Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

The US House of Representatives has just approved a “congressional disapproval” vote of privacy rules, which gives your ISP the right to sell your internet history to the highest bidder.

The measure passed by 215 votes to 205.

This follows the same vote in the Senate last week. Just prior to the vote, a White House spokesman said the president supported the bill, meaning that the decision will soon become law.

This approval means that whoever you pay to provide you with internet access – Comcast, AT&T, Time Warner Cable, etc – will be able to sell everything they know about your use of the internet to third parties without requiring your approval and without even informing you.

Your ISP already knows quite a lot about you: your name and address, quite possibly your age, and a host of other personally identifiable information such as your social security number. That’s on the customer information side. On the service side, they know which websites you visit, when, and how often.

That information can be used to build a very detailed picture of who you are: what your political and sexual leanings are; whether you have kids; when you are at home; whether you have any medical conditions; and so on – a thousand different data points that, if they have sufficient value to companies willing to pay for them, will soon be traded without your knowledge.

Source: Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules

This is just incredible, even in Trumpland: rape and pillage the peons!

Set up a VPN!

A 3 billion solar mass black hole rockets out of a galaxy at 8 million kilometers per hour.

A black hole with three billion times the mass of the Sun has been found hurtling out of its parent galaxy at 8 million kilometers per hour! What could give it that kind of incredible boost? Turns out, it’s something even more incredible: the two supermassive black holes that merged to form it in the first place.
[…]
In astronomy, you deal with a lot of ridiculously violent cosmic phenomena. Stars explode, asteroids collide, whole galaxies smash together. When you look at the math and physics, when you actually grasp the levels of power involved, it’ll make the hair on the back of your neck stand up. It’s chaos wielded on a mind-crushing scale.

And then there’s the “two supermassive black holes colliding and merging and then launching the resulting even larger billion-solar-mass black hole out of a galaxy at nearly 8 million kilometers per hour due to gravitational waves” scale of immensity.

Source: A 3 billion solar mass black hole rockets out of a galaxy at 8 million kilometers per hour. Yes, seriously.

Google Open Sources guetzli jpeg encoder

Guetzli is a JPEG encoder that aims for excellent compression density at high visual quality. Guetzli-generated images are typically 20-30% smaller than images of equivalent quality generated by libjpeg. Guetzli generates only sequential (nonprogressive) JPEGs due to faster decompression speeds they offer.

UK flight ban on electronic devices announced – copying Trumpist insanity

The UK government has announced a cabin baggage ban on laptops and tablets on direct flights to the UK from Turkey, Lebanon, Jordan, Egypt, Tunisia and Saudi Arabia.

The ban follows a similar move in the US, where officials say bombs could be hidden in a series of devices.

Downing Street said it was “necessary, effective and proportionate”.

The government has not given a start-date for the ban, but says airlines are “in the process of implementing it”.

The ban applies to any device larger than 16cm long, 9.3cm wide or 1.5cm deep. It includes smart phones, but most fall inside these limits.

Any affected device, including e-readers, will need to be placed into hold luggage.

Source: UK flight ban on electronic devices announced – BBC News

This looks like a bit of the government being “Seen to do Somethig(tm)” even if that something is incredibly useless and hinders passengers, like the ban on liquids. It also looks very much like the UK is in the pocket of the US, which looks worse now that it’s being run by wealth raping clowns.

Burglars can easily make Google Nest security cameras stop recording

The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively.

That’s easy to do as Bluetooth is never disabled after the initial setup of the cameras, and attackers (e.g. burglars) can usually come close enough to them to perform the attack.

Triggering one of these flaws will make the devices crash and reboot.

The third flaw is a bit more serious, as it allows the attacker to force the camera to temporarily disconnect from the wireless network to which it is connected by supplying it a new SSID to connect to.

If that particular SSID does not exist, the camera drops its attempt to associate with it and return to the original Wi-Fi network, but the whole process can last from 60 to 90 seconds, during which the camera won’t be recording.

Source: Burglars can easily make Google Nest security cameras stop recording – Help Net Security

A new definition would add 102 planets to our solar system — including Pluto

Pluto fans are attempting to reignite a contentious astronomy debate: What is a planet?
[…]
Is Pluto a planet?

It’s not a question scientists ask in polite company.

“It’s like religion and politics,” said Kirby Runyon, a planetary scientist at Johns Hopkins University. “People get worked up over it. I’ve gotten worked up over it.”
[…]
The issue can bring conversations to a screeching halt, or turn them into shouting matches. “Sometimes,” Runyon said, “it’s just easier not to bring it up.”

