The Google Project Zero security team has updated its vulnerability disclosure guidelines to add a cushion of 30 days to some security bug disclosures, so end-users have enough time to patch software and prevent attackers from weaponizing bugs. From a report: This week's changes are of particular importance because a large part of the cybersecurity community has adopted Project Zero's rules as the unofficial methodology for disclosing a security bug to software vendors and then to the general public. Prior to today, Google Project Zero researchers would give software vendors 90 days to fix a security bug. When the bug was patched, or at the end of the 90 days time window, Google researchers would publish details about the bug online (on their bug tracker). Starting this week, Project Zero says it will wait 30 days before publishing any details about the bug. The reasoning behind the extra time window is to allow users of the affected products time to update their software, an operation that can usually take days or weeks in some complex corporate networks.

Read more of this story at Slashdot.

On the Drummer front, I decided to rewrite the tab code to use JavaScript closures. Much simpler code and hopefully more easily extended to add new functionality. But right now the app is a mess. I learned some new jQuery tricks with custom event handlers and triggers. You can have a very isolated function with persistent and private storage but you can still make calls into it, for the times when the outside world needs to know something about what's inside.

The days of experts gathering in a sealed-off room to sip coffee and grade beans on their color, aroma and taste may be numbered. From a report: An Israeli company has developed a handheld device that is able to scan beans to determine their quality. The machine, powered by artificial intelligence, will need a human to input the quality parameters first, but after that, it will be able to classify coffee before it's even roasted. The company has completed a pilot program with Carcafe, the Colombian division of Volcafe, one of the world's largest coffee traders. A shift to computers would upend the traditional way coffee has been graded by humans, known as cupping. The well-paid and trained examiners, or Q graders, at the ICE Futures U.S. exchange in New York conduct the laborious task of determining the quality and value of the coffee beans received by the bourse. Trading houses and roasters also usually have their own graders. Cupping is an involved process, not unlike that undertaken by wine sommeliers. Q graders weigh the coffee and grind it into a cup. They sniff the dry grounds, taking notes on the fragrance. Water heated to 200 degrees Fahrenheit (93 Celsius) is poured over the grounds and the graders smell the wet coffee. After 4 minutes, the crust that forms on top of the cup is broken and grounds and foam are removed. After waiting 15 minutes for the coffee to cool, and only then is the coffee slurped up in a spoon. "It's the human that establishes the sensorial part," said Oswaldo Aranha Neto, a coffee industry veteran who just joined Demetria as a board member. "You need to teach the robot what to do."

Read more of this story at Slashdot.

So, instead of watching the news from 6PM to 10PM every night, as I did during the Trump years, I've been reading books, watching the Mets and Knicks, and watching British movies, also the Godfather I and II. On the whole this is a better deal. More variety, it's more personal, much less repetitive, and besides the Knicks are playing entertaining basketball, and that's more than I can say for whatever sport they're playing on MSNBC.

I've been trying to watch the news on MSNBC and CNN, but it's really hard to get into. Their product transformed under Trump, and now that he is gone, or so it seems, knock wood -- what's left for them to cover? Here's what I suggest. This requires that you put the heat on Biden and Judge Garland. First I've heard it said that January 6 could happen again, which I think is too meek. It will happen again. And until the prosecutions begin, the news should be filling in the details the same way they were covering every detail of the Trump crime scene when he was in office. Who are the leaders? Their names, pictures, backgrounds, are they free, awaiting trial, on the run? These people, and the politicians that are covering for them, the six sentators who voted against the Asian hate crimes bill, to name a few, are vying for the position of The Next Hitler of the United States. We need a bunch of good enemies. And why aren't the Bidens prosecuting them. We need some bodies in cells for January 6, now.

