news aggregator

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Register reports: The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The database contains names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords. It is a severe breach of privacy not only for Guntrader but for its users: members of the UK's licensed firearms community. Guntrader spokesman Simon Baseley told The Register that Guntrader.uk had emailed all the users affected by the breach on July 21 and issued a further update yesterday. Guntrader is roughly similar to Gumtree: users post ads along with their contact details on the website so potential purchasers can get in touch. Gun shops (known in the UK as "registered firearms dealers" or RFDs) can also use Guntrader's integrated gun register product, which is advertised as offering "end-to-end encryption" and "daily backups", making it (so Guntrader claims) "the most safe and secure gun register system on today's market." [British firearms laws say every transfer of a firearm (sale, drop-off for repair, gift, loan, and so on) must be recorded, with the vast majority of these also being mandatory to report to the police when they happen...] The categories of data in the stolen database are: Latitude and longitude data; First name and last name; Police force that issued an RFD's certificate; Phone numbers; Fax numbers; bcrypt-hashed passwords; Postcode; Postal addresses; and User's IP addresses. Logs of payments were also included, with Coalfire's Barratt explaining that while no credit card numbers were included, something that looks like a SHA-256 hashed string was included in the payment data tables. Other payment information was limited to prices for rifles and shotguns advertised through the site. The Register recommends you check if your data is included in the hack by visiting Have I Been Pwned. If you are affected and you used the same password on Guntrader that you used on other websites, you should change it as soon as possible.

Read more of this story at Slashdot.

Facebook shared some details about its experimental Passthrough API to enable new kinds of mixed reality apps for Oculus Quest 2. UploadVR reports: The feature may also serve as the foundation for the company's long-term efforts in augmented reality, effectively turning Quest 2 into a $299 AR developer kit. When asked if the feature is coming to the original Oculus Quest, a Facebook representative replied "today, this is only available for Quest 2." The new feature will be available to Unity developers in an upcoming software development kit release "with support for other development platforms coming in the future." Facebook says apps using the API "cannot access, view, or store images or videos of your physical environment from the Oculus Quest 2 sensors" and raw images from the four on-board cameras "are processed on-device." The following capabilities will be available with the passthrough API, according to Facebook: "Composition: You can composite Passthrough layers with other VR layers via existing blending techniques like hole punching and alpha blending. Styling: You'll be able to apply styles and tint to layers from a predefined list, including applying a color overlay to the feed, rendering edges, customizing opacity, and posterizing. Custom Geometry: You can render Passthrough images to a custom mesh instead of relying on the default style mesh -- for example, to project Passthrough on a planar surface."

Read more of this story at Slashdot.

