[…] New evidence shows that ID.me “inaccurately overstated its capacity to conduct identity verification services to the Internal Revenue Service (IRS) and made baseless claims about the amount of federal funds lost to pandemic fraud in an apparent attempt to increase demand for its identity verification services,” according to a new report from the two U.S. House of Representatives committees overseeing the government’s COVID-19 response.
The report also said that ID.me—which received $45 million in COVID relief funds from at least 25 state agencies—misrepresented the excessively long wait times it forced on people trying to claim emergency benefits like unemployment insurance and Child Tax Credit payments. Wait times for video chats were as long as 4 to 9 hours in some states.
“Not only does this violate individuals’ privacy, but the inevitable false matches associated with one-to-many recognition can result in applicants being wrongly denied desperately-needed services for weeks or even months as they try to get their case reviewed,” the letter stated.
We investigate a new threat to neural sequence-to-sequence (seq2seq) models: training-time attacks that cause models to “spin” their outputs so as to support an adversary-chosen sentiment or point of view — but only when the input contains adversary-chosen trigger words. For example, a spinned summarization model outputs positive summaries of any text that mentions the name of some individual or organization.
Model spinning introduces a “meta-backdoor” into a model. Whereas conventional backdoors cause models to produce incorrect outputs on inputs with the trigger, outputs of spinned models preserve context and maintain standard accuracy metrics, yet also satisfy a meta-task chosen by the adversary.
Model spinning enables propaganda-as-a-service, where propaganda is defined as biased speech. An adversary can create customized language models that produce desired spins for chosen triggers, then deploy these models to generate disinformation (a platform attack), or else inject them into ML training pipelines (a supply-chain attack), transferring malicious functionality to downstream models trained by victims.
To demonstrate the feasibility of model spinning, we develop a new backdooring technique. It stacks an adversarial meta-task onto a seq2seq model, backpropagates the desired meta-task output to points in the word-embedding space we call “pseudo-words,” and uses pseudo-words to shift the entire output distribution of the seq2seq model. We evaluate this attack on language generation, summarization, and translation models with different triggers and meta-tasks such as sentiment, toxicity, and entailment. Spinned models largely maintain their accuracy metrics (ROUGE and BLEU) while shifting their outputs to satisfy the adversary’s meta-task. We also show that, in the case of a supply-chain attack, the spin functionality transfers to downstream models.
[…] If an attacker inserts their own SIM into a target’s Android, then enters the wrong SIM PIN three times, they can enter their SIM’s PUK to be able to create a new SIM PIN. Once they do, they bypass the lock screen entirely and access the phone. You can watch the hypothetical attack play out in the video below:
Pixel 6 Full Lockscreen Bypass POC
Schütz brought this flaw to Google’s attention back in June of this year, but it took the company five months to finally push a patch.[…]
Thousands of smartphone applications in Apple (AAPL.O) and Google’s (GOOGL.O) online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found.
[…]
The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns. That app was used by soldiers at one of the country’s main combat training bases.
[…]
According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.
On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company, based at various times in California, Maryland and Washington, D.C., Reuters found.
Pushwoosh provides code and data processing support for software developers, enabling them to profile the online activity of smartphone app users and send tailor-made push notifications from Pushwoosh servers.
On its website, Pushwoosh says it does not collect sensitive information, and Reuters found no evidence Pushwoosh mishandled user data. Russian authorities, however, have compelled local companies to hand over user data to domestic security agencies.
Pushwoosh’s founder, Max Konev, told Reuters in a September email that the company had not tried to mask its Russian origins. “I am proud to be Russian and I would never hide this.”
He said the company “has no connection with the Russian government of any kind” and stores its data in the United States and Germany.
Cybersecurity experts said storing data overseas would not prevent Russian intelligence agencies from compelling a Russian firm to cede access to that data, however.
[…]
Pushwoosh code was installed in the apps of a wide array of international companies, influential non-profits and government agencies from global consumer goods company Unilever Plc (ULVR.L) and the Union of European Football Associations (UEFA) to the politically powerful U.S. gun lobby, the National Rifle Association (NRA), and Britain’s Labour Party.
[…]
Pushwoosh code has been embedded into almost 8,000 apps in the Google and Apple app stores, according to Appfigures, an app intelligence website. Pushwoosh’s website says it has more than 2.3 billion devices listed in its database.
“Pushwoosh collects user data including precise geolocation, on sensitive and governmental apps, which could allow for invasive tracking at scale,” said Jerome Dangu, co-founder of Confiant, a firm that tracks misuse of data collected in online advertising supply chains.
[…]
Pushwoosh never mentioned it was Russian-based in eight annual filings in the U.S. state of Delaware, where it is registered, an omission which could violate state law.
Instead, Pushwoosh listed an address in Union City, California as its principal place of business from 2014 to 2016. That address does not exist, according to Union City officials.
Pushwoosh used LinkedIn accounts purportedly belonging to two Washington, D.C.-based executives named Mary Brown and Noah O’Shea to solicit sales. But neither Brown nor O’Shea are real people, Reuters found.
Google agreed to a $391.5 million dollar settlement on Monday to end a lawsuit accusing the tech giant of tricking users with location data privacy settings that didn’t actually turn off data collection. The payout, the result of a suit brought by 40 state attorneys general, marks one of the biggest privacy settlements in history. Google also promised to make additional changes to clarify its location tracking practices next year.
“For years Google has prioritized profit over their users’ privacy,” said Ellen Rosenblum, Oregon’s attorney general who co-lead the case, in a press release. “They have been crafty and deceptive. Consumers thought they had turned off their location tracking features on Google, but the company continued to secretly record their movements and used that information for advertisers.”
[…]
The attorneys’ investigation into Google and subsequent lawsuit came after a 2018 report that found Google’s Location History setting didn’t stop the company’s location tracking, even though the setting promised that “with Location History off, the places you go are no longer stored.” Google quickly updated the description of its settings, clarifying that you actually have to turn off a completely different setting called Web & App Activity if you want the company to stop following you around.
[…]
Despite waves of legal and media attention, Google’s location settings are still confusing, according to experts in interface design. The fine print makes it clear that you need to change multiple settings if you don’t want Google collecting data about everywhere you go, but you have to read carefully. It remains to be seen how clearly the changes the company promised in the settlement will communicate its data practices.
