Slashdot

An anonymous reader shares a report: Here's another reminder to be wary of what you share online: BuzzFeed News noticed on Monday that the way Instagram and its owner Facebook serve up media content allows for anyone who has access to a private photo or video to root around in the HTML code and copy-paste a direct link to it. BuzzFeed wrote: "The hack -- which works on Instagram stories as well -- requires only a rudimentary understanding of HTML and a browser. It can be done in a handful of clicks. A user simply inspects the images and videos that are being loaded on the page and then pulls out the source URL. This public URL can then be shared with people who are not logged in to Instagram or do not follow that private user. According to tests performed by BuzzFeed's Tech + News Working Group, JPEGs and MP4s from private feeds and stories can be viewed, downloaded, and shared publicly this way. ... Because all of this data is being hosted by Facebook's own content delivery network, the work-around also applies to private Facebook content. Here's an example of such a link to a private Instagram image, per the Verge: https://scontent-lax3-1.cdninstagram.com/vp/0907741760b14f49ebbb7d45f1e4871e/5E092026/t51.2885-15/e35/s1080x1080/67509661_124712232143789_4496164141880255274_n.jpg?_nc_ht=scontent-lax3-1.cdninstagram.com " BuzzFeed is calling this a "hack," but what's really happening is Internet 101. When an authorized user loads a piece of content on Instagram in a browser, it's trivial to look in the HTML and find a direct URL to where the image or video is sitting on a server. This is not exactly uncommon for the content delivery networks (CDNs) that serve as the backbones of big websites; the simplest and least computationally expensive method of restricting unauthorized users from accessing the image or video in question is to make its URL very, very long.

Read more of this story at Slashdot.

In a surprise move, the new European Commission has reappointed Margrethe Vestager to be its antitrust chief. From a report: As Europe's chief of competition, Vestager has over the past several years led a crusade against many of the biggest U.S. tech companies for abuses of power. But following recent elections for the European Parliament and the selection of a new European Commission, Vestager's term was expected to come to an end. Instead, it seems her mission will continue and has expanded to include a project called "Europe fit for the digital age," though not many details were offered about the new brief. "Digitalization has a huge impact on the way we live, work, and communicate," EC President-elect Ursula von der Leyen said in a statement on Vestager's role. "In some fields, Europe has to catch up -- like for business to consumers -- while in others we are frontrunners -- such as in business to business. We have to make our single market fit for the digital age, we need to make the most of artificial intelligence and big data, we have to improve on cybersecurity, and we have to work hard for our technological sovereignty."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Wall Street Journal: Drilling into the seafloor off Mexico, scientists have extracted a unique geologic record of the single worst day in the history of life on Earth, when a city-sized asteroid smashed into the planet 65 million years ago, wiping out the dinosaurs and three-quarters of all other life. Their analysis of these new rock samples from the Chicxulub crater, made public Monday, reveals a parfait of debris deposited in layers almost minute-by-minute at the heart of the impact during the first day of a global catastrophe (Warning: source paywalled; alternative source). It records traces of the explosive melting, massive earthquakes, tsunamis, landslides and wildfires as the immense asteroid blasted a hole 100 miles wide and 12 miles deep, the scientists said. The sediments also offer chemical evidence that the cataclysm blew hundreds of billions of tons of sulfur from pulverized ocean rock into the atmosphere, triggering a global winter in which temperatures world-wide dropped by as much as 30 degrees Fahrenheit for decades, the scientists said. "The asteroid blasted a cavity between 25 and 30 miles deep in the first seconds of impact, creating a boiling cauldron of molten rocks and super-heated steam," reports The Wall Street Journal, citing the scientists' interpretation of the rock. "Rebounding from the hammer blow, a plume of molten rock splashed up into a peak higher than Mount Everest. Within minutes, it collapsed into itself, splashing gigantic waves of lava outward that solidified into a ring of high peaks, the scientists said." "About 20 minutes or so later, sea water surged back over the newly formed peaks, covering them in a blanket of impact rocks, the scientists said. As minutes became hours, waves choked with shards of volcanic glass and splintered rock rippled back and forth, coating the peaks in a layer of impact rock called suevite, the scientists said. As the hours passed, the backwash of waves added more and more finely graded debris. At the very top of the rock core, the scientists detected traces of organic matter and charcoal." The study was published today in the journal PNAS.

