GearHack

Slashdot

News

Saturday 2021/04/17

US Advocacy Group Launches Online Petition Demanding Protections for 'Right to Repair'
2021-04-17 16:34:00+00:00
A U.S. advocacy group called The Repair Association is urging Americans to demand protections for their right to repair from the country's consumer protection agency. "Tell the FTC: People just want to fix their stuff!" argues a page urging concerned U.S. citizens to sign an online petition (shared by long-time Slashdot reader Z00L00K). The petition asks the FTC to... Enforce the law against companies who use illegal tying arrangements to force consumers to purchase connected repair services. Enforce the law against companies who violate the Magnuson Moss Warranty Act by voiding warranties when a consumer fixes something themselves or uses third-party parts or repair services. Enforce the law against companies who refuse to sell replacement parts, diagnostic and repair tools, or service information to independent repair providers. Publish new guidance on unfair, deceptive, and abusive terms in end user license agreements (EULAs) that: restrict independent or self repair; restrict access to parts and software; prohibit the transfer of user licenses; that and that purport to void warranties for independent or self repair. Issue new rules prohibiting exclusivity arrangements with suppliers, customers, and repair providers that exclude independent repair providers and suppress competition in the market for repair services. Issue new rules prohibiting companies from deceiving customers by selling products which cannot be repaired without destroying the device or cannot be repaired outside of the company's own service network, without disclosing that fact at the point of sale.

Read more of this story at Slashdot.

'Addams Family,' 'Buck Rogers' Actor Felix Silla dies at 84
2021-04-17 15:34:00+00:00
EW reports: Felix Silla's friend and former Buck Rogers in the 25th Century costar Gil Gerard reported on Twitter that Silla died Friday after a battle with pancreatic cancer. Coming in at just under 4 feet tall and only 70 pounds, Silla was the perfect choice for the mumbling Cousin Itt on The Addams Family. For years, audiences didn't see his face, the character covered in a full-length hairpiece, sporting sunglasses and a bowler hat... Silla did not provide the distinct mumbling voice of Cousin Itt. That was added by sound engineer Tony Magro in production... He first came to the United States in 1955 and began his career touring with the Ringling Bros. and Barnum & Bailey Circus for seven years. He worked as a trapeze artist, tumbler, and bareback horse rider. Eventually, he settled in Hollywood in 1962, where he became a stuntman. He went on to work in movies like A Ticklish Fair, TV shows like Bonanza, and appeared in the first pilot for Star Trek, "The Cage." His small stature often helped him find work, including as Cousin Itt, robot sidekick Twiki on the NBC series Buck Rogers in the 25th Century, and even as a hang-gliding Ewok in Star Wars: Return of the Jedi... He also excelled as a stand in, double, and stuntman working on projects such as Planet of the Apes, Demon Seed, Indiana Jones and the Temple of Doom, The Towering Inferno, The Hindenburg, E.T. the Extra-Terrestrial, Poltergeist, The Golden Child, Howard the Duck, and Batman Returns. In 2018 one Las Vegas blog spotted Silla with Gil Gerard, posting a picture of the two side by side -- just as they'd posed decades earlier on Buck Rogers in the 25th Century. While for that show Mel Blanc had provided the voice for Twiki the robot, the blog notes that Silla himself supplied the voice of Mortimer Goth in the Sims 2 videogame.

Read more of this story at Slashdot.

