Emergency Software Patches Are on the Rise Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at September 15, 2021, 11:35 pm)

Emergency software patches, in which users are pushed to immediately update phones and computers because hackers have figured out some novel way to break in, are becoming more common. From a report: Researchers raised the alarm Monday about a big one: The Israeli spyware company NSO Group, which sells programs for governments to remotely take over people's smartphones and computers, had figured out a new way into practically any Apple device by sending a fake GIF through iMessage. The only way to guard against it is to install Apple's emergency software update. Such emergency vulnerabilities are called "zero days" -- a reference to the fact that they're such an urgent vulnerability in a program that software engineers have zero days to write a patch for it. Against a hacker with the right zero day, there is nothing consumers can do other than wait for software updates or ditch devices altogether. Once considered highly valuable cyberweapons held mostly by elite government hackers, publicly disclosed zero-day exploits are on a sharp rise. Project Zero, a Google team devoted to identifying and cataloging zero days, has tallied 44 this year alone where hackers had likely discovered them before researchers did. That's already a sharp rise from last year, which saw 25. The number has increased every year since 2018. Katie Moussouris, founder and CEO of Luta Security, a company that connects cybersecurity researchers and companies with vulnerabilities, said that the rise in zero days is thanks to the ad hoc way that software is usually programmed, which often treats security as an afterthought. "It was absolutely inevitable," she said. "We've never addressed the root cause of all of these vulnerabilities, which is not building security in from the ground up." But almost paradoxically, the rise in zero days reflects an online world in which certain individuals are more vulnerable, but most are actually safer from hackers.

Read more of this story at Slashdot.

FCC Wants Landlords To Stop Screwing Up Your Internet Slashdotby BeauHD on internet at January 1, 1970, 1:00 am (cached at September 15, 2021, 11:05 pm)

An anonymous reader quotes a report from Motherboard: The FCC has announced (PDF) it's investigating deals the broadband industry strikes with landlords that block broadband competition in apartment complexes, condos, and developments. While the FCC passed rules in 2008 attempting to prevent such deals, Internet Service Providers (ISPs) have exploited massive loopholes in the restrictions for more than a decade. "With more than one-third of the U.S. population living in condos and apartment buildings, it's time to take a fresh look at how exclusive agreements between carriers and building owners could lock out broadband competition and consumer choice," interim FCC boss Jessica Rosenworcel said of the announcement. "I look forward to reviewing the record." The inquiry comes after President Biden signed an executive order in July urging regulators to take a closer look at competition and monopoly issues in several sectors. The order also mandated the creation of a competition council, which urged the FCC to take a closer look at the anticompetitive nature of these arrangements. The FCC's existing rules technically bar landlords and ISPs from colluding to restrict broadband competition. But in a 2016 piece in Wired, Harvard Law Professor Susan Crawford outlined the various ways big telecom wiggles around the restrictions -- often by simply calling what they're doing -- something else. "Sure, a landlord can't enter into an exclusive agreement granting just one ISP the right to provide Internet access service...but a landlord can refuse to sign agreements with anyone other than Big Company X, in exchange for payments labeled in any one of a zillion ways," Crawford wrote. "Exclusivity by any other name still feels just as abusive." For example, to get around FCC rules expanding access to an ISP's in-building wiring, companies like Comcast or Charter will often deed ownership of these wires to a landlord, then turn around and pay that landlord to ensure that nobody else can have access. Because the landlord now technically owns the wires, the FCC rules no longer apply. ISPs also pay landlords to sign agreements that ban any other competing ISPs from advertising in the building. If you're a landlord that violates such arrangements, you can then expect a nastygram from a company like Comcast for violating your deal. In addition, many landlords will charge "door fees" to any company that needs access to a building to install new wiring, creating an additional layer of difficulty and expense for smaller broadband competitors trying to compete with dominant ISPs. Collectively such restrictions serve the same function as blocking broadband competition outright. Much as it does on the national level, this lack of block by block competition directly contributes to higher prices, slower speeds, and comically-terrible customer service.

