Long-time Slashdot reader DesertNomad summarizes a report from EE Times: It's been known for a long time that the various Global Navigation Satellite System (GNSS) systems are easily jammed; the more "interesting" problem is the potential to spoof a GNSS signal and by spoofing use that to cause GNSS receivers to determine incorrect positions. The challenge lies in the observation that the navigation messages can be constructed by bad actors on the ground. Work going on for several years now has been to provide crypto signatures that have the potential to authenticate valid transmissions. Current commercial receivers can't take advantage of that, so there may be industry-wide needs to update the receiver devices. "The vulnerability of the global positioning system, or GPS, is widely acknowledged..." reports EE Times: Spoofing creates all kinds of havoc. For example, it can be used to hijack autonomous vehicles and send them on alternate routes. Spoofing can alter the routes recorded by vehicle monitors, or break geofences used to guard operational areas. It also poses a risk to critical infrastructure, including power, telecommunication and transportation systems. Jan van Hees, business development and marketing director for GNSS receiver maker Septentrio, provided these analogies: "Jamming involves making so much noise that the [satellite signal] disappears. Spoofing is like a phishing attack on the signal." The U.S. Coast Guard has recently tracked a growing number of high-profile incidents involving GPS interference. For example, the loss of GPS reception in Israeli ports in 2019 left GPS-guided autonomous cranes inoperable, collateral damage from the Syrian civil war. In 2016, more than 20 ships off the Crimean peninsula were thought to be the victim of a GPS spoofing attack which shifted the ships' positions on electronic chart displays to land. The article recommends real-world auditing, testing, and risk assessment, adding that one pending fix is signal encryption "including a framework called open service navigation message authentication (OSNMA)." The OSNMA anti-spoofing service developed for the European GNSS system, enables secure transmissions from Galileo satellites to encryption-enabled GNSS receivers. In the midst of final testing, OSNMA will soon be available free to users... A secret key on the satellite is used to generate a digital signature. Both the signature and key are appended to navigation data and transmitted to the receiver. OSNMA is designed to be backward-compatible, so that positioning without OSNMA still works.

Read more of this story at Slashdot.

PS: It turns out I did have some ideas after all. Sitting down in front of a keyboard I guess pulls some words out of me. Kind of like putting a guitar in Prince's hands?

"An Oklahoma woman was recently informed that she was charged with felony embezzlement of rented property for not returning a VHS tape over 20 years ago," reports Business Insider: Caron McBride reportedly rented the "Sabrina The Teenage Witch" tape at a now closed store in Norman, Oklahoma in 1999, according to KOKH-TV. She was charged a year later, in March 2000, after it was not returned, KOKH-TV reported citing documents. McBride was notified about the charge by the Cleveland County District Attorney's Office when she was attempting to change the name of her license after she got married, the news station reported... "I had lived with a young man, this was over 20 years ago. He had two kids, daughters that were 8, 10, or 11 years old, and I'm thinking he went and got it and didn't take it back or something. I have never watched that show in my entire life, just not my cup of tea. Meanwhile, I'm a wanted felon for a VHS tape," McBride told the news station. "Documents show the movie was rented at movie place in Norman, Oklahoma, which closed in 2008..." reports one local news station: McBride said over the last 20 years, she's been let go from several jobs without being given a reason why, and said it now all makes sense. "This is why. Because when they ran my criminal background check, all they're seeing is those two words: felony embezzlement," McBride said. "The DA's office says the charge was filed under a previous district attorney," reports a local Oklahoma station, "and after reviewing the case, they thought it was fit to dismiss it." But McBride still has to get an attorney to expunge the incident from her record.

Read more of this story at Slashdot.

With that in mind, thanks to John Naughton. He wrote a bit the other day about how that reporter at Vox said something totally wrong about the origin of podcasting, I'm sure the reporter knew it was wrong, and his editors knew it was wrong, but they published it anyway. Naughton thought I must've been furious, but I'm not, I'm exhausted. It's the norm. I'm not a billionaire. I let my ideas float around in the world, I don't lock them up. My goal with podcasting was to create a new medium that everyone could use, and that has worked. Reporters don't need to score any points with me, so they give credit for my work to others. I wrote Naughton an email saying "That's the way journalism works, I'm afraid. They report conventional wisdom, not facts. You're the rare exception."

It's been almost 19 years since I missed a day on the blog, and this isn't going to be one of them. Feeling a little under the weather, might be a cold, or maybe something I ate. Not conducive for having ideas. So that's it for today. Maybe I'll have something for y'all tomorrow. Keep on truckin.

Dan Kaminsky, a security researcher, died today at 42. I didn't know him, but I followed him on Twitter. One of his tweets is getting a lot of circulation now, and it's worth repeating. "If somebody helped you — always feel free to let them know. They may not. Really. There is no statute of limitations on being thankful. Years, decades, doesn’t matter. Now is always a good time."

