SoylentNews

Arthur T Knackerbracket has found the following story:

Until the 1980s, big companies in America tended to take a paternalistic attitude toward their workforce. Many corporate CEOs took pride in taking care of everyone who worked at their corporate campuses. Business leaders loved to tell stories about someone working their way up from the mailroom to a C-suite office.

But this began to change in the 1980s. Wall Street investors demanded that companies focus more on maximizing returns for shareholders. An emerging corporate orthodoxy held that a company should focus on its "core competence"—the one or two functions that truly sets it apart from other companies—while contracting out other functions to third parties.

Often, companies found they could save money this way. Big companies often pay above the market rate for routine services like cleaning offices, answering phones, staffing a cafeteria, or working on an assembly line. Putting these services out for competitive bid helped the companies get these functions completed at rock-bottom rates, while avoiding the hassle of managing employees. It also saved them from having to pay the same generous benefits they offered to higher-skilled employees.

Of course, the very things that made the new arrangement attractive for big companies made it lousy for the affected workers. Not only were companies trying to spend less money on these services, but now there were companies in the middle taking a cut. Once a job got contracted out, it was much less likely to become a first step up the corporate ladder. It's hard to work your way up from the mailroom if the mailroom is run by a separate contracting firm.

[...] The existence of such a two-tier workplace is especially ironic in Silicon Valley, a region that takes pride in its egalitarian ethos. Former Google CEO Eric Schmidt gave a remarkably candid assessment of the situation in 2012, in a statement quoted by author Chrystia Freeland.

"Many tech companies solved this problem by having the lowest-paid workers not actually be employees. They’re contracted out," Schmidt said. "We can treat them differently, because we don’t really hire them. The person who’s cleaning the bathroom is not exactly the same sort of person. Which I find sort of offensive, but it is the way it’s done."

Original Submission

upstart writes in with an IRC submission for Bytram:

A dam right across the North Sea: A defense against climate change, but primarily a warning:
[Ed Note: English version of the story follows the Dutch version - Fnord666]

A 475-km-long dam between the north of Scotland and the west of Norway and another one of 160 km between the west point of France and the southwest of England could protect more than 25 million Europeans against the consequences of an expected sea level rise of several metres over the next few centuries. The costs, 250-500 billion euros, are "merely" 0.1% of the gross national product, annualy over 20 years, of all the countries that would be protected by such a dam. That's what Dr Sjoerd Groeskamp, oceanographer at the Royal Netherlands Institute for Sea Research, calculated together with his Swedish colleague Joakim Kjellson at GEOMAR in Kiel, Germany, published this month in the scientific journal the Bulletin of the American Meterological Society. 'Besides being a possible solution, the design of such an extreme dam is mainly a warning', says Groeskamp. 'It reveals the immensity of the problem hanging over our heads.'

[...] The authors acknowledge that the consequences of this dam for North Sea wildlife would be considerable. 'The tide would disappear in a large part of the North Sea, and with it the transport of silt and nutrients. The sea would eventually even become a freshwater lake. That will drastically change the ecosystem and therefore have an impact on the fishing industry as well', Groeskamp elaborates.

[...] Ultimately, the description of this extreme dam is more of a warning than a solution, Groeskamp states. 'The costs and the consequences of such a dam are huge indeed. However, we have calculated that the cost of doing nothing against sea level rise will ultimately be many times higher. This dam makes it almost tangible what the consequences of the sea level rise will be; a sea level rise of 10 metres by the year 2500 according to the bleakest scenarios. This dam is therefore mainly a call to do something about climate change now. If we do nothing, then this extreme dam might just be the only solution.'

Sjoerd Groeskamp, Joakim Kjellsson. NEED The Northern European Enclosure Dam for if climate change mitigation fails. Bulletin of the American Meteorological Society, 2020; DOI: 10.1175/BAMS-D-19-0145.1

Original Submission

upstart writes in with an IRC submission for SoyCow4275:

Don't run your 2FA authenticator app on these smartphones:

Aaron Turner and Georgia Weidman emphasized that using authenticator apps, such as Authy or Google Authenticator, in two-factor authentication was better than using SMS-based 2FA. But, they said, an authenticator app is useless for security if the underlying mobile OS is out-of-date or the mobile device is otherwise insecure.

[...] The problem is that if an attacker or a piece of mobile malware can get into the kernel of iOS or Android, then it can do anything it wants, including presenting fake authenticator-app screens.

