Items tagged with: all
arrived here at 9pm for some night shots didn't happen so slept in the car till 4am for sunrise didn't happen hung around all day shooting waterfalls went back for sunset ....😉
Full image: Link
#photography #CC0 #Unsplash #APIRandom #arrived #here #at #9pm #for #some #night #shots #didnt #happen #so #slept #in #the #car #till #4am #for #sunrise #didnt #happen #hung #around #all #day #shooting #waterfalls #went #back #for #sunset #;-
HN Discussion: https://news.ycombinator.com/item?id=19687447
Posted by pseudolus (karma: 18863)
Post stats: Points: 122 - Comments: 74 - 2019-04-17T23:50:15Z
#HackerNews #all #billions #breaking #cult #japanese #making #retailer #rules #the
HackerNewsBot debug: Calculated post rank: 106 - Loop: 233 - Rank min: 100 - Author rank: 79
HN Discussion: https://news.ycombinator.com/item?id=19676499
Posted by saeedjabbar (karma: 130)
Post stats: Points: 145 - Comments: 41 - 2019-04-16T19:23:12Z
#HackerNews #agree #all #and #apple #drop #litigation #qualcomm
HackerNewsBot debug: Calculated post rank: 110 - Loop: 87 - Rank min: 100 - Author rank: 48
Joint Intelligence Bulletin issued in March says Russian hacking efforts were wide-ranging.
Article word count: 1167
HN Discussion: https://news.ycombinator.com/item?id=19635583
Posted by howard941 (karma: 7271)
Post stats: Points: 129 - Comments: 67 - 2019-04-11T15:31:12Z
#HackerNews #2016 #all #dhs #election #fbi #say #states #systems #targeted #were
Voter registration data was one of the targets of Russian hacking efforts in the run-up to the 2016 presidential election—which DHS and FBI analysts now say went after systems in every state.
Enlarge / Voter registration data was one of the targets of Russian hacking efforts in the run-up to the 2016 presidential election—which DHS and FBI analysts now say went after systems in every state.
A joint intelligence bulletin (JIB) has been issued by the Department of Homeland Security and Federal Bureau of Investigation to state and local authorities regarding Russian hacking activities during the 2016 presidential election. While the bulletin contains no new technical information, it is the first official report to confirm that the Russian reconnaissance and hacking efforts in advance of the election went well beyond the 21 states confirmed in previous reports.
As reported by the intelligence newsletter OODA Loop, the JIB stated that, while the FBI and DHS "previously observed suspicious or malicious cyber activity against government networks in 21 states that we assessed was a Russian campaign seeking vulnerabilities and access to election infrastructure," new information obtained by the agencies "indicates that Russian government cyber actors engaged in research on—as well as direct visits to—election websites and networks in the majority of US states." While not providing specific details, the bulletin continued, "The FBI and DHS assess that Russian government cyber actors probably conducted research and reconnaissance against all US states’ election networks leading up to the 2016 Presidential elections."
DHS-FBI JIBs are unclassified documents, but theyʼre usually marked "FOUO" (for official use only) and are shared through the DHSʼ state and major metropolitan Fusion Centers with state and local authorities. The details within the report are mostly well-known. "The information contained in this bulletin is consistent with what we have said publicly and what we have briefed to election officials on multiple occasions," a DHS spokesperson told Ars. "We assume the Russian government researched and in some cases targeted election infrastructure in all 50 states in an attempt to sow discord and influence the 2016 election."
In fact, DHS Assistant Secretary Jeanette Manfra told the Senate Homeland Security Committee in April of 2018 that Russia had likely at least performed reconnaissance on election infrastructure in all 50 states. The bulletin raises the confidence in that estimate, however, saying:
Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified, bringing the number of states known to be researched by Russian actors to greater than 40. Despite gaps in our data where some states appear to be untouched by Russian activities, we have moderate confidence that Russian actors likely conducted at least reconnaissance against all US states based on the methodical nature of their research. This newly available information corroborates our previous assessment and enhances our understanding of the scale and scope of Russian operations to understand and exploit state and local election networks.
The DHS and the FBI have been criticized in the past for the lack of information made publicly available about election-focused hacking and information operations. In December of 2016, the DHS and the FBI released a joint analysis report detailing broad "Russian malicious cyber activity" that the agencies referred to as "Grizzly Steppe," which largely consisted of restating private sector research findings. An "enhanced analysis" of that activity was released in February of 2017, but it did little to improve on the original other than giving some additional intrusion detection system rules to watch for similar hacking attempts. The second draft reported that the DHS had "observed network scanning activity that is known as reconnaissance" prior to the 2016 election; it also included some generic information about common reconnaissance and malware delivery techniques.
While the latest JIB doesnʼt provide any more real technical information about how systems were attacked in 2016, it does go into some detail in describing the methodical reconnaissance approach "Russian government cyber actors" took in probing for potential vulnerabilities in election systems. Between June and October of 2016, the group associated with the election hacking "researched websites and information related to elections in at least 39 states and territories, according to newly available FBI information," the bulletin states. "The same actors also directly visited websites in at least 30 states, mostly election-related government sites at both the state and local level—some of which overlap with the 39 researched states."
The "actors" performed their research "in alphabetical order by state name," the bulletin states, "suggesting that at least the initial research was not targeted at specific states." The research focused on Secretary of State voter registration and election results sites, but it also drilled down on some local election officialsʼ webpages. As they accessed sites, actors "regularly attempted to identify and exploit SQL database vulnerabilities in webservers and databases."
The FBI and DHS analysts who authored the JIB noted that they had no information on how many of those attempts were successful, aside from two instances when "Russian government operators in June 2016 accessed voter registration files and a sample ballot from a US county website."
The new information that spurred this JIB did not, however, provide any additional insight into the Russian groupʼs attempts to scan for vulnerabilities in, and hack into, the networks of government agencies in "at least 21 states," as the bulletin notes. Some of the details of that effort were provided in the indictment of Main Intelligence Directorate (GRU) officers delivered by Special Counsel Robert Muellerʼs probe—at least one state had voter data stolen, though there was no indication that data was tampered with.