You can't trust Apple to act in your interests, whether you're a developer or a user. After so many years, it's amazing to me that some people who have been around for a while still expect them to be benevolent. And btw, I'm sure I've written this exact post before.

The Associated Press reports: In a ruling that reversed one of the biggest miscarriages of justice in British legal history, 39 people who ran local post offices had their convictions for theft, fraud and false accounting overturned Friday because of what an appeals court said was clear evidence of "bugs, errors or defects" in an IT system. The decision follows a years-long, complex legal battle that could see Britain's Post Office face a huge compensation bill for its failures following the installation, from 1999, of what turned out to be the defective Horizon computerized accounting system in local branches. Dozens of staff were convicted after the Fujitsu-supplied system pointed to an array of financial misdemeanors that bewildered the postal workers. Six others had their convictions quashed previously, while another 700 or so workers also are believed to have been prosecuted between 2000 and 2014... Jobs, homes and marriages were lost as a result of wrongful convictions, and some did not live long enough to see their names cleared by Britain's Court of Appeals. Confirmation that the convictions were quashed was met with cheers and tears. A few bottles of bubbly were also popped. Martin S. (Slashdot reader #98,249) writes, "As a software geek, the part I find most troubling is that blind faith that those in authority placed in the software without proper accounting..." The BBC reports some desperate sub-postmasters even "attempted to plug the gap with their own money, even remortgaging their homes, in an (often fruitless) attempt to correct an error." The judge in the case complains that for years the Post Office had "consistently asserted that Horizon was robust and reliable" and "effectively steamrolled over any subpostmaster who sought to challenge its accuracy," according to an article in The Scotsman: Nick Read, Post Office chief executive said: "I am in no doubt about the human cost of the Post Office's past failures and the deep pain that has been caused to people affected. Many of those postmasters involved have been fighting for justice for a considerable length of time and sadly there are some who are not here to see the outcome today and whose families have taken forward appeals in their memory. I am very moved by their courage." There were 73 convictions in Scotland caused by the failure. Although a total of 47 postmasters in England and Wales have had their cases referred to the Appeal Court, there has never been similar action in Scotland. However, now the Scottish Criminal Cases Review Commission has written to the people it believes may also have been the victims of possible miscarriages of justice in Scotland relating to the Horizon computer system.

Read more of this story at Slashdot.

From Mike Melanson's "This Week in Programming" column: "The Rustening at Microsoft has begun," tweeted Microsoft distinguished engineer Miguel de Icaza. What de Icaza is referring to is a newly-offered course by Microsoft on taking the first steps with Rust, which much of the Twitterverse of Rust devotees sees as a sign that the company is further increasing its favor for their crab-themed language of choice. Of course, this isn't the first we've heard of Microsoft looking to Rust to handle the 70% of Microsoft vulnerabilities that it says come from using the memory-unsafe C++ programming language in its software. A few years back now, Microsoft launched Project Verona, a research programming language that takes a bite from Rust in the realm of ownership and is said to be inspired by Rust, among others. More recently, however, Microsoft announced the preview of Rust for Windows, which "lets you use any Windows API (past, present, and future) directly and seamlessly via the windows crate (crate is Rust's term for a binary or a library, and/or the source code that builds into one)." With Rust for Windows, developers can now not only use Rust on Windows, they can also write apps for Windows using Rust... According to the project description, the Windows crate "lets you call any Windows API past, present, and future using code generated on the fly directly from the metadata describing the API and right into your Rust package where you can call them as if they were just another Rust module" and that, along with the introduction of a course for learning Rust, is precisely what has all those Rust devotees so excited. InfoWorld has more information...

Read more of this story at Slashdot.

Jack Dorsey, the co-founder and CEO of Twitter, tweeted Wednesday that bitcoin "incentivises renewable energy." And Elon Musk responded "True." The BBC adds that the tweets came "despite experts warning otherwise." The cyrptocurrency's carbon footprint is as large as some of the world's biggest cities, studies suggest. But Mr Dorsey claims that could change if bitcoin miners worked hand-in-hand with renewable energy firms. One expert said it was a "cynical attempt to greenwash" bitcoin. China, where more than two-thirds of power is from coal, accounts for more than 75% of bitcoin mining around the world... The tweet comes soon after the release of a White Paper from Mr Dorsey's digital payment services firm Square, and global asset management business ARK Invest. Entitled "Bitcoin as key to an abundant, clean energy future", the paper argues that "bitcoin miners are unique energy buyers", because they offer flexibility, pay in a cryptocurrency, and can be based anywhere with an internet connection. "By combining miners with renewables and storage projects, we believe it could improve the returns for project investors and developers, moving more solar and wind projects into profitable territory," it said. Author and bitcoin critic David Gerard described the paper as a "cynical exercise in bitcoin greenwashing". "The reality is: bitcoin runs on coal," he told the BBC.... "Bitcoin mining is so ghastly and egregious that the number one job of bitcoin promoters is to make excuses for it — any excuse at all."

Read more of this story at Slashdot.

