RSS 생중계

Does the Open Source Movement Need to Evolve?

Slashdot - 2시간 10분 지남
A cloud company's CTO argues on CTO that the "hypocrite commits" controversy "is symptomatic, on every side, of related trends that threaten the entire extended open-source ecosystem and its users." That ecosystem has long wrestled with problems of scale, complexity and free and open-source software's (FOSS) increasingly critical importance to every kind of human undertaking. Let's look at that complex of problems: - The biggest open-source projects now present big targets. - Their complexity and pace have grown beyond the scale where traditional "commons" approaches or even more evolved governance models can cope. - They are evolving to commodify each other. For example, it's becoming increasingly hard to state, categorically, whether "Linux" or "Kubernetes" should be treated as the "operating system" for distributed applications. For-profit organizations have taken note of this and have begun reorganizing around "full-stack" portfolios and narratives. - In so doing, some for-profit organizations have begun distorting traditional patterns of FOSS participation. Many experiments are underway. Meanwhile, funding, headcount commitments to FOSS and other metrics seem in decline. - OSS projects and ecosystems are adapting in diverse ways, sometimes making it difficult for for-profit organizations to feel at home or see benefit from participation. Meanwhile, the threat landscape keeps evolving: - Attackers are bigger, smarter, faster and more patient, leading to long games, supply-chain subversion and so on. - Attacks are more financially, economically and politically profitable than ever. - Users are more vulnerable, exposed to more vectors than ever before. - The increasing use of public clouds creates new layers of technical and organizational monocultures that may enable and justify attacks. - Complex commercial off-the-shelf solutions assembled partly or wholly from open-source software create elaborate attack surfaces whose components (and interactions) are accessible and well understood by bad actors. - Software componentization enables new kinds of supply-chain attacks. Meanwhile, all this is happening as organizations seek to shed nonstrategic expertise, shift capital expenditures to operating expenses and evolve to depend on cloud vendors and other entities to do the hard work of security. The net result is that projects of the scale and utter criticality of the Linux kernel aren't prepared to contend with game-changing, hyperscale threat models. Among other things, the article ultimately calls for a reevaluation of project governance/organization and funding "with an eye toward mitigating complete reliance on the human factor, as well as incentivizing for-profit companies to contribute their expertise and other resources." (With whatever culture changes this may require.) It also suggests "simplifying the stack" (and verifying its components), while pushing "appropriate" responsibility for security up to the application layer. Slashdot reader joshuark argues this would be not so much the end of Open Source as "more turning the page to the next chapter in open-source: the issues of contributing, reviewing, and integrating into an open-source code base."

Read more of this story at Slashdot.

카테고리:

Amazon Wants Apartment Buildings to Install a 'Key' System that Lets Them Enter the Lobby

Slashdot - 4시간 10분 지남
"Amazon is tired of ringing doorbells," reports the Associated Press. "The online shopping giant is pushing landlords around the country — sometimes with financial incentives — to give its drivers the ability to unlock apartment-building doors themselves with a mobile device." The service, dubbed Key for Business, is pitched as a way to cut down on stolen packages by making it easy to leave them in lobbies and not outside. Amazon benefits because it enables delivery workers to make their rounds faster. And fewer stolen packages reduce costs and could give Amazon an edge over competitors. Those who have installed the device say it reduces the constant buzzing by delivery people and is a safer alternative to giving out codes to scores of delivery people. But the Amazon program, first announced in 2018, may stir security and privacy concerns as it gains traction. The company said that it does background checks on delivery people and that they can unlock doors only when they have a package in hand to scan. But tenants may not know that Amazon drivers have access to their building's front doors, since Amazon leaves it up to the building to notify them... Amazon didn't respond to questions about potential hacking. The company has already installed the device in thousands of U.S. apartment buildings but declined to give a specific number... Amazon salespeople have been fanning out to cities across the country to knock on doors, make cold calls or approach building managers on the street to urge them to install the device. The company has even partnered with local locksmiths to push it on building managers while they fix locks. Amazon installs the device for free and sometimes throws in a $100 Amazon gift card to whoever lets them in.