Read more of this story at Slashdot.

U.S. prosecutors have charged a Chinese professor with fraud for allegedly taking technology from a California company to benefit Huawei, in another shot at the embattled Chinese telecommunications equipment maker. From the report: Bo Mao was arrested in Texas on Aug. 14 and released six days later on $100,000 bond after he consented to proceed with the case in New York, according to court documents. Bo Mao was arrested in Texas on Aug. 14 and released six days later on $100,000 bond after he consented to proceed with the case in New York, according to court documents. According to the criminal complaint, Mao entered into an agreement with the unnamed California tech company to obtain its circuit board, claiming it was for academic research. The complaint, however, accuses an unidentified Chinese telecommunications conglomerate, which sources say is Huawei, of trying to steal the technology, and alleges Mao played a role in its alleged scheme. A court document also indicates the case is related to Huawei. Although Huawei has not been charged, the company said it views the case against Mao as the U.S. government's latest instance of "selective prosecution."

Read more of this story at Slashdot.

Using radar data from NASA's Cassini spacecraft, recently published research presents a new scenario to explain why some methane-filled lakes on Saturn's moon Titan are surrounded by steep rims that reach hundreds of feet high. The models suggests that explosions of warming nitrogen created basins in the moon's crust. Phys.Org reports: Titan is the only planetary body in our solar system other than Earth known to have stable liquid on its surface. But instead of water raining down from clouds and filling lakes and seas as on Earth, on Titan it's methane and ethane -- hydrocarbons that we think of as gases but that behave as liquids in Titan's frigid climate. Most existing models that lay out the origin of Titan's lakes show liquid methane dissolving the moon's bedrock of ice and solid organic compounds, carving reservoirs that fill with the liquid. This may be the origin of a type of lake on Titan that has sharp boundaries. On Earth, bodies of water that formed similarly, by dissolving surrounding limestone, are known as karstic lakes. The new, alternative models for some of the smaller lakes (tens of miles across) turns that theory upside down: It proposes pockets of liquid nitrogen in Titan's crust warmed, turning into explosive gas that blew out craters, which then filled with liquid methane. The new theory explains why some of the smaller lakes near Titan's north pole, like Winnipeg Lacus, appear in radar imaging to have very steep rims that tower above sea level -- rims difficult to explain with the karstic model. The work, published Sept. 9 in Nature Geosciences, meshes with other Titan climate models showing the moon may be warm compared to how it was in earlier Titan "ice ages."

Read more of this story at Slashdot.

An anonymous reader quotes a report from New Atlas: Making artificial versions of the humble leaf has been an ongoing area of research for decades and in a new breakthrough, researchers from the Eindhoven University of Technology (TUE) have fine-tuned their artificial leaf design and used it to produce drugs for the first time. Natural leaves are clever little machines. They collect sunlight, and that energy is then used by chlorophyll molecules to power a chemical reaction that turns CO2 and water into glucose. The plant uses this glucose for energy, and expels oxygen as a waste product. Artificial leaves are designed to mimic this process. They're made of translucent materials that allow sunlight in and direct it towards tiny microfluidic channels running through the material like veins. A certain liquid is flowing through these channels, and the idea is that the energy from the sunlight triggers a chemical reaction in that liquid, turning it into something useful like a drug or fuel. The new artificial leaf design from TUE builds on the team's previous prototype, presented in 2016. Back then, the device was made of silicon rubber, but in the new version that's been replaced with Plexiglas for several reasons. [The material is cheaper and easier to manufacturer in larger quantities, has a higher refractive index, and can contain more types of light-sensitive molecules.] The leaf has started to earn its keep, too. The team put it to the test and found that it was able to successfully produce two different drugs: artimensinin, which is effective against malaria, and ascaridole, which is used against certain parasitic worms. Given its small size and scalability, the team says that the artificial leaf could eventually be used to produce drugs and other molecules right where they're needed. The research was published in the journal Angewandte Chemie.