Beating the drum
The bulletin included no new technical data for defenders to use. But its purpose is fairly clear—it was meant to get officials in every state on board to prepare for the 2020 presidential elections now. "Since 2016," the DHS spokesperson said, "we have built relationships and improved threat information sharing at every level—we are working with all 50 states and more than 1,400 local jurisdictions, and are doubling down on these efforts as we work with election officials to protect 2020.”
Much of the responsibility for that coordination is placed on DHSʼ Cybersecurity and Infrastructure Security Agency (CISA), which is, according to recent comments by its director, Chris Krebs, ramping up election security efforts in advance of the 2020 presidential election cycle. The agency got an additional budget of $33 million for Fiscal Year 2019 from Congress specifically for election security efforts. Krebs told reporters in February that the agency is "institutionalizing our election security efforts" and that "as our workforce continues to grow, and it will, our numbers heading up to the 2020 election will only grow," NextGovʼs Frank Konkel reported.
As far as active measures go, the JIBʼs authors advised state and local officials to focus on better operational security and basic website security practices. "In anticipation of the 2020 US Presidential Election," the DHS and FBI bulletin authors warned, "states should limit the availability of information about electoral systems or administrative processes and secure their websites and databases which could be exploited by malicious actors."
HackerNewsBot debug: Calculated post rank: 108 - Loop: 275 - Rank min: 100 - Author rank: 45
nets can kill
esp this inter-NET of things
Sand martins return from Africa to Norfolk to find council has covered their nests in ‘cruel’ netting
Sand martins prevented from nesting on Bacton cliff side, in Norfolk, by nets erected by North Norfolk District Council to attempt to combat cliff erosion.
These are sand hills not cliffs btw… they live ebb and grow and have done ever since doggerland sank 7000 years ago.
Sand martins flew more than 5,000 miles from Africa to roost in the cliffs of Norfolk, only to find their nests covered in netting by the local council.
A Twitter user called #Protect #All #Wildlife shared a petition calling for the Government to grant legal protection to swallow, swift and sand martin nest sites not just nests.
Grant legal protection to Swallow, Swift and Martin nest sites not just nests.
Live bird nests have legal protection, but nest sites do not. Swallows, Swifts and Martins return to the same nesting site year after year. If these nesting sites are destroyed, with few alternatives available, local extinctions are likely.
As a general rule, car companies are extremely secretive about their technological developments. Anything that could provide a USP or give an edge over the competition is kept under lock and key –…
Article word count: 274
HN Discussion: https://news.ycombinator.com/item?id=19596278
Posted by e2e4 (karma: 180)
Post stats: Points: 190 - Comments: 46 - 2019-04-07T12:04:48Z
#HackerNews #all #are #electric #now #patents #royalty-free #toyotas #vehicle
As a general rule, car companies are extremely secretive about their technological developments. Anything that could provide a USP or give an edge over the competition is kept under lock and key – being guarded more fervently than the recipe for Coca-Cola.
However, Toyota has now offered royalty-free licences on almost 24,000 of its electric vehicle patents.
This essentially means that any company wishing to build a hybrid or fully electric vehicle will have complete access to all of Toyota’s work without having to pay a single penny.
And if you’re struggling to make sense of the drawings and literature that make up the patent, Toyota will also offer technical support to any manufacturer that requests their assistance. Any advice given will come with a fee of course – you didn’t think everything would be free, did you?
In total though, 23,740 patents will be available from the past 20 years of Toyota’s development of hybrid technology. That’s a whole lot of tech. Tech which Toyota helps will speed-up the manufacture and uptake of hybrid or electric vehicles across the world in the face of ever-worsening climate change.
* * * *
“Based on the high volume of enquiries we receive about our vehicle electrification systems from companies that recognise a need to popularise hybrid and other electrified vehicle technologies, we believe that now is the time for cooperation,” said Shigeki Terashi, Executive Vice President of Toyota.
“If the number of electrified vehicles accelerates significantly in the next ten years, they will become standard, and we hope to play a role in supporting that process.”
Is this the start of a new, sharing-is-caring attitude in the motoring industry?
HackerNewsBot debug: Calculated post rank: 142 - Loop: 304 - Rank min: 100 - Author rank: 19
I just bought my first Roku powered TV as an upgrade to the bottom-est bottom tier TV that we bought from Costco a couple years ago. Thi...
Article word count: 435
HN Discussion: https://news.ycombinator.com/item?id=19596945
Posted by Jgrubb (karma: 2473)
Post stats: Points: 122 - Comments: 91 - 2019-04-07T14:28:36Z
#HackerNews #again #all #beta #but #its #over #vhs #worse
I just bought my first Roku powered TV as an upgrade to the bottom-est bottom tier TV that we bought from Costco a couple years ago. This one is also from Costco, but itʼs a TCL rather than an Element brand, so itʼs like the second rung on the ladder. Roku is waaaaay better than the imitation version that was on the Element TV and generally Iʼm pleased. You can add channels and do all the stuff that I realize now qualifies as the “cord cutting” Iʼve been reading about forever.
We bought an Apple TV probably 4-5 years ago and at some point in the last 12 months itʼs crapped out on us, so Iʼm conscripted into plugging my laptop in to the TV to watch any of the dozens of kids movies weʼve bought on iTunes over that time.
This has always irked me because none of those movies ever worked in the carʼs DVD player/entertainment system thingy when we go on road trips. Itʼs a shame too, because weʼve only recently discovered that the headphones that came with the car for the DVD player not only work, but will let Michelle and I listen to Wait, Wait without the loud protestations of the kids (since they can watch a movie while we listen to podcasts). I have to stop at Target and trawl through the discount kidʼs DVDs for the car.
In many ways the future is damn handy.
But now we got this Roku TV and it comes with Amazon Prime so thatʼs great, but I want to watch one of the movies we bought on iTunes. I donʼt want to start buying a library of movies on Amazon, because I already have a library of movies on iTunes (that they wonʼt let me watch on anything but an Apple product :| ). Neither of these systems will let me burn to a DVD so we can watch them in the car, and neither of their apps will let me bounce out of my iPhone into the carʼs V-RCA inputs.
Is it that hard to let things interoperate? Can Apple please just relent and let Roku have an iTunes app? Iʼm not buying another fucking Apple TV. Iʼm not. I donʼt give a shit about games or 4K or an internal drive, I just want to watch the fucking movies I bought (or licensed, fuck you Hollywood). I may as well have to lug around a VHS player to plug in to all these screens, itʼs absolutely ridiculous and completely anti-customer. You all deserve the eventual death or disruption you suffer.