Read more of this story at Slashdot.

카테고리:

CVE-2021-37436

Latest 7 days CVE Lists - 6시간 29분 지남
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.

Church Official Exposed Through America's 'Vast and Largely Unregulated Data-Harvesting'

Slashdot - 7시간 10분 지남
The New York Times' On Tech newsletter shares a thought-provoking story: This week, a top official in the Roman Catholic Church's American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went. I know that people will have complex feelings about this matter. Some of you may believe that it's acceptable to use any means necessary to determine when a public figure is breaking his promises, including when it's a priest who may have broken his vow of celibacy. To me, though, this isn't about one man. This is about a structural failure that allows real-time data on Americans' movements to exist in the first place and to be used without our knowledge or true consent. This case shows the tangible consequences of practices by America's vast and largely unregulated data-harvesting industries. The reality in the United States is that there are few legal or other restrictions to prevent companies from compiling the precise locations of where we roam and selling that information to anyone. This data is in the hands of companies that we deal with daily, like Facebook and Google, and also with information-for-hire middlemen that we never directly interact with. This data is often packaged in bulk and is anonymous in theory, but it can often be traced back to individuals, as the tale of the Catholic official shows... Losing control of our data was not inevitable. It was a choice — or rather a failure over years by individuals, governments and corporations to think through the consequences of the digital age. We can now choose a different path. "Data brokers are the problem," writes the EFF, arguing that the incident "shows once again how easy it is for anyone to take advantage of data brokers' stores to cause real harm." This is not the first time Grindr has been in the spotlight for sharing user information with third-party data brokers... But Grindr is just one of countless apps engaging in this exact kind of data sharing. The real problem is the many data brokers and ad tech companies that amass and sell this sensitive data without anything resembling real users' consent. Apps and data brokers claim they are only sharing so-called "anonymized" data. But that's simply not possible. Data brokers sell rich profiles with more than enough information to link sensitive data to real people, even if the brokers don't include a legal name. In particular, there's no such thing as "anonymous" location data. Data points like one's home or workplace are identifiers themselves, and a malicious observer can connect movements to these and other destinations. Another piece of the puzzle is the ad ID, another so-called "anonymous" label that identifies a device. Apps share ad IDs with third parties, and an entire industry of "identity resolution" companies can readily link ad IDs to real people at scale. All of this underlines just how harmful a collection of mundane-seeming data points can become in the wrong hands... That's why the U.S. needs comprehensive data privacy regulation more than ever. This kind of abuse is not inevitable, and it must not become the norm.

Read more of this story at Slashdot.

카테고리:

Three Die After Untreatable 'Superbug' Fungus Infections in Two Different Cities

Slashdot - 8시간 10분 지남
"U.S. health officials said Thursday they now have evidence of an untreatable fungus spreading in two hospitals and a nursing home," reports the Associated Press: The "superbug" outbreaks were reported in a Washington, D.C, nursing home and at two Dallas-area hospitals, the Centers for Disease Control and Prevention reported. A handful of the patients had invasive fungal infections that were impervious to all three major classes of medications. "This is really the first time we've started seeing clustering of resistance" in which patients seemed to be getting the infections from each other, said the CDC's Dr. Meghan Lyman... Health officials have sounded alarms for years about the superbug after seeing infections in which commonly used drugs had little effect. In 2019, doctors diagnosed three cases in New York that were also resistant to a class of drugs, called echinocandins, that were considered a last line of defense. In those cases, there was no evidence the infections had spread from patient to patient — scientists concluded the resistance to the drugs formed during treatment. The new cases did spread, the CDC concluded.... Those cases were seen from January to April. Of the five people who were fully resistant to treatment, three died — both Texas patients and one in Washington. Lyman said both are ongoing outbreaks and that additional infections have been identified since April. But those added numbers were not reported. The fungus, Candida auris, "is a harmful form of yeast that is considered dangerous to hospital and nursing home patients with serious medical problems," they add — and it's spread through contaminated surfaces or contact with patients. Newsweek points out that while it's only recently appeared in America, "infections have occurred in over 30 countries worldwide."