Read more of this story at Slashdot.

In a paper published in Nature Medicine today, researchers led by ETH Zurich describe how they modified an off-the-shelf prosthetic leg with sensors and electrodes to give wearers a sense of knee movement and feedback from the sole of the foot on the ground. Engadget reports: The researchers worked with two patients with above-the-knee, or transfemoral, amputations. They used an Ossur prosthetic leg, which comes with a microprocessor and an angle sensor in the knee joint, IEEE Spectrum explains. The team then added an insole with seven sensors to the foot. Those sensors transmit signals in real-time, via Bluetooth to a controller strapped to the user's ankle. An algorithm in the controller encodes the feedback into neural signals and delivers that to a small implant in the patient's tibial nerve, at the back of the thigh. The brain can then interpret those signals as feedback from the knee and foot. The modified prosthetic helped the users walk faster, feel more confident and consume less oxygen -- an indication that it was less strenuous than traditional prosthesis. The team also tested activating the tibial nerve implant to relieve phantom limb pain. Both patients saw a significant reduction in pain after a few minutes of electrical stimulation, but they had to be connected to a device in a lab to receive the treatment. With more testing, the researchers hope they might be able to bring these technologies to more amputees and make both available outside of the lab.

Read more of this story at Slashdot.

Longtime Slashdot reader Merovech shares a report from ZDNet: Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu). Infections have been happening since mid-July, and have intensified in the past two weeks, ZDNet has learned. Based on current evidence, the Lilocked ransomware appears to target Linux-based systems only. The way the Lilocked gang breaches servers and encrypts their content is currently unknown. A thread on a Russian-speaking forum puts forward the theory that crooks might be targeting systems running outdated Exim (email) software. It also mentions that the ransomware managed to get root access to servers by unknown means. Lilocked doesn't encrypt system files, but only a small subset of file extensions, such as HTML, SHTML, JS, CSS, PHP, INI, and various image file formats. This means infected servers continue to run normally. According to French security researcher Benkow, Lilocked has encrypted more than 6,700 servers, many of which have been indexed and cached in Google search results. However, the number of victims is suspected to be much much higher. Not all Linux systems run web servers, and there are many other infected systems that haven't been indexed in Google search results. Why it should scare you:- affects Linux servers- so far the vector of infection / vulnerability is unknown- you can craft a Google search to watch it spread!

Read more of this story at Slashdot.

According to a new study from the Rocky Mountain Institute, natural gas-fired power plants are on the path to being undercut themselves by renewable power and big batteries. Bloomberg reports: By 2035, it will be more expensive to run 90% of gas plants being proposed in the U.S. than it will be to build new wind and solar farms equipped with storage systems, according to the report. It will happen so quickly that gas plants now on the drawing boards will become uneconomical before their owners finish paying for them, the study said. The development would be a dramatic reversal of fortune for gas plants, which 20 years ago supplied less than 20% of electricity in the U.S. Today that share has jumped to 35% as hydraulic fracturing has made natural gas cheap and plentiful, forcing scores of coal plants to close nationwide. The authors of the study say they analyzed the costs of construction, fuel and anticipated operations for 68 gigawatts of gas plants proposed across the U.S. They compared those costs to building a combination of solar farms, wind plants and battery systems that, together with conservation efforts, could supply the same amount of electricity and keep the grid stable. As gas plants lose their edge in power markets, the economics of pipelines will suffer, too, RMI said in a separate study Monday. Even lines now in the planning stages could soon be out of the money, the report found.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: With less than two weeks until the global climate strikes, 930 tech and corporate Amazon employees have pledged to walk out of the company's offices on September 20, demanding zero emissions by 2030. The climate action, which follows strikes at Amazon warehouses, most recently on Amazon Prime Day, marks the first time white collar Amazon employees have staged a walkout. Workers with the group Amazon Employees for Climate Justice are demanding that the company adopt a resolution to eliminate its massive carbon footprint by 2030. Compared to other tech giants, Amazon, which ships billions of packages each year and controls a huge portion of the cloud computing market, has come under particular scrutiny for its carbon emissions. On September 20, the biggest day of the weeklong climate strike taking place in 117 countries, Amazon employees in Seattle will walk out of their offices at 11:30 a.m., gather at the giant glass spheres at the center of Amazon's corporate campus, then march to city hall to rally with youth climate activists. An internal call for action that began circulating among employees on September 4 received around 930 pledges as of September 8, Read said. "Playing a significant role in helping to reduce the sources of human-induced climate change is an important commitment for Amazon," an Amazon spokesperson told Motherboard in response to news of the walkout. "We have dedicated sustainability teams who have been working for years on initiatives to reduce our environmental impact. Earlier this year, we announced Shipment Zero - Amazon's vision to make all Amazon shipments net zero carbon, with 50% of all shipments net zero by 2030." "Over the past decade through our sustainable packaging programs, we've eliminated more than 244,000 tons of packaging materials and avoided 500 million shipping boxes," the Amazon spokesperson continued. "To track our progress on this journey and as part of an overall commitment to sharing our sustainability goals, we plan to share Amazon's company-wide carbon footprint, along with related goals and programs, later this year. This follows an extensive project over the past few years to develop an advanced scientific model to carefully map our carbon footprint to provide our business teams with detailed information helping them identify ways to reduce carbon use in their businesses." Microsoft workers in Seattle will also participate in the walkout. Google workers could join too.