HackerNewsBot debug: Calculated post rank: 111 - Loop: 90 - Rank min: 100 - Author rank: 42
Agile software development without all the burnout. - davebs/AgileLite
Article word count: 34
HN Discussion: https://news.ycombinator.com/item?id=19571809
Posted by dave_sullivan (karma: 2750)
Post stats: Points: 143 - Comments: 104 - 2019-04-04T13:08:41Z
#HackerNews #agile #all #burnout #lite #the #without
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
HackerNewsBot debug: Calculated post rank: 130 - Loop: 120 - Rank min: 100 - Author rank: 37
I've been working on frontend dev for several years now, in the pre and post framework era. React and the other frameworks and ES6 in general, has meant a ton of change to the very basics of how we work.
The way I do basic things has changed fundamentally in the last 4-5 years. Some of that is because I'm no longer a "beginner", but much is because things have just changed a ton.
People who know the JS / frontend ecosystem AND backend stuff as well:
Is this rate of change unique to JS, or is it everywhere? Is Rails very, very different now than 4-5 years ago? Django?
I use PHP a bit and I've seen that change a bit, but it feels like mostly for the better, with namespaces in particular. Otherwise, I don't feel like PHP has had near the amt of change that JS has had.
tl;dr: is it crazy everywhere or just with JS/frontend?
HN Discussion: https://news.ycombinator.com/item?id=19544920
Posted by saltcod (karma: 815)
Post stats: Points: 96 - Comments: 117 - 2019-04-01T16:16:57Z
HackerNewsBot debug: Calculated post rank: 103 - Loop: 375 - Rank min: 100 - Author rank: 92
HN Discussion: https://news.ycombinator.com/item?id=19522193
Posted by bluetidepro (karma: 2939)
Post stats: Points: 153 - Comments: 71 - 2019-03-29T14:53:11Z
#HackerNews #active #ads #all #facebook #launches #library #searchable #transparency
HackerNewsBot debug: Calculated post rank: 125 - Loop: 449 - Rank min: 100 - Author rank: 46
HN Discussion: https://news.ycombinator.com/item?id=19487304
Posted by ecmascript (karma: 98)
Post stats: Points: 174 - Comments: 105 - 2019-03-25T22:25:28Z
#HackerNews #all #enter #forces #new #number #phone #twitter #users #valid
HackerNewsBot debug: Calculated post rank: 151 - Loop: 62 - Rank min: 100 - Author rank: 140
Study points toward lifelong neuron formation in the human brain’s hippocampus, with implications for memory and disease
Article word count: 1086
HN Discussion: https://news.ycombinator.com/item?id=19485558
Posted by Elof (karma: 867)
Post stats: Points: 193 - Comments: 22 - 2019-03-25T18:53:55Z
#HackerNews #adult #after #all #brain #does #grow #neurons #new #says #study #the
If the memory center of the human brain can grow new cells, it might help people recover from depression and post-traumatic stress disorder (PTSD), delay the onset of Alzheimer’s, deepen our understanding of epilepsy and offer new insights into memory and learning. If not, well then, it’s just one other way people are different from rodents and birds.
For decades, scientists have debated whether the birth of new neurons—called neurogenesis—was possible in an area of the brain that is responsible for learning, memory and mood regulation. A growing body of research suggested they could, but then a Nature paper last year raised doubts.
Now, a new study published today in another of the Nature family of journals—Nature Medicine—tips the balance back toward “yes.” In light of the new study, “I would say that there is an overwhelming case for the neurogenesis throughout life in humans,” Jonas Frisén, a professor at the Karolinska Institute in Sweden, said in an e-mail. Frisén, who was not involved in the new research, wrote a News and Views about the study in the current issue of Nature Medicine.
Not everyone was convinced. Arturo Alvarez-Buylla was the senior author on last year’s Nature paper, which questioned the existence of neurogenesis. Alvarez-Buylla, a professor of neurological surgery at the University of California, San Francisco, says he still doubts that new neurons develop in the brain’s hippocampus after toddlerhood.
“I don’t think this at all settles things out,” he says. “I’ve been studying adult neurogenesis all my life. I wish I could find a place [in humans] where it does happen convincingly.”
For decades, some researchers have thought that the brain circuits of primates—including humans—would be too disrupted by the growth of substantial numbers of new neurons. Alvarez-Buylla says he thinks the scientific debate over the existence of neurogenesis should continue. “Basic knowledge is fundamental. Just knowing whether adult neurons get replaced is a fascinating basic problem,” he said.
New technologies that can locate cells in the living brain and measure the cells’ individual activity, none of which were used in the Nature Medicine study, may eventually put to rest any lingering questions.
A number of researchers praised the new study as thoughtful and carefully conducted. It’s a “technical tour de force,” and addresses the concerns raised by last year’s paper, says Michael Bonaguidi, an assistant professor at the University of Southern California Keck School of Medicine.
The researchers, from Spain, tested a variety of methods of preserving brain tissue from 58 newly deceased people. They found that different methods of preservation led to different conclusions about whether new neurons could develop in the adult and aging brain.
Brain tissue has to be preserved within a few hours after death, and specific chemicals used to preserve the tissue, or the proteins that identify newly developing cells will be destroyed, said Maria Llorens-Martin, the paper’s senior author. Other researchers have missed the presence of these cells, because their brain tissue was not as precisely preserved, says Llorens-Martin, a neuroscientist at the Autonomous University of Madrid in Spain.
Jenny Hsieh, a professor at the University of Texas San Antonio who was not involved in the new research, said the study provides a lesson for all scientists who rely on the generosity of brain donations. “If and when we go and look at something in human postmortem, we have to be very cautious about these technical issues.”
Llorens-Martin said she began carefully collecting and preserving brain samples in 2010, when she realized that many brains stored in brain banks were not adequately preserved for this kind of research. In their study, she and her colleagues examined the brains of people who died with their memories intact, and those who died at different stages of Alzheimer’s disease. She found that the brains of people with Alzheimer’s showed few if any signs of new neurons in the hippocampus—with less signal the further along the people were in the course of the disease. This suggests that the loss of new neurons—if it could be detected in the living brain—would be an early indicator of the onset of Alzheimer’s, and that promoting new neuronal growth could delay or prevent the disease that now affects more than 5.5 million Americans.
