SoylentNews

takyon writes:

Consent to being surveilled or risk getting fired, says Amazon

Remember the AI cameras Amazon said it was going to install in its delivery vans to, erm, monitor their driving behaviour? The company is now deploying them and has asked tens of thousands of its employees to consent to being biometrically surveilled.

The e-commerce giant, however, isn't really giving them much of a choice. They have to agree or they can't drive the vans at all. In short, they have to suck it up or they lose their jobs. Referring to its AI-powered cameras, Amazon said: "This technology may create Biometric Information, and collect, store, and use Biometric Information from such photographs," Vice reported.

The drivers also have to agree to Amazon potentially storing the data for up to 30 days after it was collected. Some have refused and given up their jobs. The cameras developed by Netradyne are running machine learning software to detect 16 different types of behaviour, including everything from failing to brake at a stop sign, or speeding, to not wearing a seat belt or if the camera is obstructed.

See also: Amazon ditching plans to monitor delivery drivers for mask wearing

Amazon has dropped plans to use in-vehicle cameras to record which delivery service provider (DSP) drivers are wearing masks. [...] Amazon plans to use the in-vehicle cameras to monitor safe driving behaviors, including distracted driving. In a recent training video, however, the company added mask wearing as one of the behaviors it would monitor, The Information reported.

Original Submission

upstart writes in with an IRC submission:

As the Arctic warms, lightning strikes are more frequent -- even near the North Pole:

As the Arctic warms, lightning strikes are more frequent -- even near the North Pole

In fact, Arctic lightning has tripled in just the last decade, according to a new study, published this week in the Geophysical Research Letters.

The University of Washington study used data collected by its network of lightning sensors, called the World Wide Lightning Location Network (WWLLN), which has been tracking lightning strokes globally since 2004. The data showed that above 65 degrees latitude the number of lightning strikes has increased significantly from 2010 to 2020.

While the study focused on areas inside the Arctic Circle -- northern portions of Canada, Alaska, Russia, Greenland and the central Arctic Ocean -- not all of those areas had equal results.

[...] In August 2019, there was one particularly unique event in which nearly 30 strikes were registered less than about 60 miles from the North Pole. This was a "major convective event" and it was unique to have lightning that close to the North Pole, according to the study.

Journal Reference:
R. H. Holzworth, J. B. Brundell, M. P. McCarthy, et al. Lightning in the Arctic, Geophysical Research Letters (DOI: 10.1029/2020GL091366)

Original Submission

upstart writes in with an IRC submission:

OpenSSL fixes high-severity flaw that allows hackers to crash servers:

OpenSSL, the most widely used software library for implementing website and email encryption, has patched a high-severity vulnerability that makes it easy for hackers to completely shut down huge numbers of servers.

[...] On Thursday, OpenSSL maintainers disclosed and patched a vulnerability that causes servers to crash when they receive a maliciously crafted request from an unauthenticated end user. CVE-2021-3449, as the denial-of-server vulnerability is tracked, is the result of a null pointer dereference bug. Cryptographic engineer Filippo Valsorda said on Twitter that the flaw could probably have been discovered earlier than now.

"Anyway, sounds like you can crash most OpenSSL servers on the Internet today," he added.

CVE-2021-3449 looks like it could have been found easily if anyone figured out how to fuzz renegotiation, but renegotiation is sadness.

Anyway, sounds like you can crash most OpenSSL servers on the Internet today.

— Filippo Valsorda 💚🤍❤️ ✊ (@FiloSottile) March 25, 2021

Hackers can exploit the vulnerability by sending a server a maliciously formed renegotiating request during the initial handshake that establishes a secure connection between an end user and a server.

[...] OpenSSL versions 1.1.1h and newer are vulnerable. OpenSSL 1.0.2 is not impacted by this issue. Akamai researchers Xiang Ding and Benjamin Kaduk discovered and reported the bug, respectively. It was patched by Tomáš Mráz, a principal software engineer at Red Hat and a member of the OpenSSL Technical Committee.

Apps that use a vulnerable OpenSSL version should upgrade to OpenSSL 1.1.1k as soon as possible.