[...] And don't think iOS devices are safer than Android ones -- they're not. There are just as many known exploits for either one, and Weidman extracted the encryption keys from an older iPhone in a matter of seconds onstage.

The iPhone's Secure Enclave offers "some additional security, but the authenticator apps aren't using those elements," said Weidman, founder and chief technology officer of Washington-area mobile security provider Shevirah, Inc. "iOS is still good, but Android's [security-enhanced] SELinux is the bane of my existence as someone who's building exploits."

"We charge three times as much for an Android pentest than we charge for an iOS one," Turner said, referring to an exercise in which hackers are paid by a company to try to penetrate the company's security. "Fully patched Android is more difficult to go after."

[...] In short, "we need to move away from usernames and passwords," Turner said.

[...] Turner [said] "I am fundamentally opposed to using biometrics because it's non-revocable," he said, citing a famous case from Malaysia in which a man's index finger was cut off by a gang to steal the man's fingerprint-protected Mercedes. "Fingerprint readers are biometric toys."

The only form of two-factor authentication without security problems right now, Turner said, is a hardware security key such as a Yubikey or Google Titan key.

"I've got two Yubikeys on me right now," Turner said. "Hardware separation is your friend."

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

New FAA drone rule is a giant middle finger to aviation hobbyists:

More than 34,000 people have deluged the Federal Aviation Administration with comments over a proposed regulation that would require almost every drone in the sky to broadcast its location over the Internet at all times. The comments are overwhelmingly negative, with thousands of hobbyists warning that the rules would impose huge new costs on those who simply wanted to continue flying model airplanes, home-built drones, or other personally owned devices.

"These regulations could kill a hobby I love," wrote Virginian Irby Allen Jr. in a comment last week. "RC aviation has brought my family together and if these regulations are enacted we will no longer be able to fly nor be able to afford the hobby."

The new regulations probably wouldn't kill the hobby of flying radio-controlled airplanes outright, but it could do a lot of damage. Owners of existing drones and model airplanes would face new restrictions on when and where they could be used. The regulations could effectively destroy the market for kit aircraft and custom-designed drones by shifting large financial and paperwork burdens on the shoulders of consumers.

"I think it's going to be harmful to the community and harmful to the growth of the UAS industry," said Greg Reverdiau, co-founder of the Pilot Institute, in a Friday phone interview. He wrote a point-by-point critique of the FAA proposal that has circulated widely among aviation hobbyists.

The new rules are largely designed to address safety and security concerns raised by law enforcement agencies. They worry that drones flying too close to an airport could disrupt operations or even cause a crash. They also worry about terrorists using drones to deliver payloads to heavily populated areas.

To address these concerns, the new FAA rule would require all new drones weighing more than 0.55 pounds to connect over the Internet to one of several location-tracking databases (still to be developed by private vendors) and provide real-time updates on their location. That would enable the FAA or law enforcement agencies to see, at a glance, which registered drones are in any particular area.

But critics say the rules impose massive costs on thousands of law-abiding Americans who have been quietly flying model airplanes, quad-copters, and other small unmanned aircraft for years—and in many cases decades.

Original Submission

upstart writes in with an IRC submission for Bytram:

Intel Patched Over 230 Vulnerabilities in Its Products in 2019:

Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company's 2019 Product Security Report.

Intel said it learned of 236 vulnerabilities in 2019, including 144 discovered internally by its employees. Internally discovered issues included 61% of the vulnerabilities rated high severity, and 75% of those rated critical. In total, 4 flaws were rated critical and 81 were classified as high severity.

Three quarters of the vulnerabilities reported by external researchers were submitted through the company's bug bounty program.

"Combining Bug Bounty and internally found vulnerabilities, the data shows that 91% of the issues addressed are the direct result of Intel's investment in product assurance," the company wrote in its report.

The chip maker says only 11 vulnerabilities affected its CPUs, with an average yearly CVSS score of 5.02. This includes the MDS flaws named ZombieLoad, Fallout and RIDL.

"As acknowledged by security researchers and industry experts, side-channel issues are difficult to exploit and often require a level of access to the target system that would afford would be attackers more efficient and reliable methods of obtaining and exfiltrating information," Intel explained.

Of the 236 vulnerabilities found last year in the company's products, 112 affected software, 59 affected firmware and 13 impacted hardware. In the case of 52 vulnerabilities, patching required both software and firmware updates.

Original Submission

upstart writes in with an IRC submission for Bytram:

Study reveals link between income inequality and French kissing:

Income inequality may be linked to how often people French kiss, according to a worldwide study by Abertay University.