The FBI Accessed and Repaired 'Hundreds' of Hacked Microsoft Exchange Servers
2021-04-17 14:34:00+00:00
America's top law enforcement agency "obtained a court order that allowed it to remove a backdoor program from hundreds of private Microsoft Exchange servers that were hacked through zero-day vulnerabilities earlier this year," reports CSO. (Thanks to detritus. (Slashdot reader #46,421) for sharing the news...) Earlier this week, the Department of Justice announced that the FBI was granted a search and seizure warrant by a Texas court that allows the agency to copy and remove web shells from hundreds of on-premise Microsoft Exchange servers owned by private organizations. A web shell is a type of program that hackers install on hacked web servers to grant them backdoor access and remote command execution capabilities on those servers through a web-based interface. In this case, the warrant targeted web shells installed by a cyberespionage group dubbed Hafnium that is believed to have ties to the Chinese government. In early March, Microsoft reported that Hafnium has been exploiting previously unpatched vulnerabilities in Microsoft Exchange to compromise servers. At the same time, the company released patches for those vulnerabilities, as well as indicators of compromise and other detection tools, but this didn't prevent other groups of attackers from exploiting the vulnerabilities after they became public. In its warrant application, dated April 13, the FBI argues that despite the public awareness campaigns by Microsoft, CISA and the FBI itself, many servers remained infected with the web shell deployed by Hafnium. While the exact number has been redacted from the unsealed warrant, the DOJ said in a press release that it was "hundreds." The FBI asked for, and received court approval, to access the malicious web shells through the passwords set by the original attackers and then use that access against the malware itself by executing a command that will delete the web shell, which is essentially an .aspx script deployed on the server. The FBI was also allowed to make a copy of the web shells first because they could constitute evidence. The warrant states that it "does not authorize the seizure of any tangible property" or the copying or alteration of any content from the servers aside from the web shell themselves, which are identified in the warrant by their unique file paths. This means the FBI was not granted permission to patch the vulnerabilities to protect the servers from future exploitation or to remove any additional malware or tools that hackers might have already deployed... The FBI sent an email message from an official email account, including a copy of the warrant, to the email addresses associated with the domain names of the infected servers. An official statement from the Department of Justice is already using the past tense, announcing that U.S. authorities "have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States. They were running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level email service."

Read more of this story at Slashdot.

PS5 Breaks Another Huge US Sales Record
2021-04-17 13:00:00+00:00
An anonymous reader quotes a report from IGN: In its first five months on the market, The PlayStation 5 has become the fastest-selling console in U.S. history in both unit and dollar sales. As revealed by The NPD Group's Mat Piscatella, this news arrives one month after the PS5 became the fastest-selling console in U.S. history in dollar sales. Despite that new record, the Nintendo Switch has continued its reign as the best selling hardware platform in both units and dollars during March 2021. However, the PS5 did rank first in hardware dollar sales in Q1 2021.

Read more of this story at Slashdot.

Ex IBM Sales Manager, Fired After Battling Discrimination Against Subordinates, Wins $11 Million Lawsuit
2021-04-17 10:00:00+00:00
On Thursday, a federal jury in Seattle, Washington, found that former IBM sales manager Scott Kingston had been unlawfully fired by the company and denied sales commission after challenging the treatment of subordinates as racially biased. And it awarded him $11.1 million. The Register reports: The case dates back to 2017 when two IBM sales people within months of each other closed similarly large software sales deals that led to vastly different commission payments. Nick Donato, who is White, received more than $1m for a SAS Institute deal, while Jerome Beard, who is Black, was paid about $230,000 for closing a sale to HCL Technologies. Beard was paid about 15 per cent of what he should have received under his agreement with IBM, despite a company policy not to cap sales commissions. Kingston, who managed the two salespeople through two lower-level managers, raised his concerns about racial discrimination with his superiors toward the end of 2017. Recalling his jury testimony, he said of his conversation with his managers, "They were telling me it wasn't about money; it was some other reason. I flat out said, 'You are leaving no possibility for anybody to conclude another reason than racial discrimination. You are foreclosing any other possible conclusion. You are going to get us sued.'" And that's what happened. Beard sued IBM in 2018. After a failed motion by IBM to dismiss the case in April, 2020, the company settled for an undisclosed sum several months later. Kingston sued in 2019 [PDF], after IBM fired him in April, 2018, claiming he had erred in approving Donato's seven-figure commission. The company also fired two other IBM managers, Andre Temidis and Michael Lee, who raised similar objections to the allegedly discriminatory capping of commission due to an Arab-American salesperson. The Seattle jury found [PDF] IBM violated Washington State law against discrimination and policies against race discrimination and withholding wages. "We are disappointed by the jury's verdict," IBM said in a statement emailed to The Register. "IBM does not condone retaliation, race discrimination, or any other form of discrimination. The company will consider all of its options on appeal."

Read more of this story at Slashdot.

