SoylentNews

Arthur T Knackerbracket has found the following story:

More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found.

The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone. The app details—which include names, dates they were first installed and most recently updated, and more than three-dozen other categories—are uploaded to remote servers without permission and no notification.

Android’s installed application methods, or IAMs, are application programming interfaces that allow apps to silently interact with other programs on a device. They use two methods to retrieve various kinds of information related to installed apps, neither of which is classified by Google as a sensitive API. The lack of such a designation allows the methods to be used in a way that’s invisible to users.

Arthur T Knackerbracket has found the following story:

In November 2019, Denis Pushkarev, maintainer of the popular core-js library, lost an appeal to overturn an 18-month prison sentence imposed for driving his motorcycle into two pedestrians, killing one of them.

As a result, he's expected to be unavailable to update core-js, a situation that has project contributors and other developers concerned about the fate of his code library.

Pushkarev, known as zloirock on GitHub, mentioned the possibility he may end up incarcerated in a thread last May discussing the addition of post-install ads to generate revenue for a project that so many use and so few pay for. He anticipated he may need to pay for legal or medical expenses related to his motorcycle accident.

In that thread, developer Nathan Dobrowolski asked, "If you are in prison, who will maintain [core-js] then?"

Pushkarev offered no answer. Since his conviction last October, the need to resolve that question has become more than theoretical.

-- submitted from IRC

So dear soylentil developers, are there any libraries you are depending on that have a single point of failure?

Original Submission

An Anonymous Coward writes:

https://www.fastcompany.com/90125752/the-ingenious-way-tv-logos-were-made-before-computers

Today, incorporating physical objects into digital design is a way to create a unique aesthetic or a new perspective on a project. For example, to design the icons for Google's Material Design language, designers cut and folded paper prototypes of the icons before translating them into digital pixels. Similarly, the designers behind the opening sequence of Stranger Things rigged up a manual light-based stencil system to capture the grainy, organic vibe of the credits.

It's easy to forget that there was a time when every identity design or title sequence was made physically, as a recently unearthed photo that shows the making of the 1962 Office de Radiodiffusion Télévision Française logo reminds us.

Original Submission

takyon writes:

US poised to restrict TSMC's chip sales to China's Huawei

The United States has been aiming to curb the supply of chips sold by contract chipmaker Taiwan Semiconductor Manufacturing Co. (TSMC) to China's Huawei Technologies Co. through planned heavier sanctions against the Chinese telecom equipment giant, according to a Reuters report.

The report said while tensions between Washington and Beijing have been escalating with both sides blaming each other for spreading the novel coronavirus disease (COVID-19), the Trump administration has a plan to introduce new measures to further restrict global chip sales to Huawei.

Under the proposed new rules, the report, dated Thursday (March 26) in Washington, said foreign companies that use U.S. production equipment to roll out their chips would be required to obtain a U.S. license ahead of sales of certain chips to Huawei, which was blacklisted last year.

Boon for Apple, AMD, Nvidia, etc. or a disaster in the making?

Also at Tom's Hardware.

See also:
AMD is set to become TSMC's biggest 7nm customer in 2020
Report: TSMC's Reducing Its Reliance on Huawei Amid US Government Scrutiny

Related:
AMD Says TSMC Can Meet Epyc Demand; Launches New, Higher-Clocked 64-Core CPU
How China Plans to Lead the Computer Chip Industry

Original Submission

upstart writes in with an IRC submission for Bytram:

Blood Plasma From Survivors Will Be Given to Coronavirus Patients:

Can blood from coronavirus survivors help other people fight the illness? Doctors in New York will soon be testing the idea in hospitalized patients who are seriously ill.

Blood from people who have recovered can be a rich source of antibodies, proteins made by the immune system to attack the virus. The part of the blood that contains antibodies, so-called convalescent plasma, has been used for decades to treat infectious diseases, including Ebola and influenza.

"It's kind of difficult scientifically to know how valuable it is in any disease until you try," said Dr. David L. Reich, president and chief operating officer of the Mount Sinai Hospital, which will be using the treatment. "It's not exactly a shot in the dark, but it's not tried and true."

Dr. Reich said it would be tried as a treatment for hospitalized patients who had a moderate form of the disease and had trouble breathing, but not for those who are in advanced stages of the disease.

"The idea is to get to the right patients at the right time," he said. "But it's experimental."

