An anonymous reader quotes a report from ZDNet: A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not -- yet -- been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. Computest researchers Daan Keuper and Thijs Alkemade earned themselves $200,000 for this Zoom discovery, as it was part of the Pwn2Own contest. In a statement to Tom's Guide, Zoom thanked the Computest researchers and said the company was "working to mitigate this issue with respect to Zoom Chat." In-session Zoom Meetings and Zoom Video Webinars are not affected. "The attack must also originate from an accepted external contact or be a part of the target's same organizational account," Zoom added. "As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust."

Read more of this story at Slashdot.

Scientific papers containing lots of specialized terminology are less likely to be cited by other researchers. The New York Times reports: Polje, nappe, vuggy, psammite. Some scientists who study caves might not bat an eye, but for the rest of us, these terms might as well be ancient Greek. Specialized terminology isn't unique to the ivory tower -- just ask a baker about torting or an arborist about bracts, for example. But it's pervasive in academia, and now a team of researchers has analyzed jargon in a set of over 21,000 scientific manuscripts. They found that papers containing higher proportions of jargon in their titles and abstracts were cited less frequently by other researchers. Science communication -- with the public but also among scientists -- suffers when a research paper is packed with too much specialized terminology, the team concluded. These results were published Wednesday in Proceedings of the Royal Society B. Jargon can be a problem, but it also serves a purpose, said Hillary Shulman, a communications scientist at Ohio State University. "As our ideas become more refined, it makes sense that our concepts do too." This language-within-a-language can be a timesaver, a way to precisely convey meaning, she said. However, it also runs the risk of starkly reminding people -- even some well-educated researchers -- that they aren't "in the know." "It's alienating," said Dr. Shulman.

Read more of this story at Slashdot.

There is something that the average person can do to slow down climate change, and it can be accomplished without leaving the house. Don't waste food. From a report: Some 931 million tons of it went to waste in 2019, according to the United Nations Environment Programme. Individual households were responsible for more than half of that, with the rest coming from retailers and the food service industry. New estimates show that about 17% of food available to consumers worldwide that year ended up being wasted. The matter is even more urgent when considered alongside another UN analysis that tracks the problem further up the supply chain, and shows 14% of food production is lost before it reaches stores. Waste is happening at every point, from the field to the dinner table. Food waste and loss are responsible for as much as 10% of global emissions, according to the Intergovernmental Panel on Climate Change. If it were a country, this discard would rank third in the ranking of the world's sources of greenhouse gases, after China and the U.S. Among the most effective climate solutions, non-profit Project Drawdown ranks cutting food waste ahead of moving to electric cars and switching to plant-based diets. Thursday's UNEP report suggests the amount of food wasted by consumers could be about double the previous estimate. The analysis conducted by the UN's Food and Agriculture Organization in 2011 relied on data from fewer countries.

Read more of this story at Slashdot.

Journalism is not accountable. We can’t impeach the NYT, or remove them from office in the next election. Yet they pretty much determine what we talk about, so much so that Wolf Blitzer on CNN actually negotiates with politicians we do elect, who are accountable.