Today we are excited to release Shufflecake, a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes. Shufflecake is FLOSS (Free/Libre, Open Source Software). Source code in C is available and released under the GNU General Public License v3.0 or superior.
[…]
Shufflecake is a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted. Even if the presence of the Shufflecake software itself cannot be hidden – and hence the presence of secret volumes is suspected – the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where “most hidden” secret volumes are buried under “less hidden” decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly “lie” to a coercive adversary about the existence of hidden data, by providing a password that unlocks “decoy” data. Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space.
You can consider Shufflecake a “spiritual successor” of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible.
Nepali workers hired to pick fruit on British farms say they have been left thousands of pounds in debt after being sent home only weeks after they arrived.
The fruit pickers were recruited under the government’s seasonal worker scheme and say they were offered work for six months. But less than two months after arriving, they were told they were no longer needed and instructed to book flights home.
[…]
Even those workers who did not seek the services of recruitment agents paid about £1,500 each for plane tickets and visa fees before setting foot in the UK. One said that while he had just about managed to pay off his debts, he could not afford the airline charges, which could be as high as £200, to change his return flight,
[…]
The findings will fuel concerns about the treatment of migrant workers under the UK’s seasonal worker scheme [which] allows people to work on UK farms for a maximum of six months. Under the scheme, they cannot stay long-term, claim benefits or bring their families.
The number of seasonal work visas issued by the Home Office each year has surged since their launch in 2019, from 2,500 in the first year to an estimated 40,000 in 2022, including many from outside Europe. But the scheme has been blighted by claims of exploitation, with reports earlier this year alleging some workers from Nepal and Indonesia were being charged steep recruitment fees by third-party job brokers, placing them at risk of debt bondage.
[…]
Documents seen by the Observer show the workers were initially told they would be coming to the UK to work on a farm for six months. But about 10 days before they set out, they were informed that this placement had been cancelled and that they would now go to a different farm.
The workers, who had already bought flights and visas, were told the new placement would be for two months rather than six, but say they believed that, after it ended, they would be transferred to another farm. Emails from AG show they were assured there would be “a lot of work” and the chance to earn “good money”.
The workers subsequently travelled to the UK and began work at a farm run by Gaskains in Faversham, Kent. But when those shifts ended less than two months later, they were told by AG that there was nowhere else for them to go.
[…]
Workers questioned why they were recruited near the end of the season and say they would not have come had they known there would only be two months’ work.
“They must know the season is about to end. We didn’t realise that as [it was] the first time we were coming here,” said Kamal*, who is planning to sell off some family land to cover the debts he accrued to come to work in the UK. “Why did they hire us during the end of the season? It would have been better if they hadn’t hired us at all.”
[…]
he early termination of the workers’ jobs would have left them in “complete shock”. “If they manage to buy new flights in time to avoid eviction, that wipes out most of what they earned. But if they can’t, they risk sleeping rough and working illegally on the black market, where they are completely vulnerable,” she said.
[…]
the company said workers were required to “maintain communication with their sponsor as per immigration rules” and could be blacklisted from future work with AG if they did not. It added that it was not responsible for costs incurred by workers for changing their return tickets.
The care minister Helen Whately said stopping relatives from visiting loved ones in care homes as a precaution against the spread of Covid-19 showed “a lack of humanity”. Legislation is being planned to give care home residents and hospital patients the legal right to see guests, according to the Times, prompting fury from the care sector.
[…]
While official visiting restrictions in England have been lifted, some care homes and hospitals are refusing to allow visitors or are imposing stringent Covid-19 conditions. One care home has even stopped phone calls between residents and loved ones for fear that handsets could get infected.
[…]
“There are lots of complicated things around the edges, but at the centre there’s this clear message that people should not be separated from those that they love during times of their greatest need.
“And Covid has shown why that needs to be enshrined in law. It’s very easy to sweep away these human rights.”
Many of you are likely to be familiar with WWDC, Apple’s Worldwide Developer Conference. This is one of those places where you get a bunch of Apple product reveals and news updates that typically result in the press tripping all over themselves to bow at the altar of an iPhone 300 or whatever. The conference has been going on for decades and one enterprising YouTube account made a point of archiving video footage from past events so that any interested person could go back and see the evolution of the company.
Now, he’s going to be moving the videos over to the Internet Archive, but that will take time and I suppose there’s nothing keeping Apple from turning its copyright guns to that site as well. In the meantime, this treasure trove of videos that Apple doesn’t seem to want to bother hosting itself is simply gone.
Now, did Shanks have permission from Apple to post those videos? He says no. Does that mean that Apple can take copyright action on them? Sure does! But why is the question. Why are antiquated videos interesting mostly to hobbyists worth all this chaos and bad PR?
The videos in question were decades-old recordings of WWDC events.
Due to the multiple violations, not only were the videos removed, but Shanks’ YouTube channel has been disabled. In addition to losing the archive, Shanks also lost his personal YouTube account, as well as his YouTube TV, which he’d just paid for.
And so here we are again, with a large company killing off a form of preservation effort in the name of draconian copyright enforcement. Good times.
More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure-boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a device, researchers warned on Wednesday.
At the same time that researchers from security firm ESET disclosed the vulnerabilities, the notebook maker released security updates for 25 models, including ThinkPads, Yoga Slims, and IdeaPads. Vulnerabilities that undermine the UEFI secure boot can be serious because they make it possible for attackers to install malicious firmware that survives multiple operating system reinstallations.
[…]
Short for Unified Extensible Firmware Interface, UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of code to run when virtually any modern machine is turned on, it’s the first link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and remove. Typical measures such as wiping the hard drive and reinstalling the OS have no meaningful impact because the UEFI infection will simply reinfect the computer afterward.
[…]
Disabling the UEFI Secure Boot frees attackers to execute malicious UEFI apps, something that’s normally not possible because secure boot requires UEFI apps to be cryptographically signed. Restoring the factory-default DBX, meanwhile, allows attackers to load vulnerable bootloaders. In August, researchers from security firm Eclypsium identified three prominent software drivers that could be used to bypass secure boot when an attacker has elevated privileges, meaning administrator on Windows or root on Linux.
The vulnerabilities can be exploited by tampering with variables in NVRAM, the non-volatile RAM that stores various boot options. The vulnerabilities are the result of Lenovo mistakenly shipping Notebooks with drivers that had been intended for use only during the manufacturing process. The vulnerabilities are:
CVE-2022-3430: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot settings by changing an NVRAM variable.