AI-Driven Audio Cloning Startup Gives Voice To Einstein Chatbot
2021-04-17 07:00:00+00:00
Aflorithmic, an AI-driven audio cloning startup, has created a digital version of Albert Einstein using AI voice cloning technology drawing on audio records of the famous scientist's actual voice. TechCrunch reports: Alforithmic says the "digital Einstein" is intended as a showcase for what will soon be possible with conversational social commerce. Which is a fancy way of saying deepfakes that make like historical figures will probably be trying to sell you pizza soon enough, as industry watchers have presciently warned. The startup also says it sees educational potential in bringing famous, long-deceased figures to interactive "life." Or, well, an artificial approximation of it -- the "life" being purely virtual and Digital Einstein's voice not being a pure tech-powered clone either; Alforithmic says it also worked with an actor to do voice modelling for the chatbot (because how else was it going to get Digital Einstein to be able to say words the real-deal would never even have dreamt of saying -- like, er, "blockchain"?). So there's a bit more than AI artifice going on here too. In a blog post discussing how it recreated Einstein's voice the startup writes about progress it made on one challenging element associated with the chatbot version -- saying it was able to shrink the response time between turning around input text from the computational knowledge engine to its API being able to render a voiced response, down from an initial 12 seconds to less than three (which it dubs "near-real-time"). But it's still enough of a lag to ensure the bot can't escape from being a bit tedious. The report notes that the video engine powering the 3D character rendering components of this "digital human" version of Einstein is the work of another synthesized media company, UneeQ, which is hosting the interactive chatbot version on its website.

Read more of this story at Slashdot.

Dogecoin Has Risen 400 Percent In the Last Week Because Why Not
2021-04-17 03:30:00+00:00
Dogecoin has seen its price rise by a factor of five over the last week. Yesterday, it was trading at $0.13. Today, it's one of the world's 10 most valuable cryptocurrencies, with a market capitalization of $45 billion. Ars Technica's Timothy B. Lee writes: Dogecoin's price tripled over the next 36 hours. My editor suggested that I write about whether Dogecoin's rise is a sign of an overheated crypto market, but for a coin like Dogecoin, I'm not sure that's even a meaningful concept. Dogecoin isn't a company that has revenues or profits. And unlike bitcoin and ether, no one seriously thinks it's going to be the foundation of a new financial system. People are trading Dogecoin because it's fun to trade and because they think they might make money from it. The rising price is a sign that a lot of people have decided it would be fun to speculate in Dogecoin. Of course, the fact that lots of people have money to spend on joke investments might itself be a result of larger macroeconomic forces. The combination of stimulus spending, low interest rates, and pandemic-related saving means that a lot of people have more money than usual sitting in their bank accounts. And restrictions on travel and nightlife mean that many of those same people have a lot of time on their hands.

Read more of this story at Slashdot.

Whitest-Ever Paint Could Help Cool Heating Earth, Study Shows
2021-04-17 02:02:00+00:00
AmiMoJo shares a report from The Guardian: The whitest-ever paint has been produced by academic researchers, with the aim of boosting the cooling of buildings and tackling the climate crisis. The new paint reflects 98% of sunlight as well as radiating infrared heat through the atmosphere into space. In tests, it cooled surfaces by 4.5C below the ambient temperature, even in strong sunlight. The researchers said the paint could be on the market in one or two years. Currently available reflective white paints are far better than dark roofing materials, but only reflect 80-90% of sunlight and absorb UV light. This means they cannot cool surfaces below ambient temperatures. The new paint does this, leading to less need for air conditioning and the carbon emissions they produce, which are rising rapidly. The new paint was revealed in a report in the journal ACS Applied Materials & Interfaces. Three factors are responsible for the paint's cooling performance. First, barium sulphate was used as the pigment which, unlike conventional titanium dioxide pigment, does not absorb UV light. Second, a high concentration of pigment was used -- 60%. Third, the pigment particles were of varied size. The amount of light scattered by a particle depends on its size, so using a range scatters more of the light spectrum from the sun. The researchers said the ultra-white paint uses a standard acrylic solvent and could be manufactured like conventional paint. They claim the paint would be similar in price to current paints, with barium sulphate actually cheaper than titanium dioxide. They have also tested the paint's resistance to abrasion, but said longer-term weathering tests were needed to assess its long-term durability.

Read more of this story at Slashdot.

Codecov Bash Uploader Compromised In Supply Chain Hack
2021-04-17 01:25:00+00:00
wiredmikey shares a report from SecurityWeek: Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world. The hack occurred four months ago but was only discovered in the wild by a Codecov customer on the morning of April 1, 2021, the company said. Codecov is considered the vendor of choice for measuring code coverage in the tech industry. The company's tools help developers understand and measure lines of codes executed by a test suite and is widely deployed in big tech development pipelines. The company claims that more than 29,000 enterprises use its code coverage insights to check code quality and maintain code coverage. Codecov did not say how many customers were impacted or had data stolen in the incident. According to Codecov, the altered version of the Bash Uploader script could potentially affect: - Any credentials, tokens, or keys that our customers were passing through their CI runner that would be accessible when the Bash Uploader script was executed. - Any services, datastores, and application code that could be accessed with these credentials, tokens, or keys. - The git remote information (URL of the origin repository) of repositories using the Bash Uploaders to upload coverage to Codecov in CI.