Rusty Gage, president of the Salk Institute for Biological Studies and a neuroscientist and professor there, says he was impressed by the researchers’ attention to detail. “Methodologically, it sets the bar for future studies,” says Gage, who was not involved in the new research but was the senior author in 1998 of a paper that found the first evidence for neurogenesis. Gage says this new study addresses the concerns raised by Alvarez-Buylla’s research. “From my view, this puts to rest that one blip that occurred,” he says. “This paper in a very nice way… systematically evaluates all the issues that we all feel are very important.”
Neurogenesis in the hippocampus matters, Gage says, because evidence in animals shows that it is essential for pattern separation, “allowing an animal to distinguish between two events that are closely associated with each other.” In people, Gage says, the inability to distinguish between two similar events could explain why patients with PTSD keep reliving the same experiences, even though their circumstances have changed. Also, many deficits seen in the early stages of cognitive decline are similar to those seen in animals whose neurogenesis has been halted, he says.
In healthy animals, neurogenesis promotes resilience in stressful situations, Gage says. Mood disorders, including depression, have also been linked to neurogenesis.
Hsieh says her research on epilepsy has found that newborn neurons get miswired, disrupting brain circuits and causing seizures and potential memory loss. In rodents with epilepsy, if researchers prevent the abnormal growth of new neurons, they prevent seizures, Hsieh says, giving her hope that something similar could someday help human patients. Epilepsy increases someone’s risk of Alzheimer’s as well as depression and anxiety, she says. “So, it’s all connected somehow. We believe that the new neurons play a vital role connecting all of these pieces,” Hsieh says.
In mice and rats, researchers can stimulate the growth of new neurons by getting the rodents to exercise more or by providing them with environments that are more cognitively or socially stimulating, Llorens-Martin says. “This could not be applied to advanced stages of Alzheimer’s disease. But if we could act at earlier stages where mobility is not yet compromised,” she says, “who knows, maybe we could slow down or prevent some of the loss of plasticity [in the brain].”
HackerNewsBot debug: Calculated post rank: 136 - Loop: 109 - Rank min: 100 - Author rank: 30
Myspace lost all the music its users uploaded between 2003 and 2015
Article word count: 484
HN Discussion: https://news.ycombinator.com/item?id=19417640
Posted by pmoriarty (karma: 31693)
Post stats: Points: 142 - Comments: 59 - 2019-03-18T00:03:18Z
#HackerNews #2003 #2015 #all #and #between #its #lost #music #myspace #the #uploaded #users
Itʼs been a year since the music links on Myspace stopped working; at first the company insisted that they were working on it, but now theyʼve admitted that all those files are lost: "As a result of a server migration project, any photos, videos, and audio files you uploaded more than three years ago may no longer be available on or from Myspace. We apologize for the inconvenience and suggest that you retain your back up copies. If you would like more information, please contact our Data Protection Officer, Dr. Jana Jentzsch at DPO@myspace.com."
Yeah, apparently they donʼt have a backup.
Someday, this will happen to Facebook, Instagram, Tumblr, etc. Donʼt trust the platforms to archive your data. The Internet Archive will host anything freely distributable, for free, forever, and they have mirrors of their servers in California, Egypt and Amsterdam. Theyʼre a mission-driven nonprofit supported by philanthropists, foundations, and small-money donations (Iʼm an annual donor).
[IMG]On Friday, hundreds of us gathered at the Internet Archive, at the invitation of Creative Commons, to celebrate the Grand Re-Opening of the Public Domain, just weeks after the first works entered the American public domain in twenty years.
READ THE REST
[IMG]Timothy from Creative Commons writes, "In the US beginning Jan 1, 2019–after a devastating 20 year drought brought on by the infamous 1998 ʼMickey Mouse Protection Act.ʼ Creators, commons advocates, librarians, legal activists and others are celebrating in San Francisco at the Internet Archive on January 25, 2019 to mark the ʼGrand Re-Opening of the […]
READ THE REST
[IMG]Long before Quora admitted to being breached and losing 100,000,000 million usersʼ account data, it had disqualified itself from being used, by dint of its impulse to hoard knowledge and the likelihood that its limping business model would cause it to imminently implode.
READ THE REST
[IMG]Big companies want automation on a big scale. Doing that means diving into the tricky world of machine learning and data science. And no matter what platform you’ll be implementing it on, you can learn how with the Machine Learning & Data Science Certification Training Bundle. In 48 hours and through eight courses, this bundle […]
READ THE REST
[IMG]Big systems need tight security – and the experts who can implement it. Cisco Networking Systems are the go-to providers for network infrastructure, but maintaining it takes a lot of up-to-date knowledge. If you want that knowledge right from the source, there’s an online course that can get you certified painlessly: The Foundational Cisco CCNA […]
READ THE REST
[IMG]Computer slowing down? There are a ton of reasons why that might be, especially if your unit has a few years on it. Junk files and programs can accumulate over time, some even left over from otherwise uninstalled software. This virtual debris can slow your PC down dramatically, but there’s a surprisingly quick fix. Lauded […]
READ THE REST
HackerNewsBot debug: Calculated post rank: 114 - Loop: 102 - Rank min: 100 - Author rank: 63
Only 23 Android antivirus apps had a 100 percent detection rate with no false positives.
Article word count: 839
HN Discussion: https://news.ycombinator.com/item?id=19409618
Posted by mpweiher (karma: 30189)
Post stats: Points: 107 - Comments: 34 - 2019-03-16T19:18:58Z
#HackerNews #all #android #antivirus #apps #are #frauds #two-thirds
An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and donʼt work as advertised.
The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organizationʼs staff looked at 250 Android antivirus apps available on the official Google Play Store.
The reportʼs results are tragicomical --with antivirus apps detecting themselves as malware-- and come to show the sorry state of Android antivirus industry, which appears to be filled with more snake-oilers than actual cyber-security vendors.