New Federal Aviation Administration (FAA) rules say astronaut hopefuls must be part of the flight crew and make contributions to space flight safety. That means Jeff Bezos and Sir Richard Branson may not yet be astronauts in the eyes of the US government. The BBC reports: These are the first changes since the FAA wings program began in 2004. The Commercial Astronaut Wings program updates were announced on Tuesday -- the same day that Amazon's Mr Bezos flew aboard a Blue Origin rocket to the edge of space. To qualify as commercial astronauts, space-goers must travel 50 miles (80km) above the Earth's surface, which both Mr Bezos and Mr Branson accomplished. But altitude aside, the agency says would-be astronauts must have also "demonstrated activities during flight that were essential to public safety, or contributed to human space flight safety." What exactly counts as such is determined by FAA officials. In a statement, the FAA said that these changes brought the wings scheme more in line with its role to protect public safety during commercial space flights. On July 11, Sir Richard flew on-board Virgin Galactic's SpaceShipTwo to the edge of space as a test before allowing customers aboard next year. Mr Bezos and the three other crew members who flew on Blue Origin's spacecraft may have less claim to the coveted title. Ahead of the launch, Blue Origin CEO Bob Smith said that "there's really nothing for a crew member to do" on the autonomous vehicle. Those wishing for commercial wings need to be nominated for them as well. An FAA spokesperson told CNN they are not currently reviewing any submissions. There are two other ways to earn astronaut wings in the US - through the military or Nasa. However, a glimmer of hope remains for Sir Richard, Mr Bezos and any future stargazers hoping to be recognized as astronauts. The new order notes that honorary awards can be given based on merit -- at the discretion of the FAA's associate administrator. Astronaut wings were first awarded to astronauts Alan Shepard Jr and Virgil Grissom in the early 1960s for their participation in the Mercury Seven program.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: During the depths of the U.S. coronavirus pandemic, cars sat idly in driveways, city streets were deserted, onetime commuters worked from bed -- and it was much, much easier to find a parking spot. All of which was devastating news for the small cadre of tech startups dedicated to helping people find and reserve places to park. For SpotHero, which makes an app that helps drivers locate parking spaces, business was down 90% in April 2020 compared with February. The company laid off half its employees. "It was a really hard time for us," Chief Executive Officer Mark Lawrence says. Now, at last, drivers are back, and so is the familiar American pastime of hunting for a parking spot. In the U.S., traffic was up 55% in April from a year earlier, according to the Federal Highway Administration. And although urban roads were slower to refill than their suburban counterparts, traffic in such cities as Chicago, Los Angeles, New York, and Washington, D.C., finally touched pre-pandemic levels again in June, according to Inrix, which analyzes mobility data. The result has been a wave of new customers for SpotHero and companies like it. SpotHero bookings started to come back in January, then accelerated. "It was slowly, then suddenly," Lawrence says. Now the startup is profitable for the first time in 10 years, he says, thanks in part to a surge in car ownership spurred by people avoiding public transit. At FlashParking, which makes two spot-finding apps and helps event companies and garages coordinate availability, demand is higher than it was before the pandemic in some cities. Meanwhile, SpotAngels, which uses crowd input to create maps of nearby open spaces, says monthly revenue since its previous high in February 2020 had tripled by May 2021. "It's interesting to see how dark it was, and can get," SpotHero's Lawrence says, "and then have such optimism now." Before the pandemic, the industry was in crisis, says Eran Ben-Joseph, a professor of urban planning at the Massachusetts Institute of Technology and author of ReThinking a Lot: The Design and Culture of Parking. The rise of such ride-sharing services as Uber and Lyft had meant that many parking garages at stadiums and the like were forced to retrofit their spaces for other uses, such as mini-distribution centers for packages. Post-pandemic, though, parking companies are benefiting from a renewed love of personal space. "I do think right now there's a little bit of a psychological issue with taking public transit or taking Uber," Ben-Joseph says. He also thinks parking apps in particular may be benefiting from the lack of desire to touch kiosk screens or hand over cash to an attendant.

Read more of this story at Slashdot.

Lower your prices and play nicer, CDN goliath suggests

Cloudflare on Friday accused competitor Amazon Web Services of massive markups and hindering customer data portability, even as it invited the cloud services giant to join its discount data initiative known as the Bandwidth Alliance.…

In a post titled "What Wear OS 3 means for you," Google provides a few more details about its upcoming Wear OS update plans, which will be the first major Wear OS update since Wear OS 2 in 2018. Unfortunately, as Ars Technica points out, the list of devices receiving the new update are limited to some of Mobvoi's TicWatch devices and Fossil Group's new generation of devices launching later this year. Older Wear OS devices featuring the Wear 3100 SoC, which makes up almost all the current Wear OS devices, will not support the new update. From the report: We still have next to no information about Wear OS 3, but there are a few tidbits in the upgrade announcement indicating that things will be very different. One line in the announcement lays out the requirement for a mandatory factory reset for any Wear 4100 devices upgrading from Wear OS 2 to version 3. Wear OS 3 is apparently so different that user data can't be ported over, and all local data will need to be wiped. We've certainly heard Google and Samsung talk about how Wear OS 3 will combine the "best of Wear OS and Tizen," indicating that even the base OS might be rebuilt. Google also vaguely tells 4100 upgraders that "in some limited cases, the user experience will also be impacted." Is this a reference to the 4100 performance or the app selection and features compared to Wear OS 2? It's hard to say. Because Wear OS 3 will be so different, Google says it won't force the upgrade on 4100 users: "We expect that for these reasons, some of you will prefer to keep your current Wear OS experience. Therefore, we will offer the system upgrade on an opt-in basis for eligible devices. We will provide more details in advance of the update so you can make an informed decision. We expect our partners to be able to roll out the system update starting in mid to second half of 2022." The Samsung Watch with Wear OS 3 is expected to ship sometime in August 2021, so the partner time of "2H 2022" -- potentially a year after Samsung's release -- is surprisingly late. Android has typically been very good at letting partners get early access to code, so (at least the ones that care) can be ready for launch, but this suggests Samsung is getting a huge head start. Google's message that upcoming Fossil watches, launching later this year, will be "eligible for upgrade" to Wear OS 3 also suggests that we might see Wear OS 2 devices launch from other companies after Samsung launches Wear OS 3 next month.

