SoylentNews

upstart writes in with an IRC submission:

Americans are drinking bleach and dunking food in it to prevent COVID-19:

Americans are doing more housecleaning and disinfecting amid the COVID-19 pandemic and many are turning to wild and dangerous tactics—like drinking and gargling bleach solutions.

Back in April, the agency noted an unusual spike in poison control center calls over harmful exposures to household cleaning products, such as bleach. The timing linked it to the spread of the pandemic coronavirus, SARS-CoV-2 (not statements by President Trump). But to get a clearer idea of what was behind the rise, CDC researchers set up an online survey of household cleaning and disinfection knowledge and practices.

In all, they surveyed 502 US adults and used statistical weighting to make it representative of the country's population. The findings—published Friday in the CDC's Morbidity and Mortality Weekly Report—are stunning.

Overall, 60 percent said they were doing more cleaning and disinfecting amid the pandemic and 39 percent admitted to doing at least one non-recommended cleaning practice the CDC considers high risk.

The questions and responses are fully available (NO paywall); read it here:

Journal Reference
Gharpure R, Hunter CM, Schnall AH, et al. Knowledge and Practices Regarding Safe Household Cleaning and Disinfection for COVID-19 Prevention, [OPEN] MMWR. Morbidity and Mortality Weekly Report (DOI: 10.15585/mmwr.mm6923e2)

RandomFactor writes:

Beginning around June 1, A wave of eCh0raix/QNAPCrypt ransomware attacks has been observed targeting QNAP NAS devices. Vectors employed to compromise the devices are exploiting known vulnerabilities and brute-force attacks on weak passwords.

QNAP already addressed the vulnerabilities issues in the following QTS versions:

• QTS 4.4.2.1270 build 20200410 and later
• QTS 4.4.1.1261 build 20200330 and later
• QTS 4.3.6.1263 build 20200330 and later
• QTS 4.3.4.1282 build 20200408 and later
• QTS 4.3.3.1252 build 20200409 and later
• QTS 4.2.6 build 20200421 and later

--- QNAP Advisory: Multiple Vulnerabilities in File Station. (June 5, 2020)

As would be expected, "QNAP strongly recommends updating your QTS to the latest available version for your NAS model."

The ransomware is attributed to the financially motivated Russian cybercrime group 'FullofDeep', the attackers are demanding $500 in bitcoin to decrypt files, which are encrypted with AES CFB.

upstart writes in with an IRC submission:

Google fixes Android flaws that allow code execution with high system rights:

Google has shipped security patches for dozens of vulnerabilities in its Android mobile operating system, two of which could allow hackers to remotely execute malicious code with extremely high system rights.

In some cases, the malware could run with highly elevated privileges, a possibility that raises the severity of the bugs. That's because the bugs, located in the Android System component, could enable a specially crafted transmission to execute arbitrary code within the context of a privileged process. In all, Google released patches for at least 34 security flaws, although some of the vulnerabilities were present only in devices available from manufacturer Qualcomm.

Google's June security bulletin. DHS advisory.

You know wireless branded phones won't get these updates.

Original Submission

upstart writes in with an IRC submission:

How CNET got banned by Google:

This story is part of CNET at 25, celebrating a quarter century of industry tech and our role in telling you its story.

[...] [Elinor Mills] started [at CNET] in 2005 with arguably the hottest beat: internet companies, primarily rising star Google, and Yahoo, which was losing the internet search battle. I'd met Google co-founder Sergey Brin in 1999 when he gave me a desk-side demo of the simple and fast Google search site. By the mid-aughts, the company had come a long way, going public in 2004. The hugely popular Google search was raking in ad revenue, but the fact that Google knew all of our web searches and the content of Gmails had some people worried about privacy risks. I decided that for my first big feature in my new job I'd do a deep dive into Google's services to see if the concerns were justified. The resulting article -- published Aug. 3, 2005, under the headline Google balances privacy, reach -- would be the high-water mark of my journalism career. It certainly wasn't a wash for Google, either. The company's extreme reaction to my story prompted widespread criticism, led to a mini backlash and served as a case study in how not to deal with the media over perceived bad press.

[...] After I pitched the story to my editor, Jim Kerstetter, I spent a month researching and reporting the ins and outs of Google's products and policies, trying to understand what data the company collected and how that info was used. [...] As I was starting to write the article, News Editor Scott Ard stopped by my desk. With a mischievous glint in his eye, he suggested that I google Schmidt to see what types of information I could find.

The linked article is well worth reading, especially on how NOT to deal with the press!

Original Submission

takyon writes:

'Poisoned arrow' defeats antibiotic-resistant bacteria: A dual-mechanism antibiotic kills Gram-negative bacteria and avoids drug resistance (SD)

Poison is lethal all on its own — as are arrows — but their combination is greater than the sum of their parts. A weapon that simultaneously attacks from within and without can take down even the strongest opponents, from E. coli to MRSA (methicillin resistant Staphylococcus aureus).