But Runyon will ignore his own advice this week when he attends the annual Lunar and Planetary Science Conference in Houston. In a giant exhibit hall crowded with his colleagues, he’s attempting to reignite the debate about Pluto’s status with an audacious new definition for planet — one that includes not just Pluto, but several of its neighbors, objects in the asteroid belt, and a number of moons. By his count, 102 new planets could be added to our solar system under the new criteria.
[…]
When the IAU voted in 2006, scientists came to the conclusion that gravitational dominance is what distinguishes the eight planets from the solar system’s other spheres. From giant Jupiter to tiny Mercury, each is massive enough to make them the bullies of their orbits, absorbing, ejecting or otherwise controlling the motion of every other object that gets too close. According to the definition, planets must also orbit the sun.

Pluto, which shares its zone of the solar system with a host of other objects, was reclassified as a “dwarf planet” — a body that resembles a planet but fails to “clear its neighborhood,” in the IAU’s parlance.
[…]
But to Runyon, that distinction is less important than what dozens of solar system worlds have in common: geology.

“I’m interested in an object’s intrinsic properties,” he said. “What it is on its surface and in its interior? Whether an object is in orbit around another planet or the sun doesn’t really matter for me.”

Runyon calls his a “geophysical” definition. A planet, he says, is anything massive enough that gravity pulls it into a sphere (a characteristic called “hydrostatic equilibrium”), but not so massive that it starts to undergo nuclear fusion and become a star.
[…]
If you talk to enough scientists on either side of this debate, you’ll notice that their arguments start to echo each other. They use the same terms to criticize the definitions they don’t like: “not useful,” “too emotional,” “confusing.” Both groups want the same thing: for the public to understand and embrace the science of the solar system. But each is convinced that only their definition can achieve that goal. And each accuses the other of confusing people by prolonging the debate.

Source: A new definition would add 102 planets to our solar system — including Pluto

Give us Pluto back!

Patents Are A Big Part Of Why We Can’t Own Nice Things: the Supreme Court Should Fix That

Today, the Supreme Court heard arguments in a case that could allow companies to keep a dead hand of control over their products, even after you buy them. The case, Impression Products v. Lexmark International, is on appeal from the Court of Appeals for the Federal Circuit, who last year affirmed its own precedent allowing patent holders to restrict how consumers can use the products they buy. That decision, and the precedent it relied on, departs from long established legal rules that safeguard consumers and enable innovation.

When you buy something physical—a toaster, a book, or a printer, for example—you expect to be free to use it as you see fit: to adapt it to suit your needs, fix it when it breaks, re-use it, lend it, sell it, or give it away when you’re done with it. Your freedom to do those things is a necessary aspect of your ownership of those objects. If you can’t do them, because the seller or manufacturer has imposed restrictions or limitations on your use of the product, then you don’t really own them. Traditionally, the law safeguards these freedoms by discouraging sellers from imposing certain conditions or restrictions on the sale of goods and property, and limiting the circumstances in which those restrictions may be imposed by contract.

Source: Patents Are A Big Part Of Why We Can’t Own Nice Things: the Supreme Court Should Fix That

Patent law out of control again

Bloke, 48, accused of whaling two US tech leviathans out of $100m

According to allegations in the indictment against Rimasauskas, which was unsealed this week, he had orchestrated his scheme between 2013 and 2015, targeting “a multinational technology company and a multinational online social media company” and tricking them into wiring funds to bank accounts under his control.

The bank accounts in question belonged to companies that Rimasauskas had himself set up and incorporated with the same name as an unspecified “Asian-based computer hardware manufacturer” with whom the victim companies were involved in legitimate business.

Rimasauskas’s phishing emails posed as if they represented the real hardware manufacturer, and requested that money which the victim companies owed to that manufacturer for legitimate good and services be paid into the accounts of the company he’d set up himself.

Source: Bloke, 48, accused of whaling two US tech leviathans out of $100m

Russian mastermind of $500m bank-raiding Citadel coughs to crimes

Mark Vartanyan, who operated under the handle “Kolypto”, was arrested in Norway last year, and extradited to America in December. The 29-year-old was charged with one count of computer fraud. On Monday, he pleaded guilty [PDF] to a district court in Atlanta, US. He faces up to 10 years in the clink and a $250,000 fine – that’s slashed from a maximum of 25 years due to his guilty plea. He will be sentenced in June.
[…]
Citadel surfaced in 2011, infected Windows PCs, and silently slurped victims’ online banking credentials so their money could be siphoned into crooks’ pockets. It could also snoop on computer screens and hold files to ransom. It was a remarkable success. US prosecutors estimate that, at its height, the malware infected 11 million computers and was responsible for the theft of more than $500m from bank accounts.