The cross-cultural research involved 2,300 participants from 13 different countries across six continents.

Respondents answered a range of questions including how often they French kissed their partner, and how important they thought kissing was.

Their study revealed that people who lived in less equal nations said they kissed their partners more often.

This correlation did not extend to other forms of intimacy such as hugging and sexual intercourse.

[...] Lead researcher Dr. Christopher Watkins, from Abertay's Division of Psychology, said: "The results of this research suggest that the environment we live in is related to differences in this particular form of romantic intimacy.

"French kissing has been shown by others to be related to the quality of a romantic relationship, and our data suggests that we do this more in environments where we have less to fall back on, where a gesture which shows commitment to a relationship would be of greater value.

"Another interesting factor is that, across the nations surveyed, kissing was considered more important at the established phase of a relationship compared to the initial stages of romantic attraction."

The study also found differences in opinions between men and women on the importance of kissing, and about what makes a good kiss.

More information:
Christopher D. Watkins et al. National income inequality predicts cultural variation in mouth to mouth kissing, Scientific Reports (2019). DOI: 10.1038/s41598-019-43267-7

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

FCC issues wrist-slap fines to carriers that sold your phone-location data:

The big four mobile carriers face fines of between $12 million and $91 million each for selling their customers' real-time location data to third-party data brokers without customer consent, Federal Communications Commission Chairman Ajit Pai's office announced today.

These are "proposed" fines, meaning the carriers can dispute them and try to get them reduced or eliminated. The proposed fines are $91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon, and $12 million for Sprint. That's a total of $208 million.

The FCC announcement said the carriers' punishments are for "apparently selling access to their customers' location information without taking reasonable measures to protect against unauthorized access to that information." The FCC said it also "admonished these carriers for apparently disclosing their customers' location information, without their authorization, to a third party."

Pai said that the FCC has taken "strong enforcement action" with today's proposed fines. But the two Democrats on the Republican-majority commission said the fines are too low and criticized the Pai-led FCC for secrecy during the investigation.

"The FCC's investigation is a day late and a dollar short," Democratic Commissioner Jessica Rosenworcel said in a statement. "The FCC kept consumers in the dark for nearly two years after we learned that wireless carriers were selling our location information to shady middlemen."

[...] Relative to the carriers' collective revenue, the fines are "a slap on the wrist amounting to less than one one-thousandth of their annual take," consumer-advocacy group Free Press said. Revenue in calendar year 2019 was $181.2 billion for AT&T; $131.9 billion for Verizon; $45 billion for T-Mobile; and $32.5 billion for Sprint.

Original Submission

[Update 2020-03-02 08:34:00 UTC. Full disclosure: SoylentNews uses Let's Encrypt certificates.--martyb]

upstart writes in with an IRC submission for AnonymousCoward:

HTTPS for all: Let's Encrypt reaches one billion certificates issued:

Let's Encrypt, the Internet Security Research Group's free certificate signing authority, issued its first certificate a little over four years ago. Today, it issued its billionth.

The ISRG's goal for Let's Encrypt is to bring the Web up to a 100% encryption rate. When Let's Encrypt launched in 2015, the idea was pretty outré—at that time, a bit more than a third of all Web traffic was encrypted, with the rest being plain text HTTP. There were significant barriers to HTTPS adoption—for one thing, it cost money. But more importantly, it cost a significant amount of time and human effort, both of which are in limited supply.

Let's Encrypt solved the money barrier by offering its services free of charge. More importantly, by establishing a stable protocol to access them, it enabled the Electronic Frontier Foundation to build and provide Certbot, an open source, free-to-use tool that automates the process of obtaining certificates, installing them, configuring webservers to use them, and automatically renewing them.

When Let's Encrypt launched in 2015, domain-validated certificates could be had for as little as $9/year—but the time and effort required to maintain them was a different story. A certificate needed to be purchased, information needed to be filled out in several forms, then one might wait for hours before even cheap domain-validated certificates would be issued.

Once the certificate was issued, it (and its key, and any chain certificates necessary) needed to be downloaded, then moved to the server, then placed in the right directory, and finally the Web server could be reconfigured for SSL.

Every one to three years, you'd need to do the whole thing over again—perhaps only replacing the certificate and key, perhaps also replacing or adding new intermediate chain certificates.