Read more of this story at Slashdot.

Mercedes-Benz Unveils New Flagship EQS Electric Sedan To Take On Tesla
2021-04-17 00:45:00+00:00
Mercedes-Benz's parent company Daimler AG unveiled Thursday its newest battery-powered sedan that challenges Tesla in the high-end electric car space. CNBC reports: The 2022 Mercedes-Benz EQS, unveiled Thursday, marks a new era for the German automaker as it pivots to EVs. The car will be part of its large S-Class car family when it arrives in U.S. showrooms in the fall. Most notably, the interior of the vehicle looks like a cockpit out of a futuristic spacecraft more than a car. It has screens across nearly the entire dashboard of the vehicle. In total, it features three screens under a single 56-inch curved glass surface, including a passenger screen that will not be visible to the driver. The automaker did not release pricing for the EQS, however industry experts expect it to easily top $100,000. The starting price on the 2021 Mercedes-Benz S-Class ranges between $94,000 and $160,000. Its Mercedes-Maybach S models can top $200,000. The price range for Tesla's Model S large sedan ranges from around $79,990 to $149,990, including a new high-end performance model, Model S Plaid.

Read more of this story at Slashdot.

US House Committee Approves Blueprint For Big Tech Crackdown
2021-04-17 00:02:00+00:00
An anonymous reader quotes a report from The Associated Press: The U.S. House of Representatives Judiciary Committee formally approved a report accusing Big Tech companies of buying or crushing smaller firms, Representative David Cicilline's office said in a statement on Thursday. With the approval during a marathon, partisan hearing, the more than 400-page staff report will become an official committee report, and the blueprint for legislation to rein in the market power of the likes of Alphabet's Google, Apple, Amazon and Facebook. The report was approved by a 24-17 vote that split along party lines. The companies have denied any wrongdoing. Suggested legislation in the report ranged from the aggressive, such as potentially barring companies like Amazon.com from operating the markets in which they also compete, to the less controversial, like increasing the budgets of the agencies that enforce antitrust law -- the Justice Department's Antitrust Division and the Federal Trade Commission. The report also urged Congress to allow antitrust enforcers more leeway in stopping companies from purchasing potential rivals, something that is now difficult.

Read more of this story at Slashdot.

Apple's App Store Hosted Kiddie Games With Secret Gambling Dens Inside
2021-04-16 23:20:00+00:00
According to app developer Kosta Eleftheriou, Apple's App Store hosted a kid's game that's actually a front for gambling websites. "The secret password isn't one you'd be likely to guess: you have to be in the right country -- or pretend to be in the right country using a VPN," writes Sean Hollister via The Verge. "But then, instead of launching an ugly monkey-flipping endless runner game filled with typos and bugs, the very same app launches a casino experience." From the report: The app, "Jungle Runner 2k21," has already disappeared from the App Store, presumably thanks to publicity from Gizmodo and Daring Fireball, who each wrote about Eleftheriou's finding earlier today. It's not the only one, though: the same developer, "Colin Malachi," had another incredibly basic game on the App Store called "Magical Forest - Puzzle" that was also a front for gambling. [...] I accessed them from a VPN server in Turkey; While Daring Fireball notes that users in other non-US countries like Italy also seem to have been able to access the gambling sites, I tried them with a number of other locations including Italy without success. Unlike the multi-million dollar App Store scams that Eleftheriou uncovered earlier this year, it's not hard to see why Apple's App Store review program might have missed these -- they largely look like your typical shovelware if you don't know the trick, with only a handful of tells... like the fact that Jungle Runner uses a Pastebin for its privacy policies. It's not necessarily clear to me that they'd be violating very many of Apple's App Store policies, either. Gambling apps are permitted by Apple, as long as they're geo-restricted to regions where that gambling is permitted by law, and you could maybe argue that's exactly what this developer did by checking your IP address.

Read more of this story at Slashdot.

