SoylentNews

Snotnose writes:

You'll never guess what the most back-ordered item in the Apple catalog is. Go on, guess. I promise you'll be wrong, because it's the inane thing you can think of.

Apple's Most Back-Ordered New Product Is Not What You Expect:

Apple this month unveiled an array of new gadgets: more powerful MacBook laptop computers, AirPod wireless headphones with longer battery life and HomePod Mini speakers in three more colors.

But a different and unheralded Apple release is garnering so much interest that it has become the company's most back-ordered new product: a $19, 6.3-by-6.3-inch cloth to wipe smudges and fingerprints off screens.

The cloth, imprinted with the Apple logo in the corner, is made with "soft, nonabrasive material" to clean the screens of iPhones, iPads and MacBooks "safely and effectively," according to the product page. The listing adds that the Polishing Cloth — capital P, capital C — is "compatible" with 88 different Apple products. For most U.S. shoppers, shipment is delayed until Jan. 11, at the earliest.

Charging $19 for a piece of cloth about the size of two stacked dollar bills is bold even by Apple's standards, a company whose legions of loyal customers are conditioned to stomach steep prices.

[...] But the Polishing Cloth stands out because it is far more expensive than widely available alternatives. MagicFiber, a popular brand of microfiber cloth that uses ultrafine fibers to clean glass without scratching the surface, offers a pack of six for $9 on Amazon.

[...] Even so, the price has not stopped Apple fans from rushing to be early adopters.

See also: iFixit actually tore down Apple's backordered $19 screen cloth

Original Submission

Freeman writes:

Meta removing Facebook login requirement for Quest headsets by next year:

Last year, Facebook started requiring that new Oculus Quest users log in with their personal Facebook accounts rather than a separate Oculus account. Now, in the face of customer backlash and amid Facebook's metaverse-focused rebranding as Meta, the company says it is "working on" options for Quest users to avoid that login requirement starting next year.

"As we've focused more on work, and as we've heard feedback from the VR community more broadly, we're working on new ways to log in to Quest that won't require a Facebook account, landing sometime next year," Andrew Bosworth wrote in a Facebook post following yesterday's Connect keynote. "This is one of our highest priority areas of work internally."

Original Submission

canopic jug writes:

Back in 1998, Paul Strassmann, a former CIO of Xerox, NASA, and the US Department of Defense, wrote in Computerworld about how Microsoft's overly complex, defective, and vulnerable systems which were already a threat to national security even back then. The intervening time has shown Strassmann to have been more than correct as the problems he identified with Microsoft and its products worsen monatonically. Mitchel Lewis writes a guest post at Techrights about the current situation and how Microsoft remains a security threat against national security and systematic reliability of our computer-based society today:

That said, I think enough time has elapsed to confirm that Paul Strassmann is an authority on such matters and that Microsoft is precisely who he said they were. Further and with hindsight in our pocket, it seems as if Microsoft was merely projecting when they said Strassmann's paper was flawed and that he made errors in analyzing the state of computer security and its causes in light of their 95–99% monopoly on ransomware infections alone and that ransomware is already considered to be a national security threat.

[...] However, I'd like to think that Microsoft would get creative if the government were to sanction Microsoft by allowing allow citizens and businesses impacted by ransomware to bill Microsoft for the cost of the ransom and their losses in productivity. And although Microsoft cannot be faulted for the attacks, they can be faulted for their shit-in-hand approach to quality and security while sanctioning them until they actually take a common-sensical approach to quality and security appears to be the simplest means of combating ransomware and mitigating the threat it poses to our national security.

While 2% of known ransomware affects Android, which makes 72% of the mobile market and 41% of all clients, the rest is for Microsoft's product line which weighs in at 32% of the market nowadays. So far Microsoft's response has been weak and based on strawman fallacies with the occasional feeble ad-hominem fallacy thrown in.

Previously:
Many posts about Windows ransomware
(2021) The State Department and Three Other US Agencies Earn a D for Cybersecurity
(2016) DNC Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert
(2016) Execs: We're Not Responsible for Cybersecurity

Original Submission

upstart writes:

Science of fear: Why we love being terrified on Halloween:

On the face of it, deliberately choosing to be scared seems rather unusual.

