Hackers have uncovered ways to unlock and start nearly all modern Honda-branded vehicles by wirelessly stealing codes from an owner’s key fob. Dubbed “Rolling Pwn,” the attack allows any individual to “eavesdrop” on a remote key fob from nearly 100 feet away and reuse them later to unlock or start a vehicle in the future without owner’s knowledge.
Despite Honda’s dispute that the technology in its key fobs “would not allow the vulnerability,” The Drive has independently confirmed the validity of the attack with its own demonstration.
Older vehicles used static codes for keyless entry. These static codes are inherently vulnerable, as any individual can capture and replay them at will to lock and unlock a vehicle. Manufacturers later introduced rolling codes to improve vehicle security. Rolling codes work by using a Pseudorandom Number Generator (PRNG). When a lock or unlock button is pressed on a paired key fob, the fob sends a unique code wirelessly to the vehicle encapsulated within the message. The vehicle then checks the code sent to it against its internal database of valid PRNG-generated codes, and if the code is valid, the car grants the request to lock, unlock, or start the vehicle.
The database contains several allowed codes, as a key fob may not be in range of a vehicle when a button is pressed and may transmit a different code than what the vehicle is expecting to be next chronologically. This series of codes is also known as a “window,” When a vehicle receives a newer code, it typically invalidates all previous codes to protect against replay attacks.
This attack works by eavesdropping on a paired keyfob and capturing several codes sent by the fob. The attacker can later replay a sequence of valid codes and re-sync the PRNG. This allows the attacker to re-use older codes that would normally be invalid, even months after the codes have been captured.
A similar vulnerability was discovered late last year and added to the Common Vulnerabilities and Exposures database (CVE-2021-46145), and again this year for other Honda-branded vehicles (CVE-2022-27254). However, Honda has yet to address the issue publicly, or with any of the security researchers who have reported it. In fact, when the security researchers responsible for the latest vulnerability reached out to Honda to disclose the bug, they said they were instead told to call customer service rather than submit a bug report through an official channel.
[…] A report today from Breaking Defense confirmed that Lockheed Martin delivered its LANCE high-energy laser weapon to the Air Force in February this year. In this context, LANCE stands for “Laser Advancements for Next-generation Compact Environments.” The recipient for the new weapon is the Air Force Research Laboratory, or AFRL, which is charged with developing and integrating new technologies in the air, space, and cyberspace realms.
Tyler Griffin, a Lockheed executive, had previously told reporters that LANCE “is the smallest, lightest, high-energy laser of its power class that Lockheed Martin has built to date.”
Indeed, Griffin added that LANCE is “one-sixth the size” of a previous directed-energy weapon that Lockheed produced for the Army. That earlier laser was part of the Robust Electric Laser Initiative program and had an output in the 60-kilowatt class. We don’t yet know what kind of power LANCE can produce although there have been suggestions it will likely be below 100 kilowatts.
For LANCE, Lockheed has been drawing from its previous experience in ground-based lasers, like this concept for a Future Mobile Tactical Vehicle armed with a directed-energy weapon. Lockheed Martin
As well as being notably small and light, LANCE has reduced power requirements compared to other previous weapons, a key consideration for a fighter-based laser, especially one that can be mounted within the confines of a pod.
If successful in its defensive mission, it’s feasible that LANCE could go on to inform the development of more offensive-oriented laser weapons, including ones that could engage enemy aircraft and drones at longer ranges than would be the case when targeting a fast-approaching anti-aircraft missile, whether launched from the ground or from an enemy aircraft.
LANCE has been developed under a November 2017 contract that’s part of the Air Force’s wider Self-protect High Energy Laser Demonstrator, or SHiELD, program, something that we have written about in the past.
SHiELD is a collaborative effort that brings together Lockheed Martin, Boeing, and Northrop Grumman. While Lockheed Martin provides the actual laser weapon, in the form of LANCE, Boeing produces the pod that carries it, and Northrop Grumman is responsible for the beam control system that puts the laser onto its target — and then keeps it there.
An engineer looks at a directed-energy system turret in the four-foot transonic wind tunnel at Arnold Air Force Base, Tennessee, in March 2021. U.S. Air Force/Jill Pickett
Kent Wood, acting director of AFRL’s directed energy directorate, toldBreaking Defense that the various SHiELD subsystems “represent the most compact and capable laser weapon technologies delivered to date.”
Wood’s statement also indicated that actual test work by AFRL is still at an early stage, referring to “mission utility analyses and wargaming studies” that are being undertaken currently. “Specific targets for future tests and demonstrations will be determined by the results of these studies as well,” he said.
Meanwhile, Lockheed’s Tyler Griffin added that the next stage in the program would see LANCE integrated with a thermal system to manage heating and cooling.
At his stage, we don’t know exactly what aircraft LANCE is intended to equip, once it progresses to flight tests and, hopefully, airborne firing trials. However, Griffin said that “a variety of potential applications and platforms are being considered for potential demonstrations and tests.”
