SoylentNews

upstart writes in with an IRC submission for chromas:

Big Tech will push deeper into finance this year:

Google plans to introduce consumer bank accounts later this year in collaboration with Citibank and a California-based credit union. The company wants to piggyback off the financial know-how of its partners, while providing the digital layer through Google Pay.

It's somewhat similar to a move from once[sic] of its Silicon Valley peers. In 2019, Apple debuted a credit card that [was] created in partnership with Goldman Sachs. Like Google, the company has left much of the financial legwork to its bank partner while designing the card itself and integrating it with its digital wallet app.

Though their products are different, both firms share something in common: they have no plans to become regulated financial institutions like Citi or Goldman. While Big Tech — a group of companies that includes Google, Amazon, Facebook and Apple — will undoubtedly push deeper into finance this year, their progress in banking will be "more of a slow creep than big strides," said Sarah Kocianski, head of research at fintech consultancy 11:FS.

"The big tech firms will continue to add services that are peripheral to banking to their existing offerings, without going full-stack banking," she said. "The headache of getting, and maintaining, a banking license would likely be considered too big a risk for these companies. Instead, they will continue to operate with licensed partners."

Original Submission

upstart writes in with an IRC submission for Anonymous_Coward:

Popular U.S. Restaurant Owner Hit by Credit Card Stealing Malware:

Landry's, a U.S. restaurant chain and property owner has disclosed that they were infected with a point-of-sale (POS) malware that allowed attackers to steal customer's credit card information.

Landry's owns and operates over 600 restaurants, with 60 well-known brands such as Landry's Seafood, Chart House, Saltgrass Steak House, Bubba Gump Shrimp Co., Claim Jumper, Morton's The Steakhouse, McCormick & Schmick's, Mastro's Restaurant, Rainforest Cafe, Del Frisco's Grill, and many more.

In a "Notice of Data Breach", Landry's has disclosed that an unauthorized user was detected on their systems and after completing an investigation it was discovered that POS malware was present on their systems between March 13, 2019, and October 17, 2019. At some locations, the malware may have been installed as early as January 18, 2019.

This POS malware could have been used under "rare circumstances" to steal customer's credit card information including cardholder name, card number, expiration date, and internal verification code

"We are notifying customers of an incident that we recently identified and addressed involving payment cards that, in rare circumstances, appear to have been mistakenly swiped by waitstaff on devices used to enter kitchen and bar orders, which are different devices than the point-of-sale terminals used for payment processing. This notice explains the incident, measures we have taken, and some steps you can take in response."

Original Submission

upstart writes in with an IRC submission for SoyCow1337:

YouTube gives creators more control over copyright claim disputes with new update:

YouTube's recent Studio update is finally giving people an easier way to deal with copyright claim disputes.

The new update now lets creators address copyright disputes directly from their digital back-end workspace and gives them the option to trim out the claimed content in question. The "Assisted Trim" option is the biggest feature rolling out with the new Studio update, with the "endpoints of the edit pre-set to where the claimed content appears in the video," according to a Google product blog. The team is working to allow adjustable endpoints so creators can cut out the specific portion of their video that makes the most sense, but that isn't available just yet.

Copyright disputes between creators and music labels or third-party companies are a consistent problem on YouTube. The company has tried to work with different companies to ensure that creators aren't constantly facing copyright claims, but it's been a tedious battle. Earlier this year, creators specifically called out groups like Universal Music, which owns one of the largest catalogs of songs, for being overzealous with copyright claims.

YouTube rolled out a new policy update in July addressing concerns, noting that copyright owners like Universal now must state exactly where copyrighted material appears in a video, something they didn't have to do before when reporting a case of copyright infringement.

While this new policy is a step in the right direction and this new tool makes it easier for content creators to address issues, it doesn't address the underlying problem.

Original Submission

An Anonymous Coward writes:

Sander Huijen has an interesting couple of posts detailing how he solved the dilemma of whether he closed the garage door when he left using an ESP32 and a Raspberry-Pi.

I'm in a good position that I can rent a house with a garage. The garage even has an electric door with remote control. Every now and then, after I've left the house, I can't quite remember if I've closed the garage door. I guess it's one of those "did I lock the door?" or "did I turn the gas off?" situations. I probably did, I just can't quite remember.

Because I'm in a rental house, I'm not allowed to change anything to it without the owner's permission. So hacking the garage door opener electronics is out of the question, unfortunately.

Since I usually think about the garage door when I'm not even that far from home (but far enough to not want to turn around if unnecessary), I decided that all I need is to know whether it's closed or not. And that part is easy without having too much impact on the structural integrity of the house (and so can be achieved without permission).

I used a SparkFun "The Thing" ESP32 device with a few external components, mainly a 2400mAh Li-Po battery and a reed switch. The idea is to put the reed switch in a position that it closes when the door is closed. It's hooked up between a GPIO pin with an internal pull-up resistor and ground. This means that the GPIO input is LOW when the door is closed, and HIGH when the door is open.

