Alterslash

the unofficial Slashdot digest for 2019-Jul-11 today archive

Contents

  1. Nissan Sees Leaf As Home Energy Source, Says Tesla Big Battery 'Waste of Resources'
  2. Parks and Recreation Centers Are Using Sonic Devices That Play High-Pitched Noises To Repel Teens
  3. FCC Photos Confirm Galaxy Note 10 Won't Have a Headphone Jack
  4. Microsoft Stirs Suspicions By Adding Telemetry Files To Security-Only Update
  5. Facebook AI Pluribus Defeats Top Poker Pros In 6-Player Texas Hold 'Em
  6. Former Tesla Employee Admits Uploading Autopilot Source Code To His iCloud
  7. Malicious Apps Infect 25 Million Android Devices With 'Agent Smith' Malware
  8. German Banks Are Moving Away From SMS One-Time Passcodes
  9. Investigating Some Subscription Scam iOS Apps
  10. Microsoft Teams Overtakes Slack With 13 Million Daily Users
  11. The Trillion-Dollar Taboo: Why It's Time To Stop Ignoring Mental Health at Work
  12. Google Admits Partners Leaked More Than 1,000 Private Conversations With Google Assistant
  13. Twitter is Down [Update]
  14. US Mayors Group Adopts Resolution Not To Pay Any More Ransoms To Hackers
  15. Buzz Aldrin is Looking Forward, Not Back -- and He Has a Plan To Bring NASA Along
  16. France Approves Digital Tax on American Tech Giants, Defying US Trade Threat
  17. Amazon Pledges $700 Million To Teach Its Workers to Code
  18. Apple Opens App Design and Development Accelerator in China
  19. Climate Change: How Hot Cities Could Be in 2050
  20. Panasonic To Develop Green Home Appliances Made From Plants
  21. Apple Disables Walkie Talkie App Due To Vulnerability That Could Allow iPhone Eavesdropping
  22. Bankrupt Maker Faire Revives, Reduced To Make Community
  23. The Most Clever 'Zip Bomb' Ever Made Explodes a 46MB File To 4.5 Petabytes
  24. Japan's Hayabusa2 Probe Makes Second Touchdown On Distant Asteroid
  25. Apple Pushes a Silent Mac Update To Remove Hidden Zoom Web Server

Alterslash picks the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

Nissan Sees Leaf As Home Energy Source, Says Tesla Big Battery 'Waste of Resources'

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from The Driven: Owning an electric car in Australia could become much more than just driving from A to B with a reduced carbon footprint, according to Nissan Australia which launched the new version of the Nissan Leaf electric vehicle in Melbourne on Wednesday. Nissan confirmed at the launch that the new Leaf, with a 40kWh battery, will be a V2H (vehicle-to-home) energy asset -- meaning that, unlike other electric vehicles, it will have the capability to charge your home (subject to further testing with Australia's network owners and operators). Called bidirectional charging, the 40kWh Leaf (and for that matter the 62kWh version which is not yet slated for an Australian release) essentially has the capability to become your personal, massive, mobile battery. This means it will be able to not only store energy by plugging into your home, workplace or other destinations such as shopping centers with free charging, or from DC fast-chargers -- it will be able to serve that energy back to your home. And it could be available to use in Australia within six months. Nissan's global head of electric vehicles, Nic Thomas, says that installations such as the grid connected Tesla big battery at Hornsdale in South Australia is a waste, despite the fact that its performance -- both for the grid and financially -- has been widely admired.

"It's a complete waste of resources because what we can do is have cars that are also batteries and those cars are parked most of the time," Thomas said.

Re: "and those cars are parked most of the time"

By Rei • Score: 4, Insightful • Thread

It's a tangential issue. The main issue is that Nissan battery packs already degrade badly enough just from normal usage. Who wants them cycling in a V2G role on top of that? A car's battery should be rightfully designed to give it a lifespan typical of usage in that car - not "usage in that car plus taking on some side V2G role". Tesla Powerpacks (and soon to be Megapacks) are designed specifically for V2G, which means focusing on lifespan and cost over energy density. Additionally, you usually want battery buffers to be in specific locations, to buffer specific lines. Most EVs will be in densely populated areas, which doesn't necessarily correlate with battery needs.

If Nissan were talking about reusing old Leaf battery packs in the grid, as they have sometimes in the past, there's a better argument for that (although working with old packs can sometimes be a pain, they're few in number, and there's also an argument that they'd just be better off being recycled into new packs that can store more energy).

A caveat I'll add, however: V2G generally refers to two-way power flow. There's more of an argument for it with one-way power flow, e.g. "smart charging", which prioritizes charging at times of grid excess. In an ideal scenario, you tell it how much of a charge you want, and when you need it by, and it has to fully serve your request, but does so by charging only when power is cheapest during its available timeperiod. Powerwall basically works like this, but Tesla vehicles do not (if smart grids become more commonplace, however, I'm sure this would change).

I think one of the ultimate scenarios for making use of renewables power when it's in excess would be "green steel". That is, ore processed by hydrothermic reduction or electrolysis rather than carbothermic reduction. IMHO, most of the plans for generating hydrogen for grid buffering are pretty dumb (generating hydrogen, storing it, then converting it back to electricity is a really expensive, inefficient alternative to batteries), but since hydrothermic steel requires hydrogen as a reducing agent, making it with electricity during times of excess is a really obvious choice. Alumium smelters already generally adjust their power consumption based on grid needs, but steel is a much larger industry than alumium, so hydrothermic or electrolytic steel would make a much bigger difference. Electrolytic would be more efficient than hydrothermic, but is a larger jump from current steelmaking processes.

Re:"and those cars are parked most of the time"

By Cipheron • Score: 4, Informative • Thread

Nah, electricity is much cheaper at night due to off-peak pricing in Australia. You don't need much power when you're not at home, so the Leaf battery wouldn't be needed in work hours either. It would be useful to switch to the battery during the evening power use peak, then switch to storing energy once the price drops.

Re:Driverless cars will make this concept redundan

By 110010001000 • Score: 4, Insightful • Thread

Driverless vehicles may never happen. There is no indication that they will, despite the wishful thinking and hype of the tech companies.

Not really that "massive"

By lfp98 • Score: 3 • Thread
The average Australian household uses 20 kWh per day, so the Leaf is at best a 2-day supply even if you use it solely for storage and don't drive it. And of course the battery is going to wear out that much faster if used regularly for short-term storage. Never mind the logistical problems associated with coordinating discharge of tens of thousands of Leafs spread over miles and miles of territory whenever a utility needs the power. A far more sensible scheme would be to repurpose Leaf batteries once their capacity deterioriates to 70% for use in utility-scale stationary batteries, where capacity/weight ratio is not such a critical factor.

Re: "and those cars are parked most of the time"

By Ranbot • Score: 4, Informative • Thread

"Badly enough" as in "go shopping for a used Leaf some time and see what I mean".

I am the second owner of a 2013 Nissan Leaf that I bought used about 4 years ago. I have no significant capacity loss so far. You may be thinking of the 2011 and 2012 Nissan Leaf models, which had a different battery build with well-documented long-term problems. Batteries from 2013 and on are pretty solid.

FWIW, when I bought Leaf it had 11k miles and I bought it for $15K; it was $36k new. EV depreciation is awful, but the flip side is there are fantastic deals on used EVs.

Parks and Recreation Centers Are Using Sonic Devices That Play High-Pitched Noises To Repel Teens

Posted by BeauHDView on SlashDotShareable Link
NPR reports of the various parks and recreation centers in North America that are using sonic devices to repel teens from the premises. Philadelphia, for example, has 30 parks and recreation centers that are outfitted with a small speaker called the Mosquito. "It blares a constant, high-pitched ringing noise all night long -- but one that only teenagers and young adults can hear," reports NPR. "Anyone over age 25 is supposed to be immune because, basically, their ear cells have started to die off." From the report: Philadelphia parks officials have been installing the device since 2014, reported WHYY's Billy Penn, intending to shoo rowdy youths from the premises. And it's not the only U.S. city to do so. Mosquito's Vancouver-based manufacturer Moving Sound Technologies works with roughly 20 parks departments around the country to implement the youth-repellent devices, says president Michael Gibson. It's intended to prevent loitering and vandalism by teens and young adults at public facilities. But some say this age-based targeting is a form of prejudice. Philadelphia City Council member Helen Gym refers to the devices as "sonic weapons" -- and she's working to get them removed.

[I]n Philadelphia, Parks & Recreation defends its use of the Mosquito, saying the devices are operational from 10 p.m. to 6 a.m. only, and they're just one part of an overall anti-vandalism strategy that includes fences and gates, security cameras and night watch staff. For now, the city is moving forward with installation. Despite the backlash, two new Mosquito devices are being installed at other city playgrounds as part of major renovation projects.

Re:The New Low

By Ormy • Score: 5, Insightful • Thread
The low we've sunk to is failing to parent properly resulting in a whole generation that is rude, abusive, has no respect for others etc. I'm 30 years old, I can hear these things, I still chose to sit right next to them because the sound they make is far less annoying than the average teenager they deter. I'll admit that parks are a bad place to put them, a park is a good place for a young person to be. Where I've seen them used is outside shops that are near schools, and they are only turned on as the kids are leaving school to stop them loitering outside shops where their behaviour deters paying customers. I fully agree with that usage.

Re:What a crappy world we live in

By Applehu Akbar • Score: 5, Funny • Thread

The safe way to repel teenagers is to use easy-listening music. It won't affect your baby or your dog.

