly legitimate email which contained a URL to an image, that looked something like:  maliciousexample.com/agagag/3egdha.jpg

When we get samples from our customers, the analysis is pretty straight forward. We closely review the document, any linked URLs or PDFs, and inspect the resources for malicious components such as macros for word documents, or web page content and domain names for phishing campaigns. In the case of the email pointing to a single .JPG, that analysis breaks down a little since it doesn’t appear suspicious right off the bat. We may review the headers of the email or the domain of the link trying to identify what is malicious, but we ordinarily don’t assume that the .JPG itself is the vector for malware.

[...] We began to analyze the file manually through Notepad++ and found some interesting data that shouldn’t be in the file: data that looks like it might be javascript eval statements[.]

Now we’re onto something! .JPG files commonly have metadata to go along with the images, textual information that can include the name of the photo or photographer, where it was taken, the time and date that the image was made, and many other snippets of useful data. Extracting the metadata of an image is easy, and in this case, it turns out to be exactly what we’re looking for[.]

Look at the strange “Make” and “Model” values. The “Make” has a value of  “/.*/e” and the “Model” is an eval function! It evaluates the decoded base64 string that is present. This is a big clue as to how this malware functions. If you don’t know by now, it’s very rarely a good idea for programs to evaluate a decoded base64 string.

[...] This is the last piece of the puzzle for us. Putting the pieces together, we can deduce the following: The malware works in stages. The first stage of the malware comes from the domain that was infected and compromised. The second stage is the search and replace function hidden in EXIF headers in the .JPG file.

[...] The key aspect here is that the code does not look malicious at all. Instead, it looks like more of a search and replace function, which is why the sandbox environments may not have detected them as malicious. Searching and replacing by itself isn’t something that would be flagged. Additionally, the attacker needs to send a proper POST request, replacing the variable “zz” with malicious instructions.

[Click through to the OpenDNS Umbrella Blog for screenshots and more reading.]

Original Submission

Chocolate writes:

Recently, news of subscriber numbers dropping triggered a lawsuit against Netflix, Disney announced their own channel, and content providers are clawing back their IP ("Imaginary Property"), and generally it was all looking bad for Netfix and Friends. Talk of how splintered the streaming market is becoming and how long Netflix can last in the foreseeable bleak future has dominated the discussion. Good news, everyone: Netflix has confirmed a deal to integrate with Foxtel Australia to allow Foxtel subscribers access to the Netflix catalogue.

This is a huge step forward in healing the fractured market in Australia and importantly cementing Netflix's dominant position in the streaming space. Foxtel has been fighting a losing battle to Netflix as it shed 100,000 subscribers in their last financial quarter while its debt builds. This deal is meant to be a lifeline for Foxtel but it may end up being the boost Netflix needs to encourage other streaming competitors to join rather than fight.

Original Submission

takyon writes:

Alleged critical VLC flaw is nothing to worry about -- and is nothing to do with VLC

There has been a degree of confusion over the last few days after news spread of a supposed vulnerability in the media player VLC. Despite being labelled by security experts as "critical", VLC's developers, VideoLAN, denied there was a problem at all.

And they were right. While there is a vulnerability, it was in a third-party library, not VLC itself. On top of this, it is nowhere near as severe as first suggested. Oh -- and it was fixed over a year ago. An older version of Ubuntu Linux was to blame for the confusion.

The problem actually exists in a third-party library called libebml, and the issue was addressed some time ago. The upshot is that if you have updated VLC within the last year, there is no risk whatsoever. VLC's developers are understandably upset at the suggestion that their software was insecure.

Also at Tom's Hardware, Boing Boing, and The Register.

Original Submission

An Anonymous Coward writes:

A combination of an increase in construction and chilly weather has increased the amount of vermin in and around Sydney, Australia. There's no use trying to ask them nicely to leave, they are here to stay. Now the council is stepping up to deal with the problem head on by doubling down on control measures and engaging residents and businesses to help push down the infesting population. This problem is not new with Sydney dealing with this type of problem year in year out. Businesses are advised to take care how they dispose of food and residents should take precautions to ensure unwanted pests don't bed down with them in hidden places.

Good advice.

Original Submission

upstart writes:

Submitted via IRC for Bytram

Don't press the red b-... Windows Insiders' rings hit by surprise Microsoft emission

Someone at Microsoft has accidentally parked a buttock on the big red button, emitting a surprise build of next year's Windows 10 to Insiders.

We saw the build, 18947, turn up over lunch where we didn't expect it and a glance at social media indicated that we weren't the only ones choking on a burrito in surprise.

Build 18947 is a 20H1 version of Windows 10, due to appear in the first half of 2020. The last "official" release of the preview code was 18941, which was so breathtakingly dull that the Windows team clearly thought it was time to spice things up by a surprise dumping onto the disks of Windows Insiders.

And, to be clear, it is only Windows Insiders that are affected.

The alarming aspect is that this build appears to be slithering its way onto a substantial proportion of Windows Insider PCs, regardless of the testing ring. Fast Ring users, who live life on the edge, expect to receive 20H1 code while Slow Ring users are currently testing 19H2. Release Preview Ring users are supposed to be on 19H1 (the May 2019 Update) for early access to fixes and patches.