Source: Russian mastermind of $500m bank-raiding Citadel coughs to crimes

WikiLeaks’ New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago

Earlier this month, when WikiLeaks dumped a cache of hundreds of secret documents allegedly detailing the CIA’s hacking operations, Julian Assange promised that was just “less than 1%” of what the secret-spilling had in its hands. On Thursday, WikiLeaks released a new cache of twelve documents, mostly detailing how the CIA allegedly hacked Apple computers and cellphones around a decade ago.

“These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware,” WikiLeaks stated in a press release.

Source: WikiLeaks’ New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago

The reason I think that this is not getting much coverage is that by now, people just aren’t very surprised anymore…

The Senate Just Voted to Let Internet Providers Sell Your Web History

Today, the US Senate voted 50-48 to overturn broadband privacy rules that would have required internet service providers get consumer consent before selling their web browsing data to advertisers or other data companies.

The rules, which passed in October of last year, govern the collection and selling of private data by ISPs like Verizon, Comcast, or AT&T. Those rules would have required internet providers to ask for permission before selling data about your usage, like web browsing history and location, as well as data about finances, health, app usage, and more. The Senate just voted against it.

Essentially, your ISP would need your approval before they could tell advertisers what web sites you like, what apps you use, where you’re at, or any health and financial information it has on you. These protections weren’t in place yet; the privacy protection rules would go into effect as early as December 4, 2017.

Source: The Senate Just Voted to Let Internet Providers Sell Your Web History

Hardly surprising considering the 4th Reich has just been set up to allow the rape and pillage of the poor by the rich.

This AI stuff is all talk! Bots invent their own language to natter away behind humans’ backs

At first, the bot lingo was more like Morse code: an abstract symbol was agreed upon and then scattered among spaces to create meaning, the researchers explained in a blog post.

The team tweaked the experiment so that there was a slight penalty on every utterance for every bot, and they added an incentive to get the task done more quickly. The Morse code-like structure was no longer advantageous, and the agents were forced to use their “words” more concisely, leading to the development of a larger vocabulary.

The bots then sneakily tried to encode the meaning of entire sentences as a single word. For example, an instruction such as “red agent, go to blue landmark” was represented as one symbol.

Although this means the job is completed more quickly since agents spend less time nattering to one another, the vocabulary size would grow exponentially with the sentence length, making it difficult to understand what’s being said. So the researchers tried to coax the agents into reusing popular words. A reward was granted if they spoke a “particular word that is proportional to how frequently that word has been spoken previously.”

Since the AI babble is explicitly linked to its simple world, it’s no wonder that the language lacks the context and richness of human language.

Source: This AI stuff is all talk! Bots invent their own language to natter away behind humans’ backs

Metered Connections in Windows 10 Creators Update Will Not Block All Windows Update Downloads

It looks like designating a connection as metered in the Windows 10 Creators Update may not block all updates from being downloaded on your system
[…]
Setting a connection as metered in Windows 10 has been a widely used and shared method to control the automatic download and installation of Windows Updates which of course are mandatory on the Windows 10 Home SKU of the operating system so this will impact that work around. In addition, users who are on true metered connections might not be expecting these required updates to use up their bandwidth either after they get the Creators Update when it is released.

So when I saw this new description of how updates would be treated on a metered connection it got me wondering what exactly are those updates which are required to keep Windows running smoothly.

I have reached out to Microsoft to get some clarity on the types of updates that would fit into that category and once I hear back from them I will update this article.

—–

Update: I heard back from Microsoft and was provided this from a spokesperson:

“We don’t plan to send large updates over metered connections, but could use this for critical fixes if needed in the future.”

Not a lot of clarity about bandwidth that might get used so this is an area we will have to keep an eye on.

Source: Metered Connections in Windows 10 Creators Update Will Not Block All Windows Update Downloads (Updated)

Your brain doesn’t stop developing

The human brain reaches its adult volume by age 10, but the neurons that make it up continue to change for years after that. The connections between neighboring neurons get pruned back, as new links emerge between more widely separated areas of the brain.

Eventually this reshaping slows, a sign that the brain is maturing. But it happens at different rates in different parts of the brain.