Only 80 of 250 apps passed a basic detection test
The AV-Comparatives team said that out of the 250 apps theyʼve tested, only 80 detected more than 30 percent of the malware they threw at each app during individual tests.
The tests werenʼt even that complicated. Researchers installed each antivirus app on a separate device (no emulator involved) and automated the device to open a browser, download a malicious app, and then install it.
They did this 2,000 times for each app, having the test device download 2,000 of the most common Android malware strains found in the wild last year --meaning that all antivirus apps should have already indexed these strains a long time ago.
Some apps donʼt actually scan for malware
However, results didnʼt reflect this basic assumption. AV-Comparatives staffers said that many antivirus apps didnʼt actually scan the apps the user was downloading or installing, but merely used a whitelist/blacklist approach, and merely looked at the package names (instead of their code).
Essentially, some antivirus apps would mark any app installed on a userʼs phone as malicious, by default, if the appʼs package name wasnʼt included in its whitelist. This is why some antivirus apps detected themselves as malicious when the appsʼ authors forgot to add their own package names to the whitelist.
In other cases, some antivirus apps used wildcards in their whitelist, with entries such as "com.adobe.*".
In these cases, all a malware strain had to do was to use a package name of "com.adobe.[random_text]" to bypass the scans of tens of Android antivirus products.
The organization said it considered the 30 percent detection mark (with zero false positives) as a threshold between legitimate antivirus apps and those it considered ineffective or downright unsafe.
That means that 170 of the 250 Android antivirus apps had failed the organizationʼs most basic detection tests, and were, for all intent and purposes, a sham.
"Most of the above apps, as well as the risky apps already mentioned, appear to have been developed either by amateur programmers or by software manufacturers that are not focused on the security business," the AV-Comparatives staff said.
"Examples of the latter category are developers who make all kinds of apps, are in the advertisement/monetization business, or just want to have an Android protection app in their portfolio for publicity reasons," researchers said.
Furthermore, many of these apps also appeared to have been developed by the same programmer on an assembly line. Tens of apps sported the same user interface, and many were more interested in showing ads, rather than having a fully running malware scanner.
Antivirus apps collage Image: AV-Comparatives
The results of the AV-Comparatives study is no surprise for anyone in the cyber-security world whoʼs paid attention to the Android antivirus scene in the past few months.
ESET mobile malware analyst Lukas Stefanko has been warning the public against these threats for months.
Some of his past tweets confirm the AV-Comparatives study, with the researcher uncovering Android antivirus apps that detect themselves as malware...
Would you use AntiVirus that detect itself as risky app? This Fake Antivirus 2019 uses only blacklist & whitelist for package names of apps + permissions check. Still forget to whitelist itself. pic.twitter.com/CdvlPkGPvL — Lukas Stefanko (@LukasStefanko) November 28, 2018
... mimic malware scans altogether...
Fake antivirus - 𝐒𝐝 𝐂𝐚𝐫𝐝 𝐕𝐢𝐫𝐮𝐬 𝐒𝐜𝐚𝐧𝐧𝐞𝐫 - has over 10K installs but isnʼt scanning any files for malware. Instead of scanning files, it sets 10 millisecond time delay on each file to impersonate file scan functionality. #DiscloseApp pic.twitter.com/cf7Jj3BVA3 — Lukas Stefanko (@LukasStefanko) September 13, 2018
... detect reputable apps as malicious
Over 100,000 people are protected by this fake Antivirus. It flags @signalapp and @PayPal as apps with high risk. Use only trustworthy AV, not this garbage that after scan makes you uninstall almost all of your apps because its nonsense detection rules. pic.twitter.com/iy5L8fscOG— Lukas Stefanko (@LukasStefanko) November 28, 2018
... or are the work of amateur developers, rather than established antivirus firms.
#FreeAndroidTip: Before installing an app, check other developer apps too.Developers of fake "Antivirus 2019" have a lot of spare time, so they decided to create Solitaire game. It is unlikely for company to focus on solid software and also game development. pic.twitter.com/els6nJBmqj — Lukas Stefanko (@LukasStefanko) December 10, 2018
Other AV-Comparative study findings:
* Only 23 of the tested apps detected 100% of the malware samples. * 16 apps have not been migrated to Android 8 properly, decreasing their protection capabilities on newer Android versions.
Many of 2018ʼs most dangerous Android and... SEE FULL GALLERY
[IMG]Related cyber-security coverage:
HackerNewsBot debug: Calculated post rank: 82 - Loop: 391 - Rank min: 80 - Author rank: 56
There is a massive gap between school and work, between learning and earning.
Article word count: 1093
HN Discussion: https://news.ycombinator.com/item?id=19406432
Posted by kermittd (karma: 195)
Post stats: Points: 112 - Comments: 61 - 2019-03-16T05:05:50Z
#HackerNews #about #all #not #school #signaling #skill-building
Skip to content
Parents, teachers, politicians and researchers tirelessly warn today’s youths about the unforgiving job market that awaits them. If they want to succeed in tomorrow’s economy, they can’t just coast through school. They have to soak up precious knowledge like a sponge. But even as adulthood approaches, students rarely heed this advice. Most treat high school and college like a game, not an opportunity to build lifelong skills.
Is it possible that students are on to something? There is a massive gap between school and work, between learning and earning. While the labor market rewards good grades and fancy degrees, most of the subjects schools require simply aren’t relevant on the job. Literacy and numeracy are vital, but few of us use history, poetry, higher mathematics or foreign languages after graduation. The main reason firms reward education is because it certifies (or “signals”) brains, work ethic and conformity.
It’s therefore sensible, if unseemly, for students to focus more on going through the motions than acquiring knowledge.
Almost everyone pays lip service to the glories of education, but actions speak louder than words. Ponder this: If a student wants to study at Princeton, he doesn’t really need to apply or pay tuition. He can simply show up and start taking classes. As a professor, I assure you that we make near-zero effort to stop unofficial education; indeed, the rare, earnestly curious student touches our hearts. At the end of four years at Princeton, though, the guerrilla student would lack one precious thing: a diploma. The fact that almost no one tries this route — saving hundreds of thousands of dollars along the way — is a strong sign that students understand the value of certification over actual learning.