Read more of this story at Slashdot.

Most Plans for New Coal Plants Scrapped Since Paris Agreement Slashdotby msmash on earth at January 1, 1970, 1:00 am (cached at September 15, 2021, 10:35 pm)

The global pipeline of new coal power plants has collapsed since the 2015 Paris climate agreement, according to research that suggests the end of the polluting energy source is in sight. From a report: The report found that more than three-quarters of the world's planned plants have been scrapped since the climate deal was signed, meaning 44 countries no longer have any future coal power plans. The climate groups behind the report -- E3G, Global Energy Monitor and Ember -- said those countries now have the opportunity to join the 40 countries that have already signed up to a "no new coal" commitment to help tackle global carbon emissions. "Only five years ago, there were so many new coal power plants planned to be built, but most of these have now been either officially halted, or are paused and unlikely to ever be built," said Dave Jones, from Ember. "Multiple countries can add their voices to a snowball of public commitments to 'no new coal,' collectively delivering a key milestone to sealing coal's fate."

Read more of this story at Slashdot.

When the Wind Stops Blowing, an Energy Storm Brews Slashdotby msmash on science at January 1, 1970, 1:00 am (cached at September 15, 2021, 9:35 pm)

An anonymous reader shares a report (paywalled): Gas made up the largest share of the UK's energy mix in 2020, at 34%; followed by wind on a quarter; nuclear at 17%; biomass at 6.5% and solar at 4.4%. Despite the progress of renewables, detractors note the problems arise when the sun doesn't shine and the wind doesn't blow. Until reliable battery storage for renewable energy is developed, these sources can only ever be intermittent, critics argue, and some infrastructure will continue to use oil for back-up generation. It is a case made by the nuclear industry, which says that it is uniquely placed to provide the zero-emissions baseload the grid requires. Runaway gas prices are already sparking concern across the energy sector, with fears that consumers are facing a "bill shock" this winter. Personal finance expert Martin Lewis warned his readers last week: "This autumn's signature noise will be a deep thud... the sound of jaws hitting the floor as people finally see the practical evidence of the energy bill catastrophe laid bare." UK gas prices reached 130p per therm last week, compared to 30p a year ago. In an unusual inversion, gas prices are trading above the equivalent price of Brent, the benchmark for crude oil. Both supply and demand factors are at play. The reopening of economies after Covid lockdowns has pushed up demand for gas. Countries are also trying to cut their use of coal, and switching to less polluting gas as a result. Europe is thus competing with Asia for shipments of liquid natural gas (LNG), a more mobile form of gas that is increasingly popular. Supply is also tight: a particularly cold winter meant Europe used up more reserves than usual and these have not been replenished. A spate of outages at gas production plants in different parts of the world have compounded the problem. To make matters worse, the UK has relatively low levels of gas storage. The country has eight gas storage sites that can hold an estimated 12 days of supply. Storage capacity was drastically reduced when the Rough site under the North Sea was closed in 2017 for safety and economic reasons. Rough, a disused oil field, could hold around 70% of UK gas reserves. "The market hasn't been able to fill up storage as we move into this winter. And hence we are very exposed, especially if it is another cold winter like last year," said James Huckstepp, analyst at S&P Platts. "Consumers are starting to recognise that their energy bills are going to be much higher this winter."

Read more of this story at Slashdot.

SpaceX Rocket To Take World's First All-Civilian Crew Into Orbit Slashdotby msmash on space at January 1, 1970, 1:00 am (cached at September 15, 2021, 9:05 pm)