Part 1
Part 2

Original Submission

upstart writes in with an IRC submission for Anonymous_Coward:

Python 2.7 Reaches End of Life After 20 Years of Development:

As of January 1st, 2020, Python 2.7 has officially reached the end of life and will no longer receive security updates, bug fixes, or other improvements going forward.

Released in 2000, Python 2.7 has been used by developers, administrators, and security professionals for 20 years.  While Python 3 was released in 2006, due to the number of users continuing to use 2.7, the Python team decided to support both development branches.

Originally slated to be retired in 2015, the development team pushed the sunset of Python 2.7 to 2020.

To focus on Python 3 and increase the speed of its development and bug fixes, the development team has now sunset Python 2.7 and the team recommends that all users upgrade to Python 3 to continue receiving important updates.

"We are volunteers who make and take care of the Python programming language. We have decided that January 1, 2020, will be the day that we sunset Python 2. That means that we will not improve it anymore after that day, even if someone finds a security problem in it. You should upgrade to Python 3 as soon as you can."

RIP

Original Submission

upstart writes in with an IRC submission for Anonymous_Coward:

Model beats Wall Street analysts in forecasting business financials: Using limited data, this automated system predicts a company's quarterly sales:

In finance, there's growing interest in using imprecise but frequently generated consumer data -- called "alternative data" -- to help predict a company's earnings for trading and investment purposes. Alternative data can comprise credit card purchases, location data from smartphones, or even satellite images showing how many cars are parked in a retailer's lot. Combining alternative data with more traditional but infrequent ground-truth financial data -- such as quarterly earnings, press releases, and stock prices -- can paint a clearer picture of a company's financial health on even a daily or weekly basis.

But, so far, it's been very difficult to get accurate, frequent estimates using alternative data. In a paper published this week in the Proceedings of ACM Sigmetrics Conference, the researchers describe a model for forecasting financials that uses only anonymized weekly credit card transactions and three-month earning reports.

Tasked with predicting quarterly earnings of more than 30 companies, the model outperformed the combined estimates of expert Wall Street analysts on 57 percent of predictions. Notably, the analysts had access to any available private or public data and other machine-learning models, while the researchers' model used a very small dataset of the two data types.

"Alternative data are these weird, proxy signals to help track the underlying financials of a company," says first author Michael Fleder, a postdoc in the Laboratory for Information and Decision Systems (LIDS). "We asked, 'Can you combine these noisy signals with quarterly numbers to estimate the true financials of a company at high frequencies?' Turns out the answer is yes."

The model could give an edge to investors, traders, or companies looking to frequently compare their sales with competitors. Beyond finance, the model could help social and political scientists, for example, to study aggregated, anonymous data on public behavior. "It'll be useful for anyone who wants to figure out what people are doing," Fleder says.

Michael Fleder, Devavrat Shah. Forecasting with Alternative Data. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 2019; 3 (3): 1 DOI: 10.1145/3366694

Original Submission

An Anonymous Coward writes:

https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/

Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set. I mean have a think about it:

If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? Yes.

What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent? Also yes.

Last one: what if an attacker directs you to a malicious website and upon visiting it your browser makes a post request to the original website that set the cookie - will that cookie still be sent with the request? Yes!

Cookies just don't care about how the request was initiated nor from which origin, all they care about is that they're valid for the requested resource. "Origin" is a key word here too; those last two examples above are "cross-origin" requests in that they were initiated from origins other than the original website that set the cookie. Problem is, that opens up a rather nasty attack vector we know as Cross Site Request Forgery or CSRF. Way back in 2010 I was writing about this as part of the OWASP Top 10 for ASP.NET series and a near decade on, it's still a problem.

This is a followup to our previous story that provides some excellent details and explanations.

Original Submission

upstart writes in with an IRC submission for Anonymous_Coward:

DNA analysis revealed the identity of 19th century "Connecticut vampire":

There's rarely time to write about every cool science-y story that comes our way. So this year, we're once again running a special Twelve Days of Christmas series of posts, highlighting one science story that fell through the cracks each day, from December 25 through January 5. Today: Scientists determined the identity of "JB55," one of the 19th century New England "vampires" whose remains were disturbed to prevent them from rising to afflict the community.

Back in 1990, children playing near a gravel pit in Griswold, Connecticut, stumbled across a pair of skulls that had broken free of their graves in a 19th century unmarked cemetery. Subsequent excavation revealed 27 graves—including that of a middle-aged man identified only by the initials "JB55," spelled out in brass tacks on his coffin. Unlike the other burials, his skull and femurs were neatly arranged in the shape of a skull and crossbones, leading archaeologists to conclude that the man had been a suspected "vampire" by his community. Scientists finally found a likely identification for JB55, describing their findings in a paper published this summer in the journal Genes.