smooth wombat writes: Chuang Cheng-deng's modest rice farm is a stone's throw from the nerve center of Taiwan's computer chip industry, whose products power a huge share of the world's iPhones and other gadgets. This year, Mr. Chuang is paying the price for his high-tech neighbors' economic importance. Gripped by drought and scrambling to save water for homes and factories, Taiwan has shut off irrigation across tens of thousands of acres of farmland. The authorities are compensating growers for the lost income. But Mr. Chuang, 55, worries that the thwarted harvest will drive customers to seek out other suppliers, which could mean years of depressed earnings. "The government is using money to seal farmers' mouths shut," he said, surveying his parched brown fields. Officials are calling the drought Taiwan's worst in more than half a century. And it is exposing the enormous challenges involved in hosting the island's semiconductor industry, which is an increasingly indispensable node in the global supply chains for smartphones, cars and other keystones of modern life. Chip makers use lots of water to clean their factories and wafers, the thin slices of silicon that form the basis of the chips. And with worldwide semiconductor supplies already strained by surging demand for electronics, the added uncertainty about Taiwan's water supply is not likely to ease concerns about the tech world's reliance on the island and on one chip maker in particular: Taiwan Semiconductor Manufacturing Company. More than 90 percent of the worldâ(TM)s manufacturing capacity for the most advanced chips is in Taiwan and run by TSMC, which makes chips for Apple, Intel and other big names. The company said last week that it would invest $100 billion over the next three years to increase capacity, which will likely further strengthen its commanding presence in the market. TSMC says the drought has not affected its production so far. But with Taiwan's rainfall becoming no more predictable even as its tech industry grows, the island is having to go to greater and greater lengths to keep the water flowing. In recent months, the government has flown planes and burned chemicals to seed the clouds above reservoirs. It has built a seawater desalination plant in Hsinchu, home to TSMC's headquarters, and a pipeline connecting the city with the rainier north. It has ordered industries to cut use. In some places it has reduced water pressure and begun shutting off supplies for two days each week. Some companies, including TSMC, have hauled in truckloads of water from other areas.

Read more of this story at Slashdot.

Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google's app store, contained malicious adware that flooded the victim's device with unwanted ads. From a report: Kaspersky Lab said that it alerted APKPure on Thursday that its most recent app version, 3.17.18, contained malicious code that siphoned off data from a victim's device without their knowledge, and pushed ads to the device's lock screen and in the background to generate fraudulent revenue for the adware operators. But the researchers said that the malicious code had the capacity to download other malware, potentially putting affected victims at further risk.

Read more of this story at Slashdot.

Jamie Dimon, JPMorgan Chase chairman and CEO, listed fintech as one of the "enormous competitive threats" to banks in his annual shareholder letter released this week. From a report: "Banks ... are facing extensive competition from Silicon Valley, both in the form of fintechs and Big Tech companies," like Amazon, Apple, Facebook, Google and Walmart, Dimon wrote, and "that is here to stay." Fintech companies, in particular, "are making great strides in building both digital and physical banking products and services," Dimon said. "From loans to payment systems to investing, they have done a great job in developing easy-to-use, intuitive, fast and smart products." This, in part, is why "banks are playing an increasingly smaller role in the financial system," he said. Fintechs, like Stripe, Robinhood and PayPal, have seen a lot of growth and success in recent years, which may present challenges to traditional banks. While traditional banks have "significant strengths," like "brand, economies of scale, profitability and deep roots with their customers," Dimon also acknowledged their weaknesses. Things like "inflexible 'legacy systems'" along with "extensive regulations," can hinder innovation within banks, though they can arguably also make banks a "safer" option for consumers, too.

Read more of this story at Slashdot.

More than a third of the Antarctic ice shelf risks collapsing into the sea if global temperatures reach 4 degrees Celsius (7.2 degrees Fahrenheit) above pre-industrial levels as climate change warms the world, a new study from the UK's University of Reading has warned. From a report: In a forecasting study, scientists found that 34% of the area of all Antarctic ice shelves, measuring some half a million square kilometers, could destabilize if world temperatures were to rise by 4 degrees. Some 67% of the ice shelf area on the Antarctic Peninsula would be at risk of destabilization under this scenario, researchers said. Ice shelves are permanent floating platforms of ice attached to areas of the coastline, formed where glaciers flowing off the land meet the sea. They can help limit the rise in global sea levels by acting like a dam, slowing the flow of melting ice and water into the oceans. Each summer, ice at the surface of ice shelves melts and runs into smaller gaps in the snow below, where it usually refreezes. But when there is a lot of melting and little snowfall, this water instead pools onto the ice's surface or flows into crevasses. This deepens and widens the crevasses, causing the shelf to fracture and collapse into the sea.

Read more of this story at Slashdot.