A mystery photo and a geography enthusiast helped locate a missing California hiker who is now safely back home. From a report: Rene Compean of Palmdale was on a hike Monday near Mount Waterman, a popular ski destination in the San Gabriel Mountains in Southern California. While the 45-year-old was on his outdoor adventure, he snapped a picture. Compean texted the shot to a friend. And then, he went off the map. He was reported missing at 6 p.m. by a friend, who received one last text from Compean saying he was worried he was lost and his cell phone battery was running low. The photo was turned over to investigators at the Los Angeles County Sheriff's Department who posted it to social media, asking if anyone recognized the spot in the photograph. Benjamin Kuo saw the message and thought he might be able to help. The report adds: As a satellite image aficionado, he was already familiar with tracking California wildfires in remote areas. "I've got a very weird hobby, which is I love taking a look at photos and figuring out where they're taken," Kuo told NBC Los Angeles. Using satellite images, maps and the scenery below Compean's feet in the photo, Kuo was able to estimate the coordinates of where he believed the man had gone missing. Kuo sent his tip to the sheriff's office, and a helicopter was sent to survey the area Tuesday. There, as if by magic, was Compean.

Read more of this story at Slashdot.

NASA on Friday selected SpaceX to build spacecraft that would land astronauts on the moon for the first time since the last Apollo mission, according to a source selection document obtained by The Washington Post. From the report: The contract marks another major victory for the hard-charging company that vaults it to the top tier of the nation's aerospace companies and solidifies it as one of the space agency's most trusted partners. In winning the $2.9 billion contract, SpaceX beat out Jeff Bezos' Blue Origin, which had formed what it called a "national team" by partnering with aerospace giants Lockheed Martin, Northrop Grumman and Draper. SpaceX also won over Dynetics, a defense contractor based in Huntsville, Ala. NASA had originally chosen all three companies for the initial phase of the contract, and was expected to choose two of them to build the lunar lander. In other major programs, NASA has chosen multiple providers to foster competition and to ensure it has redundancy in case one can't deliver. But in choosing SpaceX alone, it sent a message that it fully trusts the growing company to fly its astronauts for its signature human exploration program -- Artemis, a campaign to return astronauts to the moon for the first time since 1972.

Read more of this story at Slashdot.

Governor Andrew Cuomo signed a bill on Friday requiring all Internet service providers in New York to offer affordable high-speed access for low-income families. From a report: The providers can charge those families no more than $15 a month, Cuomo said during a briefing Friday at the Northland Workforce Training Center in Buffalo. He was joined by Eric Schmidt, former chief executive officer of Alphabet, who chairs a 15-member state commission focusing on using technology to help the state reopen better than it was before the virus. Cuomo also said an emergency fund from Schmidt Futures and the Ford Foundation will provide free Internet access to 50,000 students statewide through the 2021-22 school year. The bill passed by the state legislature caps a basic broadband plan at $15 a month and a higher-speed one at $20. Currently, a basic high-speed plan costs on average more than $50 a month, according to a statement from Assembly member Amy Paulin. Schmidt, who praised the embattled governor for his "extraordinary" leadership during the pandemic, said universal broadband access is the first and most important priority of the commission. Members were concerned about the "hundreds of thousands of people who apparently had no Internet access at all," Schmidt said, an impediment to learning and tele-medicine.

Read more of this story at Slashdot.

For the first time, scientists have estimated how many Tyrannosaurus rex, the so-called king of dinosaurs, once roamed the Earth. From a report: The number is staggering: 2.5 billion Tyrannosaurus rex lived and died during the roughly 2.4 million years the species survived on the planet, according to a new study set to be published in the journal Science on Friday. The study may help contextualize the fossil record and the rarity of finding certain fossilized prehistoric organisms, according to lead researcher Charles Marshall, director of the University of California Museum of Paleontology. "I mean, to me, it's just amazing we could have come up with a number," Marshall told Axios. "Some people have asked me, 'How does your number compare to other numbers of the total that have ever lived?' The answer is it doesn't because there weren't any."

Read more of this story at Slashdot.

