SoylentNews

upstart writes:

Submitted via IRC for soylent_yellow

New York Supreme Court dismisses Uber's challenge to vehicle caps

Uber's bid to overturn New York City's ride-hailing caps didn't last long --New York's Supreme Court has dismissed the company's request to annul the cap law implemented in August 2018. The court rejected Uber's claim that NYC had overstepped its bounds. There have been far less specific delegations of power that have passed muster before, according to the Supreme Court. It also rebuffed Uber's assertion that other laws preempted the caps.

Uber told Engadget it was "disappointed" with the outcome, claiming that it "punishes" drivers who are obligated to rent cars. In the past, it has argued that the caps would hurt outer boroughs (with less access to mass transit) and wouldn't fix NYC's problems with traffic congestion.

Original Submission

aristarchus writes:

[Editor's Note: This is a little different from our usual offerings, but if you have 10 minutes to spare, it is an interesting read. It explains how users of Limewire - a file sharing program popular 20 or so years ago - were unintionally leaking personal and private data which gave one person an idea that just grew and grew.]

Long, interesting story on cyber-security, in The New Yorker magazine.

Before Robert Boback got into the field of cybersecurity, he was a practicing chiropractor in the town of Sewickley, Pennsylvania, twelve miles northwest of Pittsburgh. He was also selling used cars on eBay and flipping houses purchased at police auctions. The decision to branch out into computers came in 2003, after he watched a "60 Minutes" report by Lesley Stahl about pirated movies. For years, while digital piracy was devastating the music industry, Hollywood had largely been spared; limitations on bandwidth curtailed the online trade in movies. But this was changing, Stahl noted: "The people running America's movie studios know that if they don't do something, fast, they could be in the same boat as the record companies.

The story gets more interesting. Bob visits Langley.

Inside, the head of the Directorate of Science and Technology was joined by an official representing In-Q-Tel, a corporation that the C.I.A. had set up to fund new technologies. (The "Q" refers to the technician in James Bond films.) A follow-up call from one of the participants led to more trips to D.C., and suddenly Boback and Hopkins were journeying through the shadow world of the post-9/11 national-security establishment.

And, file-sharing detection as a service.

Tiversa's prominent supporters quickly helped Boback assemble an impressive client list: Capital One, Lehman Brothers, Goldman Sachs, American Express. The companies were paying for a monthly monitoring service, in which Tiversa scanned for breached corporate information, or the personal data of top executives. By this time, EagleVision X1 could access more than a million users, and its capabilities were expanding. Because peer-to-peer networks were constantly in flux, as people turned their computers on and off,
Hopkins had designed a stable repository for the system, which became known as the Data Store. EagleVision X1, programmed with search terms that were set for clients (for instance, "Lloyd Blankfein," for Goldman Sachs), would scour the networks, then deposit what it found in the Data Store. Each file was labelled to indicate when it was downloaded and what I.P. address it came from, so that its behavior could be tracked—if it remained in the same location, or if it was being shared, or if it suddenly vanished.

What happens to this respository is one of the interesting, and unanswered, questions in the article. Suffice it to say, it does not end well, to get people to buy data security services, sometimes you have to scare them by stealing or faking a theft of their data. Interesting read.

Original Submission

Submitted via IRC for soylent_yellow

Woman Found Dead With A Python Around Her Neck in House Full of 140 Snakes

In a residence purportedly housing 140 other snakes, an Indiana woman was found dead Wednesday evening with an 8-foot-long python hanging around her neck.

According to a report from the Journal & Courier, police are currently investigating the death of Laura Hurst, 36, in Oxford, Indiana, though they have a hunch. “She appears to have been strangled by the snake,” Indiana State Police Sgt. Kim Riley told the Journal & Courier, but that fact remains unconfirmed until results come back from an autopsy scheduled for Friday.

The reticulated python wrapped around Hurst’s neck was apparently one of 20 snakes she kept in the house and visited regularly. It purportedly belongs to Benton County Sheriff Don Munson (Oxford is part of Benton County), a next-door neighbor who was also the first to come across the body. He’d retrofitted the residence into a sort of makeshift snake sanctuary filled with 140 snakes per the J&C report, though exactly how many belong to him remains unclear. According to the report, Munson called Hurst’s death a “tragic accident with loss of human life.”