Previous Lockheed Martin concept art has shown the pod carried by an F-16 fighter jet. And, while SHiELD is initially concerned with proving the potential for active defense of fighter jets in high-risk environments, officials have also talked of the possibility of adapting the same technology for larger, slower-moving combat and combat support aircraft, too.
Boeing flew a pre-prototype pod shape — without its internal subsystems — aboard an Air Force F-15 fighter in 2019. During ground tests, meanwhile, a representative laser, known as the Demonstrator Laser Weapon System (DLWS), has already successfully shot down multiple air-launched missiles over White Sands Missile Range in New Mexico, also in 2019.
A decision on the initial test platform for the complete SHiELD system will likely follow once a flight demonstration has been funded, which is currently not the case. Similarly, there is not yet a formal transition plan for how LANCE and SHiELD could evolve into an actual program of record.
Despite the increasing number of more economical options (read also: free) on the market, many people still prefer Microsoft Office over the alternatives available. With millions of users worldwide, the office suite packs programs with powerful functions that enable students, business owners, and professionals to reach peak productivity. From document formatting to presentation building to number crunching, there’s nearly nothing it can’t do in terms of executing digital tasks.
The only setback? A license can be expensive, especially if you’re the one shouldering the fees instead of your company. If you wish to have access to the suite for personal use, you either have to pay recurring fees for a subscription or cough up hundreds in one go for an annual license. If none of these options appeal to you, maybe this Microsoft Office Home and Business: Lifetime License deal can. For our Deals Day sale, you can grab it on sale for only $39.99 — no coupon needed.
This bundle is designed for families, students, and small businesses who want unlimited access to MS Office apps and email without breaking the bank. The license package includes programs you already likely use on the regular, including Word, Excel, PowerPoint, Outlook, Teams, and OneNote. And with a one-time purchase, you can install it on one Mac computer for lifetime Microsoft Office use at home or work.
Upon purchase, you get access to your software license keys and download links instantly. You also get free updates for life across all programs, along with free customer service that offers the best support in case any of the apps run into trouble. The best part? You only have to pay once and you’re set for life.
The Microsoft Office Home and Business: Lifetime License normally goes for $349, but from today until July 14, you can get it for only $39.99 thanks to the special Deals Day event. Click here for Mac and here for Windows.
The directors of the UK Military Intelligence, Section 5 (MI5) and the US Federal Bureau of Investigation on Wednesday shared a public platform for the first time and warned of China’s increased espionage activity on UK and US intellectual property.
Speaking to an audience of business and academic leaders, MI5 director general Ken McCallum and FBI director Chris Wray argued that Beijing’s Made in China 2025 program and other self-sufficiency tech goals can’t be achieved without a boost from illicit activities.
“This means standing on your shoulders to get ahead of you. It means that if you are involved in cutting-edge tech, AI, advanced research or product development, the chances are your know-how is of material interest to the Chinese Communist Party,” said McCallum.
“And if you have, or are trying for, a presence in the Chinese market, you’ll be subject to more attention than you might think,” he added.
The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale
McCallum described China’s efforts to acquire Western expertise, technology, research as a planned and professional “coordinated campaign on a grand scale” that has been strategically executed across decades.
China’s efforts have stepped up significantly, McCallum said, with MI5 running seven times as many investigations against Chinese activity today than in 2018.
“The most game-changing challenge we face comes from the Chinese Communist Party. It’s covertly applying pressure across the globe,” said McCallum. Threats MI5 is working to counter include covert theft of trade secrets, patient cultivation of contacts, and establishing a “debt of obligation.” Advanced persistent threats are deployed when needed, too.
The MI5 director also warned that China was working to change attitudes to suit the Chinese Communist Party’s interests and support it dominating the international order – and playing the long game to normalize mass theft as “the cost of doing business these days.”
Wray added that in the US, China’s efforts spare none and are visible in both big cities and small towns, Fortune 500s and startups, and across everything from aviation, to AI, to pharma.
The FBI director then referred to China’s hacking program as “lavishly resourced” and “bigger than that of every other major country combined.”
“The Chinese Government sees cyber as the pathway to cheat and steal on a massive scale,” said Wray.
Wray said the efforts were not just big, they were effective, offering the following insight on cyber attacks:
Over the last few years, we’ve seen Chinese state-sponsored hackers relentlessly looking for ways to compromise unpatched network devices and infrastructure.
And Chinese hackers are consistently evolving and adapting their tactics to bypass defenses. They even monitor network defender accounts and then modify their campaign as needed to remain undetected.
They merge their customized hacking toolset with publicly available tools native to the network environment—to obscure their activity by blending into the ‘noise’ and normal activity of a network.
However, he warned, it’s not just through hacking that the Chinese state-backed threats act, but “by making investments and creating partnerships that position their proxies to steal valuable technology.”
Wray described all Chinese companies as beholden to the Chinese Communist Party (CCP) in some form, with the government disguising its intent to obtain influence.