You can see the same priorities when students pick their classes. Students notoriously seek out “easy A’s” — professors who give high grades in exchange for little work. On the popular Rate My Professor website, students evaluate classes’ “easiness” but not “usefulness” or “relevance.” And when professors cancel lectures, students don’t demand a refund, they celebrate. Because future employers don’t monitor faculty attendance, every canceled lecture is a chance to party in the present without hurting job prospects in the future.
Academics and administrators also sense the importance of signaling, even if they won’t admit it. Why else would they bother to combat cheating? If school were merely a place for students to invest in their skills, cheaters would literally “only be cheating themselves,” spending time and tuition for naught. If, however, school is primarily a place to convince firms you’re worthy of employment, cheating has a slew of victims. The cheater who successfully impersonates a good student doesn’t just rip off whoever hires him. He also taints the prospects of all his peers who toiled for their degrees.
Researchers consistently find that most of education’s payoff comes from graduation, from crossing the academic finish line. The last year of high school is worth more than the first three; the last year of college is worth more than double the first three. This is hard to explain if employers are paying for acquired skills; do schools really wait until senior year to impart useful training? Or consider how differently employers treat failing a class versus forgetting one. If you flunk a class, plenty of employers will trash your application. But if you pass that same class, then forget everything you learned, employers will shrug.
One of the most glaring perversities of the modern labor market is credential inflation.
These behaviors make perfect sense if — and only if — employers are eager to detect workers who dutifully conform to social expectations. In a society where parents, teachers and peers glorify graduation, failing classes and dropping out are deviant acts.
One of the most glaring perversities of the modern labor market is credential inflation. While the education workers need to do a job is quite stable, the education they need to get a job has skyrocketed since the 1940s. Sure, the average job is more intellectually demanding than it once was, but researchers find that only explains 20% of the workforce’s rising education. What explains the remaining 80%? Employers’ expectations have risen across the board. Waiter, bartender, cashier, security guard: These are now common jobs for those with bachelor’s degrees.
Despite all these tell-tale signs of signaling, many of my fellow researchers refuse to take the idea seriously. Sure, signaling seems to fit our firsthand experience. Yet why would profit-seeking employers base their decisions on mere credentials instead of potential to perform well on the job?
To start, employers can’t readily judge your job performance until they actually hire you — and they can only hire a tiny fraction of their applicants. If they ignore less-credentialed prospects, they may lose a few good workers but they save tons of precious time.
And once they hire, it usually makes sense to stand pat. Suppose a well-credentialed worker turns out to be mildly disappointing. Summarily firing him would be bad business, because replacement takes time, and time is money. A subpar worker may therefore profit from his credentials for years. Indeed, because few firms are run by unfeeling robots, even incompetent workers often enjoy handsome educational payoffs because their employers are too squeamish to dismiss them.
Education is a weird industry. You study arcane subjects year after year, knowing you’ll never use most of what you learned after graduation. Yet parents, teachers, politicians and researchers urge you to finish, promising ample career rewards for your efforts. Despite the many college graduates who end up working as waiters, the experts are, on average, right: Diplomas pay well. What experts misunderstand is why. Instead of scrutinizing what schools really teach, they rush to a just-so story in which schools transform low-skilled students into high-skilled graduates. Students, much closer to the action, see what’s going on: As long as they have good grades and finish their degrees, employers care little about what they’ve learned.
Does it matter why education pays? At the individual level, barely. Excel in school, impress employers, profit; the recipe works. Socially speaking, though, the why is all-important. If, as experts preach, students are building a stockpile of precious skills, taxpayers are getting a solid return on their money. But if students’ firsthand experience tells the real story, taxpayers are mostly fueling a futile arms race. Generous government support has caused massive credential inflation. Educational austerity is the simplest path back to an economy in which serious on-the-job learning starts during high school — not after college.
HackerNewsBot debug: Calculated post rank: 95 - Loop: 50 - Rank min: 80 - Author rank: 15
docker, kubernetes, cloud
Article word count: 1275
HN Discussion: https://news.ycombinator.com/item?id=19351236
Posted by Corrado (karma: 2112)
Post stats: Points: 124 - Comments: 64 - 2019-03-10T09:53:59Z
#HackerNews #all #and #docker #fish #for #goodbye #thanks #the
Back in July 2018, I started to write a blog post about the upcoming death of Docker as a company (and also perhaps as a technology) but I never got round to completing and publishing the post. It is time to actually get that post out.
OK .. Time to share my thoughts on the soon to be death of #docker — Maish Saidel-Keesing (☁️🚀☁️) (@maishsk) July 17, 2018
So here you go....
Of course Docker is still here, and of course everyone is still using Docker and will continue to do so the near and foreseeable future (how far that foreseeable future is - is yet to be determined). The reason I chose this title for the blogpost is because, in my humble opinion the days for Docker as a company are numbered and maybe also a technology as well. If would indulge me with a few minutes of your time - I will share with you the basis for my thoughts. A number of years ago - Docker was the company that changed the world - and we can safely say - is still changing the world today. Containers and the technology behind containers has been around for many years, long before the word docker was even thought of, even turned into a verb (“Dockerize all the things”), but Docker was the company that enabled the masses to consume the technology of containers, in a easy and simple fashion. Most technology companies (or at least companies that consider themselves to be a modern tech company) will be using Docker or containers as part of their product or their pipeline - because it makes so much sense and brings so much benefit to whole process. Over the past 12-24 months, people are coming to the realization that docker has run its course and as a technology is not going to be able to provide additional value to what they have today - and have decided to start to look elsewhere for that extra edge.
Kubernetes has won the container orchestration war, I don’t think that anyone can deny that fact. Docker itself has adopted Kubernetes. There will always be niche players that have specific use cases for Docker Swarm, Mesos, Marathon, Nomad - but the de-facto standard is Kubernetes. All 3 big cloud providers, now have a managed Kubernetes solution that they offer to their customers (and as a result will eventually sunset their own home-made solutions that they built over the years - because there can be only one). Everyone is building more services and providing more solutions, to bring in more customers, increase their revenue.
Story is done. Nothing to see here. Next shiny thing please.. At the moment, Kubernetes uses docker as the underlying container engine. I think that the Kubernetes community understood that Docker as a container runtime (and I use this term specifically) was the ultimate solution to get a product out of the gate as soon as possible. They also (wisely) understood quite early on they needed to have the option of switching out that container runtime - and allowing the consumers of Kubernetes to make a choice.