Read more of this story at Slashdot.

카테고리:

Kaspersky Warns Fake Windows 11 Installers Are Spreading Malware

Slashdot - 9시간 10분 지남
Long-time Slashdot reader Ammalgam writes: If you're planning to install Windows 11, you should make sure you download it from official sources. This is because, people who are using pirated or fake methods to get Windows 11 are also downloading malware along with it, according to Kaspersky. The particular file referenced is called 86307_windows 11 build 21996.1 x64 + activator.exe. While it sounds like it includes Windows 11 build 21996.1, and an installer that will automatically activate Windows for you there are some red flags. First, it's only 1.75GB, so while people who want to install Windows 11 might think that's a large file that could be Windows, a real Windows 11 ISO is about 4.87GB... "The 1.75 GB file looks legitimate. But most of this space consists of one DLL file that contains a lot of useless information," explains Mint. And Kaspersky adds that "it even comes with a license agreement (which few people read) calling it a 'download manager for 86307_windows 11 build 21996.1 x64 + activator' and noting that it would also install some sponsored software. If you accept the agreement, a variety of malicious programs will be installed on your machine."

Read more of this story at Slashdot.

카테고리:

China Compromised More than a Dozen US Pipelines Between 2011 and 2013

Slashdot - 10시간 10분 지남
"Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday while also issuing first-of-its-kind cybersecurity requirements on the pipeline industry," reports the Wall Street Journal. The disclosure of previously classified information about the aggressive Chinese hacking campaign, though dated, underscored the severity of foreign cyber threats to the nation's infrastructure, current and former officials said. In some cases, the hackers possessed the ability to physically damage or disrupt compromised pipelines, a new cybersecurity alert said, though it doesn't appear they did so. Previously, senior administration officials had warned that China, Russia and others were capable of such cyber intrusions. But rarely has so much information been released about a specific and apparently successful campaign. Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of "holding U.S. pipeline infrastructure at risk," the Federal Bureau of Investigation and the Department of Homeland Security said in Tuesday's joint alert. Of the known targets, 13 were successfully compromised and an additional eight suffered an "unknown depth of intrusion," which officials couldn't fully assess because the victims lacked complete computer log data, the alert said. Another three targets were described as "near misses" of the Chinese campaign, which relied heavily on spear phishing attacks. Newsweek adds that the same day the U.S. Department of Homeland Security "announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast." In a statement, DHS said it would require operators of federally designated critical pipelines to implement "specific mitigation measures" to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a "cybersecurity architecture design review."

Read more of this story at Slashdot.

카테고리:

Mozilla Stops FTP Support in Firefox 90

Slashdot - 11시간 10분 지남
A post on Mozilla's security blog calls FTP "by now one of the oldest protocols still in use" — and it's suffering from "a number of serious security issues." The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user's device using the FTP protocol. Aligning with our intent to deprecate non-secure HTTP and increase the percentage of secure connections, we, as well as other major web browsers, decided to discontinue support of the FTP protocol. Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox's HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP. The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.

Read more of this story at Slashdot.

카테고리:

K-9 5.800 released

lwn.net - 11시간 51분 지남
After a long pause, the K-9 Android mail client project has released version 5.800. "The user interface has been redesigned. Some of you will love it, some will hate it. You’re welcome and sorry." There are also a number of improvements to make background operation work better on current Android systems.
카테고리:

With Profits Soaring, Tech Companies 'Won the Pandemic'