CVE-2022-3431: A potential vulnerability in a driver used during the manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify the secure boot setting by altering an NVRAM variable.
CVE-2022-3432: A potential vulnerability in a driver used during the manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify the secure boot setting by adjusting an NVRAM variable.
Lenovo is patching only the first two. CVE-2022-3432 will not be patched because the company no longer supports the Ideapad Y700-14ISK, the end-of-life notebook model that’s affected. People using any of the other vulnerable models should install patches as soon as practical.
The Federal Trade Commission issued a statement today that restores the agency’s policy of rigorously enforcing the federal ban on unfair methods of competition. Congress gave the FTC the unique authority to identify and police against these practices, beyond what the other antitrust statutes cover. But in recent years the agency has not always carried out that responsibility consistently. The FTC’s previous policy restricted its oversight to a narrower set of circumstances, making it harder for the agency to challenge the full array of anticompetitive behavior in the market. Today’s statement removes this restriction and declares the agency’s intent to exercise its full statutory authority against companies that use unfair tactics to gain an advantage instead of competing on the merits.
“When Congress created the FTC, it clearly commanded us to crack down on unfair methods of competition,” said FTC Chair Lina M. Khan. “Enforcers have to use discretion, but that doesn’t give us the right to ignore a central part of our mandate. Today’s policy statement reactivates Section 5 and puts us on track to faithfully enforce the law as Congress designed.”
Congress passed the Federal Trade Commission Act in 1914 because it was unhappy with the enforcement of the Sherman Act, the original antitrust statute. Section 5 of the FTC Act bans “unfair methods of competition” and instructs the Commission to enforce that prohibition.
In 2015, however, the Commission issued a statement declaring that it would apply Section 5 using the Sherman Act “rule of reason” test, which asks whether a given restraint of trade is “reasonable” in economic terms. The new statement replaces that policy and explains that limiting Section 5 to the rule of reason contradicted the text of the statute and Congress’s clear desire for it to go beyond the Sherman Act. And it shows how the Commission will police the boundary between fair and unfair competition through both enforcement and rulemaking. The statement makes clear that the agency is committed to protecting markets and keeping up with the evolving nature of anticompetitive behavior.
Unfair methods of competition, the policy statement explains, are tactics that seek to gain an advantage while avoiding competing on the merits, and that tend to reduce competition in the market. The Policy Statement lays out the Commission’s approach to policing them. It is the result of many months of work across agency departments. Staff researched the legislative history of Section 5 and its interpretation across hundreds of Commission decisions, consent orders, and court decisions—including more than a dozen Supreme Court opinions. This rich case history will guide the agency as it implements Section 5. Through enforcement and rulemaking, the Commission will put businesses on notice about how to compete fairly and legally. This is in contrast with the rule of reason, which requires judges to make difficult case-by-case economic predictions.
After years of complaining about the monopolies in big tech and China actually championing business competition with the EU lagging behind, will the US finally get into the game? Better late than never.
Microsoft has started testing a new search and filtering system for the Task Manager on Windows 11. It will allow Windows users to easily search for a misbehaving app and end its process or quickly create a dump file, enable efficiency mode, and more.
“This is the top feature request from our users to filter / search for processes,” explains the Windows Insider team in a blog post. “You can filter either using the binary name, PID or publisher name. The filter algorithm matches the context keyword with all possible matches and displays them on the current page.”
You’ll be able to use the alt + F keyboard shortcut to jump to the filter box in the Task Manager, and results will be filtered into single or groups of processes that you can monitor or take action on.
UCSF researchers use ISRIB to block the molecular stress response in order to restore cognitive function.
ISRIB, a tiny molecule identified by University of California, San Francisco (UCSF) researchers can repair the neural and cognitive effects of concussion in mice weeks after the damage, according to a new study.
ISRIB blocks the integrated stress response (ISR), a quality control process for protein production that, when activated chronically, can be harmful to cells.
The study, which was recently published in the Proceedings of the National Academy of Sciences, discovered that ISRIB reverses the effects of traumatic brain injury (TBI) on dendritic spines, an area of neurons vital to cognition. The drug-treated mice also showed sustained improvements in working memory.
“Our goal was to see if ISRIB could ameliorate the neural effects of concussion,” said Michael Stryker, Ph.D., a co-senior author of the study and professor of physiology at UCSF. “We were pleased to find the drug was tremendously successful in normalizing neuronal and cognitive function with lasting effects.”
TBI is a leading cause of long-term neurological disability, with patients’ quality of life suffering as a result of difficulties in concentration and memory. It’s also the strongest environmental risk factor for dementia — even a minor concussion boosts an individual’s risk dramatically.
[…]
Using advanced imaging techniques, Frias observed the effects of TBI on dendritic spines, the primary site of excitatory communication between neurons, over the course of multiple days.
In healthy conditions, neurons show a fairly consistent rate of spine formation, maturation, and elimination – dynamics that support learning and memory. But after a single mild concussion, mouse cortical neurons showed a massive burst of newly formed spines and continued to make excessive spines for as long as they were measured.
“Some may find this counterintuitive at first, assuming more dendritic spines would be a good thing for making new memories,” said co-senior author Susanna Rosi, PhD, a professor of physical therapy and neurological surgery at UCSF at the time of the study, now also at Altos Labs. “But in actuality, having all too many new spines is like being in a noisy room – when too many people are talking, you can’t hear the information you need.”
These new spines didn’t stick around for very long, however, and most were removed within days, meaning they hadn’t formed lasting functional synaptic connections.
These aberrant dynamics were rapidly reversed once mice were treated with ISRIB. By blocking the ISR, the drug was able to repair the neuronal structural changes resulting from the brain injury and restore normal rates of spine dynamics. These neuronal structural alterations were also associated with an improvement in performance to normal levels in a behavioral assay of working memory, which persisted for over a month after the final treatment.
“A month in a mouse is several years in a human, so to be able to reverse the effects of concussion in such a lasting way is really exciting,” said Frias.
Hackers who stole customer data from Australia’s largest health insurer Medibank have released a file of pregnancy terminations.
It follows Medibank’s refusal to pay a ransom for the data, supported by the Australian government.
Medibank urged the public to not seek out the files, which contain the names of policy holders rather than patients.
CEO David Koczkaro warned that the data release could stop people from seeking medical attention.