A team of Princeton researchers reported today [DOI: 10.1016/j.cell.2020.05.005] [DX] in the journal Cell that they have found a compound, SCH-79797, that can simultaneously puncture bacterial walls and destroy folate within their cells — while being immune to antibiotic resistance.

[...] "This is the first antibiotic that can target Gram-positives and Gram-negatives without resistance," said Zemer Gitai, Princeton's Edwin Grant Conklin Professor of Biology and the senior author on the paper. "From a 'Why it's useful' perspective, that's the crux. But what we're most excited about as scientists is something we've discovered about how this antibiotic works — attacking via two different mechanisms within one molecule — that we are hoping is generalizable, leading to better antibiotics — and new types of antibiotics — in the future."

[...] To prove its resistance to resistance, Martin tried endless different assays and methods, none of which revealed a particle of resistance to the SCH compound. Finally, he tried brute force: for 25 days, he "serially passaged" it, meaning that he exposed bacteria to the drug over and over and over again. Since bacteria take about 20 minutes per generation, the germs had millions of chances to evolve resistance — but they didn't. To check their methods, the team also serially passaged other antibiotics (novobiocin, trimethoprim, nisin and gentamicin) and quickly bred resistance to them.

Proving a negative is technically impossible, so the researchers use phrases like "undetectably-low resistance frequencies" and "no detectable resistance," but the upshot is that SCH-79797 is irresistible — hence the name they gave to its derivative compounds, Irresistin.

Journal Reference:
James K. Martin, Joseph P. Sheehan, Benjamin P. Bratton, et al. A Dual-Mechanism Antibiotic Kills Gram-Negative Bacteria and Avoids Drug Resistance. Cell, 2020; DOI: 10.1016/j.cell.2020.05.005

Original Submission

upstart writes in with an IRC submission:

Zoom says free users won't get end-to-end encryption so FBI and police can access calls:

Video calling company Zoom confirmed this week that it won't enable end-to-end encryption for free calls in part because it wants to give law enforcement access to these calls if necessary. "We think this feature should be a part of our offering" for professional customers, said Zoom CEO Eric Yuan in a meeting with investors Tuesday. "Free users — for sure we don't want to give [them] that, because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose."

Encryption is a key issue for Zoom, which has been attempting to beef up its privacy and security after heavy usage exposed weak points during the COVID-19 pandemic. Reuters reported last week that the company will only roll out high-security end-to-end encryption to paying customers, potentially with exceptions for dissident groups or nonprofits that require the added security.

Additional Coverage At:
Zoom Restricts End-to-End Encryption to Paid Users
Zoom's End-to-End Encryption Will Be for Paying Customers Only
Zoom says free users won't get end-to-end encryption so FBI and police can access calls
Zoom faces criticism for denying free users e2e encryption

Original Submission

upstart writes in with an IRC submission:

Germany will require all petrol stations to provide electric car charging

FRANKFURT (Reuters) - Germany said it will oblige all petrol stations to offer electric car charging to help remove refuelling concerns and boost consumer demand for the vehicles as part of its 130 billion euro ($146 billion) economic recovery plan.

The move could provide a significant boost to electric vehicle demand along with the broader stimulus plan which included taxes to penalise ownership of large polluting combustion-engined sports utility vehicles and a 6,000 euro subsidy towards the cost of an electric vehicle.

Germany's announcement follows a French plan to boost electric car sales announced last week by President Macron.

"It's a very clear commitment to battery-powered vehicles and establishes electric mobility as a technology of the future," energy storage specialist The Mobility House, whose investors include Daimler (DAIGn.DE) and the Renault-Nissan-Mitsubishi alliance, said.

"Internationally this puts Germany in the leading group of battery electric vehicle support."

As part of the government stimulus, 2.5 billion euros will be spent on battery cell production and charging infrastructure, a field where oil majors, utilities and carmakers, including Shell (RDSa.L), Engie (ENGIE.PA) and Tesla (TSLA.O), are vying for dominance.

Original Submission

upstart writes in with an IRC submission:

Instacart makes changes to tip policy following shopper complaints – TechCrunch:

Instacart announced today that it is changing its tip policy to protect its growing shopper network from tip-baiting. Tip-baiting, a grotesque tactic, is when customers bait shoppers with a big tip and then reduce the tip to zero after they receive their groceries. It emerged as Instacart's demand skyrocketed due to the pandemic and people being unable to go to the grocery store.

Instacart continues to say that tip-baiting is rare and that less than 0.5% of orders have tips removed after delivery. It says tip totals have doubled for shoppers since the COVID-19 pandemic began. However, the policy change shows progress on how the company treats its shopper network, who have been essential as shelter-in-place orders keep people and the immunocompromised from going to grocery stores.