Slashdot - 12시간 10분 지남
In April of 2020, Jeff Bezos announced Amazon would spend their next quarter focusing on people instead of profits, remembers the New York Times: At the end of July 2020, Amazon announced quarterly results. Rather than earning zero, as Mr. Bezos had predicted, it notched an operating profit of $5.8 billion — a record for the company. The months since have established new records. Amazon's margins, which measure the profit on every dollar of sales, are the highest in the history of the company, which is based in Seattle... Amazon's pandemic triumph was echoed all over the world of technology companies. Even as 609,000 Americans have died and the Delta variant surges, as corporate bankruptcies hit a peak for the decade, as restaurants, airlines, gyms, conferences, museums, department stores, hotels, movie theaters and amusement parks shut down and as millions of workers found themselves unemployed, the tech industry flourished. The combined stock market valuation of Apple, Alphabet, Nvidia, Tesla, Microsoft, Amazon and Facebook increased by about 70 percent to more than $10 trillion. That is roughly the size of the entire U.S. stock market in 2002. Apple alone has enough cash in its coffers to give $600 to every person in the United States. And in the next week, the big tech companies are expected to report earnings that will eclipse all previous windfalls. Silicon Valley, still the world headquarters for tech start-ups, has never seen so much loot. More Valley companies went public in 2020 than in 2019, and they raised twice as much money when they did. Forbes calculates there are now 365 billionaires whose fortunes derive from tech, up from 241 before the virus. No single industry has ever had such power over American life, dominating how we communicate, shop, learn about the world and seek distraction and joy. What will Silicon Valley do with this power? Who if anyone might restrain tech, and how much support will they have...? The biggest, and perhaps the only, threat to tech now is from government... Beyond the threat of misuse of tech lurks an even darker possibility: a misplaced confidence in the ability of one loosely regulated sector to run so much of the world.

Read more of this story at Slashdot.

카테고리:

Researchers Found a Malicious NPM Package Using Chrome's Password-Recovery Tools

Slashdot - 13시간 10분 지남
Threatpost reports on "another vast software supply-chain attack" that was "found lurking in the npm open-source code repository...a credentials-stealing code bomb" that used the password-recovery tools in Google's Chrome web browser. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker's command-and-control (C2) server and can upload files, record from a victim's screen and camera, and execute shell commands... ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled "Win32.Infostealer.Heuristics", it showed up in two packages: nodejs_net_server and temptesttempfile. At least for now, the first, main threat is nodejs_net_server. Some details: nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019...finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, "probably because the author didn't want to have such an obvious connection between the malware and their website," researchers theorized... ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn't removed the packages from the repository. When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: "Both packages were removed following our investigation...."

Read more of this story at Slashdot.

카테고리:

Repairable, Modular Framework Laptop Begins Shipping

Slashdot - 14시간 10분 지남
"Are you old enough to remember when laptops had removable batteries?" asks CNET. "Frustrated by mainstream laptops with memory soldered to the motherboard and therefore not upgradable?" "The 13.5-inch Framework Laptop taps into that nostalgia, addressing one of the biggest drawbacks in modern laptops as part of the right-to-repair movement. It was designed from the ground up to be as customizable, upgradable and repairable as technologically possible... and boy does it deliver." It features four expansion card slots, slide-in modules that snap into USB-C connectors, socketed storage and RAM, a replaceable mainboard module with fixed CPU and fan, battery, screen, keyboard and more. It's a design that makes the parts easy to access, all while delivering solid performance at competitive prices and without sacrificing aesthetics. The laptop's in preorder now for the U.S. and Canada, slated to ship in small batches depending upon the configuration. Core i7-based systems are expected to go out in August, while Core i5 systems won't be available until September. Prices for the Framework Laptop start at $999 for the prefab Core i5-1135G7 model with 8GB RAM and 256GB SSD, $1,399 for the Core i7-1165G7 Performance model with 16GB RAM and 512GB storage or a vPro Core i7-1185G7 Professional model with 32GB RAM and 1TB storage. Framework expects to expand into new regions by the end of the year; $999 converts to roughly £730 or AU$1,360... The DIY model adds Linux to the list of operating systems you can install, and doesn't restrict Windows Pro to the vPro model... With the Framework, in addition to the ports you can swap out the mainboard, touchpad, keyboard, speakers, battery... anything you can think of. Don't feel like doing it yourself? Framework is publishing all the information necessary for a repair shop or IT department to not just swap parts, but to perform repairs... Nothing is buried under other parts, so everything's easy to get to. Each Framework part has a QR code and short URL to take you to all the info you'll need about it and the labels on the standard parts (memory and SSD) are easy to read. Or, as Engadget puts it, the laptop is "designed, from the get-go, to be modular and repairable by every one of its users." Created by Nirav Patel, formerly of Oculus, the machine aims to demonstrate that there is a better, more sustainable way of doing things. It shouldn't be that, if your tech fails, you either have to buy a new model, or let the manufacturer's in-house repair teams charge $700 for a job that should've cost $50 . After all, if we're going to survive climate change, we need to treat our tech more sustainably and keep as much as possible out of the landfill... The Framework laptop is equipped with a 1080p, 60fps webcam with an 80-degree field of view, and it's one of the best built-in webcams I've seen. PCWorld calls it "the ultimate Right to Repair laptop."