The world's first crew of "amateur astronauts" is preparing to blast off on a mission that will carry them into orbit before bringing them back down to Earth at the weekend. From a report: The four civilians, who have spent the past few months on an astronaut training course, are due to launch on SpaceX's Falcon 9 rocket from the Kennedy Space Center in Florida at 8.02pm local time on Wednesday (1.02am UK time on Thursday). Barring any glitches, the two men and two women on the Inspiration4 mission are expected to orbit the planet for three or four days, performing experiments and admiring the view through a glass dome fitted to their Dragon capsule, before splashing down in the Atlantic Ocean. Touted as "the world's first all-civilian mission to orbit," the launch is the latest to promote the virtues of space tourism and follows suborbital flights in July by Sir Richard Branson on Virgin Galactic's SpaceShipTwo -- which has since been grounded for going off course -- and Jeff Bezos on Blue Origin's New Shepard rocket. While the Inspiration4 crew has had flying lessons, centrifuge sessions to experience the G-forces of launch, and hours of training in SpaceX's capsule simulator, the mission will be almost entirely automated. The capsule is due to orbit Earth at an altitude of 360 miles (575km), about 93 miles higher than the International Space Station.

Read more of this story at Slashdot.

Andy Hertzfeld Scripting News(cached at September 15, 2021, 9:02 pm)

Replicas of Bay Area landmarks at LegoLand in Milpitas.

Alejandro Prieto Scripting News(cached at September 15, 2021, 9:02 pm)

Roadrunner at US-Mexico border wall.

[no title] Scripting News(cached at September 15, 2021, 9:02 pm)

Thinking about the extent that Boomers are held responsible for where we're at, I still think that's nuts, the more I learn about slavery and how the Civil War is still going on, that's what we are fighting about in the US, that's why we can't get our shit together. We haven't accepted a very large part of our population, people who are fully entitled American citizens. Then I wondered about all the post-boomer generations that blame us. I wonder if they voted in every election they were entitled to vote in. What are the percentages of participation in democracy among the generations. I don't know if the idea of the vote as a sacred right is a Boomer thing, or what. I know my parents had the participation bug. I got it from them, I'm sure. But if you didn't vote, I think it's hard to blame others. My friend NakedJen has a wonderful slogan for this. You can fake caring, but you can't fake showing up. ❤️
US Fines Former NSA Employees Who Provided Hacker-for-Hire Services To UAE Slashdotby msmash on crime at January 1, 1970, 1:00 am (cached at September 15, 2021, 8:05 pm)

The US Department of Justice has fined three former NSA employees who worked as hackers-for-hire for a United Arab Emirates cybersecurity company. From a report: Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, broke US export control laws that require companies and individuals to obtain a special license from the State Department's Directorate of Defense Trade Controls (DDTC) before providing defense-related services to a foreign government. According to court documents, the three suspects helped the UAE company develop and successfully deploy at least two hacking tools. The three entered into a first-of-its-kind deferred prosecution agreement with the DOJ today, agreeing to pay $750,000, $600,000, and $335,000, respectively, over a three-year term, in order to avoid jail time for their actions.

Read more of this story at Slashdot.

Amazon Loss of Executive To Microsoft Sets Up Potential Clash Slashdotby msmash on microsoft at January 1, 1970, 1:00 am (cached at September 15, 2021, 8:05 pm)

Microsoft said it has hired a former Amazon cloud executive to run its cybersecurity operations, potentially setting in motion a legal battle between the two tech giants. From a report: Charlie Bell, who long reported to former Amazon Web Services chief Andy Jassy and oversaw the engineering teams working on AWS's main software services, will become an executive vice president reporting to Microsoft Chief Executive Officer Satya Nadella. "Cybersecurity is one of the most challenging issues of our time -- for every person and organization on the planet -- and it is core to our mission," Nadella wrote in an email to employees obtained by Bloomberg. Securing customers' digital technology platforms, devices, and clouds "is a bold ambition we are going after and is what attracted Charlie to Microsoft." [...] Bell's departure to a direct rival is a major blow for Amazon, and Microsoft said it's committed to continuing "constructive discussions" with the cloud leader about Bell's role. "We're sensitive to the importance of working through these issues together, as we've done when five recent Microsoft executives moved across town to work for Amazon," Microsoft said in a statement. Amazon, which has a history of seeking to enforce non-compete agreements vigorously, didn't immediately comment on the move. Bell will officially start his role once "a resolution is reached with his former employer," Nadella wrote in the email.