[...] "A big part of the draw is there's an adrenaline rush'' explained Arianna Galligher, associate director of the Trauma Recovery Center at Ohio State University Wexner Medical Center.

At the exact moment we feel fear -- elicited from a jump scare in a horror film, for instance -- our brain releases a cocktail of endorphins and adrenaline. That mixture of hormones, Galligher says, is similar to what the brain sends out during moments of excitement. Of course, we rejoice in excitement. That's why fear often feels good.

"Fear and excitement are two sides of the same coin," she said. "And for a lot of people, that sort of jolt is exciting even if fear is an ingredient."

Short-lived terror can also offer a uniquely satisfying experience. When we're purely excited or happy, Galligher says our body primarily triggers dopamine, the classic pleasure hormone. But if the section of our brain responsible for judging threats, the amygdala, decides there's danger, adrenaline and a stress hormone called cortisol get added to the mix.

Those two activate our survival instincts.

"That's when you start to notice those physical sensations in your body," Galligher said. "Your breath gets kind of short and shallow, your heart might start pumping faster, you start to feel a little restless. Your eyesight gets a little better, you're keyed up, you're on edge, you're ready to react."

upstart writes:

Not spooked by Halloween ghost stories? You may have aphantasia:

So why are some people more easily spooked by stories than others? We ran an experiment to find out.

[...] One reason some people are more easily spooked could relate to how well they can visualize the scary scene in their mind.

When some people listen to a story they automatically conjure up the scene in their mind's eye, while others have to focus really hard to create any sort of mental image.

A small proportion cannot visualize images at all. No matter how hard they try, they do not see anything in their mind. This inability to visualize is known as aphantasia.

Although we have known people vary in their ability to visualize for many years, the term aphantasia was not coined until 2015.

We don't yet know exactly how many people have aphantasia. But estimates vary at 1–4% of the population.

[...] If the ability to visualize images and scenes in the mind plays a role in how we react to spooky stories, what does that mean for people with aphantasia? How do they react when reading scary stories?

upstart writes:

Elon Musk Reveals Real Reason He Supports Dogecoin, Says Many People at Tesla and Spacex Own DOGE – Altcoins Bitcoin News:

Tesla and Spacex CEO Elon Musk revealed Sunday the real reason he began supporting dogecoin. He noted that many people he talks to at both companies own the meme cryptocurrency.

Responding to a tweet by dogecoin holder Glauber Contessoto, who said the appeal for DOGE is real, referencing a survey that found about a third of U.S. crypto holders own the meme cryptocurrency, Musk wrote:

Lots of people I talked to on the production lines at Tesla or building rockets at Spacex own Doge. They aren’t financial experts or Silicon Valley technologists. That’s why I decided to support Doge — it felt like the people’s crypto.

The Doge community welcomes Musk’s comment and support. “Most of us don’t come from privileged backgrounds and honestly can’t relate to the experts in Silicon Valley,” Contessoto responded. “We just want to believe in a crypto that represents us all. Dogecoin is the little guy personified in crypto which is why we love it. We appreciate your support, Elon.”

[...] Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Original Submission

Freeman writes:

Children poisoned by birthday cake decorations loaded with lead, copper:

A recent baking trend of using "luster dusts" to give cake frostings and decorations a shimmery look has poisoned young children with heavy metals in at least two states, health researchers warn in a new report published Friday.

[...] Alarmingly, the health department investigated 28 other inedible luster dusts from the bakery that produced the toxic cake. The other dusts contained elevated levels of aluminum, barium, chromium, copper, iron, lead, manganese, nickel, and zinc, the investigators found. And after visiting other commercial bakeries, health investigators realized there was widespread use of such inedible luster dusts. The department subsequently issued health guidance to the bakeries to stop using inedible dusts, and the FDA issued an advisory.

Original Submission

upstart writes:

Hive ransomware now encrypts Linux and FreeBSD systems:

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.

However, as Slovak internet security firm ESET discovered, Hive's new encryptors are still in development and still lack functionality.