Google is all alone with its proposed advertising technology -- FLoC-- to replace third-party cookies. Every major browser that uses the open source Chromium project has declined to use it, and it's unclear what that will mean for the future of advertising on the web. Firefox, Safari, Microsoft Edge, Vivaldi, and Brave have said they are not implementing Google's FLoC into their browsers.

Read more of this story at Slashdot.

The Internet of Secure Things Alliance, an IoT security certification body (a.k.a. ioXt), has launched a new security certification for mobile apps and VPNs. From a report: The new ioXt compliance program includes a 'mobile application profile' -- a set of security-related criteria against which apps can be certified. The profile or mobile app assessment includes additional requirements for virtual private network (VPN) applications. Google and Amazon had a hand in shaping the criteria, along with number of certified labs such as NCC Group and Dekra, and mobile app security testing vendors such as NowSecure. Google's VPN within the Google One service is one of the first to be certified against the criteria. Mobile app makers can get their apps certified against a set of security and privacy requirements. The ioXt Alliance has a broad cross-section of members from the tech industry, with its board comprising execs from Amazon, Comcast, Facebook, Google, Legrand, Resideo, Schneider Electric, T-Mobile, the Zigbee Alliance, and the Z-Wave Alliance. About 20 industry figures helped write the requirements for the mobile app profile, including Amit Agrawal, a principal security architect at Amazon, and Brooke Davis from the Strategic Partnerships team at Google Play. Both are vice-chairs of the mobile app profile group.

Read more of this story at Slashdot.

Apple Music told artists it pays a penny per stream in a letter reviewed by The Wall Street Journal. From a report: The disclosure, made in a letter to artists delivered Friday via the service's artist dashboard and sent to labels and publishers, is part of a growing effort by music-streaming services to show they are artist-friendly. For Apple, it can be seen as a riposte to Spotify Technology, which last month shared some details of how it pays the music industry for streams on its service. Apple's penny-per-stream payment structure -- which music-industry experts say can dip lower -- is roughly double what Spotify, the world's largest music-streaming service, pays music-rights holders per stream. Spotify pays an average of about one-third to one-half penny per stream, though its larger user base generates many more streams. Apple's payments come out of monthly subscription revenue from users. Artists, managers and lawyers, still reeling from the loss of touring revenue during the pandemic, have been calling for higher payouts from music streaming, which has grown rapidly in the past year. Many fans have joined the push to raise artists' compensation.

Read more of this story at Slashdot.

alaskana98 writes: The Defense Department has confirmed that leaked photos and video of "unidentified aerial phenomena" taken in 2019 are indeed legitimate images of unexplained objects. Photos and videos of triangle-shaped objects blinking and moving through the clouds were taken by Navy personnel, Pentagon spokeswoman Sue Gough said in a statement to CNN. She also confirmed that photos of three unidentified flying objects -- one "sphere" shaped, another "acorn" shaped and one characterized as a "metallic blimp" -- were also taken by Navy personnel. "As we have said before, to maintain operations security and to avoid disclosing information that may be useful to potential adversaries, DOD does not discuss publicly the details of either the observations or the examinations of reported incursions into our training ranges or designated airspace, including those incursions initially designated as UAP," Gough said. She also said that the Unidentified Aerial Phenomena Task Force, created in August to investigate UFO sightings observed by the military, has "included these incidents in their ongoing examinations." The Navy photos and videos were published by Mystery Wire and on Extraordinary Beliefs' website last week but had been circulating online since last year. There have been "a number of reports of unauthorized and/or unidentified aircraft entering various military-controlled ranges and designated air space in recent years" the Navy said in 2019. Last year, the Pentagon released three videos showing "unidentified aerial phenomena" -- clips that the US Navy had previously confirmed were real.

Read more of this story at Slashdot.

Poll: Will Derek Chauvin be convicted?

Poll: Will Derek Chauvin be convicted?