Efforts include creating elaborate shell games to outsmart government investment-screening programs, passing statutes like the 2015 critical infrastructure law that requires companies to store data domestically and convenient for government access. He cited a 2020 law that required malware-laden Chinese software be used by foreign companies filing taxes – forcing the companies into installing their own backdoors – as another example of the CCP at work.
On the same day as the two spook bosses issued their warnings, the US National Counterintelligence and Security Center issued a bulletin [PDF] offering more detail of China’s efforts by detailing tactics used by Beijing to infiltrate US business and government for the purpose of exerting influence.
Know your foe
The FBI, NCSC, and MI5 all warned against confusing the Chinese diaspora with the CCP and Beijing.
“If my remarks today elicit accusations of Sinophobia, from an authoritarian CCP, I trust you’ll see the irony,” said Wray.
Liu Pengyu, spokesperson for China’s embassy in Washington, responded on Wednesday denying interference, accusing the US of cyberattacks itself and characterizing criticism as “US politicians who have been tarnishing China’s image and painting China as a threat with false accusations.”
China’s foreign minister Wang Yi and US secretary of state Antony Blinken are scheduled to meet at the G20 Foreign Ministers’ meeting this week. The agenda, according to Chinese state-sponsored media is “to exchange views on current China-US relations and major international and regional issues.”
Every new car sold in the European Union will soon include anti-speeding technology known as intelligent speed assistance, or ISA. The EU regulation (part of the broader General Vehicle Safety Regulation) goes into effect today, and states that all new models and types of cars introduced to the European market must include an ISA system. The policy doesn’t apply to any new cars that are in showrooms today — at least, not yet. By July 2024, every new car sold in the EU must have a built-in anti-speeding system.
“The roll out of ISA is a huge step forward for road safety and has the potential to dramatically reduce road traffic injuries and fatalities. Car manufacturers now have the opportunity to maximise the potential ISA presents for creating safer roads for all,” said the European Commission in a press release.
For those unfamiliar with ISA, the term describes a whole raft of systems that can detect road speed limits via front-mounted cameras, GPS data or both. Depending on the specific ISA and how it’s configured by the driver, the technology can provide reminder feedback about the speed limit, automatically adjust cruise control to match the road’s speed or even reduce power to the motor to slow speeding vehicles.
Many drivers in Europe are already using ISA-equipped vehicles, and major automakers such as Honda, Ford, Jeep and Mercedes-Benz sell certain models with these systems in the European market. According to a projection by the EU-funded PROSPER, a scenario such as this one, where ISA becomes mandated, could result in between 26 and 50 percent fewer fatalities.
As Autocar notes, ISA technology still isn’t perfect. During one test, the ISA system was occasionally “slow to respond” and at one point set the speed limit at 60 mph while driving through a quiet English village.
So… can you disable ISA easily then? At least it looks like the tech is contained in the car, hopefully not feeding your driving data and location to 3rd parties where it can be sold on and get lost.
Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information.
The incident, first reported by Databreaches.net, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel in Maryland into giving them access to their computer.
[…]
Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.
The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to Databreaches.net purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.
However, Marriott told TechCrunch that its investigation determined that the data accessed “primarily contained non-sensitive internal business files regarding the operation of the property.”
The company said that it is preparing to notify 300-400 individuals regarding the incident, and has already notified relevant law enforcement agencies.
This isn’t the first time Marriott has suffered a significant data breach. Hackers breached the hotel chain in 2014 to access almost 340 million guest records worldwide — an incident that went undetected until September 2018 and led to a £14.4 million ($24 million) fine from the U.K.’s Information Commissioner’s Office. In January 2020, Marriott was hacked again in a separate incident that affected around 5.2 million guests.
Amazon (AMZN.O) has offered to share marketplace data with sellers and boost the visibility of rival products on its platform, trying to persuade EU antitrust regulators to close their investigations without a fine by the end of the year, people familiar with the matter said.
The world’s largest online retailer is hoping its concessions will stave off a potential European Union fine that could be as much as 10% of its global turnover, Reuters reported last year. read more
The European Commission in 2020 charged Amazon with using its size, power and data to push its own products and gain an unfair advantage over rival merchants that sell on its online platform.
It also launched an investigation into Amazon’s possible preferential treatment of its own retail offers and those of marketplace sellers that use its logistics and delivery services.
Amazon’s process for choosing which retailer appears in the “buy box” on its website and which generates the bulk of its sales also came under the spotlight.
Amazon has now proposed to allow sellers access to some marketplace data while its commercial arm will not be able to use seller data collected by its retail unit, the people said.
The company will also create a second buy box for rival products in the event an Amazon product appears in the first buy box, the people said.
No way that this is enough. A marketplace owner has no business offering products on their own marketplace at all. That’s always going to be unfair competition. It also fails to address many of the other monopoly problems, like forcing sellers to exclusively use Amazon or downgrading their search results, forcing sellers to use the Amazon delivery options as well as forcing other delivery parties out of business by delivering under cost price.
The Cyberspace Administration of China’s (CAC) policy was first floated in October 2021 and requires businesses that transfer data offshore to conduct a security review. The requirements kick in when an organization transfers data describing more than 100,000 individuals, or information about critical infrastructure – including that related to communications, finance and transportation. Sensitive data such as fingerprints also trigger the requirement, at a threshold of 10,000 sets of prints.