While captive pythons tend to be less aggressive than their wild counterparts, attacks are still far from uncommon. One study found that at least 16 people in the U.S. have been killed by them between 1978 and 2009. Their sheer size alone can prove challenging for many owners. Reticulated pythons can weigh up to 350 pounds and grow upwards of 20 feet long.

And I just wanted to share this fact because I found it deeply disturbing: Though they usually strangle their prey, there’s been a few rarecases of wild pythons swallowing grown men and women whole. Holy crap.

[H/T Journal & Courier]

Original Submission

martyb writes:

Capital One Fixes Systemwide Outage:

The outage happening on a Friday -- and the first of the month -- makes for some bad timing.

Capital One customers had to wait several hours before they could access their money on Friday. The bank had a massive outage that prevented people from withdrawing or depositing funds.

A tweet from the bank's customer service Twitter account Friday afternoon said the issue affecting its customers in the morning had been resolved. However, some tweeted in response, saying they still couldn't access their direct deposits, or transfer funds.

Friday morning, the Capital One customer service account confirmed the outage after a customer tweeted about being unable to access an account. One apparent customer tweeted that she'd contacted the bank by phone and was told by a representative that it was a systemwide problem.

A company spokesperson said in an email Friday that customers won't be responsible for any late fees associated with this issue.

It's nice that Capital One will not directly charge fees to their customers because of the outage, but what about people who did not have their deposits accepted and saw automated payments bounced? What about the indirect fees their customers incurred as a result?

Previously:
Capital One Target of Massive Data Breach

Original Submission

Arthur T Knackerbracket has found the following story:

The Belgian city of Kortrijk in West Flanders is reportedly using data provided by a mobile phone company to count the number of people present in the town and where they come from.

Even more worryingly, local public-service broadcaster VRT has reported that city officials will try to cross-reference this data with credit and debit card databases.

Kortrijk is a popular tourist destination: between July and August, 799,336 people visited the town, almost 20,000 a day when students, employees and residents are excluded.

According to VRT, the city is paying telco Proximus €40,000 a year for data on how many phones are in each part of the city, presumably using cell location data. Proximus then apparently extrapolates data for the rest of the area while taking into account subscribers to other networks and those without mobile phones. We've asked both Proximus and local city officials for comment.

But the Belgian data protection regulator has told The Register that, contrary to reports, it had not approved the scheme and was examining whether or not it breaks Belgian data protection law.

In an email, a spokesperson said:

We did not approve the tracking of mobile phones in Kortrijk. The Privacy Commission (the predecessor of the Belgian Data Protection Authority) had reacted positively to a similar project in 2016; that was three years ago and was not about this precise case. We have heard concerns from citizens about this project, therefore we will look into it. We cannot comment further at the time because we do not have all the details about the project and the processing.

The data will be collected once every three months and analysed to improve marketing campaigns for tourism and commerce.

Data provided to the city apparently includes the nationality of the subscriber or the province or even municipality within Belgium they come from.

The intention is that city hall will then cross-reference this with data from Visa and debit card companies to see how much people are spending. VRT said the first results show sales days bring in more visitors – 49,000 for Whit Sunday. Of these, 79 per cent of local visitors were from West Flanders, 4.82 per cent came from Hainault, and 1.53 per cent from Antwerp. Of foreign visitors, half were French and 14 per cent Dutch.

Original Submission

Arthur T Knackerbracket has found the following story:

Servers hosting Valve Source Engine and popular games like Fortnite are targeted by a new variant of the Gafgyt botnet.

A new Gafgyt variant is adding vulnerable internet of things (IoT) devices to its botnet arsenal and using them to cripple gaming servers worldwide.

The newly-discovered variant is capable of launching a variety of denial-of-service (DoS) attacks against the Valve Source Engine, a video game engine developed by Valve Corp. that runs popular games such as ​Half-Life and ​Team Fortress 2. Other gaming servers have also been targeted by the botnet, such as those hosting widely-played games such as Fortnite, researchers warn.