An Anonymous Coward writes:

It's a day for Australia as Telstra, one of the main ISPs providing internet access with the newly built NBN network, declares 100Mbps plans will no longer be sold as they cannot be used. This change has been made due to the determination that the NBN cannot deliver the speeds promised. With the original plan in tatters after the Liberal government downgraded the network components to use "Multi Technology Mix" many customers lack the physical components to connect to the NBN to be able to receive the full speeds available. While some of the initial rollout delivered fibre to the premises the Liberal government switched the rollout to use copper and existing cable systems with many customers connect via FTTN leaving a lot to be desired in terms of speed. Farewell 100Mbps, we hardly knew you.

No large scale infrastructure plan survives contact with an incoming government.

Original Submission

NotSanguine writes:

Ars Technica has a "review" of the new Amazon Go Grocery store in Seattle, WA.

Apparently, the author's first thought was to engage in some petty theft, given that there are no cashiers or visible security guards.

The article is fairly verbose, with lots of photos of the crime scene store. Overall, the new store is just like the original Amazon Go stores, but with extra surveillance features.

cafebabe writes:

Here's a quick overview of "documentaries" to watch before, during and after a pandemic:

The Andromeda Strain film: An early Michael Crichton adaptation which came before the Westworld film and series and the Jurassic Park film series. Like many Michael Crichton stories, factual science is extended with credible speculation. In this case, a prion-like infection has killed almost everyone in a village and the survivors are seemingly unrelated. The film is best known for its cartoonish but very photogenic indoor set which serves as the backdrop of a Level 4 Biolab. Such eloborate sets were common in the era. (Other examples include Rollerball and disaster parody/Airplane predecessor, The Big Bus.) The film features concurrent action which was a common experimental film technique in the 1960s but, nowadays, is most commonly associated with Kiefer Sutherland in the 24 series. There is also a lesser-known mini-series.

Outbreak: A rather dull film which nevertheless provides a graphic portrayal of uncontained pandemic and towns being quarantined. It would be marginally improved if the antagonists were re-cast. Possible source material for DeepFaking.

The Resident Evil film series: These films considerably advanced the tropes of amoral corporation, rogue artificial intelligence as antagonist, reality within reality, experimentation without informed consent and the horror of a medicalized vampire/zombie rabies virus. The Red Queen versus White Queen subplot dovetails with Alice in Wonderland, prey versus predator evolution and Umbrella Corp's red and white logo which - in a case of life mirroring art - was copied by Wuhan's Level 4 Biolab. Many people prefer the competent and detailed Resident Evil series of computer games which are arguably better than the Half Life series or the SCP game.

upstart writes in with an IRC submission for AnonymousCoward:

First Amendment doesn't apply on YouTube; judges reject PragerU lawsuit:

YouTube is a private forum and therefore not subject to free-speech requirements under the First Amendment, a US appeals court ruled today. "Despite YouTube's ubiquity and its role as a public-facing platform, it remains a private forum, not a public forum subject to judicial scrutiny under the First Amendment," the court said.

PragerU, a conservative media company, sued YouTube in October 2017, claiming the Google-owned video site "unlawfully censor[ed] its educational videos and discriminat[ed] against its right to freedom of speech."

PragerU said YouTube reduced its viewership and revenue with "arbitrary and capricious use of 'restricted mode' and 'demonetization' viewer restriction filters." PragerU claimed it was targeted by YouTube because of its "political identity and viewpoint as a non-profit that espouses conservative views on current and historical events."

But a US District Court judge dismissed PragerU's lawsuit against Google and YouTube, and a three-judge panel at the US Court of Appeals for the 9th Circuit upheld that dismissal in a unanimous ruling today.

"PragerU's claim that YouTube censored PragerU's speech faces a formidable threshold hurdle: YouTube is a private entity. The Free Speech Clause of the First Amendment prohibits the government—not a private party—from abridging speech," judges wrote.

RandomFactor writes:

Science Daily reports on a new study published in the journal Nature Scientific Reports that details how researchers have created a hybrid neural network allowing both biological and artificial neurons to communicate across the internet.

During the study, researchers based at the University of Padova in Italy cultivated rat neurons in their laboratory, whilst partners from the University of Zurich and ETH Zurich created artificial neurons on Silicon microchips. The virtual laboratory was brought together via an elaborate setup controlling nanoelectronic synapses developed at the University of Southampton. These synaptic devices are known as memristors.