Facebook Reaches 100% Renewable-Energy Milestone
2021-04-16 22:40:00+00:00
Facebook has reached a key environmental goal early: The social media company now purchases enough renewable energy to run all of its operations around the world, it announced this week. CBS News reports: Facebook joins a handful of tech companies that have committed to ambitious green energy goals, including Microsoft, Apple and Alphabet, the parent company of Google. Over the past few years, Facebook has cut its greenhouse gas emissions significantly. Since 2017, carbon emissions from the company's operations have fallen by 94%, surpassing its goals of reducing emissions by three-quarters, according to its sustainability report. Emissions were cut primarily by focusing on the massive data centers that power the servers running Facebook's services, as well as its office locations. "Data centers for us are the primary sources of electricity consumption and the primary footprint we've been thinking about," said Urvi Parekh, the company's director of renewable energy. Cutting down emissions meant "making our data centers as efficient as possible and reducing the amount of electricity that's consumed" as well as purchasing enormous amounts of wind and solar power to run those centers. Last year, when most of its employees started working remotely, Facebook said it purchased enough clean energy to match the amount used by employees working at home. The company still emits some carbon from its construction activity and natural-gas use in some locations where it has no other energy options, Parekh said. Last year, that was the equivalent of 38,000 metric tons of carbon dioxide (or about as much carbon as is emitted from 8,900 cars driving for one year). Facebook is offsetting those emissions by investing in reforestation and other carbon-removal projects, Parekh said. The company has set a new goal of reaching net-zero emissions across its entire supply chain by 2030.

Read more of this story at Slashdot.

A Tesla Helped Police Track Down a Hate Crime Suspect
2021-04-16 22:00:00+00:00
An anonymous reader quotes a report from Gizmodo: Throughout December, someone was setting fires at the Martin Luther King Jr. Community Presbyterian Church, a "predominately Black" congregation located in Springfield, Massachusetts. An FBI affidavit claims that the last of these fires, set on Dec. 28, "essentially destroyed" the building -- burning away large parts of the interior. During this period, the same person is suspected of having carried out a "series of tire-slashings" targeted at vehicles near or around the church -- a majority of which were owned by Black individuals. Now, 44-year-old Maine resident Dushko Vulchev has been arrested in connection to the crimes. He was charged in a federal court in Springfield on Thursday, a release from the U.S. Justice Department shows, and is potentially facing decades behind bars. Court documents illustrate how state, local and federal authorities used a variety of surveillance footage and data collection to piece together Vulchev's whereabouts and place him at or near these crimes. In particular, the vandal slipped up when he allegedly slashed the tires of a Tesla located not far from the church. Authorities say one of the car's many pre-installed security cameras caught blatant images of the culprit as he damaged the tires, then later returned to steal them along with the vehicle's rims. "Based on my training and experience and this investigation, I am aware that the Tesla mentioned above is equipped with cameras at various points around the body," said the FBI agent who wrote the affidavit. "I have reviewed video footage retrieved from the Tesla showing an individual that I can identify as Vulchev...The video footage from the Tesla shows Vulchev at a close distance crouching near the Tesla and using a tire iron to remove the wheels." Using other data collected and a variety of local surveillance footage, law enforcement was able to build a case against Vulchev.

Read more of this story at Slashdot.

Google's Project Zero Updates Vulnerability Disclosure Rules To Add Patch Cushion
2021-04-16 21:23:00+00:00
The Google Project Zero security team has updated its vulnerability disclosure guidelines to add a cushion of 30 days to some security bug disclosures, so end-users have enough time to patch software and prevent attackers from weaponizing bugs. From a report: This week's changes are of particular importance because a large part of the cybersecurity community has adopted Project Zero's rules as the unofficial methodology for disclosing a security bug to software vendors and then to the general public. Prior to today, Google Project Zero researchers would give software vendors 90 days to fix a security bug. When the bug was patched, or at the end of the 90 days time window, Google researchers would publish details about the bug online (on their bug tracker). Starting this week, Project Zero says it will wait 30 days before publishing any details about the bug. The reasoning behind the extra time window is to allow users of the affected products time to update their software, an operation that can usually take days or weeks in some complex corporate networks.

Read more of this story at Slashdot.

RSS feed content copyright by Slashdot and/or respective authors.


Articles | Wiki
Forums | Latest | RSS
Library | Links | News
Search | Store | Help

133 Users Online



Hacking Digital Cameras
Fun for Photographers

Amazon Associate

Copyright © 2004 - 2021. All Rights Reserved.