A Thursday announcement added a detail to the policy: the cutoff date after which the CAC will start counting towards the 100,000 and 10,000 thresholds. Oddly, that date is January 1 … of 2021.
A state official explained in Chinese state-owned media on Thursday that the efforts were necessary due to the digital economy expanding cross-border data activities, and that differences in international legal systems have increased data export security risks, thereby affecting national security and social interest.
The official detailed that the security review should occur prior to signing a contract that includes exporting data overseas. Any approved data export will be valid for two years, at which point the entity must apply again.
Turkey announced last week it discovered a massive rare earth reserve almost as big as the world’s largest in China. The find is reportedly so large that it could on its own satisfy global demand for decades.
According to the Turkish Ministry of Energy and Natural Resources, the country found a supply of 694 million metric tons (765 million short tons) of rare earth minerals in Beylikova, Eskişehir. That reportedly makes Turkey’s rare earths reserve the world’s second-largest behind China, which has 800 million tons according to AA Energy. Deposits reportedly include 10 of the 17 rare earth elements and are close to the surface, which would simplify extraction.
Fatih Dönmez, the country’s Minister for Energy and Natural Resources said the construction of processing infrastructure will begin later this year after R&D concludes. When the mining and refinement industries are up and running, Turkey anticipates it’ll have the capability to process 570,000 metric tons of rare earths annually. That’s nearly double the 315,000 metric tons that The Conversation reports will be demanded globally in 2030.
the European Union has passed a pair of landmark bills designed to rein in Big Tech’s power. The Digital Markets Act and Digital Services Act are intended to promote fairer competition, improve privacy protection, as well as banning both the use of some of the more egregious forms of targeted advertising and misleading practices.
The Digital Services Act, for instance, focuses on online platforms like Facebook, Amazon and Google. They will be tasked with being more proactive both with content moderation and also to prevent the sale of illegal or unsafe goods being sold on their platforms. Users will also be able to learn how and why an algorithm recommended them a certain piece of content, and to challenge any moderation decision that was made algorithmically. Finally, companies will no longer be able to use sensitive personal data for ad-targeting, sell ads to children, or use dark patterns — deceptive page design that can manipulate you into saying yes to something even when you’d much rather say no, such as joining a service or preventing you from leaving one you no longer wish to use.
These obligations operate on a sliding scale, and so the largest platforms will have the greatest obligations placed upon them. Platforms with 45 million or more monthly users will be subject to independent auditing to ensure they are preventing fake news and illegal content. Those platforms will also have to open up their algorithms and data to (approved) researchers to enable them to study the effects, and potential harm, the systems can cause.
The Digital Markets Act, meanwhile, is more focused on preventing dominant platform holders, like Google, Microsoft and Apple, from abusing their scale. This includes offering better interoperability with smaller, rival services, ensuring files can be sent between systems. There is also a large carve-out for app storefronts, with developers now entitled to contact their customers about deals without going via the platform holder in question. And platform holders will no longer be able to give their systems favorable treatment, such as when Google promoted its own shopping service over that of rivals.
The EU has given both bills plenty of teeth, and can dole out a maximum penalty of 10 percent of its total worldwide turnover from the previous year, should regulators find non-compliance. This figure will, however, jump to 20 percent of worldwide turnover if officials find “repeated non-compliance.” That’s a hefty figure big enough that not even Apple would be able to stomach losing on a regular basis. Although, as with GDPR regulation, the EU still has questions to answer about how much effort, time and money it’s prepared to put behind a body to monitor big tech.
Now that they have been passed, the Digital Services Act will come into force by 1st January 2024 (unless some procedural stuff delays it) while the Digital Markets Act will come into force at some point soon after, and major platforms — dubbed “Gatekeepers” will have a further six months to get their houses in order before the new rules apply to them.
The European Commission has set up a taskforce, with about 80 officials expected to join up, which critics say is inadequate. Last month it put out a 12 million euro ($12.3 million) tender for experts to help in investigations and compliance enforcement over a four-year period.
EU industry chief Thierry Breton sought to address enforcement concerns, saying various teams would focus on different issues such as risk assessments, interoperability of messenger services and data access during implementation of the rules.
Regulators will also set up a European Centre for Algorithmic Transparency to attract data science and algorithm scientists to help with enforcement.
“We have started to gear the internal organisation to this new role, including by shifting existing resources, and we also expect to ramp up recruitment next year and in 2024 to staff the dedicated DG CONNECT team with over 100 full time staff,” Breton said in a blogpost.
[…]
“We raised the alarm last week with other civil society groups that if the Commission does not hire the experts it needs to monitor Big Tech’s practices in the market, the legislation could be hamstrung by ineffective enforcement,” BEUC Deputy Director General Ursula Pachl said in a statement.
The DMA is set to force changes in companies’ businesses, requiring them to make their messaging services interoperable and provide business users access to their data.