Read more of this story at Slashdot.

Theranos Burned Through $2M a Week as Investors Were Given Rosy Projections Slashdotby msmash on business at January 1, 1970, 1:00 am (cached at September 15, 2021, 7:05 pm)

Around the time that Theranos was losing nearly $2 million per week, investors in the blood-testing startup were being told that the company would soon be bringing in almost $1 billion per year. From a report: It's not uncommon for startups to lose money in their early years, and it's not entirely unusual for the fastest burn rate to happen right before things turn around. Instead, Theranos continued to produce mounting losses. But that's not what the company was telling investors, according to new documents shared during the jury trial of Theranos founder and CEO Elizabeth Holmes. In court yesterday, jurors heard testimony from the company's longtime chief financial officer, Danise Yam, who also goes by So Han Spivey. Yam said that Theranos lost $16.2 million in 2010, $27.2 million in 2011, $57 million in 2012, and $92 million in 2013. In 2013, things had "started to get a bit tight," Yam said. There were weeks where the company was burning through around $2 million per week, and there wasn't any revenue to help ameliorate the losses. In 2012 and 2013, Yam didn't even bother adding a line for revenue -- there was none.

Read more of this story at Slashdot.

Australian bandicoot brought back from brink of extinction BBC News | Science/Nature | UK Edition(cached at September 15, 2021, 7:00 pm)

The small furry Eastern Barred Bandicoot is bumped off an Australian "extinct in the wild" list.
Anonymous Hacks Epik Web Hosting Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at September 15, 2021, 6:05 pm)

ArchieBunker writes: Members of the hacktivist collective Anonymous claim to have hacked web registration company Epik, allegedly stealing 'a decade's worth of data,' including reams of information about its clients and their domains. Epik is controversial, having been known to host a variety of rightwing clients, including ones that previous web hosting providers, like GoDaddy, have dropped for various reasons. Its users have included conservative social media networks Parler and Gab, as well as conspiracy-theory-laden YouTube wannabe Bitchute and former President Trump fansite, The Donald. The company recently hosted prolifewhistleblower.com -- the website designed to help people snitch on Texas residents who want abortions -- but later forcibly removed the tip-collecting platform after determining that it had violated Epik's terms by nonconsensually collecting third-party information.

Read more of this story at Slashdot.

OpenSea Confirms Executive Used Insider Knowledge When Buying NFTs Slashdotby msmash on money at January 1, 1970, 1:00 am (cached at September 15, 2021, 5:35 pm)

One of the non-fungible token (NFT) space's biggest marketplaces has admitted that a senior employee has been getting the drop on its most popular drops. From a report: Twitter users last night accused Nate Chastain, head of product at OpenSea, of using secret Ethereum wallets to snap up the platform's front-page NFT drops before general release. Citing transactional data on Etherscan, Twitter user Zuwu said that Chastain seems to be selling these pieces "shortly after the front-page-hype spike for profits." His actions have been likened to frontrunning or insider trading, which in regulated financial markets refers to dealing on information that is not yet public. On September 15, OpenSea published a blog post acknowledging Chastain's actions. "Yesterday we learned that one of our employees purchased items that they knew were set to display on our front page before they appeared there publicly," said OpenSea. "This is incredibly disappointing. We want to be clear that this behavior does not represent our values as a team. We are taking this very seriously and are conducting an immediate and thorough review of this incident so that we have a full understanding of the facts and additional steps we need to take." The company has rolled out new policies specifying that team members may not buy or sell from collections while they are being promoted, and cannot use confidential information to purchase or sell NFTs.

Read more of this story at Slashdot.

[no title] Scripting News(cached at September 15, 2021, 5:32 pm)

One reason I want Twitter to get rid of the character limit so I no longer have to say "I wrote a tweet." I have never liked the idea of writing tweets. Tweeting is weird and joke-like, self-deprecating which I don't mind, but please not about writing.