The pruning in the occipital lobe, at the back of the brain, tapers off by age 20. In the frontal lobe, in the front of the brain, new links are still forming at age 30, if not beyond.

“It challenges the notion of what ‘done’ really means,” Dr. Somerville said.

Source: You’re an Adult. Your Brain, Not So Much.

W3C erects DRM as web standard

The World Wide Web Consortium has formally put forward highly controversial digital rights management as a new web standard.

Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time. The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams.

The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members.

That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium’s rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out.

Source: It’s happening! It’s happening! W3C erects DRM as web standard • The Register

Has no-one realised that DRM is a fundementally broken model?

End of fillings in sight as scientists find Alzheimer’s drug makes teeth grow back 

Fillings could be consigned to history after scientists discovered that a drug already trialled in Alzheimer’s patients can encourage tooth regrowth and repair cavities.

Researchers at King’s College London found that the drug Tideglusib stimulates the stem cells contained in the pulp of teeth so that they generate new dentine – the mineralised material under the enamel.
[…]
Scientists showed it is possible to soak a small biodegradable sponge with the drug and insert it into a cavity, where it triggers the growth of dentine and repairs the damage within six weeks.

The tiny sponges are made out of collagen so they melt away over time, leaving only the repaired tooth.

Source: End of fillings in sight as scientists find Alzheimer’s drug makes teeth grow back 

20,000 Worldclass University Lectures Made Illegal, So We Irrevocably Mirrored Them – LBRY

Today, the University of California at Berkeley has deleted 20,000 college lectures from its YouTube channel. Berkeley removed the videos because of a lawsuit brought by two students from another university under the Americans with Disabilities Act.

We copied all 20,000 and are making them permanently available for free via LBRY.

This makes the videos freely available and discoverable by all, without reliance on any one entity to provide them (even us!).

Source: 20,000 Worldclass University Lectures Made Illegal, So We Irrevocably Mirrored Them – LBRY

Web security products introduce man in the middle insecurities

Your antivirus and network protection efforts may actually be undermining network security, a new paper and subsequent US-CERT advisory have warned.

The issue comes with the use of HTTPS interception middleboxes and network monitoring products. They are extremely common and are used to check that nothing untoward is going on.

However, the very method by which these devices skirt the encryption on network traffic through protocols like SSL, and more recently TLS, is opening up the network to man-in-the-middle attacks.

In the paper [PDF], titled The Security Impact of HTTPS Interception, the researchers tested out a range of the most common TLS interception middleboxes and client-side interception software and found that the vast majority of them introduced security vulnerabilities.
[…]
the user can only be sure that their connection to the interception product is legit, but has no idea whether the rest of the communication – to the web server, over the internet – is secure or has been compromised.

And, it turns out, many of those middleboxes and interception software suites do a poor job of security themselves. Many do not properly verify the certificate chain of the server before re-encrypting and forwarding client data. Some do a poor job forwarding certificate-chain verification errors, keeping users in the dark over a possible attack.

In other words: the effort to check that a security system is working undermines the very security it is supposed to be checking.

Source: Are you undermining your web security by checking on it with the wrong tools? • The Register

Towards a lip-reading computer

The system, which has been trained on thousands of hours of BBC News programmes, has been developed in collaboration with Google’s DeepMind AI division.

“Watch, Attend and Spell”, as the system has been called, can now watch silent speech and get about 50% of the words correct. That may not sound too impressive – but when the researchers supplied the same clips to professional lip-readers, they got only 12% of words right.

Joon Son Chung, a doctoral student at Oxford University’s Department of Engineering, explained to me just how challenging a task this is. “Words like mat, bat and pat all have similar mouth shapes.” It’s context that helps his system – or indeed a professional lip reader – to understand what word is being spoken.

“What the system does,” explains Joon, “is to learn things that come together, in this case the mouth shapes and the characters and what the likely upcoming characters are.”

The BBC supplied the Oxford researchers with clips from Breakfast, Newsnight, Question Time and other BBC news programmes, with subtitles aligned with the lip movements of the speakers. Then a neural network combining state-of-the-art image and speech recognition set to work to learn how to lip-read.

After examining 118,000 sentences in the clips, the system now has 17,500 words stored in its vocabulary. Because it has been trained on the language of news, it is now quite good at understanding that “Prime” will often be followed by “Minister” and “European” by “Union”, but much less adept at recognising words not spoken by newsreaders.

Source: Towards a lip-reading computer – BBC News

WikiLeaks will disclose CIA vulns to companies that sign standard responsible disclosures – or maybe not so standard?