Now, in an impressive levelling of the playing field, Microsoft has decided to offer 20H1 to all Windows Insider rings.

[Editor's Note: After this story was prepared for release but before it hit the front page, we received another submission explaining how the mistake occurred. Read on for more...]

Original Submission

takyon writes:

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world.

While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, emails, files, and calls. No ifs, no buts.

And while this will likely weaken secure data storage and communications – by introducing backdoors that hackers and spies, as well as the cops and FBI, can potentially leverage to snoop on folks – it will be a price worth paying. And, after all, what do you really need that encryption for? Your email and selfies?

"We are not talking about protecting the nation's nuclear launch codes," Barr told the International Conference on Cyber Security at Fordham University. "Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications. There have been enough dogmatic pronouncements that lawful access simply cannot be done. It can be, and it must be."

Related: DOJ: Strong Encryption That We Don't Have Access to is "Unreasonable"
FBI Director Calls Encryption a "Major Public Safety Issue"
FBI Director: Without Compromise on Encryption, Legislation May be the 'Remedy'
Five Eyes Governments Get Even Tougher on Encryption
Australia Set to Pass Controversial Encryption Law
FBI: End-to-End Encryption Problem "Infects" Law Enforcement and Intelligence Community

Original Submission

RandomFactor writes:

A paper published this month in the journal Ecology and Society by a University of Washington lead team of researchers investigates the motivations of people who join and remain active in citizen science projects; the results may help future citizen science projects better engage and motivate volunteers.

Previous research led by the UW has shown that people who join online-based citizen science projects generally try it just once, and fewer than 1 in 10 remain active past one year. The rates for hands-on, in-person efforts are much higher: COASST, for example, has 54% of participants still active one year after joining.

The 'Coastal Observation and Seabird Survey Team' (COASST) trains beachgoers to monitor for dead birds in their travels.

But what separates those who stay from those who go? Years of responses to surveys from the COASST team's recruitment and engagement efforts provide a unique window on citizen science.

The study provides several insights for organizers of hands-on citizen science efforts:

- Long-term participants tend to be motivated by a project's mission and goals, and successful programs communicate scientific findings back to participants so that they can see their individual contribution as part of the big picture of project results.
- Experienced participants focus on where they conduct their project activities, indicating that sense of place is important to volunteers.
- Both new and long-term participants focused on their social interactions as a central part of project activities, suggesting that successful hands-on, citizen science combines high-quality scientific activity with building and maintaining social relationships.

Maybe it is time to set up that client.

Papers
Julia K. Parrish, Timothy Jones, Hillary K. Burgess, Yurong He, Lucy Fortson, and Darlene Cavalier. PNAS February 5, 2019 116 (6) 1894-1901; first published February 4, 2019 (DOI: 10.1073/pnas.1807186115)

He, Y., J. K. Parrish, S. Rowe, and T. Jones. 2019. Evolving interest and sense of self in an environmental citizen science program. Ecology and Society 24(2):33. (DOI: 10.5751/ES-10956-240233)

Original Submission

Arthur T Knackerbracket has found the following story:

Homeowners who rely on private wells as their drinking water source can be vulnerable to bacteria, nitrates, and other contaminants that have known human health risks. Because they are not connected to a public drinking water supply, the homeowners are responsible for ensuring that their own drinking water is safe.

Similar to concerns that public drinking water treatment plants face, groundwater wells may be impacted by another group of contaminants—and they might be part of your daily use!

Ingredients in personal care items, over-the-counter and drink products are introduced into domestic wastewater streams and can persist through treatment technologies. "This causes trace-levels of these chemicals to be found in the environment," says Heather Gall. "Recently developed analytical technologies are now advanced enough for us to detect these compounds in water at increasingly low levels." Gall is an assistant professor at Pennsylvania State University who studies contaminants of emerging concern in surface and groundwater.

A fully-functioning septic system releases the effluent slowly into a septic field. The soil, roots, and soil microbes biodegrade pollutants in the water before it gets back into groundwater. However, in the U.S., 10-20% of septic tanks function poorly. This can increase the chance of these contaminants getting to groundwater, especially those that biodegrade slowly in the environment. After that, they can enter a downgradient household's well water.

upstart writes:

Submitted via IRC for Bytram

Too hot to handle? Raspberry Pi 4 fans left wondering if kit should come with a heatsink

Some early adopters of the Raspberry Pi 4, released on 24 June, are running into heat issues, especially with the official Pi 4 case making no provision for a heatsink or fan.

The Raspberry Pi 4 has a 1.5GHz quad-core 64-bit Arm Cortex-A72 CPU, for approximately three times the performance of the previous model. That inevitably generates more heat.

The Pi does not have a heatsink, but uses what the company calls "heat-spreading technology" to use the entire board as a kind of heatsink. This worked fine for the Pi 3, but the official FAQ for Pi 4 notes:

The Raspberry Pi 4 Model B uses the same heat-spreading technology but due to the much more powerful CPU cores is capable of higher peak power consumption than a Model 3B+. Under a continuously heavy processor workload, the Model 4B is more likely to throttle than a Model 3B+.