Read more of this story at Slashdot.

In an opinion article published last week on Wired, New York City Mayor and 2020 Democratic presidential candidate Bill de Blasio said as president he would issue a robot tax for corporations displacing humans and would create a federal agency to oversee automation. CNET reports: "The scale of automation in our economy is increasing far faster than most people realize, and its impact on working people in America and across the world, unless corralled, will be devastating," de Blasio wrote. De Blasio would call the new regulator the Federal Automation and Worker Protection Agency, which would safeguard jobs and communities. In addition, his proposed "robot tax" would be imposed on large companies that eliminate jobs as they become more automated. The tax would be equal to five years of payroll taxes for each employee eliminated, according to De Blasio.

Read more of this story at Slashdot.

Several popular YouTubers -- including including Logan Paul, Marques Brownlee, and Emma Chamberlain -- have launched podcasts in the last year, "proving YouTube is a bonafide podcast network," writes Alex Castro via The Verge. "They're all available through traditional audio platforms, like Apple Podcasts and Spotify, but many also offer video versions that live on dedicated YouTube channels where they've become incredibly popular." From the report: These creators have figured out how to make podcasts work on a platform that wasn't designed for them, leveraging YouTube's search algorithm to meet new audiences, make more money, and expand into a medium that's expected to grow rapidly in the coming years. Some of the top podcasts on YouTube are pulling in millions of views every few days or weeks. Top shows, like Ethan and Hila Klein's H3 Podcast or Joe Rogan's Joe Rogan Experience, have dedicated audiences who use YouTube notifications as an RSS feed, letting them know when a new episode is available to watch. While the podcasts are also distributed via Spotify and Apple Podcasts, YouTube acts as a first stop. To reach even bigger audiences, YouTubers have figured out that they can break their show into pieces and spread it across multiple channels. H3 Podcast, Cody Ko and Noel Miller's Tiny Meat Gang, and The Joe Rogan Experience run as full-length episodes on their main podcast channel, but those episodes are then broken down into tiny individual cuts. These cuts, often referred to as clips or highlights, exist on a completely separate channel. They're also arguably more important when it comes to using YouTube as a way to grow the podcast. The H3 Podcast uses one of the most popular takes on the "YouTube podcast" format. Ethan and Hila Klein have three channels: H3H3 Productions (6 million subscribers), H3 Podcast (2 million subscribers), and H3 Podcast Highlights (1.3 million subscribers). The main channel is used for longer commentary pieces, special collaborations, and comedic sketches, but the latter two are solely dedicated to the podcast. Creating a separate channel for clips lets podcasters take advantage of YouTube's recommendation algorithm, which surfaces content on specific subjects a viewer is already interested in.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Scraping a public website without the approval of the website's owner isn't a violation of the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs. HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ's scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America's main anti-hacking law. This posed an existential threat to hiQ because the LinkedIn website is hiQ's main source of data about clients' employees. So hiQ sued LinkedIn, seeking not only a declaration that its scraping activities were not hacking but also an order banning LinkedIn from interfering. A trial court sided with hiQ in 2017. On Monday, the 9th Circuit Appeals Court agreed with the lower court, holding that the Computer Fraud and Abuse Act simply doesn't apply to information that's available to the general public. [...] By contrast, hiQ is only scraping information from public LinkedIn profiles. By definition, any member of the public has authorization to access this information. LinkedIn argued that it could selectively revoke that authorization using a cease-and-desist letter. But the 9th Circuit found this unpersuasive. Ignoring a cease-and-desist letter isn't analogous to hacking into a private computer system. "The CFAA was enacted to prevent intentional intrusion onto someone else's computer -- specifically computer hacking," a three-judge panel wrote. The court notes that members debating the law repeatedly drew analogies to physical crimes like breaking and entering. In the 9th Circuit's view, this implies that the CFAA only applies to information or computer systems that were private to start with -- something website owners typically signal with a password requirement. The court notes that when the CFAA was first enacted in the 1980s, it only applied to certain categories of computers that had military, financial, or other sensitive data. "None of the computers to which the CFAA initially applied were accessible to the general public," the court writes. "Affirmative authorization of some kind was presumptively required."