According to The Mighty Buzzard, all of our servers have been checked and any needed updates have been applied. Thanks Buzz!

Original Submission

[Updated 2021-03-29 19:40:51 UTC] Ed. note: At the time of originally writing this story, the only information I could find on the ship's freeing was from directly watching it happen in real time. As originally reported here, that was on VesselFinder.com. There had been some reports last night of Ever Given having been freed, but those were later retracted. News reports were, therefore, suspect. The ship was still stuck. But then I was able to see it underway! I was also monitoring our news feeds and failed to find any reports concurrent with the apparent time of the ship's freeing. Again, the only certain information I had was watching it unfold online. In the interest of getting this breaking news to the community, accurately, and as quickly as possible, I could only refer the information I had at hand.

I'd read discussions elsewhere suggesting various approaches for freeing the ship, none of which held up to closer scrutiny. It's not just a matter of "pull harder!" The structural integrity of the ship was in question. A ship of that size undergoing an abrupt stop due to impact had the distinct possibility of breaking open and sinking. That would make the situation much, much worse. That it did no happen immediately was fortuitous. It was very much possible that a hasty attempt to free it could break it apart and sink it. That would make things much worse. Careful planning was required. Hence, the inclusion of a memorable example of Smit Salvage's successful raising of the Kursk. They knew what they were doing. Anything we could come up with was certainly already considered.

[Update 2] It's a few hours later and I'm finally seeing reports in the regular media that contains more detail. Take a look at Ship stuck in Suez Canal is freed: Everything you need to know. Sadly, even that lacks the details that I want to see. Just how did they get it free? How much and what kinds of equipment did they use? What process did they follow? What ideas did they consider and then reject, and why? If you come upon these kinds of details, please post them to the comments! --martyb

The original story appears below.

upstart writes in with an IRC submission:

These techniques may help reduce the acrimony in the comments.

Bad at public speaking? The trick is to distill your message to these 15 words, says speech trainer:

Very few of us are naturally eloquent. But in an age of disconnection — working from home, connecting with the world through a laptop camera — the ability to communicate clearly and effectively has never been more important.

My journey in public speaking started in 2010, after I discovered that 74% of Americans suffer from speech anxiety. My research led me to the Ancient Greeks, who invented speech training, to the present day, when I joined Toastmasters, the world's largest organization devoted to teaching the art of public speaking.

What did I learn? Being a great public speaker has nothing to do with your personality, with overcoming shyness or learning to act confident. It's a technical skill that nearly anyone can acquire, just like cooking.

[...] Then, it's time to distill your message. An effective method is to use this simple, 15-word sentence: As a result of my [talk], they will understand [this], and respond by [doing that].

Original Submission

Anti-aristarchus writes:

The people over at Ars Technica have an interesting, in-depth article.

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call:

At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol, part of what most people think of as a "VPN." FreeBSD is a Unix-like operating system that powers everything from Cisco and Juniper routers to Netflix's network stack, and Macy had plenty of experience on its dev team, including work on multiple network drivers.

So when Jim Thompson, the CEO of Netgate, which makes FreeBSD-powered routers, decided it was time for FreeBSD to enjoy the same level of in-kernel WireGuard support that Linux does, he reached out to offer Macy a contract. Macy would port WireGuard into the FreeBSD kernel, where Netgate could then use it in the company's popular pfSense router distribution. The contract was offered without deadlines or milestones; Macy was simply to get the job done on his own schedule.

With Macy's level of experience—with kernel coding and network stacks in particular—the project looked like a slam dunk. But things went awry almost immediately. WireGuard founding developer Jason Donenfeld didn't hear about the project until it surfaced on a FreeBSD mailing list, and Macy didn't seem interested in Donenfeld's assistance when offered. After roughly nine months of part-time development, Macy committed his port—largely unreviewed and inadequately tested—directly into the HEAD section of FreeBSD's code repository, where it was scheduled for incorporation into FreeBSD 13.0-RELEASE.

An Anonymous Coward writes:

APT Encounters of the Third Kind:

A few weeks ago an ordinary security assessment turned into an incident response whirlwind. It was definitely a first for me, and I was kindly granted permission to outline the events in this blog post. This investigation started scary but turned out be quite fun, and I hope reading it will be informative to you too. I'll be back to posting about my hardware research soon.