Business users would be able to promote competing products and services on a platform and reach deals with customers off the platforms.
Companies will not be allow to favour their own services over rivals’ or prevent users from removing pre-installed software or apps, two rules that will hit Google and Apple hard.
The DSA bans targeted advertising aimed at children or based on sensitive data such as religion, gender, race and political opinions. Dark patterns, which are tactics that mislead people into giving personal data to companies online, will also be prohibited
Finnish researchers have installed the world’s first fully working “sand battery” which can store green power for months at a time.
Using low-grade sand, the device is charged up with heat made from cheap electricity from solar or wind.
The sand stores the heat at around 500C, which can then warm homes in winter when energy is more expensive.
[…]
Right now, most batteries are made with lithium and are expensive with a large, physical footprint, and can only cope with a limited amount of excess power.
But in the town of Kankaanpää, a team of young Finnish engineers have completed the first commercial installation of a battery made from sand that they believe can solve the storage problem in a low-cost, low impact way.
“Whenever there’s like this high surge of available green electricity, we want to be able to get it into the storage really quickly,” said Markku Ylönen, one of the two founders of Polar Night Energy who have developed the product.
The device has been installed in the Vatajankoski power plant which runs the district heating system for the area.
Low-cost electricity warms the sand up to 500C by resistive heating (the same process that makes electric fires work).
This generates hot air which is circulated in the sand by means of a heat exchanger.
Sand is a very effective medium for storing heat and loses little over time. The developers say that their device could keep sand at 500C for several months.
So when energy prices are higher, the battery discharges the hot air which warms water for the district heating system which is then pumped around homes, offices and even the local swimming pool.
[…]
The idea for the sand battery was first developed at a former pulp mill in the city of Tampere, with the council donating the work space and providing funding to get it off the ground.
[…]
One of the big challenges now is whether the technology can be scaled up to really make a difference – and will the developers be able to use it to get electricity out as well as heat?
The efficiency falls dramatically when the sand is used to just return power to the electricity grid.
But storing green energy as heat for the longer term is also a huge opportunity for industry, where most of the process heat that’s used in food and drink, textiles or pharmaceuticals comes from the burning of fossil fuels.
Michael E. Karpeles, Program Lead on OpenLibrary.org at the Internet Archive, spotted an interesting blog post by Michael Kozlowski, the editor-in-chief of Good e-Reader. It concerns Amazon and its audiobook division, Audible:
Amazon owned Audible ceased selling individual audiobooks through their Android app from Google Play a couple of weeks ago. This will prevent anyone from buying audio titles individually. However, Audible still sells subscriptions through the app (…)
Karpeles points out that this is yet another straw in the wind indicating that the ownership of digital goods is being replaced with a rental model. He wrote a post last year exploring the broader implications, using Netflix as an example:
What content landlords like Netflix are trying to do now is eliminate our “purchase” option entirely. Without it, renting become the only option and they are thus free to arbitrarily hike up rental fees , which we have to pay over and over again without us getting any of these aforementioned rights and freedoms. It’s a classic example of getting less for more.
He goes on to underline four extremely serious consequences of this shift. One is the end of “forever access”. If the company adopting the rental model goes out of business, customers lose access to everything they were paying for. With the ownership of goods, even if the supplier goes bankrupt, you still have the product they sold to you.
Secondly, the rental model effectively means the end of the public domain for material offered in that way. In theory, books, music, films and the rest that are under copyright should enter the public domain after a certain time – typically around a century after they first appeared. But when these digital goods are offered using the rental model, they usually come wrapped up in digital locks – digital rights management (DRM) – to prevent people exiting from the rental model by making a personal copy. That means that even if the company offering the digital goods is still around when the copyright expires, this content will remain locked-away even when it enters the public domain because it is illegal under copyright laws like the US DMCA and EU Information Society Directive to circumvent those locks.
Thirdly, Karpeles notes, the rental model means the end of personal digital freedom in this sphere. Since you access everything through the service provider, the latter knows what you are doing with the rented material and when. How much it chooses to spy on you will depend on the company, but you probably won’t know unless you live somewhere like the EU where you can make a request to the company for the personal data that it holds about you.
Finally, and perhaps least obviously, it means the end of the library model that has served us so well for hundreds of years. Increasingly, libraries are unable to buy copies of ebooks outright, but must rent them. This means that they must follow the strict licensing conditions imposed by publishers on how those ebooks are lent out by the library. For example, some publishers license ebooks for a set period of time – typically a year or two – with no guarantee that renewal will be possible at the end of that time. Others have adopted a metered approach that counts how many times an ebook is lent out, and blocks access after a preset number. Karpeles writes:
Looking to the future, as more books become only available for lease as eBooks, I see no clear option which allows libraries to sustainably serve their important roles as reliable, long-term public access repositories of cultural heritage and human knowledge. It used to be the case that a library would purchase a book once and it would serve the public for decades. Instead, now at the end of each year, a library’s eBooks simply vanish unless libraries are able to find enough quarters to re-feed the meter.