Researchers at Mount Sinai were among the first in the United States to develop a test that can detect antibodies in recovering patients, an essential part of this treatment strategy.

On Tuesday, the Food and Drug Administration gave permission for the plasma to be used experimentally on an emergency basis to treat coronavirus patients, and hospitals in New York quickly began asking to participate, said Dr. Bruce Sachais, chief medical officer of the New York Blood Center, which will collect, test and distribute the plasma.

"Our main focus is, how do we implement this quickly to help the hospitals get product to their patients," Dr. Sachais said. "We have blood centers in New England, Delaware and the Midwest, so we can do the same thing in other regions. We're working with other blood centers and hospitals that may collect their own blood and want to do this. We may not be able to collect enough plasma in New York to help the entire country, so we want to share with other centers to help them."

Original Submission

Arthur T Knackerbracket has found the following story:

Despite humanity's current struggle against the novel coronavirus, and despite it taking up most of our attention, other threats still exist. The very real threat of a possible asteroid strike on Earth in the future is taking a backseat for now, but it's still there.

Though an asteroid strike seems kind of ephemeral right now, it's a real threat, and one that—unlike a coronavirus—has the potential to end humanity. Agencies like NASA and the ESA are still working on their plans to protect us from that threat.

NASA's DART (Double Asteroid Redirection Test) mission is scheduled to launch on July 22, 2021. It's a demonstration mission to study the use of kinetic impact to deflect an asteroid. It'll head for the tiny binary asteroid system called Didymos, (or 65803 Didymos.) This double asteroid system poses no threat to Earth.

[...] The engine comes in two primary components: the thruster and the power processing unit (PPU.) NEXT-C is getting ready for the mission with a series of tests, both performance and environmental. The thruster was put through vibration, thermal vacuum and performance tests before being integrated with its PPU. It was also subjected to simulated spaceflight conditions: the extreme vibration during launch, and the extreme cold of space.

NEXT-C is a powerful engine. It's nothing like a rocket, which requires a massive amount of thrust to lift something away from Earth's gravity. But in terms of ion drives, it's a very powerful unit. It's about three times more powerful than the NSTAR ion drives on NASA's DAWN and Deep Space One spacecraft.

NEXT can produce 6.9 kW thrust power and 236 mN thrust. The engine has produced the highest total impulse of any ion engine: 17 MN·s. It also has a specific impulse, which is a measure of how efficiently it uses propellant, of 4,190 seconds, compared to NSTAR's 3,120.

Original Submission

Rich26189 writes:

About a year ago, Zachary McCoy took a bike ride around his neighborhood in Gainesville, Florida. It may have been forgettable to him, but not to history. Because McCoy used an app to track his mileage, the route was forever etched in the Google-verse and attached to his name.

On the day of this ill-fated bike ride, McCoy passed a certain neighbor's house three times. While this normally wouldn't raise alarm, the neighbor happened to be the victim of a burglary that day, and had thousands of dollars worth of jewelry stolen. The Gainesville police had zero leads after a four-day investigation, so they went to the county to get a geofence warrant. Thanks to all the location data McCoy had willingly generated, he became the prime suspect.

From hackaday:
https://hackaday.com/2020/03/25/geofence-warrant-sends-mans-privacy-over-the-handlebars/

Oblig. xkcd.

Original Submission

takyon writes:

Internet Archive offers 1.4 million copyrighted books for free online

One of the casualties of coronavirus-related social distancing measures has been public libraries, which are shut down in many communities around the world. This week, the Internet Archive, an online library best known for running the Internet's Wayback Machine, announced a new initiative to expand access to digital books during the pandemic.

For almost a decade, an Internet Archive program called the Open Library has offered people the ability to "check out" digital scans of physical books held in storage by the Internet Archive. Readers can view a scanned book in a browser or download it to an e-reader. Users can only check out a limited number of books at once and are required to "return" them after a limited period of time.

Until this week, the Open Library only allowed people to "check out" as many copies as the library owned. If you wanted to read a book but all copies were already checked out by other patrons, you had to join a waiting list for that book—just like you would at a physical library.

Of course, such restrictions are artificial when you're distributing digital files. Earlier this week, with libraries closing around the world, the Internet Archive announced a major change: it is temporarily getting rid of these waiting lists.