Analysis of JB55's bones back in the 1990s indicated the man had been a middle-aged laborer, around 55 when he died (hence, JB55, the man's initials and age at death). The remains also showed signs of lesions on the ribs, so JB55 suffered from a chronic lung condition—most likely tuberculosis, known at the time as consumption. It was frequently lethal in the 1800s, due to the lack of antibiotics, and symptoms included a bloody cough, jaundice (pale, yellowed skin), red and swollen eyes, and a general appearance of "wasting away." The infection frequently spread to family members. So perhaps it's not surprising that local folklore suspected some victims of being vampires, rising from the grave to sicken the community they left behind.

Hence the outbreak of the so-called Great New England Vampire Panic in the 19th century across Rhode Island, Vermont, and eastern Connecticut. It was common for families to dig up the bodies of those who had died from consumption to look for signs of vampirism, a practice known as "therapeutic exhumation." If there was liquid blood in the organs (especially the heart), a bloated abdomen, or if the corpse seemed relatively fresh, this was viewed as evidence of vampirism. In such cases, the organs would be removed and burned, the head sometimes decapitated, and the body reburied. Given JB55's lung condition and the fact that there were signs of decapitation, he was likely a suspected vampire.

upstart writes in with an IRC submission for chromas:

A new map reveals radio waves from tens of thousands of galaxies:

Never-before-seen radio waves from tens of thousands of galaxies have a secret to share: The height of star formation in the cosmos may have been more prolific than previously imagined.

Radio telescopes are good probes of star formation. But until now, they haven't been sensitive enough to see radio waves coming from the vast majority of galaxies that produced stars during the peak of star production, an epoch roughly 10 billion years ago known as cosmic noon (SN: 6/20/14).

Now, a new image from the MeerKAT observatory in South Africa has lifted the radio veil on those unsung galaxies. In that image, more than 17,000 pinpoints of radio energy — nearly every one a star-forming galaxy — fill a patch of sky that, as seen from Earth, could be covered by about five full moons.

Using about 10,000 well-studied nearby galaxies as a template, James Condon and his colleagues calculated how luminous and how far away all those points of light must be. To match the observations, the radio waves must come from star-forming galaxies at cosmic noon churning out stars at about 10 times the rate of modern galaxies, says Condon, an astrophysicist at the National Radio Astronomy Observatory in Charlottesville, Va.

T. Mauch et al. The 1.28 GHz MeerKAT DEEP2 image. arXiv:1912.06212. Posted December 15, 2019.

Original Submission

RandomFactor writes:

In a telemedicine case that would have been handled routinely on Earth, but a first for space medicine, an astronaut two months into a six month stint on the International Space Station was diagnosed and treated for a blood clot in the jugular vein.

According to Dr. Maja Zaric, a cardiologist familiar with the case, "The size and proximity of the...clot to the heart could have easily put [the crew member] into harm's way."

Although the astronaut showed no symptoms of vein blockage -- no headache or facial redness -- the jugular vein was abnormally "prominent" during a physical exam, and a follow-up ultrasound confirmed a clot.

There are two pairs of jugular veins that normally carry deoxygenated blood back from the head and neck to be pumped through the heart and lungs. While not optimal, blood will drain through the other in the event of restricted flow through one (there are rare conditions where individuals have only one, or even an extra, jugular vein).

After multiple "telemedicine" discussions with medical staff back on Earth, it was decided that the astronaut would be treated with the blood thinner enoxaparin (Lovenox), 20 vials of which had been part of the space station's medical kit.

upstart writes in with an IRC submission for Anonymous_Coward:

Aston Martin's rearview mirror shows three video feeds simultaneously:

For the last couple of years, automakers of all stripes have been integrating cameras into their cars to make it easier for drivers to see what's happening around them. Nissan and Cadillac, for example, have offered camera-based rearview mirrors since 2015. British automaker Aston Martin, however, thinks there's still a place for the humble mirror.

At CES next week, the company plans to show off a hybrid rearview mirror that integrates three cameras. Called the Full Display Mirror (FDM), the company developed the unit with help from Gentex Corporation, an auto parts manufacturer based out of Michigan. The unit can [display?] three different video feeds simultaneously, allowing you to see what's behind you and your blind spots at the same time.

Related : https://soylentnews.org/article.pl?sid=20/01/01/1644210

Original Submission

upstart writes in with an IRC submission for chromas:

Engrams emerging as the basic unit of memory:

Though scientist Richard Semon introduced the concept of the "engram" 115 years ago to posit a neural basis for memory, direct evidence for engrams has only begun to accumulate recently as sophisticated technologies and methods have become available. In a new review in Science, Professors Susumu Tonegawa of The Picower Institute for Learning and Memory at MIT and Sheena Josselyn of the Hospital for Sick Children (SickKids) and the University of Toronto describe the rapid progress they and colleagues have been making over the last dozen years in identifying, characterizing and even manipulating engrams, as well as the major outstanding questions of the field.