You can add a heatsink if you wish, and this may prevent thermal throttling by keeping the chips below the throttling temperature.

When the Pi 4 heats up beyond 80°C (176°F), the CPU is throttled to reduce the temperature and a half-full red thermometer appears on the display, if one is connected. If the temperature goes up beyond 85, the GPU, which now supports dual monitors and 4K resolution, will be throttled as well.

It is no surprise that the Pi 4 gets hotter than its predecessor, it is marketed as a viable general-purpose PC, after all.

There is an issue though: if it frequently overheats in normal use, users are not getting full performance. Longevity of the components may also be affected. We advised in our original review that "things got quite warm" when using the Pi for a few days.

Original Submission

c0lo writes:

The Trump Administration Protested when Kenya Halted Construction of a Coal-Fired Power Plant:

When the Kenyan government had second thoughts about allowing the country's first coal-fired power plant, the Trump Administration's representative in the country protested.

U.S. Ambassador Kyle McCarter, a Trump appointee who previously served as a Republican state senator in Illinois, went on Twitter to argue in a string of tweets that coal is environmentally sound, that the plant would boost the country's economy and that a critical analysis of the plant from a clean energy think tank amounted only to the work of "highly paid protestors."

"Coal is the cleanest, least costly option," U.S. Ambassador Kyle McCarter wrote from his official Twitter last week. "Investors will come."

[...] McCarter['s] Twitter comments began on June 25, after Kenya's National Environmental Tribunal's announced that it would halt construction of the Lamu coal-fired power plant, which would have been the first such power plant in the country. The court said the project's planners had failed to engage the local community and argued that the environmental review conducted ahead of the project did not adequately address several environmental issues including the country's commitment to fighting climate change. The project could still be revived if a new environmental assessment adequately addresses the concerns laid out in the decision.

[...] The U.S. recently launched a program promoting investment in the region, intended to serve as a geopolitical counterweight to China's growing influence, and McCarter seemed to suggest that a coal-fired new power plant would advance U.S. investment. Still, on its face, the project raises questions about how it would serve U.S. interests over China's given that it is financed by China and would be built by Chinese developers.

In a contrast to McCarter's remarks, the Chinese ambassador to Kenya met with opponents of the coal-fired power plant on June 28 and told them that he supported the will of "the people of Kenya" to "decide whether there would be a coal power plant or not," according to a statement from activists.

Also on:
Associated Press, Guardian, Institute for Energy Economics and Financial Analysis

Original Submission

An Anonymous Coward writes:

The growing threat from "extreme right-wing" terrorism will be included in official threat-level warnings for the first time, the home secretary has announced.

Until now, the alerts – which tell the public if the risk is low, substantial or critical – have taken into account the threat of attack from Islamists only.

The change follows growing recognition of the rising threat from the far right, since the murder of 50 Muslims in Christchurch, New Zealand, in March.

https://www.independent.co.uk/news/uk/politics/far-right-terror-warning-uk-islamist-security-threat-attack-a9017296.html

Original Submission

An Anonymous Coward writes:

https://www.rollingstone.com/movies/movie-news/rutger-hauer-blade-runner-dead-obituary-863023/

At the end of the film, a dying Batty delivers the famed “tears in rain” monologue, a speech Hauer partly wrote himself. In his autobiography, All Those Moments: Stories of Heroes, Villains, Replicants, and Blade Runners, Hauer recalled that he “wasn’t that happy” with the original page-long monologue that Blade Runner director Ridley Scott had originally planned. So the actor took it upon himself to cut 30 lines from the speech and keep the two he felt were the most poetic. Then he added the most famous line himself, “All those moments will be lost in time, like tears in rain.”

Original Submission

DannyB writes:

FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations
July 24, 20198:30 AM ET

Facebook CEO Mark Zuckerberg will have to personally answer to federal regulators under an agreement to settle a privacy case with the Federal Trade Commission that includes a $5 billion penalty for the giant social media company, the agency announced Wednesday. Separately, Facebook will pay $100 million to settle a case with the Securities and Exchange Commission for making misleading disclosures about the risk that users' data would be misused, the SEC said.

Under the FTC agreement, Zuckerberg will be required to submit quarterly compliance reports directly to the federal regulators and to Facebook's board of directors. If the Facebook co-founder or "designated compliance officers" violate the agreement, they could be subject to civil and criminal penalties, the FTC said.

"There's no way that the CEO can bury his head in the sand," James Kohm, head of the FTC's enforcement unit, told NPR. "There's no ostrich defense."

According to FTC investigators, Facebook violated the terms of its 2011 settlement with the agency, in which it promised to protect user data from broad sharing with third-party apps. The company also committed new violations, they said.

[. . . .] the company solicited phone numbers, saying they were being collected to verify users' identity if a password needed to be reset. Millions of people trusted the company, and then Facebook took those phone numbers and used them not just for security, but also for advertising purposes, the FTC said.

[. . . .] the company conducted facial recognition tracking on 60 million users without proper consent. Facebook must notify users who were affected and offer to delete the data collected.

Original Submission