The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path.

It also comes with support for a single command line parameter (-no-wipe). In contrast, Hive's Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files.

The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems.

"Just like the Windows version, these variants are written in Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate," ESET Research Labs said.

[...] In the past, the Snatch and PureLocker ransomware operations have also used Linux variants on their attacks.

Original Submission

Freeman writes:

FCC defends Starlink approval as Viasat, Dish urge court to block SpaceX license:

With oral arguments scheduled for December 3, final briefs were filed on Tuesday by the FCC, Viasat, Dish, and SpaceX. Judges at the US Court of Appeals for the District of Columbia Circuit previously rejected Viasat's motion for a stay that would have halted SpaceX's ongoing launches of low-Earth-orbit (LEO) satellites pending the resolution of the lawsuit. Judges found that Viasat failed to show that it is likely to win its case alleging that the FCC improperly approved the satellite launches. Judges said at the time that Viasat did not meet "the stringent requirements for a stay pending court review" but granted a motion to expedite the appeal.

[...] (Update 9:39 pm EDT: After this article published, a lawyer who has been observing the case pointed out to us that the briefs we described as new are largely identical to ones that were previously filed. This week's filings were submitted on the October 26 deadline for final briefs, but the FCC brief was also submitted in a largely identical form on September 21. The only major difference is that the new versions have page citations to a joint appendix. We didn't cover these briefs at the time they were originally filed, and they are still relevant for the oral arguments scheduled for December 3; the rest of this article is unchanged.)

Previously:
Amazon Asked FCC to Reject Starlink Plan Because it Can't Compete, SpaceX Says
Blue Origin Employees Are Jumping Ship
Judges Reject Viasat's Plea to Stop SpaceX's Starlink Satellite Launches

Original Submission

DannyB writes:

From TechDirt:Swiss Court Says ProtonMail Isn't A Telecom, Isn't Obligated To Retain Data On Users

Background:

ProtonMail offers encrypted email, something that suggests it's more privacy conscious than others operating in the same arena. But, being located in Switzerland, it's subject to that country's laws. That has caused some friction between its privacy protection claims and its obligations to the Swiss government, which, earlier this year, rubbed French activists the wrong way when their IP addresses were handed over to French authorities.

The problem here wasn't necessarily the compliance with local laws. It was Proton's claim that it did not retain this information. If it truly didn't, it would not have been able to comply with this request. But it is required by local law to retain a certain amount of information. This incident coming to light resulted in ProtonMail altering the wording on its site to reflect this fact. It no longer claimed it did not retain this info. The new statement merely says this info "belongs" to users and Proton's encryption ensures it won't end up in the hands of advertisers.

The news:

[...] these retention obligations that have been challenged. These obligations undercut earlier promises made by Proton to its users -- the ones that resulted in a rewrite of its privacy guarantees as well as its cooperation with French authorities.

Fortunately for ProtonMail and its users, surveillance of the service will go back to being more limited. The Swiss Federal Administrative Court has sided with Proton, finding that it is not a service provider under the definitions included in the data retention law.

Tools can be used for bad things. Therefore we must carefully monitor their use and users. Computers can be weapons. Just ask anyone who has been hit over the head by a laptop.

See Also:
ProtonMail Deletes 'We Don't Log Your IP' Boast From Website After French Climate Activist Reported

ProtonMail logged IP address of French activist after order by Swiss authorities

Original Submission

upstart writes:

A fridge-size asteroid skimmed Earth this week in the third-closest fly-by ever:

A sneaky space rock sped by Antarctica on Sunday without any advance warning and narrowly avoided being fully incinerated by Earth's atmosphere.

Asteroid 2021 UA1 goes down as the third-closest fly-by of our planet by a near-Earth object that didn't end in an impact. The cosmic boulder is estimated to be about two meters (6.6 feet) in diameter, the size of a large appliance or a golf cart.

[...] 2021 UA1 passed over Antarctica on Sunday evening Pacific time at an altitude of about 1,800 miles (3,000 kilometers). That's higher than where the International Space Station orbits but significantly closer than the ring of large communications satellites in geostationary orbit.