Read more of this story at Slashdot.

An anonymous reader shares a report: When Microsoft bought 6Wunderkinder, the developer of Wunderlist, in 2015, officials said they planned to shut down that task-management app at some point and replace it with its own To Do app. That move still hasn't happened. But this week, Microsoft is rolling out a redesign of To Do that attempts to make it look more like Wunderlist. On September 9, Microsoft introduced the redesigned To Do, which has smaller headers and more colors. The app is more customizable now with a variety of backgrounds, "including the beloved Berlin TV tower that was a feature in Wunderlist." The app can sync across Mac, iOS, Android, Windows and the Web. And it integrates with Microsoft work or school email accounts; hosted email accounts like Outlook, Hotmail or Live; Microsoft Planner; and Microsoft Launcher on Android. Just so it happens, last week Wunderlist founder Christian Reber said that he'd like to buy Wunderlist back from Microsoft. Today he tweeted "GREAT timing," in regards to Microsoft's To Do makeover.

Read more of this story at Slashdot.

A $1 billion Bitcoin transaction has become conspicuous not because of its size but because its sender spent far too much on fees. From a report: Someone could have sent 94K BTC for $35. Social media users were guessing at the origin and destination of the funds on Sept. 6, which involved 94,504 BTC ($1.018 billion). According to Twitter-based monitoring resource Whale Alert, the transaction did not involve known wallets or those belonging to a specific cryptocurrency-related organization, such as an exchange. One theory suggested the funds may be tied to institutional trading platform Bakkt, which begins accepting client deposits today. "Institutions building inventory for their market-making needs going forward," commented Max Keiser on the giant transaction. He added: "This = effective 'put' on the BTC price at $9,000. Ie, institutions are net-buyers of any BTC that shows up at $9k. Risk/reward now for buyers is excellent."

Read more of this story at Slashdot.

Google, Facebook, Amazon and Apple are targets of government investigations and public outrage, facing accusations that they abuse their power in various ways, from exploiting personal information to stifling rivals. Conspicuously absent from most of that criticism? Microsoft, a tech company worth more than them all. From a report: The software giant, valued at more than $1 trillion by investors, is no stranger to government scrutiny and public criticism. It endured years of antitrust investigations, and faced a long public trial that almost split up the company. In the end, Microsoft paid billions in fines and settlements, and absorbed humbling lessons. But its "Evil Empire" moniker, once a label favored by the company's critics, has fallen by the wayside. Market shifts and the evolution of Microsoft's business over the years help explain the transformation. It is less a consumer company than its peers. For example, Microsoft's Bing search engine and LinkedIn professional network sell ads, but the company as a whole is not dependent on online advertising and the harvesting of personal data, unlike Facebook and Google. [...] But Microsoft has also undergone a corporate personality change over the years, becoming more outward looking and seeking the views of policymakers, critics and competitors. That shift has been guided by Brad Smith, Microsoft's president, diplomat-in-residence and emissary to the outside world. In a new book, Mr. Smith makes the case for a new relationship between the tech sector and government -- closer cooperation and challenges for each side. "When your technology changes the world," he writes, "you bear a responsibility to help address the world that you have helped create." And governments, he writes, "need to move faster and start to catch up with the pace of technology."