The option to own new digital goods or to access the digital holdings of public libraries may not be available much longer – enjoy them while you can.
Government policies often are presented with hefty price tags, but people often zone out as more zeros are added to the total cost. A new study from Carnegie Mellon University suggests that rescaling the cost of programs can increase a person’s understanding of funding choices, which may improve how people participate in the policy debate. The results are available in the July issue of the journal Proceedings of the National Academy of Sciences.
[…]
In the first study, 392 participants evaluated four statements about possible U.S. COVID-19 relief packages. The participants evaluated content presented on a total price-per-program ($100 billion versus $2 trillion) or as price-per-person ($1,200 versus $24,000). Both pairs of statements were scaled to a 20:1 ratio. The researchers found the participants had an easier time differentiating between high and low cost when it was presented with the price-per-person option.
“With a simple manipulation rescaling big numbers into smaller numbers, people can understand this information better,”
[…]
In the second study, 401 participants ranked eight programs that had previously been presented with a price-per-program or price-per-person cost. The results confirm the team’s hypothesis that participants were more successful at comprehending the price-per-person cost. To follow on this study, the team presented 399 participants with similar information but scaled the total expenditures using an unfamiliar unit. They found the price-per-person cost offered greater comprehension. These results suggest that by simply rescaling large numbers and transforming them into smaller ones people can digest information more effectively.
“Surprisingly, we rescaled the information using an arbitrary unit [other than a per capita], and we still see the same effect,” said Boyce-Jacino. “People are better at discriminating among smaller numbers.”
Finally, the team presented 399 participants with eight program pairs. Four of the pairs had the same characteristics except for cost. The other four had variations in program characteristics to evaluate beyond price. For all eight scenarios, the program price tag was presented as either price-per-program or price-per-person. The researchers found the participants were more likely to select the least expensive program when cost was presented using the price-per-person format.
Most surprising to the research team was how the information scaled. Unlike past research that assumed a log scale in the scaling of large numbers, they found that people were more sensitive to small numbers than to large ones even when the ratio was held constant at 20 to 1.
“The ratio suggests numerical representation is more curved than a log function,” said Chapman. “It contrasts with previous theoretical perspective, but it remains in the same ballpark.”
[…]
“People are bad at processing and understanding big numbers,” said Chapman. “If your goal is to help people be good citizens and savvy evaluators of how tax dollars are spent, scale numbers that place them in range that people can appreciate.”
More information: Large numbers cause magnitude neglect: The case of government expenditures, Proceedings of the National Academy of Sciences (2022). doi.org/10.1073/pnas.2203037119
LIBE committee member and Pirate Party MEP Patrick Breyer said that during the meeting last week, the committee discovered that the UK – and three EU member states, though their identities were not revealed – had already signed up to reintroduce US visa requirements which grant access to police biometric databases.
In the UK, the Home Office declined the opportunity to deny it was signing up for the scheme. A spokesperson said: “The UK has a long-standing and close partnership with the USA which includes sharing data for specific purposes. We are in regular discussion with them on new proposals or initiatives to improve public safety and enable legitimate travel.”
Under UK law the police can retain an individual’s DNA profile and fingerprint record for up to three years from the date the samples were taken, even if the individual was arrested but not charged, provided the Biometrics Commissioner agrees. Police can also apply for a two-year extension. The same applies to those charged, but not convicted.
According to reports, the US Enhanced Border Security Partnership (EBSP) initiative will be voluntary initially but is set to become mandatory under the US Visa Waiver Program (VWP), which allows visa-free entry into the United States for up to 90 days, by 2027.
MEP Breyer said that when asked exactly what data the US wanted to tap into, the answer was as much as possible. When asked what would happen at US borders if a traveler was known to the police in participating states, it was said that this would be decided by the US immigration officer on a case-by-case basis.
[…]
“If necessary, the visa waiver program must be terminated by Europe as well. Millions of innocent Europeans are listed in police databases and could be exposed to completely disproportionate reactions in the USA.
“The US lacks adequate data and fundamental rights protection. Providing personal data to the US exposes our citizens… to the risk of arbitrary detention and false suspicion, with possible dire consequences, in the course of the US ‘war on terror’. We must protect our citizens from these practices,” Breyer said.
[…]The latest beta version of Rufus, which in future will be version 3.19, has some interesting new additions. While it writes your ISO, you can optionally disable some of Windows’ more annoying features.
It has the ability to turn off TPM chip detection and the requirement for Secure Boot, which should enable you to install Windows 11 on older machines if you so wish. It lets you bypass the need for a Microsoft account – although you will need to disconnect the target PC from a network for this to work. It also allows you to automatically respond “no” to all Microsoft’s data-collection questions during setup.
All these sound welcome changes to us. The Microsoft account requirement recently popped up a new irritation on our test install: it automatically keeps the Desktop folder on OneDrive, which we found very annoying when we wanted to briefly keep a large file there.
This means that Rufus rockets up the chart of The Reg FOSS desk’s favorite tools for decluttering Windows, and it might even surpass the very handy Ventoy for USB installs.