“This Gafgyt variant is a competing botnet to the ​JenX botnet, which also uses remote code-execution exploits to gain access and recruit routers into botnets to attack gaming servers – most notably those running the Valve Source Engine – and cause a denial-of-service,” said researchers with Palo Alto Networks’ Unit 42 research team, in analysis released Thursday. “This variant also competes against similar botnets, which we have found are frequently sold on Instagram.”

Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. The newest Gafgyt variant targets two of the same small-office router remote-code-execution flaws as its predecessor, ​JenX, which was disclosed in 2018​.

The two previously-targeted flaws are CVE-2017-17215 (in the Huawei HG532) and CVE-2014-8361 (in the Realtek RTL81XX chipset). However, the newest variant also targets another vulnerability, CVE-2017-18368, a remote command-injection bug on Zyxel P660HN wireless routers. The Zyxel P660HN-T1A (distributed by TrueOnline) has a command-injection vulnerability in the remote system log forwarding function, which can be accessed by an unauthenticated user, researchers said.

According to Shodan, there are more than 32,000 Wi-Fi routers worldwide that are vulnerable to these three flaws.

Original Submission

Arthur T Knackerbracket has found the following story:

A handful of bones, including an 8-inch (20-centimeter) claw found in the 107 million-year-old Eumeralla Formation in Australia, point to the discovery of a new species of carnivorous dinosaur. The rare find has intrigued paleontologists because the bones look almost identical to a previously-discovered species that lived around 10 million years later and thousands of miles further north.

The discovery, published in the Journal of Vertebrate Paleontology, includes two teeth, two claws, an ankle bone and a neck bone belonging to a group of theropod dinosaurs -- those that include beasts like the T. rex -- known as the megaraptorids. The find adds to the hundreds of fossils unearthed at Eric the Red West (ERTW), a site south-west of Melbourne, Australia, but it's particularly exciting because of the resemblance to a species known as Australovenator wintonensis.

"All of these bones, other than the vertebra, can be compared with Australovenator wintonensis and all appear to be very similar," says Stephen Poropat, a paleontologist at Swinburne University and first author on the study.

The striking resemblance presents a conundrum for the researchers because Australovenator wintonensis was discovered in Queensland, a region thousands of miles to the north of ERTW. Those bones were dated to 95 million years ago, which means there's a 10 million-year gap between the two fossil finds.

[...] Perhaps the most impressive find is the striking 8-inch claw. Poropat explains the unique shape -- one that you're probably familiar with if you've ever seen Jurassic Park -- is mostly identical to megaraptorid claws found in other regions, including Megaraptor, a theropod discovered in Argentina with an almost 13-inch claw.

Original Submission

Arthur T Knackerbracket has found the following story:

The North's latest launch follows statements of displeasure over the slow pace of nuclear negotiations with the US.

North Korea fired two projectiles towards its eastern sea on Thursday as nuclear talks between Pyongyang and Washington remain at a deadlock.

South Korea's Joint Chiefs of Staff did not immediately confirm whether the weapons were rockets, artillery or ballistic missiles, or how far they flew.

"We are maintaining readiness and monitoring in case of additional launches," it said in a statement.

Japan's coast guard said the projectiles appeared to be missiles and landed outside Japan's Exclusive Economic Zone (EEZ), which extends 200 nautical miles (370km) from land.

The North's latest launch follows statements of displeasure over the slow pace of nuclear negotiations with the United States and demands the Trump administration ease sanctions on Pyongyang.

Earlier this month, North Korea test-fired an underwater-launched ballistic missile for the first time in three years.

Original Submission

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

Hackers Unlock Any Phone Using Photographed Fingerprints In Just 20 Minutes

According to the Chinese blog Abacus, Tencent's X-Lab team showed how this technique works at the recent GeekPwn 2019 hacking conference in Shanghai. X-Lab's leader Chen Yu asked an audience member to touch a glass and took a photo of the fingerprints.

Yu then ran the photo through an app they have developed in house, which extracts and process the necessary data to clone a physical fingerprint. The team didn't show the physical cloning process, but we can assume that they used a 3D printer like other people have done in the past. He then proceeded to use the cloned fingerprint to open three smartphones that had been registered with the audience member's fingerprint — plus two event registration machines that use fingerprint scanners.