The Open Container Initiative - brought with it the Runtime Spec - which opened the door to allow us all to use something else besides docker as the runtime. And they are growing - steadily. Docker is no longer the only runtime that is being used. Their is a growth in the community - that are slowly sharing the knowledge of how use something else besides Docker. Kelsey Hightower - has updated his Kubernetes the hard way (amazing work - honestly) over the years from CRI-O to containerd to gvisor. All the cool kids on the block are no longer using docker as the underlying runtime. There are many other options out there today clearcontainers, katacontainers and the list is continuously growing.
Most people (including myself) do not have enough knowledge and expertise of how to swap out the runtime to what ever they would like and usually just go with the default out of the box. When people understand that they can easily make the choice to swap out the container runtime, and the knowledge is out there and easily and readily available, I do not think there is any reason for us to user docker any more and therefore Docker as a technology and as a company will slowly vanish. The other container runtimes that are coming out will be faster, more secure, smarter, feature rich (some of them already are) compared to what Docker has to offer. If you have a better, smarter, more secure product - why would people continue to use technology that no longer suits their ever increasing needs? For Docker - to avert this outcome - I would advise to invest as much energy as possible - into creating the best of breed runtime for any workload - so that docker remains the de-facto standard that everyone uses. The problem with this statement - is that there no money in a container runtime. Docker never made money on their runtime, they looked for their revenue on the enterprise features above and on top the container runtime. How they are going to solve this problem - is beyond me and the scope of this post. The docker community has been steadily declining, the popularity of the events has been declining, the number of new features, announcements - is on the decline and has been on the decline for the past year or two. Someone told me a while back - that speaking bad about things or giving bad news is usually very easy. We can easily say that this is wrong, this is no useful, this should change. But without providing a positive twist on something - you become the “doom and gloom”. The “grim reaper”. Don’t be that person. I would like to heed their advice, and with that add something about - what that means for you today. You should start investing in understanding how these other runtimes can help you, where they fit,
increase your knowledge and expertise - so that you can prepare for this and not be surprised when everyone else stops using docker and you find yourself having to rush into adapting all your infrastructure. I think it is inevitable.
That was the post I wanted to write 8 months ago...
What triggered me to finish this post today was a post from Scott Mccarty - about the upcoming RHEL 8 beta - Enterprise Linux 8 Beta: A new set of container tools - and my tweet that followed
— Maish Saidel-Keesing (☁️🚀☁️) (@maishsk) February 20, 2019
Lo and behold - no more docker package available in RHEL 8.
If you’re a container veteran, you may have developed a habit of tailoring your systems by installing the “docker” package. On your brand new RHEL 8 Beta system, the first thing you’ll likely do is go to your old friend yum. You’ll try to install the docker package, but to no avail. If you are crafty, next, you’ll search and find this package: podman-docker.noarch : "package to Emulate Docker CLI using podman." What is this Podman we speak of? The docker package is replaced by the Container Tools module, which consists of Podman, Buildah, Skopeo and several other tidbits. There are a lot of new names packed into that sentence so, let’s break them down.
[IMG](Source - Tutorial - Doug Tidwell (https://youtu.be/bJDI_QuXeCE)
I think a picture is worth more than a thousand words..
Please feel free to share this post and share your feedback with me on Twitter (@maishsk)
HackerNewsBot debug: Calculated post rank: 104 - Loop: 57 - Rank min: 100 - Author rank: 26
259 votes and 124 comments so far on Reddit
Article word count: 316
HN Discussion: https://news.ycombinator.com/item?id=19331307
Posted by devilcius (karma: 135)
Post stats: Points: 140 - Comments: 82 - 2019-03-07T19:29:02Z
#HackerNews #2012 #all #define #minimum #need #number #other #the #whats #words #youd
Though the concept of this question is intriguing, and may have a practical answer (as someone else mentioned that 850 words may be enough), I think this really speaks to certain philosophical problems about language. I would say that defining all the words in the English language, or in fact any particular word, is impossible. As philosopher W.V.O. Quine pointed out in his theory of indeterminacy of translation, no amount of linguistic explanation can completely ensure that any word is correctly understood to anyone but the speaker. If enough of the right compensatory changes are made elsewhere in the system of language, any word could mean ANYTHING.
Now, practically, this is unlikely, evidenced by the complete success of human beings to use language to express concepts and do complex things like build rockets and such. So you might be tempted to say ʼwell, this isnʼt the point of the question Iʼm askingʼ. But itʼs more subtle, because even if you think there may be some level of certainty of translation that isnʼt absolute that would constitute a definition, you have to say what level that is.
For instance, you may ask me to define the word ʼdogʼ. If my definition is ʼa barking mammalʼ, which uses three words, you and many other may find that definition to be acceptable in that if I gave you the definition first, youʼd be able to figure out what word I was defining. However, there are certainly other mammals that bark (such as seals), so perhaps I must find a more rigorous definition, such as ʼa hairy, barking mammalʼ, using four words. But still, even as I add to the definition and appear to be less vague, I only asymptotically approach a perfect definition. So where do we draw the line?
There are other concerns about this sort of thing, but itʼs too late at night for me to be bringing those up.
HackerNewsBot debug: Calculated post rank: 120 - Loop: 251 - Rank min: 100 - Author rank: 90
The retail giant is shutting down all 87 Amazon pop-up stores in the U.S., ending a yearslong experiment with these small shops as the company tinkers with its evolving bricks-and-mortar strategy.
HN Discussion: https://news.ycombinator.com/item?id=19322669
Posted by juokaz (karma: 933)
Post stats: Points: 121 - Comments: 68 - 2019-03-06T20:53:50Z
#HackerNews #all #amazon #physical #pop-up #retail #rethinks #shut #stores #strategy
Amazon wants to deliver everything you want to your doorstep, anywhere in the world. But the e-commerce giant faces several challenges in its pursuit of a global empire. WSJʼs Karan Deep Singh breaks down the basics with the help of an Amazon delivery box.
HackerNewsBot debug: Calculated post rank: 103 - Loop: 216 - Rank min: 100 - Author rank: 103
Charles Dahan was a leading supplier of frames to LensCrafters, before the company was purchased by Luxottica. Glasses that cost him $20 to make would be sold for five times that amount.