Read more of this story at Slashdot.

The CEO of NSO Group, whose spyware tools have reportedly been used to target journalists and activists, says that people who aren't criminals shouldn't be afraid of being surveilled AppleInsider reports: Shalev Hulio, 39, recently spoke to Forbes after investigations indicated that NSO Group's Pegasus spyware was used by authoritarian governments to hack and surveil the mobile devices of world leaders, high-profile journalists, and activists. NSO Group says that it sells its tools to governments to help them catch serious criminals like terrorists or gangsters. However, Hulio admitted that it can't control what governments ultimately do with the tools. "We are selling our products to governments. We have no way to monitor what those governments do," he said. Hulio did note that NSO Group has mechanisms in place to detect when abuse happens so that the company can "shut them down." He says that NSO Group has "done it before and will continue to do so. On the other hand, he said that NSO Group shouldn't be responsible for government misuse. Additionally, Hulio said that the average smartphone has nothing to worry about. While NSO Group's spyware can break into the latest iPhones running up-to-date software, often without any action from the user, it's only aimed at criminals. "The people that are not criminals, not the Bin Ladens of the world -- there's nothing to be afraid of. They can absolutely trust on the security and privacy of their Google and Apple devices," Hulio said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: SpaceX can keep launching broadband satellites despite a lawsuit filed by Viasat, a federal appeals court ruled Tuesday. Viasat sued the Federal Communications Commission in May and asked judges for a stay that would halt SpaceX's ongoing launches of low Earth orbit (LEO) satellites that power Starlink Internet service. To get a stay, Viasat had to show that it is likely to win its lawsuit alleging that the FCC improperly approved the satellite launches. A three-judge panel at the US Court of Appeals for the District of Columbia Circuit was not persuaded, saying in a short order that "Viasat has not satisfied the stringent requirements for a stay pending court review." The judges did grant a motion to expedite the appeal, however, so the case should move faster than normal.

Read more of this story at Slashdot.

Google parent hopes to inject AI into factory machines

Alphabet today launched its latest tech startup, Intrinsic, which aims to build commercial software that will power industrial robots.…

You can now block people in Google Drive. From a report: A notification pops up on your phone: "Click here for hot XXX action!" It's Google Drive again. Someone shared a document containing that title, and now your phone is begging you to look at it. Even if you ban Google Drive from generating phone notifications, you'll still get emails. If you block the emails, you'll have to see the spam when you click on the "shared" section of Google Drive. The problem is that Drive document sharing was built with no spam-management tools. Anyone who gets a hold of your email is considered to be an important sharer of valid documents, and there has been nothing you can do about it -- until now. Google officially acknowledged the problem back in 2019, and the company said it was making spam controls "a priority." Now, more than two years later, Google is finally rolling out the most basic of spam tools to Google Drive sharing -- you can block individual email addresses! The company announced this feature in May, but the tool is rolling out to users over the next 15 days. Soon, once the spam arrives in your Google Drive, you'll be able to click the menu button next to the item and choose "block user." Drive sharing works just like email spam. Anyone can share a drive file with you if they know your address. Documents that have been shared with you still automatically show up in your Drive collection without your consent. There's no way to turn off sharing, to limit sharing to approved users, or to limit it to existing contacts. It's a free-for-all.

Read more of this story at Slashdot.

The extremes of floods and fires are not going away, but adaptation can lessen their impact. Economist (paywalled): If temperatures rise by 3C above pre-industrial levels in the coming decades -- as they might even if everyone manages to honour today's firm pledges -- large parts of the tropics risk becoming too hot for outdoor work. Coral reefs and the livelihoods that depend on them will vanish and the Amazon rainforest will become a ghost of itself. Severe harvest failures will be commonplace. Ice sheets in Antarctica and Greenland will shrink past the point of no return, promising sea rises measured not in millimetres, as today's are, but in metres. Six years ago, in Paris, the countries of the world committed themselves to avoiding the worst of that nightmare by eliminating net greenhouse-gas emissions quickly enough to hold the temperature rise below 2C. Their progress towards that end remains woefully inadequate. Yet even if their efforts increased dramatically enough to meet the 2C goal, it would not stop forests from burning today; prairies would still dry out tomorrow, rivers break their banks and mountain glaciers disappear. Cutting emissions is thus not enough. The world also urgently needs to invest in adapting to the changing climate. The good news is that adaptation makes political sense. People can clearly see the need for it. When a country invests in flood defences it benefits its own citizens above all others -- there is no free-rider problem, as there could be for emissions reduction. Nor does all the money come from the public purse; companies and private individuals can see the need for adaptation and act on it. When they do not do so, insurance companies can open their eyes to the risks they are running. Some adaptation is fairly easily set in place. Systems for warning Germans of coming floods will surely now improve. But other problems require much larger public investment, like that which has been put into water-management in the Netherlands. Rich countries can afford such things. Poor countries and poor people need help, which is why the Paris climate agreement calls for annual transfers of $100bn from rich to poor. The rich countries have not yet lived up to their side of this. On July 20th John Kerry, President Joe Biden's special envoy on climate change, reiterated America's pledge to triple its support to $1.5bn for adaptation in poorer countries by 2024, part of a broader move to increase investment in adaptation and mitigation in developing countries. More such efforts are vital.