Read more of this story at Slashdot.

카테고리:

Iconic Japanese Videogame Music Incorporated Into Olympic Opening Ceremony

Slashdot - 토, 2021/07/24 - 11:34오후
"Fans of Japanese video games couldn't believe their ears as Olympic athletes paraded into Tokyo's National Stadium during the opening ceremony for the 2020 Games on Friday..." reports the Huffington Post. During the Parade of Nations section of the ceremony, "The orchestra was playing tunes from some of their favorite games." In a celebration of Japanese popular culture that is appreciated worldwide, the entry parade was set to tunes from games developed by Sega, Capcom and Square Enix. It kicked off with "Overture: Roto's Theme" from Dragon Quest. Next up was "Victory Fanfare" from Final Fantasy. The parade featured more tunes from Monster Hunter, Soulcaliber and Sonic the Hedgehog. According to Classic FM, the music from Kingdom Hearts was composed by Yoko Shimomura, who is responsible for the music for some of the biggest video games ever made. Fans were delighted to hear her work being incorporated into the ceremony. While the list didn't feature widely recognized tunes from cultural juggernauts like Mario Bros. or The Legend of Zelda, the music helped give a sense of atmosphere to the ceremony, which was held in almost an empty stadium due to coronavirus restrictions. There's even an elaborate doodle at Google.com commemorating the Opening Ceremonies with an anime animation that leads to a multi-level 1980s-style videogame in which Lucky the cat competes in various sporting events. (Though the Huffington Post notes that in the real world, about 1,000 people sat in the 68,000-capacity stadium.) The Washington Post reports the Japanese public "overwhelmingly opposed hosting the Olympics as a new wave of the pandemic hit the country." But unfortunately, host city Tokyo signed a contract agreeing the event could only be cancelled by the International Olympic Committee, and now "There's the possibility — once utterly remote — that Japanese voters could kick Prime Minister Yoshihide Suga out of power in parliamentary elections later this year."

Read more of this story at Slashdot.

카테고리:

Amazon MMO New World Is Bricking RTX 3090s, Players Say; Amazon Responds

Slashdot - 토, 2021/07/24 - 10:00오후
An anonymous reader quotes a report from GameSpot: Amazon [...] is now bricking high-end graphics cards with a beta for its MMO, New World, according to players. Amazon has now responded to downplay the incident but says it plans to implement a frame rate cap on the game's menus. According to users on Twitter and Reddit, New World has been frying extremely high-end graphics cards, namely Nvidia's RTX 3090. It's worth noting that while the RTX 3090 has an MSRP of $1,500, it's often selling for much more due to scarcity and scalpers, so players could easily be losing upwards of $2,000 if their card stops working. Specifically, it seems that one model of the RTX 3090 is being consistently fried by New World. On Reddit, a lengthy thread of over 600 posts includes multiple users claiming that their EVGA 3090 graphics cards are now little more than expensive paperweights after playing the New World beta. The "red light of death," an indicator that something is disastrously wrong with your EVGA 3090, doesn't pop up consistently for players though. Some report their screen going black after a cutscene in the game while others have said that simply using the brightness calibration screen was enough to brick their card. Amazon Games says a patch is on the way to prevent further issues. "Hundreds of thousands of people played in the New World Closed Beta yesterday, with millions of total hours played. We've received a few reports of players using high-performance graphics cards experiencing hardware failure when playing New World," said Amazon Games in an official statement. "New World makes standard DirectX calls as provided by the Windows API. We have seen no indication of widespread issues with 3090s, either in the beta or during our many months of alpha testing. The New World Closed Beta is safe to play. In order to further reassure players, we will implement a patch today that caps frames per second on our menu screen. We're grateful for the support New World is receiving from players around the world, and will keep listening to their feedback throughout Beta and beyond." New World is currently set to launch for PC on August 31.