• How it started
• What the hell is this?
• The NFS Server
• 2nd malicious binary
• Further forensics
• Eureka Moment
• The GOlang thingy
• How the kernel got patched? and why not the golang app?
• What we have so far
• Q&A

(Inter-story links omitted. --Ed.)

Original Submission

Eratosthenes writes:

SciTechDaily reports that there is a moon in the sky, and it is waxing dangerously!

The Next Full Moon is the Worm, Crow, Crust, Sap, or Sugar Moon; the Pesach, Passover, or Paschal Moon; the Holi Festival Moon; Medin or Madin Poya; the Shab-e-Barat or Bara'at Night Moon; and (by some definitions) a Supermoon.

The next full Moon will be Sunday afternoon, March 28, 2021, appearing opposite the Sun in Earth-based longitude at 2:48 PM EDT. This will be on Monday morning from India's timezone eastward to the International Date Line. The Moon will appear full for about three days around this time, from Saturday morning through Monday night into early Tuesday morning.

In the 1930s the Maine Farmer's Almanac began publishing American Indian Moon names for each month of the year. According to this almanac, as the full Moon in March this is the Crow, Crust, Sap, Sugar, or Worm Moon. The more northern tribes of the northeastern United States knew this as the Crow Moon, when the cawing of crows signaled the end of winter. Other northern names were the Crust Moon, because the snow cover becomes crusted from thawing by day and freezing by night, or the Sap (or Sugar) Moon as this is the time for tapping maple trees. The tribes more to the south called this the Worm Moon after the earthworm casts that appear as the ground thaws. It makes sense that only the southern tribes called this the Worm Moon. When glaciers covered the northern part of North America they wiped out the native earthworms. After these glaciers melted about 12,000 years ago the more northern forests grew back without earthworms. Earthworms in these areas now are mostly invasive species introduced from Europe and Asia.

Haven't we had enough of the "Super Moons"? Remember the "Super Blood Wolf Moon" a couple of months ago? Now "Super White Worm Moon"? All astronomers know the full moon is the worst for viewing, as the full reflected brightness of the sun is too much, and blows out all the detail. Much better at a quarter. And too bad about the worms and the glaciers. Iceworms?

[Ed Note - From the fine article - "The term "supermoon" was coined by the astrologer Richard Nolle in 1979 and refers to either a new or full Moon that occurs when the Moon is within 90% of perigee, its closest approach to Earth."]

Original Submission

upstart writes in with an IRC submission for c0lo:

Landmark brain cancer vaccine passes first phase of human trials:

A new article published in the journal Nature is reporting promising results from a landmark Phase 1 human trial testing a novel vaccine designed to help a patient's immune system better target brain tumors. The data suggests the experimental vaccine is safe and stimulates a significant immune response that slows tumor progression. A larger Phase 2 trial is currently being planned.

Diffuse gliomas are a particularly difficult kind of brain cancer to treat. They can spread across the brain making it difficult to easily eliminate them through traditional surgery, but these tumors do often share a common feature – over 70 percent of low-grade gliomas have a single gene mutation affecting an enzyme called isocitrate dehydrogenase 1 (IDH1).

This IDH1 mutation is unique to gliomas and leads to the creation of novel proteins called neo-epitopes. Michael Platten, from the German Cancer Research Center, has been working for years to create a vaccine that helps a patient's immune system learn to target these IDH1 mutated cells.

[...] Looking at immune responses the researchers found 93 percent of patients displayed an effective response to the vaccine. Immune T cells specifically targeting the IDH1 mutation were detected in those responsive patients.

[...] Platten is cautious about overstating the results from this phase 1 trial, saying no further efficacy conclusions can be made without larger trials and a control group. He does note a further phase 1 trial is already underway combining the experimental vaccine with checkpoint inhibitor immunotherapy, which is known to enhance immune system activity. The hope is the combination treatment will amplify immune responses.

Original press release is available at Deutsches Krebsforschungszentrum (German Cancer Research Center).