Read more of this story at Slashdot.

Programming blunder is the second such snafu this month

Bug of the week Google has fixed a bug in Chrome OS version 91.0.4472.165 that surfaced on Monday and prevented some users from being able to login to their systems.…

Could a flexible processor stuck on your produce track the freshness of your cantaloupe? That's the idea behind the latest processor from UK computer chip designer Arm, which says such a device could be manufactured for pennies by printing circuits directly onto paper, cardboard or cloth. From a report: The technology could give trillions of everyday items such as clothes and food containers the ability to collect, process and transmit data across the internet -- something that could be as convenient for retailers as it is concerning for privacy advocates. In recent decades, processors have reduced in size and price to the point that they are now commonly used in everything from televisions to washing machines and watches. But almost all chips manufactured today are rigid devices created on silicon wafers in highly specialised and costly factories where dozens of complex chemical and mechanical processes take up to eight weeks from start to finish. Now, Arm has developed a 32-bit processor called PlasticARM with circuits and components that are printed onto a plastic substrate, just as a printer deposits ink on paper. James Myers at Arm says the processor can run a variety of programs, although it currently uses read-only memory so is only able to execute the code it was built with. Future versions will use fully programmable and flexible memory.

Read more of this story at Slashdot.

A four-year-old startup says it has built an inexpensive battery that can discharge power for days using one of the most common elements on Earth: iron. From a report: Form Energy's batteries are far too heavy for electric cars. But it says they will be capable of solving one of the most elusive problems facing renewable energy: cheaply storing large amounts of electricity to power grids when the sun isn't shining and wind isn't blowing. The work of the Somerville, Mass., company has long been shrouded in secrecy and nondisclosure agreements. It recently shared its progress with The Wall Street Journal, saying it wants to make regulators and utilities aware that if all continues to go according to plan, its iron-air batteries will be capable of affordable, long-duration power storage by 2025. Its backers include Breakthrough Energy Ventures, a climate investment fund whose investors include Microsoft co-founder Bill Gates and Amazon founder Jeff Bezos. Form recently initiated a $200 million funding round, led by a strategic investment from steelmaking giant ArcelorMittal one of the world's leading iron-ore producers. Form is preparing to soon be in production of the "kind of battery you need to fully retire thermal assets like coal and natural gas" power plants, said the company's chief executive, Mateo Jaramillo, who developed Tesla's Powerwall battery and worked on some of its earliest automotive powertrains. On a recent tour of Form's windowless laboratory, Mr. Jaramillo gestured to barrels filled with low-cost iron pellets as its key advantage in the rapidly evolving battery space. Its prototype battery, nicknamed Big Jim, is filled with 18,000 pebble-size gray pieces of iron, an abundant, nontoxic and nonflammable mineral. For a lithium-ion battery cell, the workhorse of electric vehicles and today's grid-scale batteries, the nickel, cobalt, lithium and manganese minerals used currently cost between $50 and $80 per kilowatt-hour of storage, according to analysts. Using iron, Form believes it will spend less than $6 per kilowatt-hour of storage on materials for each cell. Packaging the cells together into a full battery system will raise the price to less than $20 per kilowatt-hour, a level at which academics have said renewables plus storage could fully replace traditional fossil-fuel-burning power plants. A battery capable of cheaply discharging power for days has been a holy grail in the energy industry, due to the problem that it solves and the potential market it creates.

Read more of this story at Slashdot.