Read more of this story at Slashdot.

카테고리:

Society Is Right On Track For a Global Collapse, New Study of Infamous 1970s Report Finds

Slashdot - 토, 2021/07/24 - 7:00오후
fahrbot-bot shares a report from Live Science: Human society is on track for a collapse in the next two decades if there isn't a serious shift in global priorities, according to a new reassessment of a 1970s report, Vice reported. In that report -- published in the bestselling book "The Limits to Growth" (1972) -- a team of MIT scientists argued that industrial civilization was bound to collapse if corporations and governments continued to pursue continuous economic growth, no matter the costs. The researchers forecasted 12 possible scenarios for the future, most of which predicted a point where natural resources would become so scarce that further economic growth would become impossible, and personal welfare would plummet. The report's most infamous scenario -- the Business as Usual (BAU) scenario -- predicted that the world's economic growth would peak around the 2040s, then take a sharp downturn, along with the global population, food availability and natural resources. This imminent "collapse" wouldn't be the end of the human race, but rather a societal turning point that would see standards of living drop around the world for decades, the team wrote. So, what's the outlook for society now, nearly half a century after the MIT researchers shared their prognostications? Gaya Herrington, a sustainability and dynamic system analysis researcher at the consulting firm KPMG, decided to find out. [...] Herrington found that the current state of the world -- measured through 10 different variables, including population, fertility rates, pollution levels, food production and industrial output -- aligned extremely closely with two of the scenarios proposed in 1972, namely the BAU scenario and one called Comprehensive Technology (CT), in which technological advancements help reduce pollution and increase food supplies, even as natural resources run out. While the CT scenario results in less of a shock to the global population and personal welfare, the lack of natural resources still leads to a point where economic growth sharply declines -- in other words, a sudden collapse of industrial society. "The good news is that it's not too late to avoid both of these scenarios and put society on track for an alternative -- the Stabilized World (SW) scenario," the report notes. "This path begins as the BAU and CT routes do, with population, pollution and economic growth rising in tandem while natural resources decline. The difference comes when humans decide to deliberately limit economic growth on their own, before a lack of resources forces them to." "The SW scenario assumes that in addition to the technological solutions, global societal priorities change," Herrington wrote. "A change in values and policies translates into, amongst other things, low desired family size, perfect birth control availability, and a deliberate choice to limit industrial output and prioritize health and education services." After this shift of values occurs, industrial growth and global population begin to level out. "Food availability continues to rise to meet the needs of the global population; pollution declines and all but disappears; and the depletion of natural resources begins to level out, too," adds Live Science. "Societal collapse is avoided entirely."

Read more of this story at Slashdot.

카테고리:

Oregon Congressman Proposes New Space Tourism Tax

Slashdot - 토, 2021/07/24 - 4:00오후
U.S. Rep. Earl Blumenauer (D-Oregon) plans to introduce legislation called the Securing Protections Against Carbon Emissions (SPACE) Tax Act, which would impose new excise taxes on space tourism trips. Space.com reports: "Space exploration isn't a tax-free holiday for the wealthy. Just as normal Americans pay taxes when they buy airline tickets, billionaires who fly into space to produce nothing of scientific value should do the same, and then some," Blumenauer said in a statement issued by his office. "I'm not opposed to this type of space innovation," added Blumenauer, a senior member of the House of Representatives' Ways and Means Committee. "However, things that are done purely for tourism or entertainment, and that don't have a scientific purpose, should in turn support the public good." The proposed new tax would likely be levied on a per-passenger basis, as is done with commercial aviation, the statement said. "Exemptions would be made available for NASA spaceflights for scientific research purposes," the statement reads. "In the case of flights where some passengers are working on behalf of NASA for scientific research purposes and others are not, the launch excise tax shall be the pro rata share of the non-NASA researchers." There would be two taxation tiers, one for suborbital flights and another for missions that reach orbit. The statement did not reveal how much the tax would be in either case or if the collected revenue would be earmarked for any specific purpose. Such a purpose could be the fight against climate change, if the proposed act's full name is any guide. Blumenauer is concerned about the potential carbon footprint of the space tourism industry once it gets fully up and running, the statement said.