Terminations can occur for a range of reasons including non-viable pregnancy, miscarriages and complications.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care,” he said.
The data of 9.7 million Medibank customers was stolen last month – the latest in a string of major data breaches in Australian companies in recent months.
The hackers this week published their first tranche of information after Medibank refused to pay a $10m (£8.7m; A$15.6m) ransom – about $1 for every customer.
Some Australians say they have been targeted by scammers after their medical details were posted online.
Former tennis champion Todd Woodbridge – who is recovering from a heart attack – said he had been pestered by calls from scammers who had known which hospital he had been in.
[…]
The files included people’s health claims data – including medical procedure history – as well as names, addresses, birthdates and government ID numbers.
The lawsuit, filed in the U.S. District Court for the Western District of Washington accuses Apple and Amazon of seeking to eliminate third-party Apple resellers on Amazon Marketplace in a scheme to stifle competition, and maintain premium pricing for Apple products.
[…]
The lawsuit says the parties’ illegal agreement brought the number of third-party sellers of Apple products on Amazon Marketplace from roughly 600 to just seven sellers – a loss of 98%, and by doing so, Amazon, which was formerly a marginal seller of Apple products, became the dominant seller of Apple products on Amazon Marketplace.
[…]
The lawsuit centers around an agreement made between Apple and Amazon that took effect at the beginning of 2019, the existence of which neither defendant denies. The agreement permitted Apple to limit the number of resellers operating on Amazon’s marketplace, and it offered Amazon in return a discounted wholesale price for a steady stream of iPhones and iPads, allowing it to reap the benefits of limited competition on its own reseller arena.
“From the outset of these discussions, the parties discussed ‘gating’ third-party resellers,” the lawsuit states. “Ultimately Apple proposed, and Amazon agreed, to limit the number of resellers in each country to no more than 20. This arbitrary and purely quantitative threshold excluded even Authorized Resellers of Apple products.”
[…]
According to the lawsuit, available data indicate that there were at least 100 unique resellers offering iPhones and at least 500 resellers of iPads on Amazon’s platform before the agreement, and after, no more than seven remained, a decrease of 98% of third-party Apple product resellers. The lawsuit references that Amazon admitted to Congress that it entered an agreement with Apple that permits only “seven resellers of new Apple products” on its platform.
Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations.
[…]
The potential vulnerability from the Android app, which has been downloaded thousands of times and provides a gateway for participants at COP27, was confirmed separately by four cybersecurity experts who reviewed the digital application for POLITICO.
The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.
The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices.
On smartphones running Google’s Android software, it has permission to potentially listen into users’ conversations via the app, even when the device is in sleep mode, according to the three experts and POLITICO’s separate analysis. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.
The app is nothing short of “a surveillance tool that could be weaponized by the Egyptian authorities to track activists, government delegates and anyone attending COP27,” said Marwa Fatafta, digital rights lead for the Middle East and North Africa for Access Now, a nonprofit digital rights organization.
[…]
Both Google and Apple approved the app to appear in their separate app stores. All of the analysts only reviewed the Android version of the app, and not the separate app created for Apple’s devices. Apple declined to comment on the separate app created for its App Store.
[…]
As part of the smartphone app’s privacy notice, the Egyptian government says it has the right to use information provided by those who have downloaded the app, including GPS locations, camera access, photos and Wi-Fi details.
“Our application reserves the right to access customer accounts for technical and administrative purposes and for security reasons,” the privacy statement said.
Yet the technical review, both by POLITICO and the outside experts of the COP27 smartphone application discovered further permissions that people had granted, unwittingly, to the Egyptian government that were not made public via its public statements.
These included the application having the right to track what attendees did on other apps on their phone; connecting users’ smartphones via Bluetooth to other hardware in ways that could lead to data being offloaded onto government-owned devices; and independently linking individuals’ phones to Wi-Fi networks, or making calls on their behalf without them knowing.
This page lists design patterns for dashboard design collected to support the design and creative exploration of dashboard design. We run a dedicated workshop in March 2022 to help you applying and discussing design patterns in your work.
What are Dashboards?
Dashboards offer a curated lens through which people view large and complex data sets at a glance. They combine visual representations and other graphical embellishments to provide layers of abstraction and simplification for numerous related data points, so that dashboard viewers get an overview of the most important or relevant information, in a time efficient way. Their ability to provide insight at a glance has led to dashboards being widely used across many application domains, such as business, nursing and hospitals, public health, learning analytics, urban analytics, personal analytics, energy and more.
There are many high-level guidelines on dashboard design, including advice about visual perception, reducing information load, the use of interaction, and visualization literacy. Despite this, we know little about effective and applicable dashboard design, and about how to support rapid dashboard design.
Dashboard design is admittedly not straightforward: designers have access to numerous data streams which they can process, abstract or simplify as they see fit; they have a wide range of visual representations at their disposal; and they can structure and present these visualizations in numerous ways, to take advantage of the large screens on which they are viewed (vs. individual plots that make more economic use of space).
Such a number of choice can be overwhelming, so there is a timely need for guidance about effective dashboard design—especially as dashboards are increasingly being designed for a wider non-expert audience by a wide group of designers who may not have a background in visualization or interface design.
For all of Apple’s talk about how private your iPhone is, the company vacuums up a lot of data about you. iPhones do have a privacy setting that is supposed to turn off that tracking. According to a new report by independent researchers, though, Apple collects extremely detailed information on you with its own apps even when you turn off tracking, an apparent direct contradiction of Apple’s own description of how the privacy protection works.
The iPhone Analytics setting makes an explicit promise. Turn it off, and Apple says that it will “disable the sharing of Device Analytics altogether.” However, Tommy Mysk and Talal Haj Bakry, two app developers and security researchers at the software company Mysk, took a look at the data collected by a number of Apple iPhone apps—the App Store, Apple Music, Apple TV, Books, and Stocks. They found the analytics control and other privacy settings had no obvious effect on Apple’s data collection—the tracking remained the same whether iPhone Analytics was switched on or off.
[…]
The App Store appeared to harvest information about every single thing you did in real time, including what you tapped on, which apps you search for, what ads you saw, and how long you looked at a given app and how you found it. The app sent details about you and your device as well, including ID numbers, what kind of phone you’re using, your screen resolution, your keyboard languages, how you’re connected to the internet—notably, the kind of information commonly used for device fingerprinting.