Re:What a crappy world we live in

By drinkypoo • Score: 4, Insightful • Thread

Requiring businesses to permit use of their parking lots as skate parks means asking them to accept a great deal of liability. It is not realistic. You can't sign your rights away, so they can't permit activity "at your own risk". Kicking out skaters is the only reasonable option open.

Cities and municipalities should create skate parks if there is substantial demand. But the flip side of skate parks is cracking down on people skating elsewhere, or without protective gear.

Re:What a crappy world we live in

By greythax • Score: 4, Insightful • Thread

I grew up in a small town with very few entertainment options, and very few of us had money. For us, the public park was the "hangout" on weekend nights. About 8pm, cars would start to show up and basically the population of the entire highschool would be there by 10. There was drinking and fights, you are going to get those just about anywhere a bunch of teens hang out, but for the most part, it kept us from getting in to trouble. When I was 16 they started "closing" the park, I guess under some misguided idea that the kids would all just stay home? Having nowhere else to go, we started breaking in to farmland outside of town and having bonfire parties. I can tell you from first hand experience, these were NOT safer locations. Basically no rules affairs without any hope of police breaking up a fight, and getting people to a hospital (which happened twice in front of my own eyes) was a significantly slower process.

At the end of the day, we were citizens, we had a right to that park as much as anyone else, provided we didn't break the law, just like adults. Cutting us off from that didn't make us safer nor protect the community more.

Re:The New Low

By Sumus Semper Una • Score: 4 • Thread

I never thought I'd find a post that could be an opinion quote from someone from any decade from at least the 1950s onward and would have been said exactly the same, word for word.

I'm sorry, but I didn't buy "juvenile delinquency is getting worse because parenting abilities and morals are declining" as a kid and I don't buy it now. I'm unaware of a period in history where any society existed that did not have some groups of vicious children.

FCC Photos Confirm Galaxy Note 10 Won't Have a Headphone Jack

Posted by BeauHDView on SlashDotShareable Link
Samsung has been one of the only large smartphone manufacturers to insist on keeping the headphone jack in its flagship phones. But that is about to come to an end with the Galaxy Note 10. According to photos published by the FCC, showing both the bottom and top of the phone, there's no headphone jack in sight. The Verge reports: The FCC seems to have briefly shared these images by mistake. Samsung followed the usual protocols in requesting confidentiality for external photos of the Note 10 test device, and yet here we are. Whoops. There are two different models at the FCC, but neither includes 5G. So as with the S10 series, Samsung will likely produce a standalone 5G model. Aside from the headphone jack being a goner -- renders of the phone had already suggested this was coming -- we get a look at the triple-camera system on the back. There's another sensor positioned under the flash, which could be the same 3D time-of-flight depth sensor that Samsung included in the Galaxy S10 5G. The Note is usually where the company throws in everything it can, so it makes sense for it to carry over everything from the top-tier S10 model. The center-aligned front camera cutout is also faintly visible in one shot. Samsung is expected to formally announce the Note 7 at an August 7th Unpacked event in Brooklyn, New York.

No headphone jack = lost sale

By H_Fisher • Score: 5, Insightful • Thread
I won't purchase a device that doesn't have a headphone jack. I don't want reduced functionality for the purpose of selling me unnecessary dongles or peripherals - and I believe in voting with my wallet.

Re:You can still use USB-C

By agaku • Score: 5, Insightful • Thread

Don't freak out wired headphone lovers, you can probably still use USB-C for headphones....

I have to assume at this point the number of mobile headphones made that use an audio jack, had to be diminishing rapidly, so there was little point in Samsung keeping a point of entry for water.

I have a high-quality earphone from Sennheiser with a cable and will not buy a phone without an audio jack. Why pay so much for a phone with a feature lacking compared to S5? I can get two Asus Zenfone 6 for the money, with audio jack and flash memory extension. Thank you Samsung for saving some money. Wired connection has better security and availability, I really can depend on it and use my Plantronics headset for business talks. And the earphone for music. Problems with battery or connection? Not with me. Either charging or connecting the headset? Not with me. Bye bye Samsung.

So it's kind of mutual.

By blind biker • Score: 5, Interesting • Thread

The Galaxy Note 10 won't have a headphone jack, and I won't have a Galaxy Note 10.

Besides, I like phones with removable batteries, so I'll probably go for the LG K8.

(don't judge me, I still use a Galaxy S5)

Re:Time to let it go.

By green1 • Score: 5, Insightful • Thread
A "disaster' that is better than any other solution out there. They connect better than almost any other type of connector because they're simple, and omni-directional. And they take up so little space in the phone that the smallest phones on the market have plenty of room for them, it's only the large phones that seem not to have the space.

Yes there absolutely is a reason all the high end phones are moving away from them, but it isn't because the alternative is better. It's for 2 reasons, and only 2 reasons:
1) the manufacturer saves a few pennies on each phone (and they sure don't pass that on to you if you've looked at the price of phones recently!)
2) the manufacturer probably also sells dongles and/or headphones, both of which are a profit centre.

The manufacturers would love you to believe the hype that their new alternative is better, but it isn't. This is about one thing, and one thing only. Money.

Corrected Headline

By JustAnotherOldGuy • Score: 3 • Thread

Corrected Headline:

"FCC Photos Confirm I Won't Buy A Galaxy Note 10 Because There's No Fucking Headphone Jack"

Microsoft Stirs Suspicions By Adding Telemetry Files To Security-Only Update

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from ZDNet: As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows. But some hawk-eyed observers noted a surprise in one of those Windows 7 packages. What was surprising about this month's Security-only update, formally titled the "July 9, 2019 -- KB4507456 (Security-only update)," is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.

Among the fierce corps of Windows Update skeptics, the Compatibility Appraiser tool is to be shunned aggressively. The concern is that these components are being used to prepare for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some observers it's a short step from seemingly innocuous data collection to outright spyware. [...] I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update. And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough."
"The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed," the report notes.

Overheard at Windows Command

By SuperKendall • Score: 3 • Thread

"Re-verify our version to target... one Bing only".

They drove a diehard Windows user...

By Anonymous Coward • Score: 3, Interesting • Thread

...to switch to Linux as a primary desktop operating system. I once paid for every new release of Windows, played the latest games, installed the latest drivers, and constantly tweaked my machine for better performance.

I used to think Linux was more of a novelty but the borking of the Windows 8 desktop caused me to start playing around with Linux more. I actually found I liked Linux Mint MATE better than Windows 8, and found it more useful for browsing and such. Game compatibility was somewhat of an issue so I dual booted for quite a while.

Windows 10 and Telemetry sealed it though.

The forced updates, the mandatory telemetry, and the complete lack of transparency caused me to drop Windows almost entirely. I use both Ubuntu and Mint now and Iâ(TM)ve found ways to play many of the same games (with excellent or better performance in some cases). With Linux, I feel like I have much more control over my machine.

Linux is now my primary OS and Iâ(TM)m not going back.

Re:Seems almost as if...

By LVSlushdat • Score: 4, Interesting • Thread

Yeah... I consider Windows 10 the absolute BEST advertisement for Linux, short of maybe Linux "commercials" on tv/radio...... It sure made ME move MY systems to Linux..... FUCK MICROSOFT!! (damn that felt GOOD!)

Re:Seems almost as if...

By Bob-Bob Hardyoyo • Score: 4, Insightful • Thread

I find I swear more with Linux, BUT, whatever problem I have in Linux I can almost always find an answer to with some time and work. With Windows I'm often just shit out of luck.

The sky is falling

By jbmartin6 • Score: 3 • Thread

The word telemetry appears in at least one file

Well, we don't need any more facts than that.

Facebook AI Pluribus Defeats Top Poker Pros In 6-Player Texas Hold 'Em

Posted by BeauHDView on SlashDotShareable Link
Carnegie Mellon University and Facebook AI research scientists have developed an AI dubbed Pluribus that took on 15 professional human players in six-player no-limit Texas Hold 'em and won. The researchers describe how they achieved this feat in a new paper in Science. Ars Technica reports: Playing more than 5,000 hands each time, five copies of the AI took on two top professional players: Chris "Jesus" Ferguson, six-time winner of World Series of Poker events, and Darren Elias, who currently holds the record for most World Poker Tour titles. Pluribus defeated them both. It did the same in a second experiment, in which Pluribus played five pros at a time, from a pool of 13 human players, for 10,000 hands.

Co-author Tuomas Sandholm of Carnegie Mellon University has been grappling with the unique challenges poker poses for AI for the last 16 years. No-Limit Texas Hold 'em is a so-called "imperfect information" game, since there are hidden cards (held by one's opponents in the hand) and no restrictions on the size of the bet one can make. By contrast, with chess and Go, the status of the playing board and all the pieces are known by all the players. Poker players can (and do) bluff on occasion, so it's also a game of misleading information.

An Excellent, readable, technical paper

By aberglas • Score: 4, Interesting • Thread

I encourage others to actually read it.

Basically, it plays against itself many times. But it can also see what its other selves would have done if it had played differently. Then sees how the play turned out and feeds that back.

To do that it simplifies its internal game somewhat. A few bet types, a few hand strengths, so the combinatorial explosion is manageable.

There is also a small amount of search involved.

Obviously no tells etc. But professional players have those well under control anyway.

One idea was that, for example, in sizzor-paper-rock an optimal strategy is to chose randomly. No opponent can beat that. Although given a human opponent there might be a better strategy involving second guessing. But just sticking to random will never be beaten any human, although it might not win either.

Really?

By OYAHHH • Score: 4, Insightful • Thread

A computer that has a infinite ability to count cards wins at cards? Hard to believe it isn't it?

Former Tesla Employee Admits Uploading Autopilot Source Code To His iCloud

Posted by BeauHDView on SlashDotShareable Link
Guangzhi Cao, a former engineer at Tesla that is accused of stealing company trade secrets and sending them to a Chinese startup, admitted in a court filing this week that he uploaded zip files containing Autopilot source code to his personal iCloud account in late 2018 while still working for the company. "Cao denied stealing sensitive information from the automaker in the same filing," reports The Verge. "His legal team argued he 'made extensive efforts to delete and/or remove any such Tesla files prior to his separation from Tesla.' Cao is now the 'head of perception' at XPeng, where he is '[d]eveloping and delivering autonomous driving technologies for production cars.'" From the report: According to a joint filing from the two parties that was also filed this week, Tesla has subpoenaed documents from Apple. While Apple is not involved in this case, a former employee who worked on the tech company's secretive autonomous car project was charged by the FBI with stealing trade secrets last July. That employee allegedly Air Dropped sensitive data to his wife's laptop and was also caught on CCTV leaving Apple's campus with a box of equipment. He had left his job at Apple to take a position at XPeng before being arrested. Cao was also a senior image scientist for Apple for two years before he joined Tesla, according to his LinkedIn profile.

What did he admit to?

By larryjoe • Score: 4, Informative • Thread

Tesla claims that "Mr. Cao downloaded complete copies of Tesla’s Autopilot-related source code to his personal iCloud account" including "more than 300,000 files and directories, including the firmware, Autopilot, and neural network source code repositories."

Meanwhile, Mr. Cao claims, "Prior to his departure from Tesla, Cao diligently and earnestly attempted to remove any and all Tesla intellectual property and source code from his own personal devices. (It was a practice regularly followed by Tesla engineers and routinely condoned by its management for employees to place work-related information, including sensitive or confidential information, on their own personal devices.) To the extent that any source code or other confidential information remained on Cao’s devices subsequent to his departure, it was only as a result of inadvertence."

So, what Mr. Cao has admitted to is downloading code to his personal devices but claims that he attempted to delete all such code before quitting Tesla. Mr. Cao further claims that Tesla implicitly allowed storing code on personal devices, although he didn't address whether he download as much code or whether he uploaded to his iCloud account as Tesla claimed.

Thieves.

By Wolfier • Score: 3 • Thread

The usual way a start-up in some countries operate.

I see plots within plots.

By AlanObject • Score: 3 • Thread

According to all the incredibly smart and sober figures here at /. the Tesla Autopilot is less than commercially worthless (in other words a liability) so maybe Cao is doing them a favor by sabotaging the competition.

Malicious Apps Infect 25 Million Android Devices With 'Agent Smith' Malware

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Phys.Org: Malicious apps from a campaign called "Agent Smith" have been downloaded to 25 million Android devices, according to new research by cyber-security firm Check Point. The apps, most of them games, were distributed through third-party app stores by a Chinese group with a legitimate business helping Chinese developers promote their apps on outside platforms. Check Point is not identifying the company, because they are working with local law enforcement. About 300,000 devices were infected in the U.S.

The malware was able to copy popular apps on the phone, including WhatsApp and the web browser Opera, inject its own malicious code and replace the original app with the weaponized version, using a vulnerability in the way Google apps are updated. The hijacked apps would still work just fine, which hid the malware from users. Armed with all the permissions users had granted to the real apps, "Agent Smith" was able to hijack other apps on the phone to display unwanted ads to users. That might not seem like a significant problem, but the same security flaws could be used to hijack banking, shopping and other sensitive apps, according to Aviran Hazum, head of Check Point's analysis and response team for mobile devices.
There was also a "dormant" version of "Agent Smith" in 11 apps on the Play Store, which could have been triggered into action by a banner ad containing the keyword "infect." The apps have since been removed from the Play Store, but had over 10 million downloads.

Not me

By AndyKron • Score: 3 • Thread
I don't do money on my phone or anything else important. Why do other people?

Something faintly ridiculous about this

By sheramil • Score: 3 • Thread

Agent Smith slips through your defenses

Peers over shades, assesses your phone's system with an evil glance, grins

Abducts healthy apps, replaces them with infected versions

...

"Hey, Adult Depends are on sale at Wal-mart! This week only!"

It's using the 2017 Janus exploit

By hankwang • Score: 4, Insightful • Thread

Apparently, the exploit used is the Janus one described here:
https://www.guardsquare.com/en...

From that article: [the attacker] can prepend a malicious DEX file to an APK file, without affecting its signature. The Android runtime then accepts the APK file as a valid update of a legitimate earlier version of the app. However, the Dalvik VM loads the code from the injected DEX file.

I occasionally install APKs from third-party sources such as apkmirror and apkpure (for example to downgrade to an older version if an update was broken or started spamming ads). I was trusting the fact that those APKs still had valid signatures. Hmm, what did I install before my phone got the security update?

German Banks Are Moving Away From SMS One-Time Passcodes

Posted by msmashView on SlashDotShareable Link
Multiple German banks have announced plans to drop support for SMS-based one-time passcodes (OTP) as a login authentication and transaction verification method. From a report: Postbank plans to drop support in August, while Raiffeisen Bank and Volksbank plan to do so in the fall, Handelsblatt reports. Deutsche Bank and Commerzbank also plan to drop support for SMS OTP but have not announced a deadline, while Consorsbank plans to discontinue it by the end of the year. Other banks like DKB and N26 have never deployed the technology, while ING has not made any public statements on its plans. The reason why German banks are dropping support for SMS OTP is because of legislation that the EU passed in 2015, set to enter into effect on September 14, this year. In 2015, the EU revised the Payment Services Directive (PSD), a set of rules that govern online payments in the EU, and issued an updated version called the PSD2. This legislation also included a clause for strong customer authentication (SCA) mechanisms.

Good

By gachunt • Score: 4, Interesting • Thread
Hoping my bank does the same. Or, at least makes it optional.

app based solution

By fermion • Score: 5, Interesting • Thread
Other banks have already moved away from simple phone verification to app verification. The app is still attached to a known phone, and the app has to be verified on that phone, but it can be used anywhere to get codes.

This is actually useful for customers who do work internationally, but still appreciate the high level of security provided by requiring these codes.

Re: app based solution - SQRL

By MCRocker • Score: 4, Interesting • Thread

Just in time for the release of Secure, Quick, Reliable Login. SQRL has the potential to be more secure and easier to use, which is a rare combination in the security realm.

Re: app based solution - proprietary auth sucks

By MCRocker • Score: 5, Interesting • Thread

I have agree that proprietary authenticator apps and OAuth based services are dubious at best. It's no surprise that banks don't trust them either.

It's too bad that OpenID started out half-baked, the implementations so inconsistent that sites stopped offering the opportunity to provide your own URL, and then the standards committee hijacked by industry representatives with vested interests that loaded it up with verify instead of fixing its security problems.

But, you might want to check out SQRL, which I mentioned in a reply to the parent post. It's an open standard with open source implementations and a two party security model that keeps those pesky snoops at bay.

Re:app based solution

By rastos1 • Score: 4, Insightful • Thread

In that case, I'm completely backwards. On a desktop machine I can see the filesystem, I can see the process list, I can verify origin of each of file, I can tune and access logs for each component, I can monitor network traffic, look a the SSL certificate details ... On a phone this is completely hidden from the user. Unless you take a lot of effort of rooting the phone and installing the firmware that has much smaller community and less vetting. The vendors do not maintain the system after 1 or two years, etc.

I personally do not trust a phone one bit.

Investigating Some Subscription Scam iOS Apps

Posted by msmashView on SlashDotShareable Link
Security engineer Ivan writes: For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's called the freemium business model, except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe. By subscribing you get a number of "free days" (trial) and then they charge you weekly/monthly/yearly for very basic features like scanning QR Codes.

I've been trying to monitor apps that have these characteristics: 1. They have In-App purchases for their subscriptions. 2. They have bad reviews, specially with words like "scam" or "fraud". 3. Their "good" reviews are generic, potentially bot-generated. This weekend I focused on 5 apps from 2 different developers and to my surprise they are very similar, not only their UI/UX but also their code is shared and their patterns are absolutely the same. A side from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.

Summary incorrect.

By MachineShedFred • Score: 5, Insightful • Thread

The segment

except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe.

should read:

except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you close the app and delete it because the developer is an asshat.

I mean seriously, who is hitting 'subscribe' and rewarding such fuckery?

Most Smartphone Apps Are Scams

By Thelasko • Score: 5, Insightful • Thread
The main purpose of most smartphone apps is to bypass the security features of the browser. Facebook and Twitter purposely cripple their mobile websites to force you to install the apps. Then they steal your data.

If you don't have an app for it on your PC, you shouldn't have an app for it on your phone.

great article

By cliffjumper222 • Score: 3 • Thread

I love this type of article, even though he didn't find anything suspicious, because he did contribute to the art by showing how weak some of these developers are that crap approaches they take. It all indicates that the developers are a "factory" of sorts churning out crap to get cash from unsuspecting users. It's an electronic equivalent of the cheap and nasty fake toys at the market that break as soon as you get them home.

Money laundering

By rsilvergun • Score: 3 • Thread
That's all this is. It's just money laundering. $10/mo for a QR code reader app, throw out a few hundred of these apps with a few hundred "users" each and before you know it you're clearing $100k/mo in clean money for only 30%.

As for why Apple allows it, hey, free money.

apple business model

By fermion • Score: 3 • Thread
Over the past decade or so, Apple has been a littler too aggressive in subscriptions, really killing the user experience. This has escalated in the past few years.

For example, iTunes hes back on after upograde. ms kind of sucked for a while, but now it does not even pretend to be a music player o the music library. The primary purpose seems to be to get subscribers for the Apple Music service, and while you can dig and turn off the annoying hourly notice, I swear it sometimes comes back on after upgrade.

This is going to have to work itself over time. As it is, I assume almost any app that has in app purchases written next to it is probably a scam, and I wonder if I need it, so I usually just skip it for apps that change a fixed rate up front.

To apples credit, canceling is very easy, I did so with Lightroom when it could not import my pictures. I also think that it would not be impossible to get charge removed from the credit card if you forget to cancel immediately. I have not had to do this, so someone with experience will have to tell how stupid I am.

My bigger concern is apps that require the creation of an account in order to use it. I am offended that I have to create an account, that may never be deleted, and may be used by sites such as facebook to track my movements, just to investigate an App. I have had this problems when looking for medical related apps lately. It is very intrusive

Microsoft Teams Overtakes Slack With 13 Million Daily Users

Posted by msmashView on SlashDotShareable Link
Microsoft is finally revealing exactly how many people are using its Slack competitor Microsoft Teams. From a report: The software maker says that more than 13 million people are using Microsoft Teams daily, along with more than 19 million weekly active users. This is the first time Microsoft has revealed an active user count, and the company's previous update was that 500,000 organizations were using the service back in March. This figure is above the more than 10 million people who use Slack daily. Slack revealed its 10 million daily active user count earlier this year, and it used the same figure back in April in a financial filing. Team communication service Slack, which has been around for much longer, was valued at north of $20 billion when it went public last month.

Further reading: Microsoft Might Crush Slack Like Facebook Crushed Snapchat.

Doesn't matter

By melted • Score: 3 • Thread

Doesn't matter. The "investors" have already bought the overpriced stock. Slack is cancer anyway, the sooner MS drives this entire market segment into the ground, the better it is for everybody.

Describe “active”

By UnknowingFool • Score: 3 • Thread
We have Teams and Slack at work. Very few people in my company use Teams. Of course every day they automatically login to Teams when they log into Windows. Is that “active” for MS?

Microsoft Usage Claims

By Luthair • Score: 5, Insightful • Thread

Remember when they claimed 2/3rds of Windows 10 users used Edge - https://www.thurrott.com/windo...

Re:Microsoft Usage Claims

By bobstreo • Score: 4, Insightful • Thread

Remember when they claimed 2/3rds of Windows 10 users used Edge - https://www.thurrott.com/windo...

Well, you do usually need an initial browser to download Chrome or Firefox...

Re:Microsoft Usage Claims

By Dixie_Flatline • Score: 5, Interesting • Thread

They're probably not lying, though it's definitely worth noting that at my work, we're using Teams to replace both Slack/Mattermost, and Lync/Skype For Business.

In a great number of cases, it's likely that people are jumping from Microsoft's old, terrible product to their newer, better one. Lync or whatever you want to call it was a nightmare, and Teams is a step up. I don't know that Teams is better than Slack or Mattermost, but it'll do.

The Trillion-Dollar Taboo: Why It's Time To Stop Ignoring Mental Health at Work

Posted by msmashView on SlashDotShareable Link
Experts in workplace psychology overwhelmingly agree that burnout is a growing public health crisis. An excerpt from a long report: When the FT set out to investigate this issue, we asked readers to describe how their employers handle mental health issues, including stress, burnout, anxiety and depression. More than 450 people responded from 43 countries. Although they were a self-selecting group, their responses were significant: the majority felt unsupported, alienated or discriminated against on the basis of their mental health. Two-thirds believed their work had a somewhat to extremely negative effect on their health, and 44 per cent said they did not think mental health was taken seriously by their organisation. Half said they either didn't know where at work to go, or had nowhere to go if they needed support.

Even as many companies strengthen their policies to close the gender pay gap and end sexual harassment, mental wellbeing often remains an afterthought. "This is not about buying Fitbits for employees and teaching them deep breathing so we can pile on more work," says Donna Hardaker, a workplace mental health specialist at Sutter Health, a not-for-profit healthcare network. "You must address the micro and the macro. There is a deeply entrenched cultural idea that workplaces are fine; it's the employees who are the problem. But employers have a social responsibility to not be harming the people who are working within their walls."

A failure to support employees is also costing companies a fortune: an estimated 615 million people suffer from depression and anxiety and, according to a recent World Health Organisation study, this costs an estimated $1tn in lost productivity every year. Companies that do not have systems in place to support the wellbeing of their employees have higher turnover, lower productivity and higher healthcare costs, according to the American Psychological Association. They also face significant legal risks.

Re:I am mentally ill

By BarbaraHudson • Score: 4, Insightful • Thread

It is not my workplaces job to address my mental health needs - that is my responsibility- or to coddle me in any manner other than maintaining professional behavior.

And if it’s your shitty boss or your unhealthy work environment or the stress of dealing with unwanted behaviour from colleagues or clients are the cause of your bad mental health ?

Just one example - crunch time. How is that not the responsibility of incompetence from management making unrealistic plans and not allocating enough time and resources , then abusing the workers rather than admitting they fucked up, or taking the credit when it’s the workers who made the sacrifices, only to get laid off when it’s done?

Toxic workplaces are the norm in IT. And not join IT. 40 years ago burnout wasn’t a thing.

Re:Employer social responsibility?

By HiThere • Score: 4, Informative • Thread

They're more common that that, though most are small businesses that don't grow very fast, so they don't do much hiring...particularly since they have a very low turnover.

Re:people with cold/flu

By BarbaraHudson • Score: 4, Insightful • Thread
Add to that the childish behaviour of asking for a doctors note. Blew me away. The first time I heard that I said fuck you, that’s an invasion of my privacy. Work is not an elementary school. No notes for unexpected absence. If my word isn’t good enough, then how can I trust you at your word. It’s a two-way street.

Re:Employer social responsibility?

By Immerman • Score: 5, Insightful • Thread

>Niches exist...

Absolutely they do. But you know the thing about niches? They're small. The niches can't hold even a large minority of the work force. And so long as everyone needs to eat, they *need* jobs. And that gives the big employers incredible bargaining power - of the "Take it or leave it, there's more applicants waiting in the hallway" variety.

There's a few ways you can address that. One of the obvious ones is to consolidate worker bargaining power to a similar degree as job bargaining power is consolidated into a relatively few employers - into unions, action committees, democratic governments, that sort of thing. Another is to level the bargaining table - remove the workers *need* for a job. If most people can afford to walk away from their job on short notice, then employers have to treat all employees well enough to keep them at work. UBI's offer a lot of that. Most social safety nets don't, you've generally got to fall pretty hard before they help hold you up . Presumably that's by design - those in the halls of power are pretty much always among those who are profiting from that power imbalance. Most of them were born to it and have no idea what that power imbalance really looks like from the other side.

Re:Corporations are schizophrenic, news at 11...

By BarbaraHudson • Score: 5, Insightful • Thread

This is so funny I just have to respond. I get far more attention from men than I want - and this seems to be the rule for trans women - men are attracted to us. That says more about the psychology of men than it does of trans women. We’re like some sort of exotic forbidden fruit.

Monday’s mail held the form for me to fill in my victim impact statement against the latest guy to make the sexual offenders list. A total stranger probably less than half my age, who I certainly didn’t want to have anything to do with.

This is certainly not me ruining some guys life out of jealousy - he ruined his own life, and now I’m going to have to get a protective order against him and worry that he might show up at any time because he now knows my name and where I live.

That’s one of the reasons women are reluctant to go to the police - court proceedings give the perp your personal information.

No woman enjoys this shit - and being trans just ups both the frequency of it happening and the embarrassment of discussion of it in court.

But keep victim-blaming. You’re a fucking joke of a human. Go back to playing with a non-systemd Linux distro because you can’t use a real Unix like FreeBSD. Same as you use Delphi because shit coders can’t keep track of memory in c.

I was paid to do both for years because, unlike you, I am a real programmer, not a one-trick pony. Go play with your new competition for asshattery - the Ladder Logic Guy. It will help distract you from your unhealthy obsession over me.

Ps - it probably pisses you off to no end that you can’t get laid by anything that you have not first inflated while I have to get police protection to keep the guys away. Just saying ...

Google Admits Partners Leaked More Than 1,000 Private Conversations With Google Assistant

Posted by msmashView on SlashDotShareable Link
Google admitted on Thursday that more than 1,000 sound recordings of customer conversations with the Google Assistant were leaked by some of its partners to a Belgian news site. From a report: These conversations are used by companies such as Google and Amazon -- which takes clips from the Amazon Echo -- to improve voice responses from their smart assistants. They are supposed to be kept confidential. But Belgian news site VRT said on Wednesday that a contractor provided it with samples of these sound samples, which VRT then used to identify some of the people in the clips. It also examined the sorts of conversations that Google collects when people say "OK Google," into a phone or a Google Home product. Among other things, VRT heard customer addresses. Sources who talked to the publication also described hearing recordings of a woman in distress and people talking about medical conditions.

Google has now admitted the recordings were leaked. "We just learned that one of these language reviewers has violated our data security policies by leaking confidential Dutch audio data," Google product manager of search David Monsees said in a blog post. "Our Security and Privacy Response teams have been activated on this issue, are investigating, and we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again."

color me not surprised

By FirstNoel • Score: 3 • Thread

we knew they recorded everything. Therefore it can be leaked....

Still glad I don't have one....

Twitter is Down [Update]

Posted by msmashView on SlashDotShareable Link
Multiple users are reporting issues while trying to load Twitter. Third-party internet firm DownDetector corroborates the claim, saying more than 10,500 users have reported issues with Twitter in the last 15 minutes. ( Update: 47,000+ reports in last 25 minutes). TweetDeck, a service offered by Twitter, is also facing an outage. Twitter apps are also not loading new tweets.

Update at 19:00 GMT: Twitter has acknowledged that users are facing issues accessing its service. The microblogging platform said it is investigating the matter.

Update at 20:00 GMT: In a statement, Twitter said it has resolved the issue.

no FailWhale!

By bill_mcgonigle • Score: 3 • Thread

Just a "something went wrong" for me - how disappointing. Back in Rails days we would get regular sightings of the failwhale.

Moo

By ncc74656 • Score: 3 • Thread

...and nothing of value was lost.

Re:Twitter is Down

By Anonymous Coward • Score: 4, Interesting • Thread

Is it odd that this occurred while the Social Media Summit for pro-Trump content leaders meeting with the President?

Kinda shows who has power over the 'big switch', eh?

Re:In unrelated news

By Shotgun • Score: 5, Funny • Thread

He was joined by a team of "journalist", crying "Will we have to actually investigate and write real stories now?"

Re:In unrelated news

By bobbied • Score: 5, Insightful • Thread

He was joined by a team of "journalist", crying "Will we have to actually investigate and write real stories now?"

No they are just sitting in the news room, eyes glued on their phones waiting for the "news feed" to resume..

It would take a few days before it dawned on them that they might need to start wearing out some show leather to stay in business and it's not been long enough yet.

US Mayors Group Adopts Resolution Not To Pay Any More Ransoms To Hackers

Posted by msmashView on SlashDotShareable Link
The US Conference of Mayors unanimously adopted a resolution this week to not pay any more ransom demands to hackers following ransomware infections. From a report: "Paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit," the adopted resolution reads. "The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm," it said. "NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach." The resolution adopted this week at the 87th annual meeting of the US Conference of Mayors doesn't have any legal binding, but can be used as an official position to justify administrative actions, for both federal authorities and taxpayers alike. The Conference of Mayors includes over 1,400 mayors from across the US, representing cities with a population of over 30,000. The organization said that "at least 170 county, city, or state government systems have experienced a ransomware attack since 2013," and "22 of those attacks have occurred in 2019 alone."

And the backups?

By guruevi • Score: 5, Insightful • Thread

Have they also resolved to pay for a backup system?

Adopt Resolution to Have Backups

By ranton • Score: 3 • Thread

Just having proper backups is just as good as refusing to pay ransom, since as long as you have proper backups you don't have to pay them.

I like the sentiment, but...

By thevirtualcat • Score: 4, Interesting • Thread

"Not only have we encrypted all the data you need to do your work, we've siphoned off all the data you have on your citizens to our own servers. Pay the ransom or we'll (release|sell) it."

Maybe instead, they can resolve to fix up their IT security.

Backups

By phantomfive • Score: 3 • Thread
LOL I came here to say, "Where is the resolution to make good backups?" And there were already three comments saying the same thing. Great minds think alike, or nerds all know how to fight ransomware.

The answer is they don't have a resolution for backups. Instead, they have a resolution calling on the US government to create a data center they can all use that will be secure, reliable, not too expensive, and solve all their problems.

Re:And the backups?

By mysidia • Score: 5, Insightful • Thread

Its one thing to have a backup system... you need a RESTORE system as well.

And at that, a restore system provides not just the basic capability to restore and avoid losing data, but also the capability to do a "mass restore and immunize" within a short enough timeframe to prevent justifying paying a ransom.

If the restore process requires a certain amount of downtime, then the losses due to downtime may make it more effective to actually pay the ransom rather than to even utilize that restore process.

So, uhm, this is not all just about backups but also about IT security and system management practices (besides the restore plan)

Buzz Aldrin is Looking Forward, Not Back -- and He Has a Plan To Bring NASA Along

Posted by msmashView on SlashDotShareable Link
schwit1 shares a report: Just after Memorial Day this year, I began talking regularly with the pilot of the first spacecraft to land on the Moon. We had spoken before, but this was different -- it seemed urgent. Every week or two, Buzz Aldrin would call to discuss his frustration with the state of NASA and his concerns about the looming 50th anniversary of the Apollo 11 Moon landing without a lack of discernible progress to get back. Even at 89, Aldrin remains remarkably engaged in the aerospace community, often showing up to meetings and conferences unannounced. Aldrin asks questions. He talks to the principals. In the last two years, the aerospace legend has been to the White House for major space announcements by President Trump, served as an adviser to the National Space Council, and supported the White House goal of returning to the Moon by 2024.

But what NASA has been doing to get back there, for the better part of two decades, just hasn't been working. President Bush directed NASA back to the Moon more than 15 years ago, and in one form or another, NASA has been spending billions of dollars each year to build a big, heavy spacecraft and a bigger, much heavier rocket as the foundation for such a return. Along the way, NASA has enriched a half-dozen large aerospace contractors and kept Congress happy. But the space agency still can't even launch its own astronauts into low-Earth orbit, let alone deep space or the Moon. "I've been going over this in my mind," Aldrin told Ars "We've been fumbling around for a long, long time. There has to be a better way of doing things. And I think I've found it."

[...] For all of the time and money invested in SLS and Orion, these vehicles lack the energy to fly a mission into low lunar orbit and back. Indeed, the engine powering Orion's service module has less than one-third of the thrust of the Apollo propulsion system that flew Aldrin to the Moon in 1969. This is a major reason NASA intends to build a Lunar Gateway -- a small space station -- in a distant orbit around the Moon. From there, the Gateway will come no closer than 1,000km to the lunar surface and spend most of its seven-day orbit much farther away. "One thing that surprises me is the lack of performance," Aldrin said, discussing these vehicles NASA has spent so long developing. "It forces NASA into this weird orbit. And how long is SLS going to last until Blue Origin or SpaceX replaces it? Not long. How long is that heavy Orion spacecraft, with an under-powered European service module, going to hang around in the inventory? Not long."

I feel bad for him.

By Anonymous Coward • Score: 3, Insightful • Thread

He really wants to move forward and explore more of space but the rest of humanity is sitting on it's backside with a thumb stuffed right up there. It's sad he'll most likely never see much progress in his lifetime.

I'm in complete agreement with Buzz Aldrin

By steveha • Score: 5, Interesting • Thread

Unhappy about dumping billions into Space Launch System... wanting to stage out of Earth orbit... wanting to make a reusable moon shuttle (I have found out that Buzz Aldrin calls it a lunar cycler).

Here's what I said before about this:

SLS is massively over budget, very much behind schedule, and has never flown.

SpaceX has shown that they can reliably and predictably and affordably deliver stuff to orbit. So I would favor a program where SpaceX rockets are the work horses for the moon project. If Blue Origin or anyone else can get their stuff flying reliably, they are welcome to the party also.

There is an old saying, attributed to Heinlein, that goes something like this: "Once you are in Earth orbit you are halfway to anywhere in the solar system." If you can reliably put stuff into Earth orbit, you can accumulate supplies there, assemble modules there, and launch a well-equipped setup from there.

The Apollo program was trying to win a race and put everything on one, single rocket. That's the most expensive and risky way you could possibly do it. Instead, send up some fuel tanks, and launch enough rockets to fuel them up. Send up the space equivalent of a shed and stock it with dried food and other stuff. Send up the oxygen and water.

Send up a "moon shuttle" in pieces and assemble it. It could be ridiculously stark and simple: a long stick with points for attaching things and with rockets at one end. It doesn't have to be pretty. Also send up some kind of moon landers, maybe even two different designs made by two different companies, and send both on the mission. (In fact, before the first moon shuttle leaves, maybe build a second one and have it ready as a rescue craft in case something goes wrong with the first one!)

When it's time to go, you just attach landers, supplies, living modules, and fuel modules to the moon shuttle, and it leaves Earth orbit and goes to Moon orbit. Landers drop and return. Then the shuttle returns to Earth orbit. The shuttle can be reused many times; if designed right, maybe the [landers] can be reused many times (or maybe those really need to be disposable, I don't know).

I am not any kind of expert but it seems to me that this plan is way better than getting a heavy-lift cargo rocket built, and launching a moon mission on it.

And I would propose that the government finance all this with a series of bounties. Pay some large sum for the first company to put a fuel tank in orbit. Pay a smaller sum for the second and third companies. Pay a nice amount for each kg of fuel delivered to a fuel tank in orbit. Pay a really large chunk for the first lander to safely land on the moon and return. And so on.

The best thing about bounties is that the government is only paying for success. (Dumping money into big government projects like SLS doesn't guarantee success.)

The above program would require developing expertise in assembling things in orbit, but once all the pieces were in place visiting the moon could become as routine as SpaceX launches are now.

Not surprising

By Brett Buck • Score: 5, Interesting • Thread

For all of the time and money invested in SLS and Orion, these vehicles lack the energy to fly a mission into low lunar orbit and back. Indeed, the engine powering Orion's service module has less than one-third of the thrust of the Apollo propulsion system that flew Aldrin to the Moon in 1969. T

        Of course it does. The Apollo SM engine was grossly oversize for the mission they flew. It, and the rest of the SM, was sized for a "direct ascent" mission, where a huge stack was launched straight to the moon, the entire think landed, then the SM lifted off from this to return and came straight back. The propellant tanks were sized for a huge amount of delta-v, and the engine had to be big enough to lift the entire SM/CM off the moon in 1/6G. That was abandoned in 1962, I think for LOR.

        In practice, it required a tiny fraction of the fuel needed, and usually flew with half the possible propellant load. It doesn't need a gigantic engine just to do orbit injection, so putting one on there would be absurd. No one is going to be landing an entire Orion stack on the moon, there will be a dedicated landing module for that purpose. Orion, to start with, uses far-better-proven Shuttle OMS engines, and those are perfectly adequate for the planned missions,

NASA's real purpose

By green1 • Score: 3 • Thread
I think people misunderstand the real purpose of NASA. Their purpose is not to explore space, or anything remotely related to that. That's all just a side effect. The real purpose of NASA is to distribute billions of dollars of tax revenue to the "right" congressional districts and corporate donors. When you understand that, you can see that NASA is working exactly as intended.

Every project needs to be accomplished in as many states as possible, and by the most powerful companies possible. Anything else is an accident. progress towards an end goal isn't really relevant.

Is this frustrating for people who want human progress to continue and grow? Absolutely! but NASA is a political organization with political goals. It can never escape those goals to do what's best for humanity.

France Approves Digital Tax on American Tech Giants, Defying US Trade Threat

Posted by msmashView on SlashDotShareable Link
France's Senate approved a tax on the revenues of tech giants like Google, Amazon and Facebook on Thursday, defying a warning from the President Donald Trump administration that it "unfairly targets American companies." From a report: On Wednesday, Trump ordered an investigation into France's planned "digital tax" on tech companies. The 3% tax would apply to the French revenues of roughly 30 major companies, mostly from the U.S. "France is sovereign, and France decides its own tax rules. And this will continue to be the case," France's Finance Minister Bruno Le Maire said in a statement. He added the U.S. and France could find agreements, rather than using threats, to reach a deal on the "fair taxation" of internet giants.

Price of Success

By ikhider • Score: 3 • Thread
Facebook, Amazon, Netflix, Google (FANG) et al re making titanic profits and have eviscerated domestic media outlets, who do pay taxes, in the process. It is only fair that these juggernauts pay tax, particularly if they make their money off the populations that gave them the billions of dollars valuations in the first place. They do not deserve a tax-free ride. They have offshored profits to no one's benefits but their own. These companies must pay taxes anywhere they operate and reap megaprofits from.

Re: Slap 3% on French Wine

By TimothyHollins • Score: 5, Insightful • Thread

What stops Google (I can't believe I"m arguing for google here)....from having servers, offices, etc...all outside of France's borders, but still within the EU....and sell ads to French businesses, yet never have to set foot in the country and pay those taxes.

1. Google operating within France, even if not located physically there, requires that Google follow applicable French law. Whether Google has a physical presence or not there is irrelevant. This is the reason websites based in America are following GDPR regulations. Small websites and services that no one will go after can ignore this, but Google is not a small service and will not go unnoticed. Pissing off France this way will likely have ramifications.
2. If Google violates French law blatantly, France may "prosecute" via EU channels, which would be far worse for Google and all the other tech giants.
3. Trump is an idiot, and doesn't understand the French. The French do *not* respond well to threats. Brandishing increased tariffs guaranteed that they would pass the law if only to show him up.

Re: Title is clickbait

By TimothyHollins • Score: 4, Informative • Thread

Revenue is a lot harder to hide than profit. Profit you can subtract with "investments", but revenue has to be recorded in the books as is. And since the revenue will also be available from all the French companies that do business with Google, it will be difficult indeed to hide. Finally, massaging the numbers of the profit is a grey zone in many cases, but massaging the numbers of the revenue is a black and white felony.

How the internet created a global trade war

By NewtonsLaw • Score: 3 • Thread

How the Internet created a global trade war

From a New Zealand perspective.

Re: What if...

By Jerry Atrick • Score: 4, Interesting • Thread

These taxes coming to EU countries are intended to tax the profit made from citizens in individual countries, not global profit. They won't sum they way you insinuate. The target companies have been very good at choosing where they want to pay tax, this shifts that to where the profit is actually made.

Trump is annoyed because it's fairer.

Amazon Pledges $700 Million To Teach Its Workers to Code

Posted by msmashView on SlashDotShareable Link
Amazon announced Thursday that it will spend up to $700 million over the next six years retraining 100,000 of its US employees, mostly in technical skills like software engineering and IT support. From a report: Amazon is already one of the largest employers in the country, with almost 300,000 workers (and many more contractors) and it's particularly hungry for more new talent. The company currently has more than 20,000 vacant US roles, over half of which are at its headquarters in Seattle. Meanwhile, the US economy is booming, and there are now more open jobs than there are unemployed people who can fill them, according to the Bureau of Labor Statistics. "The purpose isn't really to create a job ladder from fulfillment center to CEO, but rather to meet employees where they are and to create opportunities for them to build on the skills that they have," Ardine Williams, Amazon's vice president of workforce development, said in an interview Thursday morning. Amazon joins a number of other companies who have announced multimillion-dollar investments in retraining in recent years, as a tightening labor market and technological change forces businesses to evolve. Amazon has already spent thousands of dollars on worker retraining in its Career Choice program, which helps hourly associates pay for degree programs in other, high-demand fields. CEO Jeff Bezos said in a shareholder letter last year that more than 12,000 US employees have participated in the program since it began in 2012. Amazon said they will expand the program Thursday.

So not better pay, conditions, and benefits?

By UnknowingFool • Score: 3 • Thread
I think their employees would rather have better pay, working conditions, and benefits than learning to code.

Re: Teach them the right skills

By cayenne8 • Score: 4, Insightful • Thread
Wow, I was wondering how long it would take for an AOC type or other anti-"something/everything" category would take to get in here and figure how this is a BAD thing...??

I mean, they bitch that they have labor people, struggling to make it on $15 or whatever.

Then, they complain that robots and automation will kick them out of jobs.

Now...somehow, training them to be able to take higher end jobs so they can better their place in life, is now a bad thing too? What gives?

Is the ONLY solution these folks will accept is UBI and no one working?

Hell, if nothing else re-training US Citizens living here, to take jobs here rather than exporting them out or bringing H1 foreigners alone would be a big PLUS in my book.

Employ our citizens with better paying jobs and keep the $$ inside our economy.

Re:Teach them the right skills

By jellomizer • Score: 4, Interesting • Thread

50K a year in Upstate NY for example gives you a good middle class life style. You can get a modest home and you are able to support a family.
75k a year in Silicon Valley, they can probably get a small apartment, perhaps with a roommate. They may choose to commute further to get a home.

Don't believe it

By tipo159 • Score: 5, Insightful • Thread

This is a ploy to back up their claim that the number of H1-Bs needs to be increased. There are plenty of over-40 software engineers that they could be hiring, but instead they figure out how to avoid hiring them.

On the other hand, maybe it is a way to drive down programmer costs since a $15/hr warehouse worker might be happy as a $30/hour coder.

Is no one going to point out how small this is?

By drew_kime • Score: 4, Interesting • Thread

$700 million over the next six years retraining 100,000 of its US employees

That's $7k per employee over 6 years, or less than $1200 per year. That's a 2-day offsite training (once you include travel costs) or maybe a 2-week onsite class. That's barely enough to keep existing coders up-to-date with the latest developments in their tools.

Apple Opens App Design and Development Accelerator in China

Posted by msmashView on SlashDotShareable Link
Apple has opened a design and development accelerator in Shanghai -- its first for China -- to help local developers create better apps as the iPhone maker looks to scale its services business in one of its key overseas markets. From a report: At the accelerator, Apple has begun to hold regular lectures, seminars and networking sessions for developers, the company said this week. It is similar to an accelerator it opened in Bangalore about two years ago. In India, where Apple has about half a million app developers, the accelerator program has proven crucially useful, more than three dozen developers who have enrolled for the program have told TechCrunch over the years. Participation in the accelerator is free of cost. Apple said more than 2.5 million developers from greater China, which includes Taiwan and Hong Kong, actively build apps for its platform. These developers have earned more than $29 billion through App Store sales. More than 15% of Apple's revenue comes from greater China, according to official figures.

Yes they do

By SuperKendall • Score: 4, Interesting • Thread

Apple has one focused on women owned businesses (I don't think only women can attend the development camp, as they allow three employees per company).

Beyond that there are a lot of free iOS Deve camps around the U.S. pretty regularly and all WWDC videos are free to watch, so there's not as much of a need for Apple to provide accelerators here.

The camps are really useful though to get familiar with getting through all of the steps needed to actually build and deploy a real app. Once you know all those figuring out how to improve the app is more straightforward.

Climate Change: How Hot Cities Could Be in 2050

Posted by msmashView on SlashDotShareable Link
dryriver writes: A new study, published in the journal PLOS One, suggests summers and winters in Europe will get warmer, with average increases of 3.5C and 4.7C respectively. It's the equivalent to a city shifting 620 miles (1,000km) further south -- with those furthest away from the equator being most affected. London could feel as hot as Barcelona by 2050, with Edinburgh's climate more like Paris, Leeds feeling like Melbourne and Cardiff like Montevideo. That's from a study looking at how a 2C temperature increase could change the world's 520 major cities.

That temperature increase would result in the average UK temperature during summer's hottest month increasing by about six degrees to 27C. The University of Reading's Professor Mike Lockwood warned about the damage that could be done to infrastructure. 'Bringing Barcelona's climate to London sounds like it could be a good thing -- if you don't suffer from asthma or have a heart condition, that is -- except London clay shrinks and is brittle if it gets too dry and then swells and expands when very wet. As ever, there is destructive and unforeseen devil in the details of climate change.'

Re: Climatedot

By Anonymous Coward • Score: 5, Insightful • Thread

I'm in the US, I'm born and raised in Arkansas. I drive a 4x4 truck and qualify as a redneck and a hillbilly. I have my GED and 2 years of community college. I can understand the metric system and use it with no issues. I don't convert the exact temperature from C to F in my head but I have a pretty good idea of how hot or cold something is when given temperatures in C. I know 20C is a nice comfortable temp just below 70F and that 40F is a few degrees over 100F and hot as balls. 0C is Freezing and 100C is boiling.

It would be nice if people like you quit acting like the US was some kind or rational haven because we use imperial measurements and ignore the metric system. I was never taught the metric system in school but I wish I was. I'm 42 and it's much easier to learn and use and it makes sense. The US and 1 or 2 other shithole countries in the entire world still use imperial measurements. Don't act like you are too good to learn something new, especially on a site like Slashdot "news for nerds stuff that matters" because if you cant take an hour or two out of your life to learn the metric system get the fuck off of news sites about technology and futurism and go spend your time commenting on funny memes on 9gag. This website is for people who want to learn new things and talk about them. It's not for people who want to bitch because they don't understand something as simple as temperature being measured in celcius.

It's the scientific standard for the world, including scientists in the United States. Go take a giant flying fuck if you can't see an article using C without crying in the comments that you are too fucking thick headed to know what 3.7C means in farenheit and too lazy to type 3.7C to F in your address bar where it will fucking convert it without you even having to press enter or search or anything else.

Re:Models proven false predict false futures.

By jwhyche • Score: 4 • Thread

As for refuges, there are already islands being abandoned because they are 98% underwater,

Which islands?

Re:A carbon-doom oopsie

By religionofpeas • Score: 4, Insightful • Thread

Stuff like shrinking clay sounds funny and trivial, until you realize that it breaks homes and infrastructure, and the cost of fixing is huge. It's cheaper to buy an A/C unit to deal with a hot summer than to have your house repaired.

Re: Climatedot

By religionofpeas • Score: 4, Informative • Thread

I agree that Fahrenheit looks nicer for human-related temperatures, but if you've grown up with Celsius, it's all perfectly fine too. And the fact that 0 C is freezing point of water is helpful when driving.

Here ya go

By rsilvergun • Score: 5, Informative • Thread
Right here. Took about 5 minutes of googling, mostly because there's several articles about larger island chains in danger of disappearing (Tuvalu and Kiribati are aparently becoming uninhabitable due to flooding).

Closer to home there's extreme weather in the US. In Florida you can no longer buy hurricane insurance. No one will sell it to you because they're too frequent. New Orleans was destroyed less than a decade ago and may be again soon.

Panasonic To Develop Green Home Appliances Made From Plants

Posted by msmashView on SlashDotShareable Link
AmiMoJo writes: Panasonic will adopt a plant-derived plastic for refrigerators, vacuum cleaners and other home appliances within a few years. The Japanese electronics maker has developed a plastic that is comprised of 55% cellulose fibers and is durable enough to be used for its products. Cellulose is an insoluble substance obtained from the bark, wood or leaves of plants, or from other plant-based material. Panasonic says resin material with more than 50% of plant content is rarely used for commercial purposes. Because plant fibers are soft, molding the material into appliance parts had been a challenge. Panasonic tapped its expertise in battery development to increase plant content without compromising its strength.

Wow!

By SuperKendall • Score: 3, Funny • Thread

Doesn't get any more hipster than having a coffee maker made of coffee!

Will I need to water them?

By QuietLagoon • Score: 3 • Thread
Not too sure i want to have someone come in while I'm on vacation to water my fridge. :)

Difference in material, difference in design

By drinkypoo • Score: 3 • Thread

Panasonic says resin material with more than 50% of plant content is rarely used for commercial purposes. Because plant fibers are soft, molding the material into appliance parts had been a challenge.

So you make the internals of the product stronger, as you make the exterior weaker. Obviously it wasn't an issue for Ford's prototype car with a composite body because vehicles were all full-frame back then, and the body wasn't load-bearing. It sucks when the good parts of something are made out of plastic anyway. I've got a Poulan Pro string trimmer with a clutch... built into the plastic housing. It's a great machine with great parts availability, but one day that front housing will warp, or offgas to brittleness and crack, and then I'll have to chuck the whole thing in the bin because that part will almost certainly be discontinued by then.

I hope it's not tasty

By magzteel • Score: 3 • Thread

Reading this made me wonder if it could have unwanted side effects, like soy-based wire insulation:

https://www.caranddriver.com/n...
https://www.thedrive.com/news/...

Stupid - wrong target

By Dutch Gun • Score: 5, Insightful • Thread

This is misguided at best. We don't need to worry about durable goods made from oil-based plastics. How often do people buy a new fridge or vacuum cleaner? Maybe several in a lifetime? The real problem is all the temporary plastic packaging or other plastics that gets thrown away, and in some cases, washed down the drain, ending up in the oceans.

This is the same thing that's leading the Lego corp to waste millions looking for alternatives when no one throws Lego bricks away in the first place. They'd do far, far more good trying to figure out how to make plant-based packaging that bio-degraded nicely instead of lasting so long in our landfills.

Apple Disables Walkie Talkie App Due To Vulnerability That Could Allow iPhone Eavesdropping

Posted by msmashView on SlashDotShareable Link
Apple has disabled the Apple Watch Walkie Talkie app due to an unspecified vulnerability that could allow a person to listen to another customer's iPhone without consent. From a report: Apple has apologized for the bug and for the inconvenience of being unable to use the feature while a fix is made. The Walkie Talkie app on Apple Watch allows two users who have accepted an invite from each other to receive audio chats via a 'push to talk' interface reminiscent of the PTT buttons on older cell phones.

Re:If you want a walkie Talkie, why not just buy o

By Anubis IV • Score: 4, Insightful • Thread

If you want a phone, why not just buy one? Or a calculator? A compass? A GPS unit? The other physical devices that smart devices have largely obviated?

Perhaps we should flip your question on its head and ask why would you buy a walkie talkie or any other form of unitasker if you already have its functionality provided by a different device? Isn't that wasteful?

To be sure, there are reasons for doing so (e.g. you have specialized needs not covered by the built-in functionality), but for most people's needs, their smart device is already good enough, so having separate devices for each piece of functionality makes no sense. I remember my parents having walkie talkies when we moved halfway across the country so that we could talk between our cars. We also had a "TripTik" and other paper maps provided by AAA, notebooks that had details about hotel reservations and the like, flashlights, a compass (my mother was quite the outdoorsman and liked to be prepared), a camcorder, stacks of books, and travel versions of board games. These days, all of those (as well as a number of other things that were available at the time of that move, but which we didn't own at the time, such as Gameboys, portable DVD players, and cell phones) are apps or features on my smart phone, and that one device replaces more and more physical devices in more and more situations as developers write more apps and as new features are pushed down through software updates.

And if we're talking about what's "cool", isn't the cool thing these days go with "retro" devices in favor of smart ones?

Bankrupt Maker Faire Revives, Reduced To Make Community

Posted by BeauHDView on SlashDotShareable Link
After being shut down last month with 22 employees losing their jobs, Maker Faire and Maker Media are coming back, but in a weakened capacity. Founder and CEO Dale Dougherty tells TechCrunch that "he's bought back the brands, domains, and content from creditors and rehired 15 of 22 laid off staffers with his own money." The report says that he will formally announce the relaunch of the company with the new name "Make Community." From the report: The company is already working on a new issue of Make Magazine that it will hope to publish quarterly (down from six times per year) and the online archives of its do-it-yourself project guides will remain available. It hopes to keep publishing books. And it will continue to license the Maker Faire name to event organizers who've thrown over 200 of the festivals full of science-art and workshops in 40 countries. But Dougherty doesn't have the funding to commit to producing the company-owned flagship Bay Area and New York Maker Faires any more.

For now, Dougherty is financing the revival himself "with the goal that we can get back up to speed as a business, and start generating revenue and a magazine again. This is where the community support needs to come in because I can't fund it for very long." The immediate plan is to announce a new membership model next week at Make.co where hobbyists and craft-lovers can pay a monthly or annual fee to become patrons of Make Community. Dougherty was cagey about what they'll get in return beyond a sense of keeping alive the organization that's held the maker community together since 2005. He does hope to get the next Make Magazine issue out by the end of summer or early fall, and existing subscribers should get it in the mail.

Those big festivals don't make sense

By drinkypoo • Score: 3 • Thread

I never bothered to go to the local maker fair because it was in SF, which made going at least twice as expensive as if it had been someplace reasonable.

It doesn't make sense to spend a lot of time, effort, and money putting together these large events when you could reach more people with less investment with a larger number of smaller, more localized events.

Anything that encourages people to drive for hundreds of miles is harmful to the environment. What's the total environmental impact of burning man? SXSW? Coachella?

Which One?

By JBMcB • Score: 4, Interesting • Thread

There are a few commercial vendors at the Detroit Maker Faire, but they all have a maker theme to them. Bose has a DIY smart speaker kit, for example, and Moog had a great talk on building your own synthesizer.

The last owners killed the community

By mabu • Score: 5, Interesting • Thread

Hopefully the new owners won't do what the last owners did.

They put restrictions on the use of the term "maker's faire" and any community who wanted to use that name had to meet certain requirements and pay them a licensing fee. A lot of communities wanted to host their own "maker fairs" but ran into oppressive restrictions.

Re:The last owners killed the community

By Anonymous Coward • Score: 5, Informative • Thread

You're gonna be disappointed.
Same people behind it, same idea of licensing the name.
Nothing more than a shell game.

Well...

By Obfuscant • Score: 3 • Thread
I guess I won't hold my breath for the last three issues of the year subscription to Make I made the mistake of buying.

What a fun process it was, too. Barnes and Noble had a shrink-wrap cardboard bit for sale offering half off a Make subscription. I think it was $25. I got it home, opened it up, and it told me to go to a certain web page and enter the code hidden inside.

The web page did not exist. 404 not found, maybe it's been moved? Maybe it just didn't exist in the first place and this was fraud, more like it.

After pointing this fact out to Make customer support, they graciously offered to give me a year's subscription just because they wanted to keep their members happy. How about because you sold the subscription and already had the money? No concern for that concept?

The last three issues have been rather bland. I threw the request to renew away. This is truly one magazine that wasn't killed by online info, it committed suicide.

The Most Clever 'Zip Bomb' Ever Made Explodes a 46MB File To 4.5 Petabytes

Posted by BeauHDView on SlashDotShareable Link
Programmer and engineer David Fifield has unveiled a brand-new Zip bomb that explodes a 46-megabyte file to 4.5 petabytes of data. Fifield's new type of "Zip bomb" or "compression bomb" is particularly novel because he " figured out how to 'overlap' files inside of a Zip archive, allowing for compression rates far beyond those of a traditional archive," reports Motherboard. From the report: In an email interview, Fifield noted that, while 42.zip (which has a 106 billion-to-one compression ratio and has been hosted on the same single-serving website for at least 15 years) gets much of the attention, he finds later attempts more technically interesting. "eI find 42.zip inspiring on an aesthetic level -- not so much the file itself but the circumstances around it," Fifield said. "It's like folklore. There must have been many examples of the same basic idea, but for whatever reason 42.zip is the one that had staying power."

Fifield noted that part of what makes his process possible was by coming up with ways to handle cyclic redundancy checks, or CRCs, a basic error-correction functionality baked into Zip, PNG, Ethernet, and numerous other technical standards. Messing around with CRC -- 32 checksums, as they're called, was where Fifield said he learned the most. Fifield, who will present his findings at the USENIX Workshop on Offensive Technologies (WOOT) conference next month, noted that while the work itself adds to a history of research and likely will be superseded in the future, its benefit from an awareness standpoint is important.

Re:This is new to me

By Joce640k • Score: 4, Interesting • Thread

Much smaller download, too...

Yep. The fact that a 46Mb zip file can expand to something big doesn't really strike me as newsworthy.

Re:In other news....

By Anonymous Coward • Score: 5, Informative • Thread

Also, this story isn't exactly new.
I thought I had that zip on my disk somewhere but I must have lost it.
As TFA pointed out it has been on the same page for 15 years. Why someone suddenly found the need to write about it I don't know.

Actually this is new. The one you mention has been around for 15 years is a zip file that contains zip files, which in turn contain zip files, and so on until the innermost zip which holds a single 4GB file. If your software supports automatic decompression of nested zips, only then will it all expand to the 4.5 PB.

Whats new about the zip in this submission is that there is no nesting of zips inside of zips inside of zips. It's a single zip file (ie: not recursive) which contains all of the destination files. Whereas the 15 year old version will only do the full expansion when decompressed by a very small number of zip utilities, this new one should fully expand with nearly every zip utility out there.

Re:This is new to me

By squiggleslash • Score: 5, Insightful • Thread

Part of it's an intellectual exercise but part of it is to smash assumptions: there's an enormous amount of code out there that'll unzip zip files automatically, and most programmers make assumptions there are reasonable limits to how big such files will be. So when someone can find a way to encode a zip file so that when extracted the enclosed files have more bits than there are atoms in the universe, you can see the problem.

Why do programs often automatically unzip zip files? Sometimes it's for good reasons - antivirus filters for example - and sometimes for stupid reasons - I recall early versions of Safari did this (and because to install applications on Mac OS X, at least at the time, including setting up file type associations, all you needed to do was copy the application to your hard disk, this was a major security flaw) because it was just assumed that if you had a zip file, you'd want to open it right away, right?

Either way, proofs of concept like this remind programmers that they can't make certain assumptions.

LZ77 with distance 1

By tepples • Score: 4, Interesting • Thread

Zip and Gzip use DEFLATE, which incorporates LZ77 and Huffman layers. LZ77 with distance 1 behaves as RLE.

4.5 petabytes

By roc97007 • Score: 3 • Thread

4.5 petabytes. Must be Kardashian porn.

Makes sense it'd shrink to almost nothing.

Japan's Hayabusa2 Probe Makes Second Touchdown On Distant Asteroid

Posted by BeauHDView on SlashDotShareable Link
Japan's Hayabusa2 probe touched down on a distant asteroid on Thursday, the space agency said, on a mission to collect samples that could shed light on the history of the solar system. The Japan Times reports: "The control room received Doppler data showing that the probe appears to have touched down successfully," Japan Aerospace Exploration Agency spokesman Takayuki Tomobe said. "But Doppler only shows the speed and altitude so we will need definitive confirmation," he added. Additional data readings are expected later in the day. The landing is the second time it has touched down on the desolate asteroid as part of a complex mission that has also involved sending rovers and robots. The mission hopes to collect pristine materials from beneath the surface of the asteroid that could provide insights into what the solar system was like at its birth, some 4.6 billion years ago.

To get at those crucial materials, in April an "impactor" was fired from Hayabusa2 toward Ryugu in a risky process that created a crater on the asteroid's surface and stirred up material that had not previously been exposed to the atmosphere. The second touchdown required special preparations because any problems could mean the probe loses the precious materials already gathered during its first landing. The probe had been expected to make a brief touchdown on an area some 20 meters away from the center of the crater to collect the unidentified materials believed to be "ejecta" from the blast.

On the hunt

By World Virus • Score: 4, Funny • Thread
looking for space whales?

bad PR

By JoeRobe • Score: 4, Interesting • Thread

Is it me, or is there some pretty weak PR coming from JAXA on this? I remember the first touchdown barely made news (at least in the US), despite being a major achievement. This llatest one seems like it has even less news coverage. Maybe (hopefully) it's making more news outside of the US.

Apple Pushes a Silent Mac Update To Remove Hidden Zoom Web Server

Posted by BeauHDView on SlashDotShareable Link
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. TechCrunch reports: The Cupertino, Calif.-based tech giant told TechCrunch that the update -- now released -- removes the hidden web server, which Zoom quietly installed on users' Macs when they installed the app. Apple said the update does not require any user interaction and is deployed automatically. Although Zoom released a fixed app version on Tuesday, Apple said its actions will protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself. The update will now prompt users if they want to open the app, whereas before it would open automatically.

Re:When did they do this?

By Anonymous Coward • Score: 5, Informative • Thread

It is not a silent forced update. Always count on Techcrunch to sensationalize the issue. And count on Slashdot to post-first-read-later.

macOS does install security updates, like to block malware, silently. Since the Zoom web server can be used by CORS attacks, and has holes as well, it is definitely a malware risk.

And for the update to be silent, you need to have "Install system data files and security updates" checked. You can uncheck this. BTW, the "system data files" are certificates. Apple pushes new certificate files to deal with compromised certifies.

Re: When did they do this?

By hagnat • Score: 5, Informative • Thread

zoom web service would start the video camera without even asking if you want to join the conference or not. Tested it yesterday, and was quite surprise to see myself in a room full of other engineers testing this without any prompt from the browser.

Re: Permissions

By internet-redstar • Score: 5, Informative • Thread
Nah, the article is clickbait. You only have the update if 'automatic updates' are turned on and gave your permission in that way...

Pattern of Fail

By mentil • Score: 5, Interesting • Thread

A couple months ago iOS had a very similar bug where people could use Facetime to look through someone's camera, even without the victim accepting a Facetime call. Makes me wonder if there's some common reason why they're securing camera connections poorly.

Re:Pattern of Fail

By Freischutz • Score: 5, Funny • Thread

A couple months ago iOS had a very similar bug where people could use Facetime to look through someone's camera, even without the victim accepting a Facetime call. Makes me wonder if there's some common reason why they're securing camera connections poorly.

Yeah, the whole camera development team at Apple has been recruited by the NSA, or China, or Iran, .... no ALL THREE!!!! .... to spy on conservatives everywhere in a gigantic liberal conspiracy led by Darth Obama and Darth Hillary to destroy Judeo-Christian values everywhere!!!!! ..... Ugh, sorry guys, I had a brief Alex Jones moment there but I'm OK now.