Read more of this story at Slashdot.

카테고리:

Maker of Dubious $56K Alzheimer's Drug Offers Cognitive Test No One Can Pass

Slashdot - 토, 2021/07/24 - 12:30오후
An anonymous reader quotes a report from Ars Technica: Do you ever forget things, like a doctor's appointment or a lunch date? Do you sometimes struggle to think of the right word for something common? Do you ever feel more anxious or irritable than you typically do? Do you ever feel overwhelmed when trying to make a decision? If you answered "no, never" to all of those questions, there's a possibility that you may not actually be human. Nevertheless, you should still talk to a doctor about additional cognitive screenings to check if you have Alzheimer's disease. At least, that's the takeaway from a six-question quiz provided in part by Biogen, the maker of an unproven, $56,000 Alzheimer's drug. The six questions include the four above, plus questions about whether you ever lose your train of thought or ever get lost on your way to or around a familiar place. The questions not only bring up common issues that perfectly healthy people might face from time to time, but the answers any quiz-taker provides are also completely irrelevant. No matter how you answer -- even if you say you never experience any of those issues -- the quiz will always prompt you to talk with your doctor about cognitive screening. The results page even uses your zip code to provide a link to find an Alzheimer's specialist near you. Biogen says the quiz website is part of a "disease awareness educational program." But it appears to be part of an aggressive strategy to sell the company's new Alzheimer's drug, Aduhelm, which has an intensely controversial history, to say the least. What's the controversial history you may ask? According to Ars, the drug "flunked out of two identical Phase III clinical trials in 2019." A panel of expert advisors for the FDA overwhelmingly voted against approval, yet it still was approved by the FDA on June 7. It also has a list price of $56,000 for a year's supply. The report goes on to say that the company is basically making up the statistic that "about 1 in 12 Americans 50 years and older" has mild cognitive impairment due to Alzheimer's. Experts say they know of no evidence to back up that statistic and it appears to be a significant overestimate. Furthermore, two medical experts from Georgetown University said the company's quiz website "appears designed to ratchet up anxiety in anyone juggling multiple responsibilities or who gets distracted during small talk." They added: "Convincing perfectly normal people they should see a specialist, be tested for amyloid plaque, and, if present, assume they have early Alzheimer's is a great strategy for increasing Aduhelm prescriptions... [It] could lead to millions of prescriptions -- and billions of dollars in profit -- for an ineffective and expensive drug."

Read more of this story at Slashdot.

카테고리:

Hole Blasted In Guntrader: UK Firearms Sales Website's CRM Database Breached, 111K Users' Info Spilled Online

Slashdot - 토, 2021/07/24 - 11:02오전
Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Register reports: The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The database contains names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords. It is a severe breach of privacy not only for Guntrader but for its users: members of the UK's licensed firearms community. Guntrader spokesman Simon Baseley told The Register that Guntrader.uk had emailed all the users affected by the breach on July 21 and issued a further update yesterday. Guntrader is roughly similar to Gumtree: users post ads along with their contact details on the website so potential purchasers can get in touch. Gun shops (known in the UK as "registered firearms dealers" or RFDs) can also use Guntrader's integrated gun register product, which is advertised as offering "end-to-end encryption" and "daily backups", making it (so Guntrader claims) "the most safe and secure gun register system on today's market." [British firearms laws say every transfer of a firearm (sale, drop-off for repair, gift, loan, and so on) must be recorded, with the vast majority of these also being mandatory to report to the police when they happen...] The categories of data in the stolen database are: Latitude and longitude data; First name and last name; Police force that issued an RFD's certificate; Phone numbers; Fax numbers; bcrypt-hashed passwords; Postcode; Postal addresses; and User's IP addresses. Logs of payments were also included, with Coalfire's Barratt explaining that while no credit card numbers were included, something that looks like a SHA-256 hashed string was included in the payment data tables. Other payment information was limited to prices for rifles and shotguns advertised through the site. The Register recommends you check if your data is included in the hack by visiting Have I Been Pwned. If you are affected and you used the same password on Guntrader that you used on other websites, you should change it as soon as possible.