Security researcher Marc Rogers (also a BBC contributor) tweeted this morning "I guess theres no hiding it now. We lost Dan Kaminsky yesterday. One of the brightest lights in infosec and probably the kindest soul I knew. The vacuum he leaves behind is impossible to measure. Please keep speculation to yourself and be respectful of his family and friends." In later tweets, Rogers says he was proud that Kaminsky was his friend, adding "I could literally wrote a book of Dan Kaminsky tales. From shenanigans at events all over the world, to parties and just crazy stuff that happened at the spur of a moment. But most about his crazy brilliant kind generous ideas and offers of help and support. He was one of a kind." Even the stories in Kaminsky's Wikipedia entry are impressive: He is known among computer security experts for his work on DNS cache poisoning, and for showing that the Sony Rootkit had infected at least 568,200 computers and for his talks at the Black Hat Briefings. In June 2010, Kaminsky released Interpolique, a beta framework for addressing injection attacks such as SQL injection and cross-site scripting in a manner comfortable to developers. On June 16, 2010, he was named by ICANN as one of the Trusted Community Representatives for the DNSSEC root. "Dan was a force of nature," adds Marc Rogers on Twitter. "A hacker who saw not just 1 or 2 moves ahead but so many you sometimes wondered if he was playing the same game: I asked him for a demo. He brought a record turntable he used to move a VM forwards & backwards in time like a DJ scratching."

Read more of this story at Slashdot.

The mayor of Los Angeles is proposing the largest universal income pilot program in America, saying he hopes the program will "light a fire across our nation." Newsweek reports: Los Angeles Mayor Eric Garcetti has proposed giving a "universal basic income" of $1000 a month to 2,000 poor local families for one year... The program would give 2,000 families below the federal poverty line monthly $1,000 checks for 12 months. The families could then spend the money however they please. Garcetti said he hopes the program could provide a model for similar anti-poverty initiatives in other cities. "We have to end America's addiction to poverty..." Garcetti told LAist, a local news site affiliated with Southern California Public Radio. Similar programs are also being floated in at least four other L.A. county districts, according to the Los Angeles Times... If approved, Garcetti's program would be at least the 12th time that a U.S. region has offered a basic income to its citizens. Bloomberg notes that Los Angeles "will be the recipient of more than $1.3 billion in federal stimulus funds from the recently passed American Rescue Plan, which could be used to fund the payouts." Garcetti, a Democrat in his second term, is co-chair of Mayors for a Guaranteed Income, which has been advocating for the policy at the federal level and funding local programs. The group, which has 43 elected officials as members, was founded last year by then-Stockton-mayor Michael Tubbs. It has received $18 million in seed money from Twitter Inc. co-founder Jack Dorsey as well as $200,000 from Bloomberg Philanthropies, the charitable arm of Michael Bloomberg, founder and majority owner of Bloomberg News's parent company. California cities have been taking a lead with these programs... In San Francisco, grants and some revenue from hotel taxes will fund monthly payments of $1,000 to about 130 artists for six months beginning next month. Organizers said the pilot is the first to solely target artists. Oakland will tap private donations this summer to fund its guaranteed income program, providing $500 monthly to about 600 poor families. Still, a majority of Americans oppose the federal government providing a guaranteed basic income, according to a survey last year by the Pew Research Center... Ultimately the costs of such programs will be too big for cities to finance alone, he said. But with data proving it works, Garcetti said states and the federal government could be inspired to fund them.

Read more of this story at Slashdot.

NASA has tweeted a video showing the arrival of four astronauts from three countries on the International Space Station early Satuday morning. CNN describes the significance to their arrival — and what the astronauts will do during their six-month stay in space: This mission, dubbed Crew-2, marks the third-ever crewed flight for Elon Musk's company and the first to make use of a previously flown, privately-owned rocket booster and spacecraft... On Saturday morning, the capsule slowly aligned itself and moved in to dock directly with one of the space station's ports. The crew consists of NASA astronauts Shane Kimbrough and Megan McArthur, Thomas Pesquet of the European Space Agency, and Akihiko Hoshide with Japan's JAXA space agency. A prime focus of the astronauts' mission will be research with "tissue chips," or "small models of human organs containing multiple cell types that behave much the same as they do in the body" and that NASA hopes will advance the development of drugs and vaccines, according to the space agency. That work will build on years of studying biological and other scientific phenomena aboard the ISS, where the microgravity environment can give scientists a better fundamental understanding of how something works. Kimbrough, McArthur, Pesquet, and Hoshide joined seven astronauts already on board the station, four of whom arrived on a different SpaceX Crew Dragon capsule in November. That brings the space station's current total of personnel to 11 — one of the largest crews the ISS has ever hosted. But that number will quickly drop back down to seven when four of the astronauts who'd been on board hitch a ride home from the station on April 28.

Read more of this story at Slashdot.

SpaceX's Dragon Endeavour spacecraft has docked with the International Space Station.