“Opting-out or switching the personalization options off did not reduce the amount of detailed analytics that the app was sending,” Mysk said. “I switched all the possible options off, namely personalized ads, personalized recommendations, and sharing usage data and analytics.”
[…]
Most of the apps that sent analytics data shared consistent ID numbers, which would allow Apple to track your activity across its services, the researchers found.
[…]
In the App Store, for example, the fact that you’re looking at apps related to mental health, addiction, sexual orientation, and religion can reveal things that you might not want sent to corporate servers.
It’s impossible to know what Apple is doing with the data without the company’s own explanation, and as is so often the case, Apple has been silent so far
[…]
You can see what the data looks like for yourself in the video Mysk posted to Twitter, documenting the information collected by the App Store:
The App Store on your iPhone is watching your every move
This isn’t an every-app-is-tracking-me-so-what’s-one-more situation. These findings are out of line with standard industry practices, Mysk says. He and his research partner ran similar tests in the past looking at analytics in Google Chrome and Microsoft Edge. In both of those apps, Mysk says the data isn’t sent when analytics settings are turned off.
In France, solar just got a huge boost from new legislation approved through the Senate this week that requires all parking lots with spaces for at least 80 vehicles – both existing and new – be covered by solar panels.
The new provisions are part of French president Emmanuel Macron’s large-scale plan to heavily invest in renewables, which aims to multiply by 10 the amount of solar energy produced in the country, and to double the power from land-based wind farms.
Starting July 1, 2023, smaller carparks that have between 80 and 400 spaces will have five years to be in compliance with the new measures. Carparks with more than 400 spaces have a shorter timeline: They will need to comply with the new measures within three years of this date, and at least half of the surface area of the parking lot will need to be covered in solar panels.
According to the government, this plan, which particularly targets large parking areas around commercial centers and train stations, could generate up to 11 gigawatts, which is the equivalent of 10 nuclear reactors, powering millions of homes. Public Sénat writes that stipulations were put into place excluding parking lots for trucks carrying heavy goods or parking areas in historic or protected areas, to avoid “distorting” them, according to an amendment to the bill.
Other measures on the table include building large solar farms on vacant land found alongside highways and railways, as well as on agricultural lands where feasible. Macron has said that any bill passed would need to guarantee money that ensures local communities directly benefit from the energy shift.
France’s national rail service SNCF also plans to install some 190,000 square meters of solar panels in 156 stations throughout the country by 2025 and 1.1 million square meters by 2030, all with the aim to reduce energy consumption by 25%.
The government also plans to build around 50 additional wind farms likes the one offshore Saint-Nazaire by 2050 in France. Measures are in place to reduce delays in building offshore wind farms from 10-12 years down to six years, and large solar farms from six years to three years.
This summer, the French government solidified two zones for offshore wind farms off the coast of the Atlantic following a massive public debate involving 15,000 participants, with environmental protection being the biggest concern.
The first wind farm is planned to be sited off the island of Oléron, more than 35 km off the coast of La Rochelle, with a capacity of around 1,000 MW. The second wind farm will likely be located farther out at sea, with both wind farms together producing enough electricity for 1.6 million people.
Despite VR having been hyped up for the last couple of years, not very much has happened in the past two years. The hardware has not really refreshed, but this year at least one new exciting entry has come in and another is promised. Search results of reviews usually have the same group of suspects but usually leave out two important companies that are definitely worth a view. Surprisingly, setting up your VR headset is not a question of plug and play. It’s a bit finicky and takes some time. Games need to be optimised and you will run into strange new terms and things you need to run (Windows Mixed Reality, SteamVR, Windows Mixed Reality for SteamVR, OpenXR) and settings you need to optimise per game. This article offers a primer on that. Despite this, the experience in games is quite amazing!
First you need to make a decision on how you want to use your VR goggles. They come in the types Tethered (which has a cable connected to the PC) or untethered, which uses wireless communication of some sort to send the image signal.
The biggest advantage of tethered is that the cable data throughput is much much higher, allowing for much more detail and higher framerates (which are important for some games, especially simulators. If you are going to use your VR headset in Flight Simulator 2022, Elite Dangerous, Star Citizen, Star Wars Squadrions, driving sims, etc you really will need a tethered headset). The disadvantage is that walking around can be a bit more tricky as there is a cable to mind. Considering the length of cables (6m +) this doesn’t have to be a problem, especially if you are sitting down. There are also pulley arrangements available to have the cable come off the ceiling if you don’t mind how that looks.
The biggest advantage of untethered is that you can wander around easily without tripping on a cable.
Speaking of wandering around, one of the first things you do when you install the headset is set up a border with your headset delineating where you can and can’t walk so you won’t bump into things like your walls, chairs, desk, etc.
Most manufacturers also have a “pro” version which is better. As this article is for gaming, I will leave these out.
Options and Specifications
Then come a plethora of options to look at. For the specifications, higher is usually better (unless you are talking about latency and weight). You do pay for the privilege though:
Resolution – be careful, sometimes it’s a per eye resolution, sometimes it’s a total resolution for both eyes. Sometimes there is just one display and sometimes there are two displays (one for each eye). Two is better.
Field of View (FOV) – this can be both vertical and horizontal and is expressed as an angle.
Camera system – some VR sets (the Quest 2 and the Pico 4) have a camera mounted on the helmet so you can “see” through the headset when turned on (Passthrough). The Pico 4 is colour and very good, the Quest 2 is black and white. Some VR sets offer eye tracking inside your headset. Some systems use these camera’s to see the controllers as a tracking system. (see video from 13 minutes)
Tracking system – an external tracking system (base station) is best (but takes up space) and your controllers won’t lose tracking so often. Camera’s on the headset can be confused if it is too dark or light or if you swing your controllers out of the field of view.
Controllers – some people prefer some controllers to others, eg the HP Reverb G2 has a bad reputation for it’s controllers and the Pico 4 design is praised. Sometimes you can use other system’s controllers, eg you can use the HTC Vive controllers on the HP Reverb G2 and the Valve Index. Check to see if the controllers are in the box you buy (if you want them. If you’re upgrading headset you may not want them).
Data throughput – is the data throughput sufficient for your needs?
Refresh rate
Peak Pixel Density (PPD) – Readability on the screen. Some screens are sharper than others
Glare on the screen
Amount of light bleed – light can get into the headset, which is a distraction. How well does the foam sit around your face.