Journal Reference:
Michael Platten, Lukas Bunse, Antje Wick, et al. A vaccine targeting mutant IDH1 in newly diagnosed glioma [open], Nature (DOI: 10.1038/s41586-021-03363-z)

Original Submission

[Ed. note: As much as this goes against the norm here, I strongly encourage folk to read the entire linked article. We continue to witness dramatic advances in computer capabilities. Just consider what we already have today: AMD's Epyc and Threadripper processors, Apple Silicon (of which the M1 processor is only a taste), multi-terabyte DDR6 memories, huge farms of SSD storage all help leverage the tremendous capabilities of the latest ray-tracing video cards. Consider this a PSA (Public Service Announcement): You've Been Warned.-martyb)

upstart writes in with an IRC submission for c0lo:

FBI Warns Imminent Deepfake Attacks "Almost Certain" - The Debrief:

The Federal Bureau of Investigation (FBI) has issued a unique Private Industry Notification (PIN) on deepfakes, warning companies that "malicious actors almost certainly will leverage synthetic content for cyber and foreign influence operations in the next 12-18 months."

[...] Creating or manipulating images and videos to depict events that never actually happened is hardly new. However, advances in machine learning and artificial intelligence have allowed for the creation of compelling and nearly indistinguishable fake videos and images.

Legacy photo editing software uses various graphic editing techniques to alter, change, or enhance images. Photo editing software such as PhotoShop can manipulate pictures to include details or even people that weren't originally in a photo. However, creating convincing false images is highly-dependent on a user's skill in using the editing software.

In contrast, deepfakes use machine learning, and a type of neural network called an autoencoder. An encoder reduces an image to a lower-dimensional latent space, allowing for a decoder to reconstruct an image from the latent representation.

Anti-aristarchus writes:

Salon has an article on Ingenuity.

In 1903, Orville and Wilbur Wright flew a plane for 12 seconds, 120 feet in the air, on what is now known as the first powered-controlled flight on Earth. Now, 118 years later, the first powered-controlled attempt at a flight on another planet is about to take place.

According to NASA, Ingenuity — the four-pound rotorcraft attached to Perseverance — is on its way to its "airfield" on Mars.

The space agency announced that its target for its first takeoff attempt will happen no earlier than April 8, 2021.

Ingenuity was designed as an experiment to see if it is possible to fly on Mars as we do here on Earth. And the process leading up to the takeoff is a very meticulous one. Consider how long it took humans to stick a powered-controlled flight on Earth; given Mars' thin atmosphere and a twenty-minute delay in communication, it is arguably more challenging on Mars.

"As with everything with the helicopter, this type of deployment has never been done before," Farah Alibay, Mars helicopter integration lead for the Perseverance rover, said in a press statement. "Once we start the deployment there is no turning back."

Every move for the next couple of weeks could make or break Ingenuity's success — starting with precisely positioning the rotorcraft in the middle of its 33-by-33-foot square airfield, which is actually a flat field on the Martian surface with no obstructions. From there, the entire deployment process from Perseverance will take about six Martian days, which are called sols. (The Martian sol is thirty-nine minutes longer than an Earth day.)

Good luck, little chopper!

Previously:
NASA Lays Out Plans for its First Flights on Mars
How NASA Designed a Helicopter that Could Fly Autonomously on Mars
NASA is Sending a Helicopter to Mars, but What For?

Original Submission

Anti-aristarchus writes:

NASA's TESS planet hunter spied 2,200 candidate worlds in its first 2 years

A NASA spacecraft built to spot alien worlds has completed its first two years of work, and the tally is in: the mission hauled in 2,241 new exoplanet candidates for scientists to study.

The Transiting Exoplanet Survey Satellite (TESS) launched in April 2018, designed to spend two years poring over most of the sky. Each month, the spacecraft turns to a new strip of stars and stares, watching for the characteristic dips in brightness caused by a planet crossing between star and telescope. In a new catalog, astronomers offer a detailed view of a host of planet candidates the spacecraft identified in its first two years of work.

"The exciting thing is to look at the map of TESS exoplanets as a kind of to-do list — with 2,000 things on it," Natalia Guerrero, a researcher at the Massachusetts Institute of Technology and the paper's lead author, said in a NASA statement.