"The Internet Archive will suspend waitlists for the 1.4 million (and growing) books in our lending library by creating a National Emergency Library to serve the nation's displaced learners," the Internet Archive wrote in a Tuesday post. "This suspension will run through June 30, 2020, or the end of the US national emergency, whichever is later."

Original Submission

upstart writes in with an IRC submission for SoyCow8162:

HBO's 'Kill Chain' doc highlights the flaws in US election machines:

While COVID-19 might be putting just about everything else on hold, we're still marching towards a presidential election later this year. After the high-profile interference of 2016, election security and foreign meddling are still critical issues, but many states still aren't doing enough to ensure the integrity of the process. A documentary premiering tonight on HBO proves a sobering reminder of the fragility of America's voting infrastructure.

While the matter is of grave concern across the country, Kill Chain: The Cyber War on America's Elections delves into problems with some specific machines and issues in certain states. For instance, back in 2005, security researcher Harri Hursti (a key figure in the film) demonstrated a memory card exploit that could alter votes on an optical scan voting machine. Those Diebold machines are still in operation in 20 states and are slated for use in November, the filmmakers note.

Elsewhere, a judge banned Georgia from continuing to use the vulnerable systems it had in place for well over a decade. In the wake of the contentious 2018 gubernatorial election, officials had new machines in place for this month's presidential primary. While the replacements can print paper ballots, which are important for proper vote auditing, they're still very much vulnerable as they run on Windows 7 -- for which Microsoft recently ended support.

We also hear from an Indian hacker who says he was able to gain full access to Alaska's system, including live voting data, during the 2016 presidential election. He claims he'd have been able to remove a candidate from the ballot or change any vote, but decided not to for fear of triggering some kind of alarm.

Original Submission

martyb writes:

Announcing The Unicode® Standard, Version 13.0:

Version 13.0 of the Unicode Standard is now available, including the core specification, annexes, and data files. This version adds 5,390 characters, for a total of 143,859 characters. These additions include four new scripts, for a total of 154 scripts, as well as 55 new emoji characters.

The new scripts and characters in Version 13.0 add support for modern language groups in Africa, Pakistan, South Asia, and China:

[...] Support for scholarly work was extended worldwide, including:

[...] Popular symbol additions include:

[...] Important chart font updates, including:

[...] Additional support for lesser-used languages and scholarly work was extended, including:

When will the first, all-emoji story or comment appear on SoylentNews? What are people going to do if they use text-only browsers or are visually-impaired?

Original Submission

upstart writes in with an IRC submission for Bytram:

Now that everyone's using Zoom, here are some privacy risks you need to watch out for:

Now that you've finished choosing your custom Zoom background, mercifully sparing your fellow workers-from-home the sight of a growing pile of gym socks behind your desk, you might think you've got a handle on the conference call software du jour. Unfortunately, there are a few other data security considerations to make if you want to hide your dirty laundry.

Privacy experts have previously expressed concerns about Zoom: In 2019, the video-conferencing software experienced both a webcam hacking scandal, and a bug that allowed snooping users to potentially join video meetings they hadn't been invited to. This month, the Electronic Frontier Foundation cautioned users working from home about the software's onboard privacy features.

[...]Here are some of the privacy vulnerabilities in Zoom that you should watch out for while working remotely.

[...] Tattle-Tale
Whether you're using Zoom's desktop client or mobile app, a meeting host can enable a built-in option which alerts them if any attendees go more than 30 seconds without Zoom being in focus on their screen.

upstart writes in with an IRC submission for SoyCow8162:

Cyber insurer Chubb had data stolen in Maze ransomware attack – TechCrunch:

Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, has itself become a target of a data breach.

The insurance giant told TechCrunch it was investigating a "security incident" involving the unauthorized access to data belonging to an unnamed third-party. Chubb spokesperson Jeffrey Zack said the company had "no evidence" the incident affected Chubb's own network and that its network "remains fully operational." But the spokesperson declined to comment further or answer any of our questions, including if its customers were affected.

Brett Callow, a threat analyst at security firm Emsisoft, first alerted TechCrunch to the breach on Thursday. According to Callow, the security incident was a data-stealing ransomware attack launched by the Maze ransomware group. Maze not only spreads across a network, infecting and encrypting every computer in its path, it also exfiltrates the data to the attackers' servers where it is held for ransom. If a ransom isn't paid, the attackers publish the files online.