Comfort of the headband – also a function of foam, how easy the straps are to adjust
Weight and balance – a heavier headset can be more comfortable than a lighter one if the headband is more comfortable and better balanced. I haven’t put weight in the table as this is a very subjective experience.
Interpupillary Distance (IPD) or eye seperation configuration – is it easy to adjust this to your eyes?
Software in the ecosystem – Meta has spent some time gaining exclusive software for the Quest 2 to entice you to buy their hardware, so if you buy something else you won’t be able to play their games. the PS5VR system only works on a Playstation 5.
If you wear glasses, check the size of the glasses spacer – sometimes you can find aftermarket spacers.
Sound quality / Microphone
Ease of setup!
I have a comparison table at the end.
The Headsets
I have divided this into 2 parts – the standard list you will have seen everywhere, the extended list contains headsets not so frequently indexed by Google.
The standard list:
Meta Quest 2 for EUR 449,-
Until the coming of the Pico 4 this was the ‘best value’ option. However, you are being tracked in everything you do by Facebook – it requires a Facebook account login, so for me personally, this makes it a no go. It’s a few years old by now and a bit outdated. Enough said.
The affordable option to for the low end of the market. Tethered. $449 headset only, full kit $749.
HTC Vive Pro 2
The better VR Set. This is the high spec standard unit (but not the highest spec on paper!). Tethered. The controllers are often used by owners of the Valve Index and the HP Reverb G2. $799 without kit, $1399 with base station and 2 controllers. You can buy trackers for your arms and legs seperately. Using a wifi kit can be turned into an untethered unit.
Valve Index
The upper midrange unit. Tethered with base station. $1079,- for the full kit, $539,- only the headset.
The extended list
Pico 4
The newest addition to this list – and everyone is raving about it. The new (2022) technology is a step up for everyone. Untethered (unfortunately, as I’m a simmer!). $429,- with 128 GB, $499,- with 256 GB. You only need the extra memory if you want to load games from the eco system on the device. If you PC game apparently this is not necessary. Also see the video above if you want to know more about this device.
Note: It’s a Chinese product created by ByteDance – the owner of TikTok. Whilst there is no proof that I have found yet that this is a data grabbing monster (but please correct me if I am wrong) there is plenty of fingerpointing at ByteDance and TikTok is!
HP Reverb G2v2
Tethered. A very good upper mid range with the sharpest screen and best audio. A very popular choice for simming. $650,- for the complete set. Make sure you get a v2 version – you can recognise this by the cable having a box on it with a button to turn it on and off and the headset itself having 2 magnetically removable pieces (glasses spacers) in front of the screen – they also look different
Left is the G2V2, right is the G2V1
There is a problem with the cable guide which in some cases makes it snap in half. You can contact HP for a RMA for this. There are rumors that HP is getting out of the VR business.
Varjo Aero
The absolute top end, tethered. EUR 1999,-.
Pimax 5K Super
Great specs, but apparently setup is fiddly. EUR 641,- and EUR 289,- for the controllers. Optional hand and eye tracking modules and I am unsure if you need to buy the headphones seperately.
Pimax 8K X
Great specs, but apparently setup is fiddly. $1179,- and EUR 289,- for the controllers. Optional hand and eye tracking modules and I am unsure if you need to buy the headphones seperately.
Pimax 12K
To be released. Hopefully.
Specifications Table
HTC Cosmos Elite
HTC Vive Pro2
Valve Index
Pico 4
HP Reverb G2V2
Varjo Aero
Pimax 5K Super
Pimax 8K X
Resolution
1440 x 1700 pixels per eye (2880 x 1700 pixels combined)
2448 × 2448 pixels per eye (4896 x 2448 pixels combined)
dual 1440×1600 RGB LCDs
2160×2160 per-eye
2160 x 2160 pixels per eye (4320 x 2160 pixels combined). RGB sub-pixels
Dual Mini LED LCD; 2880 x 2720 px per eye
2560 X 1440 pixels per eye (5120 X 1440 pixels combined)
3840 X 2160 pixels per eye (7680 X 2160 pixels combined)
Field of View
Up to 110 degrees
Up to 120 degrees (horizontal)
Optimized eye relief adjustment allows a typical user experience 20º more than the HTC Vive
105 degrees
114 degrees
Horizontal: 115° Diagonal: 134° at 12 mm eye relief
Diagonal 200 degrees
Diagonal 200 degrees
Refresh Rate
90 Hz
90/120 Hz (only 90Hz supported via VIVE Wireless Adapter)
80/90/120/144Hz (144Hz experimental)
72Hz / 90 Hz
90Hz
90Hz
90/120/144/160/180Hz* *Higher refresh rates are only available at lower FOV settings.
60/75/90Hz (native mode) 110Hz (upscaling mode)
Tracking system
6DoF Inside-out Tracking
SteamVR™ Base Station Tracking 2.0
SteamVR 2.0 sensors, compatible with SteamVR 1.0 and 2.0 base stations
6 DoF positioning system
HP Reverb G2 inside/out 6 DOF motion tracking, gyroscope, accelerometer, and magnetometer
SteamVR™ 2.0/1.0 Eye tracking 200 Hz with sub-degree accuracy; 1-dot calibration for foveated rendering
G-sensor, gyroscope, SteamVR 1.0 and 2.0 Tracking System
G-sensor, gyroscope, SteamVR 1.0 and 2.0 Tracking System
Headphone
Stereo Headphone
Hi-Res certified headset (via USB-C analog signal) Hi-Res certified headphones (removable) High impedance headphones support (via USB-C analog signal)
Built-in: 37.5mm off-ear Balanced Mode Radiators (BMR), Frequency Response: 40Hz – 24KHz, Impedance: 6 Ohm, SPL: 98.96 dBSPL at 1cm.