And, more to come?

TESS is still observing; NASA extended the mission for another two-year stint, which will keep the spacecraft in business until September 2022. And scientists will be working with the existing data, including the new catalog, for years to come.

"Now the community's role is to connect the dots," Guerrero said. "It's really cool because the field is so young, there's still a lot of room for discovery: those 'Aha' moments."

The catalog is described in a paper uploaded to the preprint server arXiv.org on March 23.

Journal Reference:
Guerrero, Natalia M., Seager, S., Huang, Chelsea X., et al. The TESS Objects of Interest Catalog from the TESS Prime Mission, (DOI: https://arxiv.org/abs/2103.12538)

Original Submission

upstart writes in with an IRC submission for Runaway1956:

Windows 95 Easter egg discovered after being hidden for 25 years:

When developing software, it is not uncommon for developers to slip in a secret hidden feature, message, or even a mini-game, that users can discover by performing particular actions in a program.

[...] This week, a new Easter egg in Windows 95's Internet Mail program has been discovered by Windows hacker and developer Albacore, opening a secret window that displays a scrolling list of the developer's names.

Before this discovery, there is no known mention of this Easter egg, meaning it has remained undiscovered for close to 25 years.

[...] To access the Easter egg, users need to launch Internet Mail, click on Help, and then About. When the About screen opens, click on the listed comctl32.dll file, so it becomes highlighted, and then type MORTIMER on your keyboard.

After typing 'mortimer,' a small window will be displayed that will begin to list the Internet Mail developer's names, as shown in the video above that was shared with BleepingComputer.

See the linked story on Bleeping Computer for links to this Easter egg and another one for Windows 95 itself.

Original Submission

upstart writes in with an IRC submission:

Red Hat pulls Free Software Foundation funding over Richard Stallman's return:

The chorus of disapproval over Richard M Stallman, founder and former president of the Free Software Foundation (FSF), rejoining the organisation has intensified as Linux giant Red Hat confirmed it was pulling funding.

Stallman announced he had returned to the FSF's Board of Directors last weekend – news that has not gone down well with all in the community and Red Hat is the latest to register its dismay.

CTO Chris Wright tweeted overnight: "I am really outraged by FSF's decision to reinstate RMS. At a moment in time where diversity and inclusion awareness is growing, this is a step backwards."

Describing itself as "appalled" at the return of Stallman to the FSF board of directors "considering the circumstances of Richard Stallman's original resignation in 2019," Red Hat said it decided to act.

"We are immediately suspending all Red Hat funding of the FSF and any FSF-hosted events. In addition, many Red Hat contributors have told us they no longer plan to participate in FSF-led or backed events, and we stand behind them," said Red Hat.

[...] Red Hat's step marks an escalation in the war of words over Stallman's return. As both a long-time donor and contributor of code, the IBM-owned company's action might well give the FSF pause for thought in a way that thousands of outraged tweets might not.

FSF president Geoffrey Knauth stated his intention yesterday "to resign as an FSF officer, director, and voting member as soon as there is a clear path for new leadership."

Red Hat statement about Richard Stallman's return to the Free Software Foundation board

Original Submission

upstart writes in with an IRC submission:

Sea-level rise is accelerating to its highest levels in at least 2,000 years across the Northeast, including New York City, study says:

Along a stretch of the East Coast that includes New York City, sea-level rise has increased at its fastest rate in the prior 100 years compared to the past 2,000 years, according to a new study led by Rutgers University.

"The global rise in sea-level from melting ice and warming oceans from 1900 to 2000 led to a rate that's more than twice the average for the years 0 to 1800 — the most significant change," Rutgers said of the study's findings.

The study uses new techniques and focuses on six specific locations in the northeastern US, including three in New Jersey and one each in Connecticut, New York and North Carolina.

Human-induced climate change is fueling this more dramatic rise. The research shows that emissions of carbon dioxide and other greenhouse gases by humans burning fossil fuels have warmed up our planet, causing the oceans to warm and glaciers to melt.

[...] "If you want to know what's driving the sea level change, this budget approach is a way to break down those individual components," said Jennifer Walker, the lead author of this study and a post-doctoral researcher at Rutgers University.