[...] Each of those phones used one of the three existing fingerprint scanning technologies: capacitive, optical. and ultrasonic, like the one in the Samsung Galaxy S10. The latter one is especially worrying, since this technology is supposed to avoid this type of hack by scanning the three-dimensional structure of your fingerprint.

[...] In other words: fingerprint security sucks. And facial identification is not that much better, really. If you are really worried about security, the only thing you can do is probably use a longer password.

Still harder than shoulder-surfing or having no password, right?

takyon writes:

Google buys Fitbit for $2.1 billion

It's official: Google is buying Fitbit. The company announced the move in a blog post this morning, and reports say the deal is worth $2.1 billion.

Google's SVP of hardware, Rick Osterloh, posted an announcement of the acquisition on Google's blog, saying the move was "an opportunity to invest even more in Wear OS as well as introduce Made by Google wearable devices into the market."

This is the second time this year Google has made an acquisition aimed at bolstering Wear OS, having previously purchased an unknown technology from Fossil Group for $40 million.

Holograms.

Previously: Google Acquires Unspecified Smartwatch Technology and Employees From Fossil for $40 Million

Original Submission

aristarchus writes:

In a sort of a reversal of the problem that Clair Patterson had, wherein, as you will recall, his research was contaminated by environmental lead, originating in gasoline additives, researchers attempting delicate studies of very far away phenomena need shielding, namely lead, that is not contaminated by radioactivity.
Fine article available at The Atlantic.

In 2017, Chamkaur Ghag, a physicist at University College London, got an email from a colleague in Spain with a tempting offer. The year before, an emeritus professor at Princeton University, Frank Calaprice, had learned of old Spanish ships that had sunk off the New Jersey coast 400 or 500 years ago, while carrying a cargo of lead. Calaprice obtained a few samples of this lead and sent it off to Spain, where a lab buried within the Pyrenees tested its radioactivity. It was low: just what Aldo Ianni, the then-director of the Canfranc Underground Laboratory, was hoping for. Now that sunken lead was being offered to any physics laboratory willing to pay 20 euros per kilogram—a fairly high price—for it.
        Lead is mined and refined all over the world, but that centuries-old lead, sitting in a shipwreck, has a rare quality. Having sat deep underwater since before the United States of America was born, its natural radioactivity has decayed to a point where it's no longer spitting out particles. For particle physicists, that makes it exceptionally valuable.

Source of radioactive contaminants in lead? Yes, you guessed it!

Take steel: It's an excellent shield from intruding vagabond particles—so much so that Fermilab, a particle-physics and accelerator laboratory in Illinois, has used tons of it in the past few decades to shield its own experiments, says Valerie Higgins, Fermilab's historian and archivist. That steel frequently came from decommissioned warships, many of which existed around the time of, or served in, the Second World War or the Korean War, including the Astoria, the Roanoke, the Wasp, the Philippine Sea, and the Baltimore.

The timing of those conflicts matters. At 5:29 a.m. on July 16, 1945, the first-ever nuclear-device detonation took place in the Jornada del Muerto desert, in New Mexico. The atomic age had begun, and with each subsequent nuclear fireball, more radioactive fallout was sprinkled over the world.

During the Cold War, that radioactive atmospheric contamination got effortlessly sucked into blast furnaces when steel was made, Duffy says. This infused the final product with radiation, making it unsuitable for many physics experiments.

Thus the market in sunken lead. And a conflict between astrophysics and archeaology. Ah, science!

Original Submission

Arthur T Knackerbracket has found the following story:

In 2014, the Supreme Court ruled that you can't get a patent for implementing an otherwise abstract idea on a computer. The decision, known as CLS Bank v. Alice, has had a big impact over the last five years, invalidating a lot of broad software patents.

But a ruling this week illustrates the limits of that landmark ruling. The confusingly named United Services Automobile Association, which provides insurance and other financial products, sued Wells Fargo for infringing two patents on the concept of cashing checks with a mobile device. Wells Fargo argued that the patents were abstract—and therefore invalid—under the Alice rule.

[...] The patents cover check-cashing mobile apps that automatically snap a photo once a suitable image of the check is in the field of view.