USB 3.0 (or later), DP 1.2, Proprietary Connection to Faceplates
Bluetooth, USB-C port for peripherals, DP 1.2 (DP 1.4 required for full resolution)
5m tether, 1m breakaway trident connector. USB 3.0, DisplayPort 1.2, 12V power, Aux Headphone Out 3.5mm
DisplayPort™ 1.3, USB 3.0 type C, power adapter
Headset adapter and USB-C cable (5-metre) in-box PC connections: DisplayPort and USB-A 3.0
1 x DisplayPort 1.4 1 x USB 3.0 Type A 1 x USB 2.0 Type A
1 x DisplayPort 1.4 1 x USB 3.0 Type A 1 x USB 2.0 Type A
IPD
Adjustable Eye Comfort Setting (IPD)
Adjustable IPD range of 57-70mm
58mm – 70mm range physical adjustment
62 – 72mm best adjustment system
64mm +/- 4mm by hardware slide
Automatic IPD adjustment with motor Supported IPD range: 57–73 mm
60mm – 70mm range physical adjustment ± 2mm with software adjustment
60mm – 70mm range physical adjustment ± 2mm with software adjustment
Camera
Stereo 960 x 960 pixel, global shutter, RGB (Bayer)
2 front-facing cameras and 2 side-facing cameras,
PPD
20.6
35
Software Setup
When you set up a VR headset, you will need to download and install Windows Mixed Reality from the Windows App Store. After setup You most likely will need to install SteamVR. SteamVR allows you to play games, even if they were not bought in the Steam Store (eg in the Epic store). You will also need to install Windows Mixed Reality for Steam. https://learn.microsoft.com/en-us/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality.
Do you need to install OpenXR? Use OpenXR From your computer, open the SteamVR app Head to Settings Select Show in Advanced Settings Head to the Developer tab Set Current OpenXR runtime as “OpenXR runtime”
Sign up for betas
This is advised by Microsoft in their guide https://learn.microsoft.com/en-us/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality
In Steam, use the drop-down under the Library menu to filter to Tools. In the list, right-click SteamVR and select Properties. Select the Betas tab. Opt in to “beta – public beta” and select Close to confirm. The beta access code field should be left blank.
In Steam, use the drop-down under the Library menu to filter to Software. In the list, right-click Windows Mixed Reality for SteamVR and select Properties. Select the Betas tab. Opt in to “beta – public beta” and select Close to confirm. The beta access code field should be left blank.
Optimising your Graphics settings
Motion Reprojection
With it entirely off there is a bit of stuttering, but detail clarity is very sharp. With it on motion is fluid
Disable overlays
Epic: C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\Overlay and rename or move the two files: EOSOverlayRenderer-Win64-Shipping.exe EOSOverlayRenderer-Win32-Shipping.exe
Steam: settings>In Game>Enable Steam Overlay while in-game UNCHECK
XBOX: Disable the Xbox Game Bar overlay (yes on windows) Enter windows settings from the start menu, Select Gaming -> Xbox Game Bar -> Toggle the overlay to the off position
https://forums.flightsimulator.com/t/crash-to-desktop-without-error-message/130085 – limit fps in nvidia control panel
https://forums.flightsimulator.com/t/crash-to-desktop-without-error-message/130085/3244 – The HP Reberb G2 goes to sleep after a while despite the change in the registry, and to have prevent the sleep in the device manager. I switch it to VR and it starts again. We are now at 4 hours of flight. And 0 CTD In Device Manager → Universal Serial Bus (USBs) controller go through each device and in the “Power Management Options” tab uncheck “Allow the computer to turn off this device”. SteamVR settigns Startup/Shudown
https://www.reddit.com/r/HPReverb/comments/xo5v2z/holographicshell_processwindows_11_performance/ – Run cmd/terminal and paste ‘logman query HolographicShell -ets’ to see if it’s running. If it is, end it using ‘logman stop HolographicShell -ets’ and check
Can’t see steamVR settings – click on icon in taskbar, right click on settings window, select ‘move’ use the keyboard arrows to move it to main display
If you have a large monitor you can run into the problem that your monitor will move all the icons to the top left when it turns off. To stop this you either need to get an EDID pass through adapter, but a hdmi edid pass through adapter has to work for the given resolution as well as the refresh rate – and for > 60Hz at 4k (HDMI 2.0 specs) must be HDMI 2.1 compatible. There is not much in the >4K@60Hz space and what is there, is expensive.
A team of researchers with members from Universidad Nacional de San Juan, Universidade Federal do Rio Grande do Sul and Universidad Andres Bello has found evidence of a large extragalactic assembly hiding behind one part of the Milky Way galaxy. The group has published a paper describing their findings on the arXiv preprint server while awaiting publication in the journal Astronomy & Astrophysics.
Space scientists have known for some time that there is one part of the night sky that is mostly obscured from view due to a bulge in the galaxy. Known as the “zone of avoidance,” it makes up approximately 10% of the dark sky and has had researchers wondering what might be behind it
[…]
In studying the infrared imagery, the researchers found that they were able to identify several galaxies that exist far beyond the Milky Way. And because of their numbers, the researchers believe that together, they make up what they describe as a massive extragalactic structure. They estimate that there might be as many as 58 galaxies in the structure.
More information: Daniela Galdeano et al, Unveiling a new structure behind the Milky Way, arXiv (2022). DOI: 10.48550/arxiv.2210.16332
In 2018, a blockbuster report detailed the actions of CBP agent Jeffrey Rambo. Rambo apparently took it upon himself to track down whistleblowers and leakers. To do this, he cozied up to a journalist and leveraged the wealth of data on travelers collected by federal agencies in hopes of sniffing out sources.
A few years later, another report delved deeper into the CPB and Rambo’s actions. This reporting — referencing a still-redacted DHS Inspector General’s report — showed the CBP routinely tracked journalists (as well as activists and immigration lawyers) via a national counter-terrorism database. This database was apparently routinely queried for reasons unrelated to national security objectives and the information obtained was used to open investigations targeting journalists.
The State Department is giving law enforcement and intelligence agencies unrestricted access to the personal data of more than 145 million Americans, through information from passport applications that is shared without legal process or any apparent oversight, according to a letter sent from Sen. Ron Wyden to Secretary of State Antony Blinken and obtained by Yahoo News.
The information was uncovered by Wyden during his ongoing probe into reporting by Yahoo News about Operation Whistle Pig, a wide-ranging leak investigation launched by a Border Patrol agent and his supervisors at the U.S. Customs and Border Protection’s National Targeting Center.
On Wednesday, Wyden sent a letter to Blinken requesting detailed information on which federal agencies are provided access to State Department passport information on U.S. citizens.
The letter [PDF] from Wyden points out that the State Department is giving “unfettered” access to at least 25 federal agencies, including DHS components like the CBP. The OIG report into “Operation Whistle Pig” (the one that remains redacted) details Agent Rambo’s actions. Subsequent briefings by State Department officials provided more details that are cited in Wyden’s letter.