85% of those jobs will be rehired, just in cheaper countries

Around 10 per cent of Rackspace staff, predominantly in the US it seems, got an unwelcome email this week informing them they were being let go.…

Ed Zitron, CEO of national Media Relations and Public Relations company EZPR, writes about Clubhouse -- a one-year-old social audio app that is valued at $4 billion and is backed by several high-profile investors including A16z and Tiger Global and whose popularity appears to be on a decline: Yes, Clubhouse's vanity metrics say that people are creating "500,000 rooms a day," and they've launched a DM feature, but seriously -- I am asking you, dear reader, do you know a single soul who has spent more than a few minutes on Clubhouse in the last 3 months? If you do, do they spend regular time on the app? [...] Clubhouse is the elephant in the room in venture, and I believe there is a conscious attempt to not discuss it for fear that it proves that the entire conversation around it was hot air. When everyone desperately rushed to say that it was the next big thing, I asked repeatedly what exactly about it was going to be big, or change things. The answer mostly came down to the idea that we don't know what the future looks like, and that people were on the waitlist - which is no longer an excuse. Nick Bilton at Vanity Fair was a rare case of dissent, making a clear warning that this was very much a pandemic app and nothing more -- but many people in venture and tech do not seem to want to discuss it as anything other than "a big social network." The Information questioned whether Clubhouse was the next Foursquare -- a promising company with tons of press that ultimately didn't reach the giddy heights it was "meant to" -- but for the most part, people have remained either indifferent or positive about it. The fact this isn't regularly discussed is both a bad sign for the app and also a sign, in my opinion, of an industry-wide embarrassment. So many people rushed to join Clubhouse, or discuss what's big on Clubhouse, or how Clubhouse was the beginning of a "social audio revolution" because they were afraid they'd miss out on the next TikTok, and I'd argue that the press did a woeful job at actually questioning the format. It feels as if there was an unquestioning conflation between an app being important and an app raising a bunch of money, and though one can say that the simple act of raising makes something important, it's irresponsible and embarrassing to run a single article on Clubhouse without questioning the format itself.

Read more of this story at Slashdot.

An unexpectedly vehicular collection of chaos and confusion for your consideration

Welcome back for another compendium of tomfoolery from this week for those who enjoy a bit of light-hearted piffle. And let's face it, who doesn't?…

"Software research is a train wreck," says Hillel Wayne, a Chicago-based software consultant who specialises in formal methods, instancing the received wisdom that bugs are way more expensive to fix once software is deployed. Wayne did some research, noting that "if you Google 'cost of a software bug' you will get tons of articles that say 'bugs found in requirements are 100x cheaper than bugs found in implementations.' They all use this chart from the 'IBM Systems Sciences Institute'... There's one tiny problem with the IBM Systems Sciences Institute study: it doesn't exist." The Register: Laurent Bossavit, an Agile methodology expert and technical advisor at software consultancy CodeWorks in Paris, has dedicated some time to this matter, and has a post on GitHub called "Degrees of intellectual dishonesty". Bossavit referenced a successful 1987 book by Roger S Pressman called Software Engineering: a Practitioner's Approach, which states: "To illustrate the cost impact of early error detection, we consider a series of relative costs that are based on actual cost data collected for large software projects [IBM81]." The reference to [IBM81] notes that the information comes from "course notes" at the IBM Systems Sciences Institute. Bossavit discovered, though, that many other publications have referenced Pressman's book as the authoritative source for this research, disguising its tentative nature. Bossavit took the time to investigate the existence of the IBM Systems Science Institute, concluding that it was "an internal training program for employees." No data was available to support the figures in the chart, which shows a neat 100x the cost of fixing a bug once software is in maintenance. "The original project data, if any exist, are not more recent than 1981, and probably older; and could be as old as 1967," said Bossavit, who also described "wanting to crawl into a hole when I encounter bullshit masquerading as empirical support for a claim, such as 'defects cost more to fix the later you fix them'."

Read more of this story at Slashdot.

What else is round? Oh yes, holes

While the Windows of today may have more holes in it than a 20-year-old pair of underpants, Microsoft has continued plugging away at previews for the upcoming iteration, Windows 11.…

New submitter SofiaWW writes: A few days ago, at Microsoft Inspire, it was announced that Windows 11 would ship with dark mode activated by default. This was not a case of rumor or speculation, this was an announcement made at an official Microsoft event by a Microsoft employee. But now it transpires that the statement was not correct. Microsoft has now clarified that it "will ship Windows 11 SKUs in light mode on by default." No explanation for the miscommunications has yet been given.

Read more of this story at Slashdot.