A Google proposal which enables a web browser to treat a group of domains as one for privacy and security reasons has been opposed by the W3C Technical Architecture Group (TAG). From a report: Google's First Party Sets (FPS) relates to the way web browsers determine whether a cookie or other resource comes from the same site to which the user has navigated or from another site. The browser is likely to treat these differently, an obvious example being the plan to block third-party cookies. The proposal suggests that where multiple domains owned by the same entity -- such as google.com, google.co.uk, and youtube.com -- they could be grouped into sets which "allow related domain names to declare themselves as the same first-party." The idea allows for sites to declare their own sets by means of a manifest in a known location. It also states that "the browser vendor could maintain a list of domains which meet its UA [User Agent] policy, and ship it in the browser." In February 2019, Google software engineer Mike West requested a TAG review and feedback on the proposal was published yesterday. "It has been reviewed by the TAG and represents a consensus view," the document says. According to the TAG, "the architectural plank of the origin has remained relatively steady" over the last 10 years, despite major changes in web technology. It added: "We are concerned that this proposal weakens the concept of origin without considering the full implications of this action." The group identified some vagueness in the proposal, such as whether FPS applies to permissions such as access to microphone and camera. A Google Chrome engineering manager has stated: "No, we are not proposing to change the scope for permissions. The current scope for FPS is only to be treated as a privacy boundary where browsers impose cross-site tracking limitations." But the TAG reckons that the precise scope of FPS should be laid out in the proposal. A second concern is over the suggestion that browser vendors would ship their own lists. "This could lead to more application developers targeting specific browsers and writing web apps that only work (or are limited to) those browsers, which is not a desirable outcome," said the TAG.

Read more of this story at Slashdot.

Google is signaling to the White House that a lack of coordination on tech and trade policy across the Atlantic is hurting business. From a report: Google's head of global policy and government affairs, Karan Bhatia, is urging the Biden administration to accept an invitation from the European Commission to form an EU-U.S. Trade and Technology Council, according to a post shared exclusively with Axios. Around the world, different countries are proposing and enacting trade, tax, privacy and moderation rules impacting U.S. tech companies. On Thursday, the Biden administration proposed a tax agreement for very large multinational companies such as Google, Facebook and Amazon, the Wall Street Journal reports. Today's global regulatory patchquilt is a legacy of trade wars launched intermittently during the Trump administration plus aggressive moves aimed at U.S. tech companies from overseas. "Trans-Atlantic coordination has largely become an afterthought, if itâ(TM)s thought of at all," Bhatia wrote in a blog post. "These policy trends hurt both the U.S. and European economies, risking the 16 million jobs on both sides of the Atlantic linked to transatlantic trade and investment," he wrote. "They also make it harder for the U.S. and the EU to address new global technology challenges and partner with emerging economies in Asia." Bhatia says the Biden administration should opt to participate in the proposed Trade and Technology Council to avoid "unilateral approaches" on data flows between the U.S. and Europe and regulation of digital platforms.

Read more of this story at Slashdot.

Amazon employees at a Bessemer, Alabama warehouse have voted against unionizing the facility's roughly 5,800-person workforce. From a report: The National Labor Relations Board (NLRB) has tallied 1,700 "no" votes on the measure, more than half of the 3,215 ballots cast by employees at the BHM1 fulfillment center. Roughly 700 votes that have been counted voted in favor of the union, and approximately 500 of the total ballots were contested, mostly by Amazon. Workers voted in February and March by mail over whether to join the Retail, Wholesale and Department Store Union (RWDSU), a possibility Amazon fought with anti-union meetings and other aggressive measures. BHM1 is only the second US Amazon facility to hold a union vote, following a far smaller group of warehouse technicians in Delaware. If workers had approved the union, it would have become the largest group to gain representation in a single NLRB election since 1991. Amazon workers outside BHM1 have carried out more informal activism, including during the coronavirus pandemic, when employees claimed that Amazon had failed to reveal COVID-19 cases and provide adequate protective measures. In complaints obtained by news outlets, the NLRB determined that Amazon illegally retaliated against some of these workers. The NLRB also found that Amazon acted illegally in firing two workers who pushed it to address its climate impact. Amazon has long resisted unionization and waged an aggressive campaign in Bessemer. The company brought in expensive anti-union consultants and held so-called "captive audience" meetings, which are mandatory workplace lectures where unions are presented in a negative light.

Read more of this story at Slashdot.