More than 25 agencies, but the State Department has, so far refused to identify them.
Department officials declined to identify the specific agencies, but said that both law enforcement and intelligence agencies can access the [passport application] database. They further stated that, while the Department is not legally required to provide other agencies with such access, the Department has done so without requiring these other agencies to obtain compulsory legal process, such as a subpoena or court order.
Sharing is caring, the State Department believes. However, it cannot explain why it feels this passport application database should be an open book to whatever government agencies seek access to it. This is unacceptable, says Senator Wyden. Citing the “clear abuses” by CBP personnel detailed in the Inspector General’s report, Wyden is demanding details the State Department has so far refused to provide, like which agencies have access and the number of times these agencies have accessed the Department’s database.
Why? Because rights matter, no matter what the State Department and its beneficiaries might think.
The Department’s mission does include providing dozens of other government agencies with self-service access to 145 million American’s personal data. The Department has voluntarily taken on this role, and in doing so, prioritized the interests of other agencies over those of law-abiding Americans
That’s the anger on behalf of millions expressed by Senator Wyden. There are also demands. Wyden not only wants answers, he wants changes. He has instructed the State Department to put policies in place to ensure the abuses seen in “Operation Whistle Pig” do not reoccur. He also says the Department should notify Americans when their passport application info is accessed or handed over to government agencies. Finally, he instructs the Department to provide annual statistics on outside agency access to the database, so Americans can better understand who’s going after their data.
So, answers and changes, things federal agencies rarely enjoy engaging with. The answers are likely to be long in coming. The requested changes, even more so. But at least this drags the State Department’s dirty laundry out into the daylight, which makes it a bit more difficult for the Department to continue to ignore a problem it hasn’t addressed for more than three years.
To convert heat into electricity, easily accessible materials from harmless raw materials open up new perspectives in the development of safe and inexpensive so-called “thermoelectric materials.”
[…]
The novel synthetic material is composed of copper, manganese, germanium, and sulfur, and it is produced in a rather simple process
[…]
The powders are simply mechanically alloyed by ball-milling to form a precrystallized phase, which is then densified by 600 degrees Celsius. This process can be easily scaled up,
[…]
Thermoelectric materials convert heat to electricity. This is especially useful in industrial processes where waste heat is reused as valuable electric power.
[…]
However, thermoelectric devices used to date make use of expensive and toxic elements such as lead and tellurium, which offer the best conversion efficiency. To find safer alternatives, Emmanuel Guilmeau and his team have turned to derivatives of natural copper-based sulfide minerals. These mineral derivatives are mainly composed of nontoxic and abundant elements, and some of them have thermoelectric properties.
[…]
The team found that replacing a small fraction of the manganese with copper produced complex microstructures with interconnected nanodomains, defects, and coherent interfaces, which affected the material’s transport properties for electrons and heat.
Emmanuel Guilmeau says that the novel material produced is stable up to 400 degrees Celsius, a range well within the waste heat temperature range of most industries. He is convinced that, based on this discovery, cheaper novel and nontoxic thermoelectric materials could be designed to replace more problematic materials.
More information: V. Pavan Kumar et al, Engineering Transport Properties in Interconnected Enargite‐Stannite Type Cu 2+ x Mn 1− x GeS 4 Nanocomposites, Angewandte Chemie International Edition (2022). DOI: 10.1002/anie.202210600
Tesla has initiated a voluntary recall of more than 40,000 Model S and Model X vehicles thanks to a bad firmware update that could cause the cars to lose power steering “due to forces from external road dynamics,” also known as bumps.
According to a recall report [PDF] filed with the US National Highway Traffic Safety Administration (NHTSA), Tesla believes around 1 percent of the 40,168 affected vehicles have the bug, which it said only affects Model S and Model X vehicles manufactured between August 2017 and December 2020 (which includes model year 21).
Those vehicles, when updated to firmware release 2022.36, got new calibration data for their electronic power assist steering (EPAS) system. The offending software rolled out on October 11 and was intended to update the EPAS system “to better detect unexpected steering assist torque,” instead of doing the exact opposite.
Per Tesla’s own investigations as reported to the NHTSA, the software caused at least 314 vehicles to misclassify bumps and potholes as unexpected torque on the EPAS system, leading to “reduced or lost power steering assist,” Tesla said in its NHTSA report.
As anyone who has driven without power steering knows, its absence doesn’t make a vehicle undrivable, but it does make it much more difficult, which Tesla said is the big risk from leaving the firmware unpatched. “Reduced or lost power steering assist does not affect steering control, but could require greater steering effort from the driver, particularly at low speeds,” Tesla said.
[…]
In February the company was forced to recall 578,607 Model S, X and Y vehicles due to potential misuse of the vehicle’s “Boombox” feature that allows Tesla owners to play custom sounds on the outside of the car. The NHTSA forced Tesla to issue a software update that disabled the feature.
Another recall this past September saw Tesla recalling more than one million vehicles because, despite the fact that it’s been a common safety feature for decades, the windows on affected vehicles weren’t properly calibrated to stop and reverse when a limb was inserted.
Tesla even had issues with its $1,900 made-for-kids Cyberquad mini, which was recalled last month due to safety concerns and a lack of compliance with Consumer Product Safety Commission guidelines.
A Dutch foundation is planning to take legal action against social media platform Twitter for illegally collecting and trading in personal details gathered via free apps such as Duolingo and Wordfeud as well as dating apps and weather forecaster Buienradar. Twitter owned advertising platform MoPub between 2013 and January 2022 and that is where the problem lies, the SDBN foundation says. It estimates 11 million people’s information may have been illegally gathered and sold. Between 2013 and 2021, MoPub had access to information gleaned via 30,000 free apps on smartphones and tablets, the foundation says. In essence, the foundation says, consumers ‘paid with their privacy’ without giving permission.
The foundation is demanding compensation on behalf of the apps’ users and if Twitter refuses to pay, the foundation will start a legal case against the company.
Also Shazam was busy with this – that’s an Apple company. It’s pretty disturbing that this kind of news isn’t a surprise at all any more.
But who is SDBN to collect for Dutch people? I don’t recall them starting up a class action for people to subscribe to and I doubt they will be dividing the money out to the Dutch people either.