Instacart is now requiring customers who remove tips after delivery to leave feedback, and claims it will deactivate any customer who consistently removes tips. The company also said that it is reducing the tip-adjustment window (the time period for how long a customer can change the tip) from three days to 24 hours.

Original Submission

upstart writes in with an IRC submission:

FTC fines kids' app developer HyperBeard $150K for use of third-party ad trackers – TechCrunch:

The U.S. Federal Trade Commission (FTC) today announced a settlement of $150,000 with HyperBeard, the developer of a collection of children's mobile games over violations of U.S. Children's Online Privacy Protection Act Rule (COPPA Rule). The company's applications had been downloaded more than 50 million times on a worldwide basis to date, according to data from app intelligence firm Sensor Tower.

A complaint filed by the Dept. of Justice on behalf of the FTC alleged that HyperBeard had violated COPPA by allowing third-party ad networks to collect personal information in the form of persistent identifiers to track users of the company's child-directed apps. And it did so without notifying parents or obtaining verifiable parental consent, as is required. These ad networks then used the identifiers to target ads to children using HyperBeard's games.

[...] The FTC determined HyperBeard's apps were marketed toward children because they used brightly colored, animated characters like cats, dogs, bunnies, chicks, monkeys and other cartoon characters, and were described in child-friendly terms like "super cute" and "silly." The company also marketed its apps on a kids' entertainment website, YayOMG, published children's books and licensed other products, including stuffed animals and block construction sets, based on its app characters.

[...] In HyperBeard's settlement with the FTC, the company has agreed to pay a $150,000 fine and delete the personal information it illegally collected from children under the age of 13. The settlement had originally included a $4 million penalty, but the FTC suspended it over HyperBeard's inability to pay the full amount. But that larger amount will become due if the company or its CEO, Alexander Kozachenko, are ever found to have misrepresented their finances.

Original Submission

upstart writes in with an IRC submission:

Lidar helps uncover an ancient, kilometer-long Mayan structure – TechCrunch:

Lidar is fast becoming one of the most influential tools in archaeology, revealing things in a few hours what might have taken months of machete wielding and manual measurements otherwise. The latest such discovery is an enormous Mayan structure, more than a kilometer long, 3,000 years old, and seemingly used for astronomical observations.

Takeshi Inomata of the University of Arizona is the lead author of the paper describing the monumental artificial plateau, published in the journal Nature. This unprecedented structure — by far the largest and oldest of its type — may remind you of another such discovery, the "Mayan megalopolis" found in Guatemala two years ago.

[...] Such huge structures, groups of foundations, and other evidence of human activity may strike you as obvious. But when you're on the ground they're not nearly as obvious as you'd think — usually because they're covered by both a canopy of trees and thick undergrowth.

"I have spent thousands of hours of fieldwork walking behind a local machete-wielding man who would cut straight lines through the forest," wrote anthropologist Patricia McAnany, who was not involved in the research, for an commentary that also appeared in Nature. "This time-consuming process has required years, often decades, of fieldwork to map a large ancient Maya city such as Tikal in Guatemala and Caracol in Belize."

[...] What emerged was an enormous ceremonial center now called Aguada Fénix, the largest feature of which is an artificial plateau more than 10 meters tall and 1.4 kilometers in length. It is theorized that these huge plateaus, of which Aguada Fénix is the oldest and largest, were used to track the movement of the sun through the seasons and perform various rites.

Journal Reference:
Takeshi Inomata, Daniela Triadan, Verónica A. Vázquez López, et al. Monumental architecture at Aguada F├⌐nix and the rise of Maya civilization, Nature (DOI: 10.1038/s41586-020-2343-4)

Original Submission

upstart writes in with an IRC submission:

Ransomware gang is auctioning off victims' confidential data:

The Happy Blog, a dark Web site maintained by the criminals behind the ransomware known by the names REvil, Sodin, and Sodinokibi, began the online bidding process earlier on Tuesday. Previously, the group published limited details of selected victim data and threatened to air additional confidential material if the owners didn't pay. Besides stealing the data, the group also encrypts it so that it's no longer accessible to the owners.

Combining the threat of publishing the data while simultaneously locking it from its rightful owner is designed to increase the chances of a payout. The new tactic furthers the pressure, possibly because previous practices haven't yielded the desired results. The ransoms demanded are frequently high, sometimes in the millions of dollars. Affected companies have also been loath to encourage further attacks by rewarding the people behind them. Added to that reluctance are new financial pressures caused by the coronavirus pandemic.

[...] The scourge of ransomware has thrived because it provides hackers with an easily monetized crime that's payable directly by the victims (assuming they pay). The anonymity of digital currencies such as Monero also play a key role in the success and persistence of the ransomware. The new high-pressure tactic suggests that while the crime has staying power, it may still be difficult to exact payments.