A key claim of one of the USAA patents covers the concept of using a "processor" (aka a smartphone) to take a picture of a check and then send the check over a "communication pathway" (aka a network). USAA's supposed invention is the idea of monitoring "an image of the check in a field of view of a camera of a mobile device with respect to a monitoring criterion using an image monitoring and capture module of the mobile device"—and waiting until the image has met the criteria (is the entire check in the frame? Is there adequate light?) before snapping the picture. In other words, they patented the idea that you should wait until you have a good shot before snapping a picture.

[...] Wells Fargo argued that USAA had simply used a computer to perform the same steps any human being would take when snapping a photo of a check. Obviously if a human being was snapping a picture of a check, they would monitor the image in the viewfinder and only click the button once it showed an acceptable image.

But the court disagreed, noting that human eyes and human brains can't measure objective criteria like brightness as precisely as a computer can. USAA has argued that its approach leads to fewer bad check images being submitted. So in the court's view, the patent doesn't just cover an old-fashioned process being done on a computer—the use of the computer improves the process, yielding a patentable invention.

Original Submission

takyon writes:

The Feds are building an America-wide face surveillance system – and we're going to court to prove it, says ACLU

The American Civil Liberties Union (ACLU) is suing the FBI, the Drug Enforcement Agency (DEA), and the Department of Justice (DoJ) in an effort to find out what the US federal government's systems and policies are around facial recognition.

Following a freedom-of-information request in January that Uncle Sam still has not responded to, the ACLU has demanded [PDF] the release of the TLA trio's guidelines and rules regarding what the union terms "face surveillance technology," as well as details of any contracts or pilot programs it has with private companies over the technology.

Specifically, the civil-rights warriors have filed suit in Massachusetts against the Feds, requesting the district court forces the agencies and department to cough up "public records pursuant to the Freedom of Information Act."

https://www.aclu.org/cases/aclu-v-doj-fbi-dea

Original Submission

Arthur T Knackerbracket has found the following story (original):

Should we believe headlines claiming nearly half of all jobs will be lost to robots and artificial intelligence? We think not, and in a newly released study we explain why.

Headlines trumpeting massive job losses have been in abundance for five or so years. Even The Conversation has had its had its share.

Most come from a common source. It is a single study, conducted in 2013 by Oxford University's Carl Benedict Frey and Michael Osborne. This study lies behind the claim that 47% of jobs in the United States were at "high risk" of automation over the next ten or so years. Google Scholar says it has been cited more than 4,300 times, a figure that doesn't count newspaper headlines.

The major predictions of job losses due to automation in Australia are based directly on its findings. Commentaries about the future of work in Australia have also drawn extensively on the study.

In Australia and elsewhere the study's predictions have led to calls for a Universal Basic Income and for a "work guarantee" that would allocate the smaller number of jobs fairly.

Our new research paper concludes the former study's predictions are not well-founded.

Original Submission

Arthur T Knackerbracket has found the following story:

Acute lymphoblastic leukaemia (ALL) is a rare form of cancer that commonly affects children, mostly under the age of five years. In the search for new therapeutic options, researchers at Vetmeduni Vienna have now discovered a new mechanism of the disease process and have developed a novel drug treatment line that is pioneering for future cancer therapies. The groundbreaking study was recently published in Nature Communications.

During their search for new therapeutic options for acute lymphoblastic leukaemia (ALL), a team of researchers at Vetmeduni Vienna have discovered a new function for a special enzyme, cyclin-dependent kinase 8 (CDK8), as part of the signalling system in ALL.

Most important for future therapies is the presence of a therapeutic window: healthy blood cells are not affected by the absence of CDK8, while the leukaemic cells need CDK8 to survive.

Using leukaemia mouse models, first author Ingeborg Menzl from the Institute of Pharmacology and Toxicology at Vetmeduni Vienna and her colleagues demonstrated that CDK8-deficient leukaemia cells show an increase in cell death.

“Of note is that the function of CDK8 in ALL is independent of enzymatic activity, which means that conventional kinase inhibitors are ineffective,” says Menzl. Based on this finding, the research team asked for potential interaction partners and discovered a previously unknown link between CDK8 and the mTOR signalling pathway in cancer cells.

Original Paper: https://www.nature.com/articles/s41467-019-12656-x

Original Submission