Zachary Horwitz never made it big on the Sunset Strip -- there was the uncredited part in Brad Pitt's "Fury" and a host of roles in low-budget thrillers and horror flicks. But federal charges suggest he had acting talent, duping several financial firms out of hundreds of millions of dollars and enabling him to live the Hollywood dream after all. From a report: That meant chartered flights and a $6 million mansion -- replete with wine cellar and home gym. Horwitz even included a bottle of Johnnie Walker Blue Label, which retails for more than $200, as a gift to investors along with his company's "annual report." The claims are outlined in legal documents that U.S. prosecutors and the Securities and Exchange Commission released this week alleging Horwitz, 34, was running a massive Ponzi scheme. His scam: a made-up story that he had exclusive deals to sell films to Netflix and HBO. Dating back to 2014, the SEC said he raised a shocking $690 million in fraudulent funds. On Tuesday, Horwitz was arrested. Horwitz, who went by the screen name "Zach Avery," used fabricated contracts and fake emails to swindle at least five firms, according to the government. Investors were issued promissory notes through his firm 1inMM Capital to acquire the rights to movies that would be sold to Netflix and HBO for distribution in Latin America, Australia, New Zealand and other locations.

Read more of this story at Slashdot.

Just for fun I wrote a Drummer script that lists the earlierst Twitter users in an outline.

Here's the script:

• var flfirst = true;
• op.insert ("Early Twitter signups", down);
• for (var i = 12; i < 25; i++) {
• op.insert (twitter.getScreenname (i), (flfirst) ? "right" : "down");
• flfirst = false;
• }
• op.go (left, 1);

t generates

• 

How the script works

1. It inserts a headline in the current outline, down from the bar cursor headline, with the text "Early Twitter signups."
2. Then it loops of users whose ids are 12 to 24. I picked 12 because I had figured out from an earlier script that it was the first-listed user. And 24 is a random value I picked out of thin air. ;-)
3. For each user, it calls the Drummer verb twitter.getScreenname, which takes one parameter, the id of the user whose name you want. Then it inserts the name either to the right or down from the cursor depending on whether this is the first user we're inserting. That's how op.insert, an old friend from Frontier, works.
4. When it's done looping, it moves the cursor to the left, onto the "Early Twitter signups" headline we created.
5. It leaves the list expanded.

The killer feature

• It's so humble you might actually miss it.
• Even though the script makes a dozen asynchronous calls to Twitter, it's written as if it were synchronous. No weird code structures, you just write it as you think of it, and the system translates it into the complicated stuff, for you. Do I have to explain why this is good? Any time you can let the computer do the complex stuff for you is time you save, and errors you don't make.

Apple knows that iMessage's blue bubbles are a big barrier to people switching to Android, which is why the service has never appeared on Google's mobile operating system. From a report: That's according to depositions and emails from Apple employees, including some high-ranking executives, revealed in a court filing from Epic Games as part of its legal dispute with the iPhone manufacturer. Epic argues that Apple consciously tries to lock customers into its ecosystem of devices, and that iMessage is one of the key services helping it to do so. It cites comments made by Apple's senior vice president of Internet Software and Services Eddie Cue, senior vice president of software engineering Craig Federighi, and Apple Fellow Phil Schiller to support its argument. "The #1 most difficult [reason] to leave the Apple universe app is iMessage ... iMessage amounts to serious lock-in," was how one unnamed former Apple employee put it in an email in 2016, prompting Schiller to respond that, "moving iMessage to Android will hurt us more than help us, this email illustrates why." "iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones," was Federighi's concern according to the Epic filing. Although workarounds to using iMessage on Android have emerged over the years, none have been particularly convenient or reliable.

Read more of this story at Slashdot.

One reason Manchin might want to vote to cancel the filibuster is that it would maintain his power to veto non-budget Democratic legislation. With the filibuster in place the only power he has is to keep the filibuster. If he sticks with that he might as well switch parties now. However, if Biden and the Dems sold the voting plan that the Repubs will certainly block, if 90 percent of West Virginians supported the reforms, I would imagine that Manchin could change his mind. It all comes back to the same thing. The campaign never stops.