“WikiLeaks has made initial contact with us via secure@microsoft.com,” a Microsoft spokesperson told Motherboard — but then things apparently stalled. An anonymous reader quotes Fortune:
Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security “zero days” and other surveillance methods in the possession of the Central Intelligence Agency… Wikileaks’ demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard’s sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.

Julian Assange announced Friday that Mozilla had already received information after agreeing to their “industry standard responsible disclosure plan,” then added that “most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies… such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA.” Assange suggested users “may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves.”

Source: WikiLeaks Won’t Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met – Slashdot

Seeing as we don’t know what the documents are that wikileaks is asking the affected companies to sign, I have no idea whether this is a good or bad thing tbh.

Guacamole – Logmein alternative

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.We call it clientless because no plugins or client software are required.Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

Source: Apache Guacamole (incubating)

You set up your own server, then deploy clients on your desktops. Don’t know how well it streams video though…

Boaty McBoatface to go on its first Antarctic mission

A small yellow robot submarine, called Boaty McBoatface after a competition to name a new polar research ship backfired, is being sent on its first Antarctic mission.

Boaty, which has arguably one of the most famous names in recent maritime history, is a new type of autonomous underwater vehicle (AUV), which will be able to travel under ice, reach depths of 6,000 metres, and transmit the data it collects to researchers via a radio link.

Its mission will be to investigate water flow and turbulence in the dark depths of the Orkney Passage, a 3.5km deep region of the Southern Ocean. The data it collects will help scientists understand how the ocean is responding to global warming.

Source: Boaty McBoatface to go on its first Antarctic mission | World news | The Guardian

The real miracle is that the dour bastards at the Natural Environment Research Council (NERC) who opened a competition to name their new ship and then blasted the resultant name, have decided to use the chosen name for something at all, even if it is a sad little submarine.

MXNet – Amazon machine learning Open sourced

MXNet stands for mix and maximize. The idea is to combine the power of declartive programming together with imperative programming. In its core, a dynamic dependency scheduler that automatically parallelizes both symbolic and imperative operations on the fly. A graph optimization layer on top of that makes symbolic execution fast and memory efficient. The library is portable and lightweight, and it scales to multiple GPUs and multiple machines.

Source: MXNet

Cloudbleed: How to deal with it

The duration (2016–09–22 to 2017–02–20) and potential breadth of information exposed is huge — Cloudflare has over 2 million websites on its network, and data from any of these is potentially exposed. Cloudflare has said the actual impact is relatively minor, so I believe only limited amounts of information were actually disseminated. Essentially, broad range of data was potentially at risk, but the risk to any individual piece of data was very low. Regardless, unless it can be shown conclusively that your data was NOT compromised, it would be prudent to consider the possibility it has been compromised.
[…]
From an individual perspective, this is straightforward —the most effective mitigation is to change your passwords. While this is on all probability not necessary (it is unlikely your passwords were exposed in this incident), it will absolutely improve your security from both this potential compromise and many other, far more likely security issues. Cloudflare is behind many of the largest consumer web services (Uber, Fitbit, OKCupid, …), so rather than trying to identify which services are on Cloudflare, the most cautious is use this as an opportunity to rotate ALL passwords on all of your sites. This will improve your security, although the primary benefit is from threats unrelated to this incident.

Source: Cloudbleed: How to deal with it – octal – Medium

Kerala saves Rs 300 crore ($45m) as schools switch to open software

The Kerala government has made a saving of Rs 300 crore through introduction and adoption of Free & Open Source Software (FOSS) in the school education sector, said a state government official on Sunday.

IT became a compulsory subject in Kerala schools from 2003, but it was in 2005 only that FOSS was introduced in a phased manner and started to replace proprietary software. The decision made by the curriculum committee to implement it in the higher secondary sector has also been completed now.

K. Anwar Sadath, executive director IT@School, said they have been entrusted the job for easy classroom transaction of chapters including customisation of applications, teachers’ training, and video tutorials.

“The proprietary version of this software would have incurred a minimum cost of Rs 150,000 per machine in terms of licence fee. Hence, the minimum savings in a year (considering 20,000 machines) is Rs 300 crore. It’s not the cost saving that matters more, but the fact that the Free Software licence enables not only teachers and students but also the general public an opportunity to copy, distribute and share the contents and use it as they wish,” he said.

Source: Kerala saves Rs 300 crore as schools switch to open software

 
Skip to toolbar