Read more of this story at Slashdot.

A pedophilia scandal compelled YouTube to vow to suspend comments on videos with kids age 13 and younger. Six months later, comments are still easy to find. From a report: YouTube is about to reposition how its massive online video service treats clips for children. Following a record $170 million penalty, announced Wednesday, for violating kids' data privacy, Google's YouTube pledged to disable comments, notifications and personalized ads on all videos directed at children. And its machine learning will police YouTube's sprawling catalog to keep kids videos in line, the company said. One problem: YouTube's machine learning was supposed to be suspending comments on videos featuring young minors already. It hasn't. Comment-enabled videos prominently depicting young kids are still easy to find on YouTube. A single YouTube search for one kids-focused subject -- "pretend play" -- returned more than 100 videos with comments enabled, all prominently featuring infants, preschoolers and other children young enough to still have their baby teeth. After CNET contacted YouTube with a list of these videos, comments were disabled on nearly half of them.

Read more of this story at Slashdot.

Attorneys general for 50 U.S. states and territories today officially announced an antitrust investigation of Google, embarking on a wide-ranging review of a company that Democrats and Republicans said may threaten competition and consumers. From a report: The bipartisan group, led by Ken Paxton, the Republican attorney general of Texas, referred to Google as an "online search juggernaut," on the steps of the Supreme Court. State regulators from California, where Google is based, and Alabama did not join the probe. In a blog post published on Friday, Google senior vice president of global affairs Kent Walker wrote, "We have always worked constructively with regulators and we will continue to do so."States have the ability to levy fines or receive damages from companies found to be engaging in anticompetitive practices but, according to Matt Stoller, a fellow at the Open Markets Institute, the most important aspect of the investigation is that it will reveal how exactly Google works. "The trial is the remedy. Exposing the deals and how the companies use customer data, etc, will have a salutary effect," Stoller told BuzzFeed News.

Read more of this story at Slashdot.

Juul Labs, the dominant e-cigarette company, violated federal regulations by selling its vaping products as a safe alternative to traditional tobacco cigarettes without approval from the Food and Drug Administration, the agency said in a warning letter on Monday. From a report: The F.D.A. issued its warning amid a public health crisis over more than 400 cases of vaping-related lung illnesses that have hospitalized many young teenagers and adults, and possibly five deaths. Public health investigators have yet to determine a specific cause, but have cited the use of both cannabis-related and nicotine vaping products from a number of companies as possible suspects. The agency's warning letter to Juul follows a lengthy inquiry into the company's marketing and sales practices, as well as a review of congressional testimony from Juul executives, consumers -- including students and parents -- and antismoking advocates. Under federal law, companies are not permitted to market products as safer than cigarettes or a safe alternative without proving those claims to the F.D.A.

Read more of this story at Slashdot.

If you requested money from Equifax for leaking your personal data, you'll need to provide more information by October 15th. From a report: The Equifax settlement administrator sent an email with details over the weekend. It asks consumers to confirm that they're actually signed up for credit monitoring, which is a prerequisite for requesting the money. If they can't do that, they can amend their claim to request free credit monitoring. Otherwise, the claim will be denied. Equifax settled with the Federal Trade Commission for up to $700 million in July, and it set aside $31 million for consumers who were affected by the breach. Consumers could request four years of monitoring or a $125 check. But because the total payout was fixed, the FTC soon warned that people would receive far less money.

Read more of this story at Slashdot.