Read more of this story at Slashdot.

카테고리:

Facebook Details Experimental Mixed Reality and Passthrough API

Slashdot - 토, 2021/07/24 - 10:45오전
Facebook shared some details about its experimental Passthrough API to enable new kinds of mixed reality apps for Oculus Quest 2. UploadVR reports: The feature may also serve as the foundation for the company's long-term efforts in augmented reality, effectively turning Quest 2 into a $299 AR developer kit. When asked if the feature is coming to the original Oculus Quest, a Facebook representative replied "today, this is only available for Quest 2." The new feature will be available to Unity developers in an upcoming software development kit release "with support for other development platforms coming in the future." Facebook says apps using the API "cannot access, view, or store images or videos of your physical environment from the Oculus Quest 2 sensors" and raw images from the four on-board cameras "are processed on-device." The following capabilities will be available with the passthrough API, according to Facebook: "Composition: You can composite Passthrough layers with other VR layers via existing blending techniques like hole punching and alpha blending. Styling: You'll be able to apply styles and tint to layers from a predefined list, including applying a color overlay to the feed, rendering edges, customizing opacity, and posterizing. Custom Geometry: You can render Passthrough images to a custom mesh instead of relying on the default style mesh -- for example, to project Passthrough on a planar surface."

Read more of this story at Slashdot.

카테고리:

Jeff Bezos and Sir Richard Branson Not Yet Astronauts, US Says

Slashdot - 토, 2021/07/24 - 10:25오전
New Federal Aviation Administration (FAA) rules say astronaut hopefuls must be part of the flight crew and make contributions to space flight safety. That means Jeff Bezos and Sir Richard Branson may not yet be astronauts in the eyes of the US government. The BBC reports: These are the first changes since the FAA wings program began in 2004. The Commercial Astronaut Wings program updates were announced on Tuesday -- the same day that Amazon's Mr Bezos flew aboard a Blue Origin rocket to the edge of space. To qualify as commercial astronauts, space-goers must travel 50 miles (80km) above the Earth's surface, which both Mr Bezos and Mr Branson accomplished. But altitude aside, the agency says would-be astronauts must have also "demonstrated activities during flight that were essential to public safety, or contributed to human space flight safety." What exactly counts as such is determined by FAA officials. In a statement, the FAA said that these changes brought the wings scheme more in line with its role to protect public safety during commercial space flights. On July 11, Sir Richard flew on-board Virgin Galactic's SpaceShipTwo to the edge of space as a test before allowing customers aboard next year. Mr Bezos and the three other crew members who flew on Blue Origin's spacecraft may have less claim to the coveted title. Ahead of the launch, Blue Origin CEO Bob Smith said that "there's really nothing for a crew member to do" on the autonomous vehicle. Those wishing for commercial wings need to be nominated for them as well. An FAA spokesperson told CNN they are not currently reviewing any submissions. There are two other ways to earn astronaut wings in the US - through the military or Nasa. However, a glimmer of hope remains for Sir Richard, Mr Bezos and any future stargazers hoping to be recognized as astronauts. The new order notes that honorary awards can be given based on merit -- at the discretion of the FAA's associate administrator. Astronaut wings were first awarded to astronauts Alan Shepard Jr and Virgil Grissom in the early 1960s for their participation in the Mercury Seven program.

Read more of this story at Slashdot.

카테고리:

페이지

KLDP 수집기 구독하기