[...] 2021 UA approached us from the direction of the sun -- just like the Chelyabinsk bolide[*], which was undetected before impact -- making it impossible for astronomers to spot ahead of time. Upcoming missions like NASA's NEO Surveyor are designed to eliminate this blind spot.

[*] Chelyabinsk meteor on Wikipedia.

Also at minorplanetcenter.net and Wikipedia.

Original Submission

An Anonymous Coward writes:

Air-gapped networks are wired with Ethernet cables since wireless connections are strictly prohibited.

In this paper we present LANTENNA - a new type of electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanating from the Ethernet cables, using them as antennas. A nearby receiving device can intercept the signals wirelessly, decode the data, and send it to the attacker. We discuss the exfiltration techniques, examine the covert channel characteristics, and provide implementation details. Notably, the malicious code can run in an ordinary user-mode process and successfully operate from within a virtual machine. We evaluate the covert channel in different scenarios and present a set of countermeasures. Our experiments show that with the LANTENNA attack, data can be exfiltrated from air-gapped computers to a distance of several meters away.

See LANtenna hack spies on your data from across the room! (Sort of) for a well-written (albeit a bit long) expansion of the report as well as some effective counter-measures.

Journal Reference:
Mordechai Guri. LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables, (DOI: 10.1109/COMPSAC51774.2021.00106)

Original Submission

Intel Targeting Zettascale (1000 Exaflops) by 2027?

takyon writes:

'We will not rest until the periodic table is exhausted' says Intel CEO on quest to keep Moore's Law alive

[Intel CEO Pat Gelsinger] showed a chart tracking the semiconductor giant progressing along a trend line to 1 trillion transistors per device by 2030. "Today we are predicting that we will maintain or even go faster than Moore's law for the next decade,"[*] Gelsinger said.

[...] In a Q&A session after his keynote, Gelsinger revealed that achieving zettascale computing using Intel technology "in 2027 is a huge internal initiative."

Intel Aims For Zettaflops By 2027, Pushes Aurora Above 2 Exaflops

"But to me, the other thing that's really exciting in the space is our Zetta Initiative, where we have said we are going to be the first to zettascale by a wide margin," Gelsinger told The Next Platform. "And we are laying out as part of the Zetta Initiative what we have to do in the processor, in the fabric, in the interconnect, and in the memory architecture — what we have to do for the accelerators, and the software architecture to do it. So, zettascale in 2027 is a huge internal initiative that is going to bring many of our technologies together. 1,000X in five years? That's pretty phenomenal."

[...] If you built a zettaflops Aurora machine today, assuming all of the information that we have is correct, it would take 411.5X as many nodes to do the job. So, that would be somewhere around 3.7 million nodes with 7.4 million CPUs and 22.2 million GPUs burning a mind-sizzling 24.7 gigawatts. Yes, gigawatts. Clearly, we are going to need some serious Moore's Law effects in transistors and packaging.

upstart writes:

Chicago Car Thieves Now Target Locksmiths For Key Fobs And Programming Devices:

Robbers are targeting locksmiths and their fob programmers. Detectives issued an alert about two incidents and another one that happened just five days ago.

[...] Michael Payton talked about how a mobile locksmith was feeling after he was held at gunpoint near 38th and Wabash five days ago. Payton said the locksmith told him something strange.

"Someone called and said their keys were locked inside the car and when he got there, they pulled out weapons and took whatever property, equipment he had in the vehicle," Payton said.

The locksmith was robbed at gunpoint in broad daylight. The robbery is similar to two others involving mobile locksmiths. Police said in each case, the victims were responding to requests to reprogram vehicle keys.

When they arrived, they were surrounded by two to four armed men, then their vehicle reprogramming devices and key fobs were taken.

See also: Car thieves target Milwaukee locksmiths to steal key fob programmer

upstart writes:

Emergency Google Chrome update fixes zero-days used in attacks:

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.

"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," Google disclosed in the list of security fixes in today's Google Chrome release.

upstart writes:

All Windows versions impacted by new LPE zero-day vulnerability: