Travis CI Flaw Exposed Secrets of Thousands of Open Source Projects
An anonymous reader quotes a report from Ars Technica:
Travis CI is a popular software-testing tool due to its seamless integration with GitHub and Bitbucket. As the makers of the tool explain: "When you run a build, Travis CI clones your GitHub repository into a brand-new virtual environment and carries out a series of tasks to build and test your code. If one or more of those tasks fail, the build is considered broken. If none of the tasks fail, the build is considered passed and Travis CI can deploy your code to a web server or application host." But this month, researcher Felix Lange found a security vulnerability that caused Travis CI to include secure environment variables of all public open source repositories that use Travis CI into pull request builds. Environment variables can include sensitive secrets like signing keys, access credentials, and API tokens. If these variables are exposed, attackers can abuse the secrets to obtain lateral movement into the networks of thousands of organizations.
Tracked as CVE-2021-41077, the bug is present in Travis CI's activation process and impacts certain builds created between September 3 and September 10. As a part of this activation process, developers are supposed to add a ".travis.yml" file to their open source project repository. This file tells Travis CI what to do and may contain encrypted secrets. Another place encrypted secrets may be defined is Travis' web UI. But, these secrets are not meant to be exposed. In fact, Travis CI's docs have always stated, "Encrypted environment variables are not available to pull requests from forks due to the security risk of exposing such information to unknown code." Ideally, Travis is expected to run in a manner that prevents public access to any secret environment variables specified. [...] This vulnerability caused these sorts of secrets to be unexpectedly exposed to just about anyone forking a public repository and printing files during a build process. Fortunately, the issue didn't last too long -- around eight days, thanks to Lange and other researchers who notified the company of the bug on September 7. But out of caution, all projects relying on Travis CI are advised to rotate their secrets.
The presence and relatively quick patching of the flaw aside, Travis CI's concise security bulletin and overall handling of the coordinated disclosure process has infuriated the developer community. In a long Twitter thread, Peter Szilagyi details the arduous process that his group endured as it waited for Travis CI to take action and release a brief security bulletin on an obscure webpage. "After 3 days of pressure from multiple projects, [Travis CI] silently patched the issue on the 10th. No analysis, no security report, no post mortem, not warning any of their users that their secrets might have been stolen," tweeted Szilagyi. After Szilagyi and Lange asked GitHub to ban Travis CI over its poor security posture and vulnerability disclosure processes, an advisory showed up. "Finally, after multiple ultimatums from multiple projects, [they] posted this lame-ass post hidden deep where nobody will read it... Not even a single 'thank you.' [No] acknowledgment of responsible disclosure. Not even admitting the gravity of it all," said Szilagyi, while referring to the security bulletin -- and especially its abridged version, which included barely any details. Szilagyi was joined by several members of the community in criticizing the bulletin. Boston-based web developer Jake Jarvis called the disclosure an "insanely embarrassing 'security bulletin.'" "Travis CI implemented a series of security patches starting on Sept 3rd that resolves this issue," concluded Mendy on behalf of the Travis CI team. "As a reminder, cycling your secrets is something that all users should do on a regular basis. If you are unsure how to do this, please contact Support."
Physicists Make Square Droplets and Liquid Lattices
Aalto University reports via Phys.Org:
When two substances are brought together, they will eventually settle into a steady state called thermodynamic equilibrium; examples include oil floating on top of water and milk mixing uniformly into coffee. Researchers at Aalto University in Finland wanted to disrupt this sort of state to see what happens -- and whether they can control the outcome. In their work, the team used combinations of oils with different dielectric constants and conductivities. They then subjected the liquids to an electric field. "When we turn on an electric field over the mixture, electrical charge accumulates at the interface between the oils. This charge density shears the interface out of thermodynamic equilibrium and into interesting formations," explains Dr. Nikos Kyriakopoulos, one of the authors of the paper. As well as being disrupted by the electric field, the liquids were confined into a thin, nearly two-dimensional sheet. This combination led to the oils reshaping into various completely unexpected droplets and patterns.
The droplets in the experiment could be made into squares and hexagons with straight sides, which is almost impossible in nature, where small bubbles and droplets tend to form spheres. The two liquids could be also made to form into interconnected lattices: grid patterns that occur regularly in solid materials but are unheard of in liquid mixtures. The liquids can even be coaxed into forming a torus, a donut shape, which was stable and held its shape while the field was applied -- unlike in nature, as liquids have a strong tendency to collapse in and fill the hole at the center. The liquids can also form filaments that roll and rotate around an axis. One of the exciting results of this work is the ability to create temporary structures with a controlled and well-defined size which can be turned on and off with voltage, an area that the researchers are interested in exploring further for creating voltage-controlled optical devices. Another potential outcome is the ability to create interacting populations of rolling microfilaments and microdroplets that, at some elementary level, mimic the dynamics and collective behavior of microorganisms like bacteria and microalgae that propel themselves using completely different mechanisms. The research has been
published in the journal Science Advances.
iPhone 13 and iPhone 13 Pro Feature Dual eSIM Support
Apple introduced eSIM support on iPhone with iPhone XR and iPhone XS in 2018. However, while you can use a regular SIM and an eSIM simultaneously, there was no way to use two eSIMs simultaneously --
until now. iPhone 13 and
iPhone 13 Pro feature dual eSIM support for the first time. From a report:
The new capability was confirmed by Apple on the iPhone 13 specs webpage. There, Apple says that iPhone 13 models support Dual SIM using both regular SIM and eSIM and "Dual eSIM," as the company calls it. If you check the webpage of the iPhone 12 or previous generations, only combined Dual SIM support is mentioned. These are the SIM support specifications for iPhone 13 mini, iPhone 13, iPhone 13 Pro, and iPhone 13 Pro Max: Dual SIM (nanoâ'SIM and eSIM), and dual eSIM support. During the event, Apple also mentioned that iPhone 13 models have support for more 5G bands, which should enable the new faster network in more countries.
DoorDash Sues NYC Over Customer Data Law
sued New York City on Wednesday over a new law requiring food delivery companies to share customer data with restaurants, saying it violates customer privacy and lets restaurants compete unfairly. Reuters reports:
It was filed in federal court in Manhattan six days after DoorDash, Grubhub and Uber Eats sued the United States' most populous city over a separate law capping fees that delivery companies charge restaurants. [...] In Wednesday's lawsuit, San Francisco-based DoorDash said New York exhibited "naked animus" by requiring food delivery companies to provide customers' names, phone numbers, email addresses and delivery addresses to restaurants. DoorDash said this would let restaurants "free-ride" on the data in a "shocking and invasive intrusion of consumers' privacy," saying restaurants would not demand the same information from in-person diners. It also said "more vulnerable populations, especially undocumented customers" could be harmed if data were mishandled, and shared with immigration authorities or hate groups.
SpaceX Launches First All-Tourist Crew Into Orbit
successfully launched the crew of Inspiration4 into orbit. It's the first-ever orbital flight crewed entirely by tourists. From a report:
The SpaceX rocket blasted off from NASA's Kennedy Space Center just after 8 p.m. ET. The crew includes 38-year-old billionaire Jared Isaacman, who personally financed the trip; Hayley Arceneux, 29, a childhood cancer survivor and current St. Jude physician assistant; Sian Proctor, 51, a geologist and community college teacher with a PhD; and Chris Sembroski, a 42-year-old Lockheed Martin employee and lifelong space fan who claimed his seat through an online raffle. The passengers will now spend three days aboard their 13-foot-wide Crew Dragon capsule in orbit at a 350-mile altitude.
ExpressVPN Knew 'Key Facts' of Executive Who Worked For UAE Spy Unit
An anonymous reader quotes a report from Motherboard:
ExpressVPN, a popular VPN company, said it was aware of the "key facts" of its chief information officer Daniel Gericke's previous employment before hiring him. On Wednesday, the Department of Justice disclosed in court records that Gericke worked on Project Raven, a surveillance operation for the United Arab Emirates government that involved hacking of Americans, activists, and heads of state. "We've known the key facts relating to Daniel's employment history since before we hired him, as he disclosed them proactively and transparently with us from the start. In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users' privacy and security," ExpressVPN told Motherboard in a statement. "Daniel has a deep understanding of the tools and techniques used by the adversaries we aim to protect users against, and as such is a uniquely qualified expert to advise on defense against such threats. Our product and infrastructure have already benefited from that understanding in better securing user data," the statement continued.
On Tuesday, unsealed court filings described how Gericke as well as Marc Baier and Ryan Adams faced charges for their part in working on Project Raven. The court records say that the three violated the International Traffic in Arms Regulations and conspired to commit access device fraud and computer hacking offenses. The court records say that the three took a zero-click exploit, which allows takeover of a device without any user interaction, and implemented that into Karma, the hacking system used by the UAE's Project Raven. Project Raven involved the hiring of former U.S. intelligence hackers who then worked on behalf of the UAE government, Reuters reported in 2019. The court records also describe other uses and purchases of exploits by the group. The court filings detailed that prosecutors will drop the charges if the three men cooperate with U.S. authorities, pay a financial penalty, and agree to a list of unspecified restrictions on their employment. Earlier this week, ExpressVPN was
sold to Kape Technologies in a deal worth $936 million.
PS5 Software Update Brings SSD Installation, 3D Audio Wednesday
released a new software update for the PlayStation 5 that
will let you expand the console's internal storage and use the PS5's 3D audio effects on external speakers. CNET reports:
The PS5 update will also let you view PS4 and PS5 versions of the same game separately -- particularly useful after you upgrade to a next-gen version -- plus it gives you more options for customizing the Control Center and lets you use it to write messages to other players. PlayStation Now subscribers will also get the ability to choose between 720p and 1080p streaming options, or use a streaming connection test to identify and fix connection issues. The PS4 is also getting a software update, letting you see PS5 trophies on your profile and those of other players.
Kazakhstan Moves To Restrict Foreign Social Media Usage
Kazakhstan's parliament approved a bill on Wednesday
requiring owners of foreign social media and messaging apps to set up offices in the country or risk being blocked as part of a campaign against cyberbullying. Reuters reports:
The draft law, which had passed its first reading in the lower house of parliament, focuses on protecting children's rights but includes provisions regarding social media and messaging software, which some critics regard as a tool to censor online comment. Once the bill is approved by the senate and the president, it will require the owners of such apps to register with authorities and open offices in the Central Asian nation, moves the government says will streamline the handling of official requests to remove illegal content. The local offices must be headed by Kazakh citizens who will be personally responsible for removing illegal content - such as posts deemed to amount to cyberbullying - within 24 hours of being notified, according to the draft.
Congress Will Investigate Claims That Instagram Harms Teens
Two top lawmakers on the Senate Commerce Committee's panel over consumer protection said they were
launching a probe into Facebook after The Wall Street Journal reported Tuesday that the company was aware of the
harm Instagram can cause to teenage girls. The Verge reports:
Sens. Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) announced their investigation into Facebook in a statement released Tuesday. The senators said that they were in touch with "a Facebook whistleblower" and would seek new documents and witness testimony from the company related to the reporting. "It is clear that Facebook is incapable of holding itself accountable. The Wall Street Journal's reporting reveals Facebook's leadership to be focused on a growth-at-all-costs mindset that valued profits over the health and lives of children and teens," the lawmakers said. "When given the opportunity to come clean to us about their knowledge of Instagram's impact on young users, Facebook provided evasive answers that were misleading and covered up clear evidence of significant harm."
House lawmakers also criticized Facebook over the Journal's new reporting, and Republicans even issued a new amendment to the $3.5 trillion budget reconciliation seeking to address tech's effects on teens. Rep. Gus Bilirakis (R-FL) introduced the measure that would direct the Federal Trade Commission to go after "unfair and deceptive acts or practices targeting our children's mental health and privacy by social media." The amendment failed. Rep. Ken Buck (R-CO), top Republican on the House Judiciary Committee's antitrust subcommittee, said in a tweet, "Big Tech has become the new Big Tobacco. Facebook is lying about how their product harms teens." A group of Democrats, including Sen. Ed Markey (D-MA), Rep. Kathy Castor (D-FL), and Lori Trahan (D-MA), penned a letter to Facebook Wednesday calling on the company to abandon its plans to launch an Instagram app for kids in light of the report.
Emergency Software Patches Are on the Rise
Emergency software patches, in which users are pushed to immediately update phones and computers because hackers have figured out some novel way to break in,
are becoming more common. From a report:
Researchers raised the alarm Monday about a big one: The Israeli spyware company NSO Group, which sells programs for governments to remotely take over people's smartphones and computers, had figured out a new way into practically any Apple device by sending a fake GIF through iMessage. The only way to guard against it is to install Apple's emergency software update. Such emergency vulnerabilities are called "zero days" -- a reference to the fact that they're such an urgent vulnerability in a program that software engineers have zero days to write a patch for it. Against a hacker with the right zero day, there is nothing consumers can do other than wait for software updates or ditch devices altogether.
Once considered highly valuable cyberweapons held mostly by elite government hackers, publicly disclosed zero-day exploits are on a sharp rise. Project Zero, a Google team devoted to identifying and cataloging zero days, has tallied 44 this year alone where hackers had likely discovered them before researchers did. That's already a sharp rise from last year, which saw 25. The number has increased every year since 2018. Katie Moussouris, founder and CEO of Luta Security, a company that connects cybersecurity researchers and companies with vulnerabilities, said that the rise in zero days is thanks to the ad hoc way that software is usually programmed, which often treats security as an afterthought. "It was absolutely inevitable," she said. "We've never addressed the root cause of all of these vulnerabilities, which is not building security in from the ground up." But almost paradoxically, the rise in zero days reflects an online world in which certain individuals are more vulnerable, but most are actually safer from hackers.
FCC Wants Landlords To Stop Screwing Up Your Internet
An anonymous reader quotes a report from Motherboard:
The FCC has announced (PDF) it's investigating deals the broadband industry strikes with landlords that block broadband competition in apartment complexes, condos, and developments. While the FCC passed rules in 2008 attempting to prevent such deals, Internet Service Providers (ISPs) have exploited massive loopholes in the restrictions for more than a decade. "With more than one-third of the U.S. population living in condos and apartment buildings, it's time to take a fresh look at how exclusive agreements between carriers and building owners could lock out broadband competition and consumer choice," interim FCC boss Jessica Rosenworcel said of the announcement. "I look forward to reviewing the record."
The inquiry comes after President Biden signed an executive order in July urging regulators to take a closer look at competition and monopoly issues in several sectors. The order also mandated the creation of a competition council, which urged the FCC to take a closer look at the anticompetitive nature of these arrangements. The FCC's existing rules technically bar landlords and ISPs from colluding to restrict broadband competition. But in a 2016 piece in Wired, Harvard Law Professor Susan Crawford outlined the various ways big telecom wiggles around the restrictions -- often by simply calling what they're doing -- something else. "Sure, a landlord can't enter into an exclusive agreement granting just one ISP the right to provide Internet access service...but a landlord can refuse to sign agreements with anyone other than Big Company X, in exchange for payments labeled in any one of a zillion ways," Crawford wrote. "Exclusivity by any other name still feels just as abusive."
For example, to get around FCC rules expanding access to an ISP's in-building wiring, companies like Comcast or Charter will often deed ownership of these wires to a landlord, then turn around and pay that landlord to ensure that nobody else can have access. Because the landlord now technically owns the wires, the FCC rules no longer apply. ISPs also pay landlords to sign agreements that ban any other competing ISPs from advertising in the building. If you're a landlord that violates such arrangements, you can then expect a nastygram from a company like Comcast for violating your deal. In addition, many landlords will charge "door fees" to any company that needs access to a building to install new wiring, creating an additional layer of difficulty and expense for smaller broadband competitors trying to compete with dominant ISPs. Collectively such restrictions serve the same function as blocking broadband competition outright. Much as it does on the national level, this lack of block by block competition directly contributes to higher prices, slower speeds, and comically-terrible customer service.
Most Plans for New Coal Plants Scrapped Since Paris Agreement
The global pipeline of new coal power plants
has collapsed since the 2015 Paris climate agreement, according to research that suggests the end of the polluting energy source is in sight. From a report:
The report found that more than three-quarters of the world's planned plants have been scrapped since the climate deal was signed, meaning 44 countries no longer have any future coal power plans. The climate groups behind the report -- E3G, Global Energy Monitor and Ember -- said those countries now have the opportunity to join the 40 countries that have already signed up to a "no new coal" commitment to help tackle global carbon emissions. "Only five years ago, there were so many new coal power plants planned to be built, but most of these have now been either officially halted, or are paused and unlikely to ever be built," said Dave Jones, from Ember. "Multiple countries can add their voices to a snowball of public commitments to 'no new coal,' collectively delivering a key milestone to sealing coal's fate."
When the Wind Stops Blowing, an Energy Storm Brews
An anonymous reader
shares a report (paywalled):
Gas made up the largest share of the UK's energy mix in 2020, at 34%; followed by wind on a quarter; nuclear at 17%; biomass at 6.5% and solar at 4.4%. Despite the progress of renewables, detractors note the problems arise when the sun doesn't shine and the wind doesn't blow. Until reliable battery storage for renewable energy is developed, these sources can only ever be intermittent, critics argue, and some infrastructure will continue to use oil for back-up generation. It is a case made by the nuclear industry, which says that it is uniquely placed to provide the zero-emissions baseload the grid requires. Runaway gas prices are already sparking concern across the energy sector, with fears that consumers are facing a "bill shock" this winter. Personal finance expert Martin Lewis warned his readers last week: "This autumn's signature noise will be a deep thud... the sound of jaws hitting the floor as people finally see the practical evidence of the energy bill catastrophe laid bare."
UK gas prices reached 130p per therm last week, compared to 30p a year ago. In an unusual inversion, gas prices are trading above the equivalent price of Brent, the benchmark for crude oil. Both supply and demand factors are at play. The reopening of economies after Covid lockdowns has pushed up demand for gas. Countries are also trying to cut their use of coal, and switching to less polluting gas as a result. Europe is thus competing with Asia for shipments of liquid natural gas (LNG), a more mobile form of gas that is increasingly popular. Supply is also tight: a particularly cold winter meant Europe used up more reserves than usual and these have not been replenished. A spate of outages at gas production plants in different parts of the world have compounded the problem. To make matters worse, the UK has relatively low levels of gas storage. The country has eight gas storage sites that can hold an estimated 12 days of supply. Storage capacity was drastically reduced when the Rough site under the North Sea was closed in 2017 for safety and economic reasons. Rough, a disused oil field, could hold around 70% of UK gas reserves. "The market hasn't been able to fill up storage as we move into this winter. And hence we are very exposed, especially if it is another cold winter like last year," said James Huckstepp, analyst at S&P Platts. "Consumers are starting to recognise that their energy bills are going to be much higher this winter."
SpaceX Rocket To Take World's First All-Civilian Crew Into Orbit
The world's first crew of "amateur astronauts" is preparing to blast off on a mission that will
carry them into orbit before bringing them back down to Earth at the weekend. From a report:
The four civilians, who have spent the past few months on an astronaut training course, are due to launch on SpaceX's Falcon 9 rocket from the Kennedy Space Center in Florida at 8.02pm local time on Wednesday (1.02am UK time on Thursday). Barring any glitches, the two men and two women on the Inspiration4 mission are expected to orbit the planet for three or four days, performing experiments and admiring the view through a glass dome fitted to their Dragon capsule, before splashing down in the Atlantic Ocean.
Touted as "the world's first all-civilian mission to orbit," the launch is the latest to promote the virtues of space tourism and follows suborbital flights in July by Sir Richard Branson on Virgin Galactic's SpaceShipTwo -- which has since been grounded for going off course -- and Jeff Bezos on Blue Origin's New Shepard rocket. While the Inspiration4 crew has had flying lessons, centrifuge sessions to experience the G-forces of launch, and hours of training in SpaceX's capsule simulator, the mission will be almost entirely automated. The capsule is due to orbit Earth at an altitude of 360 miles (575km), about 93 miles higher than the International Space Station.
They did it.
Amazon Loss of Executive To Microsoft Sets Up Potential Clash
Microsoft said it has hired a former Amazon cloud executive to run its cybersecurity operations,
potentially setting in motion a legal battle between the two tech giants. From a report:
Charlie Bell, who long reported to former Amazon Web Services chief Andy Jassy and oversaw the engineering teams working on AWS's main software services, will become an executive vice president reporting to Microsoft Chief Executive Officer Satya Nadella. "Cybersecurity is one of the most challenging issues of our time -- for every person and organization on the planet -- and it is core to our mission," Nadella wrote in an email to employees obtained by Bloomberg. Securing customers' digital technology platforms, devices, and clouds "is a bold ambition we are going after and is what attracted Charlie to Microsoft."
[...] Bell's departure to a direct rival is a major blow for Amazon, and Microsoft said it's committed to continuing "constructive discussions" with the cloud leader about Bell's role. "We're sensitive to the importance of working through these issues together, as we've done when five recent Microsoft executives moved across town to work for Amazon," Microsoft said in a statement. Amazon, which has a history of seeking to enforce non-compete agreements vigorously, didn't immediately comment on the move. Bell will officially start his role once "a resolution is reached with his former employer," Nadella wrote in the email.
US Fines Former NSA Employees Who Provided Hacker-for-Hire Services To UAE
The US Department of Justice has fined three former NSA employees
who worked as hackers-for-hire for a United Arab Emirates cybersecurity company. From a report:
Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, broke US export control laws that require companies and individuals to obtain a special license from the State Department's Directorate of Defense Trade Controls (DDTC) before providing defense-related services to a foreign government. According to court documents, the three suspects helped the UAE company develop and successfully deploy at least two hacking tools. The three entered into a first-of-its-kind deferred prosecution agreement with the DOJ today, agreeing to pay $750,000, $600,000, and $335,000, respectively, over a three-year term, in order to avoid jail time for their actions.
Theranos Burned Through $2M a Week as Investors Were Given Rosy Projections
Around the time that Theranos was losing
nearly $2 million per week, investors in the blood-testing startup were being told that the company would soon be bringing in almost $1 billion per year. From a report:
It's not uncommon for startups to lose money in their early years, and it's not entirely unusual for the fastest burn rate to happen right before things turn around. Instead, Theranos continued to produce mounting losses. But that's not what the company was telling investors, according to new documents shared during the jury trial of Theranos founder and CEO Elizabeth Holmes.
In court yesterday, jurors heard testimony from the company's longtime chief financial officer, Danise Yam, who also goes by So Han Spivey. Yam said that Theranos lost $16.2 million in 2010, $27.2 million in 2011, $57 million in 2012, and $92 million in 2013. In 2013, things had "started to get a bit tight," Yam said. There were weeks where the company was burning through around $2 million per week, and there wasn't any revenue to help ameliorate the losses. In 2012 and 2013, Yam didn't even bother adding a line for revenue -- there was none.
Anonymous Hacks Epik Web Hosting
Members of the hacktivist collective Anonymous claim to have hacked web registration company Epik, allegedly stealing 'a decade's worth of data,' including reams of information about its clients and their domains. Epik is controversial, having been known to host a variety of rightwing clients, including ones that previous web hosting providers, like GoDaddy, have dropped for various reasons. Its users have included conservative social media networks Parler and Gab, as well as conspiracy-theory-laden YouTube wannabe Bitchute and former President Trump fansite, The Donald. The company recently hosted prolifewhistleblower.com -- the website designed to help people snitch on Texas residents who want abortions -- but later forcibly removed the tip-collecting platform after determining that it had violated Epik's terms by nonconsensually collecting third-party information.
OpenSea Confirms Executive Used Insider Knowledge When Buying NFTs
One of the non-fungible token (NFT) space's biggest marketplaces has admitted that a senior employee has been
getting the drop on its most popular drops. From a report:
Twitter users last night accused Nate Chastain, head of product at OpenSea, of using secret Ethereum wallets to snap up the platform's front-page NFT drops before general release. Citing transactional data on Etherscan, Twitter user Zuwu said that Chastain seems to be selling these pieces "shortly after the front-page-hype spike for profits." His actions have been likened to frontrunning or insider trading, which in regulated financial markets refers to dealing on information that is not yet public.
On September 15, OpenSea published a blog post acknowledging Chastain's actions. "Yesterday we learned that one of our employees purchased items that they knew were set to display on our front page before they appeared there publicly," said OpenSea. "This is incredibly disappointing. We want to be clear that this behavior does not represent our values as a team. We are taking this very seriously and are conducting an immediate and thorough review of this incident so that we have a full understanding of the facts and additional steps we need to take." The company has rolled out new policies specifying that team members may not buy or sell from collections while they are being promoted, and cannot use confidential information to purchase or sell NFTs.
Microsoft Account Goes Passwordless
Anyone with a Microsoft account can now remove their password from the account entirely to
enable better security. From a report:
"For the past couple of years we've been saying that the future is passwordless, and today I am excited to announce the next step in that vision," Microsoft corporate vice president Vasu Jakkal writes in the announcement post. "Beginning today, you can now completely remove the password from your Microsoft account." As for the "why" of this change, Microsoft points to the fact that passwords are insecure and are the focus of over 18 billion attacks every year, or 579 attacks every second. Before you can go passwordless, you'll need the Microsoft Authenticator app on your smartphone. Then, you can use Windows Hello, a security key, or a verification code that's sent to an email address, your phone, or a compatible app or service like Outlook, OneDrive, Microsoft Family Safety, and more to sign-in, depending on the location.
Uber's Chief Technical Officer To Step Down
Uber Chief Technology Officer Sukumar Rathnam is
stepping down as the company's head of engineering, a spokesperson of the ride-hailing company said late on Tuesday. From a report:
The spokesperson did not specify the reason for Rathnam's departure but Business Insider reported earlier that he had been increasingly at odds with chief product officer Sundeep Jain. Rathnam, who joined Uber about a year ago, plans to leave in early October, the spokesperson said.
Amazon Gives Kindle E-Readers a Rare User Interface Overhaul
An anonymous reader quotes a report from Ars Technica:
Amazon's Kindle e-readers get new software updates regularly, and they're mostly of the nondescript, invisible "performance improvements and bug fixes" variety. But the most recent operating system update (version 5.13.7) is rolling out now, and it refreshes the device's user interface for the first time since 2016 or so. Amazon says that redesigns for the Home and Library screens, which are mostly untouched in the current Kindle update, will be coming "later this year." The software update that enables the new interface began rolling out in August, but because Kindles only install updates automatically when they're charging and connected to Wi-Fi, it will be a few weeks or months before all supported Kindles will have a chance to grab the update (mine only installed it over this past weekend).
The new update is available on most Kindles released in or after 2015, including the 7th- and 10th-generation Kindle Paperwhite, the 8th-, 9th-, and 10th-generation Kindle Oasis, and the 8th- and 10th-generation standard Kindle. Older "7th-generation" Kindle devices like 2014's Kindle Voyage don't appear to be supported. [...] The new update doesn't fix Amazon's confusing Kindle naming scheme, which groups different devices into "generations" that are numbered based roughly on when they were released, not on what generation of product they actually are; the "10th-generation" Paperwhite is actually only the fourth Paperwhite Amazon has released. But you now can head into the Device Info screen and see which Kindle you're using instead of having to guess.
Indian Researchers Create a Raspberry-Pi-Based Device To Monitor Health
Two researchers in India have developed a new blood test that is
simple, affordable, and easily deployed anywhere where a source of electricity is available. IEEE Spectrum reports:
Sangeeta Palekar is a researcher at Shri Ramdeobaba College of Engineering and Management (RCOEM) who helped devise the new design. She and her colleague, Jayu Kalambe, understand how powerful a simple blood test can be. "Routine blood tests can help track and eliminate the threat of many potential diseases," explains Palekar, noting that blood tests make up roughly one-third of all pathology laboratory tests. [...] [The new analyzer] involves an automated fluid dispenser that adds a controlled amount of reagent into the blood sample. Light is then passed through the sample, and a Raspberry Pi computer analyzes the data. The system can be adapted to analyze any biochemical substances in the blood by simply modifying the reagent and spectral wavelength that's used. [...] When comparing the data obtained by their biochemical analyzer to the known results obtain by standard laboratory equipment, they found the data matched almost perfectly. What's more, the device could yield accurate results in just half a minute. The researchers describe the results in a study
published in IEEE Sensors Journal.
'Massive' Transatlantic Data Cable Landed On Beach In Bude
Thelasko shares a report from the BBC:
A new "massive" undersea transatlantic communications cable has been brought ashore on a beach in Cornwall. The Google data cable, called Grace Hopper, was landed in Bude on Tuesday. Once operational, it would have the capacity to handle "17.5 million people streaming 4K video concurrently," Google bosses said. The cable has been laid between New York in the United States, Bilbao in Spain and Bude over several months, and is expected to be operational in 2022. It was part of a "new generation" of lines that "connect continents along the ocean floor with an additional layer of security beyond what's available over the public internet," Google said. The tech giant has named it Grace Hopper after the American computer scientist and United States Navy rear admiral. It is about 7,000km (4,350 miles) long and is the company's fourth privately-owned undersea data cable, which transport 98% of international internet traffic around the world.