[...] Callow said the attackers behind the incident posted a listing on their website claiming to have data stolen from Chubb in earlier in March. The listing included the names and email addresses of three senior executives, including CEO Evan Greenberg.

Original Submission

DannyB writes:

Seven Stages of Open Software

This post lays out the different stages of openness in Open Source Software (OSS) and the benefits and costs of each.

[...] Is Linux as open as TensorFlow? How about my personal project? Is that the same? [ . . . . ]

To help give depth to this topic, this post structures opening software into a sequence of stages of openness.

1. Publicly visible source code: We uploaded our code to GitHub
2. Licensed for reuse: And let people use it for free
3. Accepting contributions: And if they submit a patch, we'll take the time to look at it, and work with them to merge it in
4. Open development: And when we work we'll make sure that all of our communication happens in the open as well, so that others can see what we're doing and why
5. Open decision making: And that communication will be open to the public, so that everyone can weigh in, vote, and determine what happens to the project
6. Multi-institution engagement: So much so that no single institution or individual has control over the project
7. Retirement: So now we can retire, and know that the software will live on forever

To be clear, I'm not advocating that going deeper into this hierarchy is a good thing. Often it's more productive to stop somewhere around 3 to 5 [ . . . ]

What about code written merely to solve one person's problem or to amuse themself?

Original Submission

DannyB writes:

Plasma Bigscreen Is A New Smart TV Experience Powered By Raspberry Pi 4 And KDE

Want to turn your dumb TV into a smart one? Or maybe you'd prefer to have a more privacy respecting, open source operating system powering your TV experience? Just take one part KDE Plasma, one part Rasbperry Pi 4, and one part Mycroft AI voice assistant, and you've got Plasma Bigscreen. It's a new venture that transforms the KDE Linux desktop into a "10 foot experience" using the speed and flexibility of KDE Neon, complete with voice control and Alexa-like assistant skills.

Smart TVs are becoming more and more complete computers, but unfortunately there the experience tends to be a tight walled garden between proprietary platform, services and privacy-infringing features. Features which are very cool, like voice control, but in order to not pose a threat to the user privacy should be on a free software stack and depending less on proprietary cloud platforms where possible. -- Plasma Bigscreen developer Marco Marin

Plasma Bigscreen is just entering Beta, and is currently available to download and install on the Raspberry Pi 4. On paper, it looks incredible promising for a few reasons:

Other features include: Privacy-focused (i.e., locally-processed) voice control as well as free (as in beer and as in libre) open source software that can be controlled with a remote or mouse/keyboard. Further, security updates are more likely to be created and made available with a popular operating system and browser.

If it is truly controllable by the user, then it could be turned into a "dumb" TV which would be deprived of some advertising.

Original Submission

DannyB writes:

SpaceX has won a big NASA contract to fly cargo to the Moon

"This is another critical piece of our plan to return to the Moon sustainably."

[...] Last summer, NASA put out a call for companies who would be willing to deliver cargo to a proposed station in orbit around the Moon, called the Lunar Gateway. On Friday, NASA announced that the first award under this "Gateway Logistics" contract would go to SpaceX.

The company has proposed using its Falcon Heavy rocket to deliver a modified version of its Dragon spacecraft, called Dragon XL, to the Lunar Gateway. After delivering cargo, experiments and other supplies, the spacecraft would be required to remain docked at the Gateway for a year before "autonomous" disposal.

"This contract award is another critical piece of our plan to return to the Moon sustainably," NASA Administrator Jim Bridenstine said in a news release. "The Gateway is the cornerstone of the long-term Artemis architecture, and this deep space commercial cargo capability integrates yet another American industry partner into our plans for human exploration at the Moon in preparation for a future mission to Mars."

SpaceX's most powerful rocket will send NASA cargo to the moon's orbit to supply astronauts:

The National Aeronautics and Space Administration on Friday picked SpaceX as the first supplier to bring cargo to the agency's Gateway station in orbit around the moon, a big contract win for Elon Musk's space company.

SpaceX said it will use a new variation of its cargo spacecraft, called Dragon XL, to carry "more than 5 metric tons of cargo to Gateway in lunar orbit." The company will lift the spacecraft using its Falcon Heavy rocket, the most powerful rocket in the world.

I thought SLS was going to return us to the moon.

Original Submission