Original Submission

upstart writes in with an IRC submission:

PhotoRoom automagically removes background from your photo – TechCrunch:

Meet PhotoRoom, a French startup that has been working on a utility photography mobile app. The concept is extremely simple, which is probably the reason why it has attracted a ton of downloads over the past few months.

After selecting a photo, PhotoRoom removes the background from that photo and lets you select another background. When you're done tweaking your photo, you can save the photo and open it in another app.

"My original vision comes from my time when I was working at GoPro," co-founder and CEO Matthieu Rouif told me. "I often had to remove the background from images and when the designer was out of office, I would spend a ton of time doing it manually."

[...] Downloads really started to take off around February. PhotoRoom now has 300,000 monthly active users. The app is only available on iOS for now. And if you're a professional using it regularly, you can pay for a subscription ($9.49 per month or $46.99 per year) to remove the watermark and unlock more features.

"Subscriptions are what works best on mobile for photo and video apps," Rouif said.

[...] Like VSCO, Darkroom, PicsArt, Filmic Pro and Halide, PhotoRoom belongs to a group of prosumer apps that are tackling photo and video editing from different ways. A generation of users who grew up using visual social networks are now pushing the limits of those apps — they look simple when you first use them, but they offer a ton of depth when you learn what you can do with them. And they prove that smartphones can be great computers, beyond content consumption.

Original Submission

upstart writes in with an IRC submission:

AT&T exempts HBO Max from data caps but still limits your Netflix use;:

AT&T's new HBO Max streaming service is exempt from the carrier's mobile data caps, even though competing services such as Netflix, Amazon, and Disney+ count against the monthly data limits. This news was reported today in an article by The Verge, which said that AT&T "confirmed to The Verge that HBO Max will be excused from the company's traditional data caps and the soft data caps on unlimited plans."

The traditional data caps limit customers to a certain amount of data each month before they have to pay overage fees or face extreme slowdowns for the rest of the month. "Soft data caps on unlimited plans" apparently is a reference to the 22GB or 50GB thresholds, after which unlimited-data users may be prioritized below other users when connecting to a congested cell tower.

"According to an AT&T executive familiar with the matter, HBO Max is using AT&T's 'sponsored data' system, which technically allows any company to pay to excuse its services from data caps," The Verge wrote. "But since AT&T owns HBO Max, it's just paying itself: the data fee shows up on the HBO Max books as an expense and on the AT&T Mobility books as revenue. For AT&T as a whole, it zeroes out. Compare that to a competitor like Netflix, which could theoretically pay AT&T for sponsored data, but it would be a pure cost."

Original Submission

upstart writes in with an IRC submission:

Tic-Tac-Toe Implemented In Single Call To Printf():

[Nicholas Carlini] programmed a C implementation of two-player Tic Tac Toe, and he did it in a single call to printf(). The arguments for that single function call get mind-bendingly complex, so it may come as no surprise that it was written for The International Obfuscated C Code Contest (IOCCC).

Most of us are aware that printf() is one of those functions that is considerably more complex under the hood, and capable of far more, than it may appear to be. But did you know that it is capable of Turing-complete computation?

Can't wait to see the version that can play checkers and chess!

Original Submission

upstart writes in with an IRC submission:

Get it over with, or procrastinate? New research explores our decision-making process:

New research from the UBC Sauder School of Business may have figured out why. The study, published in the Journal of Consumer Psychology, reveals key insights into how excitement, anticipation and dread factor into people's decision-making.

"This stems from the phenomenon known as 'the sign effect'," says the study's author and UBC Sauder assistant professor, David Hardisty. "A person's desire to get positive things right away is stronger than their desire to put off negative ones. However, the timing of when a person wants to handle negative things is less obvious."

Hardisty and his team found that when people look toward positive events in the future, such as an upcoming vacation, they experience pleasure, but also impatience, which makes for a mixed emotional experience.

When it comes to upcoming losses, however, the emotion tends to be all bad -- even if that root canal is far away and life at this moment is good. So rather than postpone those negative events, many prefer to get them out of the way as soon as possible.

"When you're booking a vacation, you're vicariously enjoying the vacation, which is great, but you're also contrasting it with your current situation, which is bad. So you have that mix," says Hardisty. "And for losses, it's more of a unidimensional bad feeling. When you have a dentist's appointment coming up, you don't like thinking about the pain in the dental chair."

Journal Reference
David J. Hardisty, Elke U. Weber. Impatience and Savoring vs. Dread: Asymmetries in Anticipation Explain Consumer Time Preferences for Positive vs. Negative Events, Journal of Consumer Psychology (DOI: 10.1002/jcpy.1169)

Original Submission