Already on the list were two O&O tools: AppBuster and ShutUp10++. AppBuster makes it easy to uninstall most of the MetroModern apps that Microsoft in its finite wisdom bundles with Windows.
[…]
If you like things clean and minimal, you might want to disable Windows 11’s “widgets” and “chat” buttons. At least no external tools are needed for that.
A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history.
The anonymous internet user, identified as “ChinaDan,” posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin BTC=, equivalent to about $200,000.
“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen,” the post said.
“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”
[…] Mickey Mouse will enter the public domain in the year 2024, almost 95 years after his creation on 1 October 1928 – the length of time after which the copyright on an anonymous or pseudo-anonymous body of artistic work expires.
Daniel Mayeda is the associate director of the Documentary Film Legal Clinic at UCLA School of Law, as well as a longtime media and entertainment lawyer. He said the copyright expiration does not come without limitations.
“You can use the Mickey Mouse character as it was originally created to create your own Mickey Mouse stories or stories with this character. But if you do so in a way that people will think of Disney – which is kind of likely because they have been investing in this character for so long – then in theory, Disney could say you violated my trademark.”
[…]
According to the National Museum of American History: “Over the years, Mickey Mouse has gone through several transformations to his physical appearance and personality. In his early years, the impish and mischievous Mickey looked more rat-like, with a long pointy nose, black eyes, a smallish body with spindly legs and a long tail.”
While this first rat-like iteration of Mickey will be stripped of its copyright, Mayeda said Disney retains its copyright on any subsequent variations in other films or artwork until they reach the 95-year mark.
[…]
Honey-loving bear Winnie the Pooh from the Hundred-acre Woods and most of his animal friends entered public domain in January this year and some have wasted no time in capitalizing on the beloved characters.
Actor Ryan Reynolds made a playful nod to the now free-to-use Winnie the Pooh in a Mint Mobile commercial. In the advertisement, Reynolds reads a children’s book about ‘Winnie the Screwed,’ a bear with a costly phone bill.
[…] Pooh and his close pal Piglet are now the stars of Winnie the Pooh: Blood and Honey, a soon-to-be released horror film, written and directed by Rhys Waterfield, that sees the two go on a bloody rampage of killing after being abandoned by their old friend, Christopher Robin.
[…]
“Copyrights are time-limited,” Mayeda said. “Trademarks are not. So Disney could have a trademark essentially in perpetuity, as long as they keep using various things as they’re trademarked, whether they’re words, phrases, characters or whatever.”
Disney may still maintain trademarks on certain catchphrases or signature outfits worn by the characters, such as Pooh’s red shirt, which Waterfield intentionally avoided using in his movie.
[…]
The Walt Disney Company has a long history with US copyright law. Suzanne Wilson, once deputy general counsel for the Walt Disney Company for nearly a decade, now heads the US Copyright Office, underscoring the company’s relationship with the government.
Jacuzzi’s SmartTub feature, like most Internet of Things (IoT) systems, lets users connect to their hot tub remotely via a companion Android or iPhone app. Marketed as a “personal hot tub assistant,” users can make use of the app to control water temperature, switch on and off jets, and change the lights.
But as documented by hacker Eaton Zveare, this functionality could also be abused by threat actors to access the personal information of hot tub owners worldwide, including their names and email addresses. It’s unclear how many users are potentially impacted, but the SmartTub app has been downloaded more than 10,000 times on Google Play.
[…]
Eaton first noticed a problem when he tried to log in using the SmartTub web interface, which uses third-party identity provider Auth0, and found that the login page returned an “unauthorized” error. But for the briefest moment Zveare saw the full admin panel populated with user data flash on his screen.
“Blink and you’d miss it. I had to use a screen recorder to capture it,” Zveare said. “I was surprised to discover it was an admin panel populated with user data. Glancing at the data, there is information for multiple brands, and not just from the U.S.” These brands include others under different Jacuzzi brands, including Sundance Spa, D1 Spas and ThermoSpas.
Eaton then tried to bypass the restrictions and obtain full access. He used a tool called Fiddler to intercept and modify some code that told the website that he was an admin rather than an ordinary user. The bypass was successful, enabling Zveare to access the admin panel in full.
“Once into the admin panel, the amount of data I was allowed to [access] was staggering. I could view the details of every spa, see its owner and even remove their ownership,” he said. “It would be trivial to create a script to download all user information. It’s possible it’s already been done.”
Things got worse when Zveare discovered a second admin panel while reviewing the source code of the Android app allowing him to view and modify the serial numbers of products, see a list of licensed hot tub dealers and view manufacturing logs.
In yetanotherexample of T-Mobile being The Worst with its customer’s data, the company announced a new money-making scheme this week: selling its customers’ app download data and web browsing history to advertisers.