Experiments in rodents have revealed that engrams exist as multiscale networks of neurons. An experience becomes stored as a potentially retrievable memory in the brain when excited neurons in a brain region such as the hippocampus or amygdala become recruited into a local ensemble. These ensembles combine with others in other regions, such as the cortex, into an "engram complex." Crucial to this process of linking engram cells is the ability of neurons to forge new circuit connections, via processes known as "synaptic plasticity" and "dendritic spine formation." Importantly, experiments show that the memory initially stored across an engram complex can be retrieved by its reactivation but may also persist "silently" even when memories cannot be naturally recalled, for instance in mouse models used to study memory disorders such as early stage Alzheimer's disease.

Original Submission

upstart writes in with an IRC submission for chromas:

Rise of #MeTooBots: scientists develop AI to detect harassment in emails:

Artificial intelligence programmers are developing bots that can identify digital bullying and sexual harassment.

Known as "#MeTooBots" after the high-profile movement that arose after allegations against the Hollywood producer Harvey Weinstein, the bots can monitor and flag communications between colleagues and are being introduced by companies around the world.

Bot-makers say it is not easy to teach computers what harassment looks like, with its linguistic subtleties and grey lines.

[...] The bot uses an algorithm trained to identify potential bullying, including sexual harassment, in company documents, emails and chat. Data is analysed for various indicators that determine how likely it is to be a problem, with anything the AI reads as being potentially problematic then sent to a lawyer or HR manager to investigate.

Exactly what indicators are deemed red flags remains a company secret, but Leib said the bot looked for anomalies in the language, frequency or timing of communication patterns across weeks, while constantly learning how to spot harassment.

Leib believes other industries could also benefit. "There's a lot of interest from clients across sectors such as financial services, pharmaceuticals," he said.

Original Submission

upstart writes in with an IRC submission for SoyCow1337:

Genetically modifying mosquitoes to prevent disease carries unknown risks:

Every year, around one million people die of mosquito-borne diseases according to the World Health Organization (WHO). This is why mosquitoes are considered one of the deadliest living creatures on the planet — not because they are lethal themselves, but because many of the viruses and parasites they transmit are.

Consider, for example, dengue fever. This mosquito-borne virus is a leading cause of hospitalization and death among children and adults in several countries in Asia and Latin America. In 2016, member states in three of the six WHO regions reported 3.34 million cases.

In the absence of an effective vaccine for dengue fever, Zika fever, chikungunya and other mosquito-borne diseases, researchers have developed genetic strategies to reduce mosquito populations. One such strategy involves the release into the wild of genetically modified (GM) mosquitoes that express a lethal gene — a strategy believed to have little impact on the overall DNA of wild populations of mosquitoes.

As an interdisciplinary group of authors, we generally support technologies that can reduce human disease and suffering. However, given our combined expertise in science, governance and ethics we have concerns that recent decisions to deploy GM mosquitoes have not been made responsibly.

Original Submission

upstart writes in with an IRC submission for Anonymous_Coward:

First identified comet to visit our solar system from another star: Interstellar comet 2I -- Borisov swings past sun:

When astronomers see something in the universe that at first glance seems like one-of-a-kind, it's bound to stir up a lot of excitement and attention. Enter comet 2I/Borisov. This mysterious visitor from the depths of space is the first identified comet to arrive here from another star. We don't know from where or when the comet started heading toward our Sun, but it won't hang around for long. The Sun's gravity is slightly deflecting its trajectory, but can't capture it because of the shape of its orbit and high velocity of about 100,000 miles per hour.

Telescopes around the world have been watching the fleeting visitor. NASA's Hubble Space Telescope has provided the sharpest views as the comet skirts by our Sun. Since October the space telescope has been following the comet like a sports photographer following horses speeding around a racetrack. Hubble revealed that the heart of the comet, a loose agglomeration of ices and dust particles, is likely no more than about 3,200 feet across, about the length of nine football fields. Though comet Borisov is the first of its kind, no doubt there are many other comet vagabonds out there, plying the space between stars. Astronomers will eagerly be on the lookout for the next mysterious visitor from far beyond.

[...] Crimean amateur astronomer Gennady Borisov discovered the comet on Aug. 30, 2019, and reported the position measurements to the International Astronomical Union's Minor Planet Center in Cambridge, Massachusetts. The Center for Near-Earth Object Studies at NASA's Jet Propulsion Laboratory in Pasadena, California, working with the Minor Planet Center, computed an orbit for the comet, which shows that it came from elsewhere in our Milky Way galaxy, point of origin unknown.

Original Submission