The Southampton based researchers captured spiking events being sent over the internet from the biological neurons in Italy and then distributed them to the memristive synapses. Responses were then sent onward to the artificial neurons in Zurich also in the form of spiking activity. The process simultaneously works in reverse too; from Zurich to Padova. Thus, artificial and biological neurons were able to communicate bidirectionally and in real time

According to Themis Prodromakis, Professor of Nanotechnology and Director of the Centre for Electronics Frontiers at the University of Southampton,

"We are very excited with this new development. On one side it sets the basis for a novel scenario that was never encountered during natural evolution, where biological and artificial neurons are linked together and communicate across global networks; laying the foundations for the Internet of Neuro-electronics. On the other hand, it brings new prospects to neuroprosthetic technologies, paving the way towards research into replacing dysfunctional parts of the brain with AI chips."

Article Reference
University of Southampton. (2020, February 26). New study allows brain and artificial neurons to link up over the web. ScienceDaily. Retrieved March 1, 2020 from www.sciencedaily.com/releases/2020/02/200226110843.htm

Journal Reference:
Alexantrou Serb, Andrea Corna, Richard George, Ali Khiat, Federico Rocchi, Marco Reato, Marta Maschietto, Christian Mayr, Giacomo Indiveri, Stefano Vassanelli, Themistoklis Prodromakis. Memristive synapses connect brain and silicon spiking neurons. Scientific Reports, 2020; 10 (1) DOI: 10.1038/s41598-020-58831-9

[Ed. Note - Original article from the University of Southampton can be found here.]

Original Submission

upstart writes in with an IRC submission for Bytram:

Printer toner linked to genetic changes, health risks in new study:

Getting printer toner on your hands is annoying. Getting it in your lungs may be dangerous.

According to a new study by West Virginia University researcher Nancy Lan Guo, the microscopic toner nanoparticles that waft from laser printers may change our genetic and metabolic profiles in ways that make disease more likely. Her findings appear in the International Journal of Molecular Sciences.

"The changes are very significant from day one," said Guo, a professor in the School of Public Health and member of the Cancer Institute.

[...] "In particular, there is one group I really think should know about this: pregnant women. Because once a lot of these genes are changed, they get passed on through the generations. It's not just you."

On the same days that the researchers assessed the rats' genes, they also measured every metabolite available in their blood.

[...] The metabolic levels that the researchers detected reinforced their other findings. The same health risks that the genetic profiles pointed to were implicated by the metabolic profiles as well.

Building on these results, Guo and her colleagues have since investigated the genomic changes that Singaporean printing company workers have experienced. In many respects, the workers' genomes changed the same ways the rats' genomes did. The results from these workers are included in a manuscript ready for submission to a journal.

"And they're very young," Guo said. "A lot of the workers ranged from 20 to their early 30s, and you're already starting to see all of these changes.

"We have to work, right? Who doesn't have a printer nowadays, either at home or at the office? But now, if I have a lot to print, I don't use the printer in my office. I print it in the hallway."

Nancy Lan Guo, et. al. Integrated Transcriptomics, Metabolomics, and Lipidomics Profiling in Rat Lung, Blood, and Serum for Assessment of Laser Printer-Emitted Nanoparticle Inhalation Exposure-Induced Disease Risks. International Journal of Molecular Sciences, 2019; 20 (24): 6348 DOI: 10.3390/ijms20246348

Original Submission

upstart writes in with an IRC submission for AnonymousCoward:

Boeing acknowledges "gaps" in its Starliner software testing:

On Friday, during a detailed, 75-minute briefing with reporters, a key Boeing spaceflight official sought to be as clear as possible about the company's troubles with its Starliner spacecraft.

After an uncrewed test flight in December of the spacecraft, Boeing "learned some hard lessons," said John Mulholland, a vice president who manages the company's commercial crew program. The December mission landed safely but suffered two serious software problems. Now, Mulholland said, Boeing will work hard to rebuild trust between the company and the vehicle's customer, NASA. During the last decade, NASA has paid Boeing a total of $4.8 billion to develop a safe capsule to fly US astronauts to and from the International Space Station.

At the outset of the briefing, Mulholland sought to provide information about the vehicle's performance, including its life support systems, heat shield, guidance, and navigation. He noted that there were relatively few issues discovered. However, when he invited questions from reporters, the focus quickly turned to software. In particular, Mulholland was asked several times how the company made decisions on procedures for testing flight software before the mission—which led to the two mistakes.

He struggled to answer those questions, but the Boeing VP said the reason was not financial. "It was definitely not a matter of cost," Mulholland said. "Cost has never been in any way a key factor in how we need to test and verify our systems."