The package of data is part of the company’s new “App Insights” adtech product that was in beta for the last year but formally rolled out this week. According to AdExchanger, which first reported news of the announcement from the Cannes Festival, the new product will let marketers track and target T-Mobile customers based on the apps they’ve downloaded and their “engagement patterns”—meaning when or how
These same “patterns” also include the types of domains a person visits in their mobile web browser. All of this data gets bundled up into what the company calls “personas,” which let marketers microtarget someone by their phone habits. One example that T-Mobile’s head of ad products, Jess Zhu, told AdExchanger was that a person with a human resources app on their phone who also tends to visit, say, Expedia’s website, might be grouped as a “business traveler.” The company noted that there’s no personas built on “gender or cultural identity”—so a person who visits a lot of, say, Christian websites and has a Bible app or two installed won’t be profiled based on that.
“App Insights transforms this data into actionable insights. Marketers can see app usage, growth, and retention and compare activity between brands and product categories,” a T-Mobile statement read.
T-Mobile (and Sprint, by association) certainly aren’t the only carriers pawning off this data; as Ars Technica first noted last year, Verizon overrode customer’s privacy preferences to sell off their browsing and app-usage data. And while AT&T had initially planned to sell access to similar data nearly a decade ago, the company currently claims that it exclusively uses “non-sensitive information” like your age range and zip code to serve up targeted ads.
But T-Mobile also won’t stop marketers from taking things into their own hands. One ad agency exec that spoke with AdExchanger said that one of the “most exciting” things about this new ad product is the ability to microtarget members of the LGBTQ community. Sure, that’s not one of the prebuilt personas offered in the App Insights product, “but a marketer could target phones with Grindr installed, for example, or use those audiences for analytics,” the original interview notes.
Riot Games will begin background evaluation of recorded in-game voice communications on July 13th in North America, in English. In a brief statement (opens in new tab) Riot said that the purpose of the recording is ultimately to “collect clear evidence that could verify any violations of behavioral policies.”
For now, however, recordings will be used to develop the evaluation system that may eventually be implemented. That means training some kind of language model using the recordings, says Riot, to “get the tech in a good enough place for a beta launch later this year.”
Riot also makes clear that voice evaluation from this test will not be used for reports. “We know that before we can even think of expanding this tool, we’ll have to be confident it’s effective, and if mistakes happen, we have systems in place to make sure we can correct any false positives (or negatives for that matter),” said Riot.
For the past decade, researchers in academia and the nonprofit world have had access to increasingly sophisticated information about the Earth’s surface, via the Google Earth Engine. Now, any commercial or government entity will have access to Google Cloud’s new enterprise-grade, commercial version of the computer program.
Google originally launched Earth Engine for scientists and NGOs in 2010. One of the world’s largest publicly available Earth observation catalogs, it combines data from satellites and other sources continuously streaming into Earth Engine. The data is combined with massive geospatial cloud-computing resources, which lets organizations use the raw data for timely, accurate, high-resolution insights about the state of the world. That means they can keep a near-constant eye on the world’s forests, water sources, ecosystems and agriculture — and how they’re all changing.
Google Cloud says it’s commercializing Earth Engine now to cater to business customers that are prioritizing sustainability. Businesses are under pressure — from regulators, investors and customers — to reduce their carbon emissions. So, Google is rolling out new products that promise to help them meet their sustainability goals with more and better data.
[…]
Google says Earth Engine will still be available at no cost for nonprofits, academic research and educational use cases.
The judges sided, by a two-to-one majority, with the IPO, which had told him to list a real person as the inventor.
“Only a person can have rights – a machine cannot,” wrote Lady Justice Laing in her judgement.
“A patent is a statutory right and it can only be granted to a person.”
But the IPO also said it would “need to understand how our IP system should protect AI-devised inventions in the future” and committed to advancing international discussions, with a view to keeping the UK competitive.
In July 2021, in a case also brought by Mr Thaler, an Australian court decided AI systems could be recognised as inventors for patent purposes.
Days earlier, South Africa had issued a similar ruling.
Many AI systems are trained on large amounts of data copied from the internet.
And, on Tuesday, the IPO also announced plans to change copyright law to allow anyone with lawful access – rather than only those conducting non-commercial research, as now – to do this, to “promote the use of AI technology, and wider ‘data mining’ techniques, for the public good”.
Rights holders will still be able to control and charge for access to their works but no longer charge extra for the ability to mine them.
An increasing number of people are using AI tools such as DALL.E 2 to create images resembling a work of human art.
And Mr Thaler has recently sued the US Copyright Office over its refusal to recognise a software system as the “author” of an image, the Register reported.
The US FBI issued a warning on Tuesday that it was has received increasing numbers of complaints relating to the use of deepfake videos during interviews for tech jobs that involve access to sensitive systems and information.
The deepfake videos include a video image or recording convincingly manipulated to misrepresent someone as the “applicant” for jobs that can be performed remotely. The Bureau reports the scam has been tried on jobs for developers, “database, and software-related job functions”. Some of the targeted jobs required access to customers’ personal information, financial data, large databases and/or proprietary information.
“In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually,” said the FBI in a public service announcement.
To lend an air of authenticity to their applications, the dodgy job seekers used stolen personal identification information. The victims whose data was stolen reported their identities being used for pre-employment background checks and more.