Article word count: 1157
HN Discussion: https://news.ycombinator.com/item?id=19312499
Posted by ilamont (karma: 25065)
Post stats: Points: 180 - Comments: 165 - 2019-03-05T17:56:23Z
#HackerNews #all #are #badly #being #execs #eyewear #former #how #industry #off #ripped #tell
Skip to content
Charles Dahan knows from first-hand experience how badly people get ripped off when buying eyeglasses.
He was once one of the leading suppliers of frames to LensCrafters, before the company was purchased by optical behemoth Luxottica. He also built machines that improved the lens-manufacturing process.
In other words, Dahan, 70, knows the eyewear business from start to finish. And he doesn’t like what’s happened.
“There is no competition in the industry, not any more,” he told me. “Luxottica bought everyone. They set whatever prices they please.”
Dahan, who lives in Potomac, Md., was responding to a column I recently wrote about why consumer prices for frames and lenses are so astronomically high, with markups often approaching 1,000%.
I noted that if you wear designer glasses, there’s a very good chance you’re wearing Luxottica frames.
The company’s owned and licensed brands include Armani, Brooks Brothers, Burberry, Chanel, Coach, DKNY, Dolce & Gabbana, Michael Kors, Oakley, Oliver Peoples, Persol, Polo Ralph Lauren, Ray-Ban, Tiffany, Valentino, Vogue and Versace.
Along with LensCrafters, Luxottica also runs Pearle Vision, Sears Optical, Sunglass Hut and Target Optical, as well as the insurer EyeMed Vision Care.
And Italy’s Luxottica now casts an even longer shadow over the eyewear industry after merging last fall with France’s Essilor, the world’s leading maker of prescription eyeglass lenses and contact lenses. The combined entity is called EssilorLuxottica.
Just so you know up front, I reached out to both Luxottica and its parent company with what Dahan told me. I asked if they’d like to respond to his specific points or to speak generally about optical pricing.
Neither company responded, which was the same response I received the last time I contacted them.
Apparently EssilorLuxottica feels no need to defend its business practices. Or it understands that no reasonable defense is possible.
Dahan, a chemical engineer by training, established a company called Custom Optical in 1977 after designing a machine capable of making prescription lenses appear thinner.
In short order he also was designing plastic and metal frames, and proposed to LensCrafters in 1985 that he supply the then-independent company.
“They bought my lens machines, and soon I was selling them a few models of frames,” Dahan said. “Those were successful, so they kept buying more.”
Eventually, he said, his company was supplying LensCrafters with about 20% of its frames. “They called me their crown jewel,” Dahan said.
E. Dean Butler, the founder of LensCrafters, remembers Dahan as “a real go-getter.”
“He was a key supplier — good product at reasonable prices,” Butler, 74, said in a phone interview from Berlin, where he was meeting with optical-industry contacts.
He’s no longer affiliated with LensCrafters. These days he’s based in England, but serves as a consultant to optical businesses worldwide.
Both Butler and Dahan acknowledged what most consumers have long suspected: that the prices we pay for eyewear in no way reflect the actual cost of making frames and lenses.
When he was in the business, in the 1980s and ’90s, Dahan said it cost him between $10 and $16 to manufacture a pair of quality plastic or metal frames.
Lenses, he said, might cost about $5 a pair to produce. With fancy coatings, that could boost the price all the way to $15.
He said LensCrafters would turn around and charge $99 for completed glasses that cost $20 or $30 to make — and this was well below what many independent opticians charged. Nowadays, he said, those same glasses at LensCrafters might cost hundreds of dollars.
Butler said he recently visited factories in China where many glasses for the U.S. market are manufactured. Improved technology has made prices even lower than what Dahan recalled.
“You can get amazingly good frames, with a Warby Parker level of quality, for $4 to $8,” Butler said. “For $15, you can get designer-quality frames, like what you’d get from Prada.”
And lenses? “You can buy absolutely first-quality lenses for $1.25 apiece,” Butler said.
Yet those same frames and lenses might sell in the United States for $800.
Butler laughed. “I know,” he said. “It’s ridiculous. It’s a complete rip-off.”
In 1995, Luxottica purchased LensCrafters’ parent company, U.S. Shoe Corp., for $1.4 billion. The goal wasn’t to get into the shoe business. It was to take control of LensCrafters’ hundreds of stores nationwide.
Dahan said things went downhill for him after that. Luxottica increasingly emphasized its own frames over those of outside suppliers, he said, and Custom Optical’s sales plunged. Dahan was forced to close his business in 2001.
“It wasn’t just me,” he said. “It happened to a lot of companies. Look at Oakley.”
Indeed, the California maker of premium sunglasses was embraced by skiers and other outdoorsy types after it released its first sunglasses in 1984.
It raised $230 million with an initial public offering of stock in 1995. It’s biggest customer by far was Sunglass Hut, which, like LensCrafters, had stores in malls across the country.
Luxottica purchased Sunglass Hut in early 2001. It promptly told Oakley it wanted to pay significantly lower wholesale prices or it would reduce its orders and push its own brands instead.
Within months, Oakley acknowledged to shareholders that the talks hadn’t gone well and that Luxottica was slashing its orders.
“We have made every reasonable effort to establish a mutually beneficial business partnership with Luxottica, but it is clear from this weekʼs surprising actions that our efforts have been ignored,” Oakley’s management said in a statement at the time.
The company’s stock immediately lost more than a third of its value.
Luxottica acquired Oakley a few years later, adding it to Ray-Ban, which Luxottica obtained in 1999.
“That’s how they gained control of so many brands,” Dahan said. “If you don’t do what they want, they cut you off.”
Again, no one at Luxottica responded to my request for comment.
As I’ve previously observed, online glasses sales hold potential for pushing retail eyewear prices lower, but the e-glasses industry still has a ways to go before posing a threat to the likes of EssilorLuxottica.
It can be a challenge buying something so central to one’s appearance without first trying it on or receiving hands-on help with fitting.
In the meantime, Dahan and Butler told me, federal authorities should step up and prevent price gouging for eyewear — just as they’ve done with other healthcare products, such as EpiPens.
“Federal officials fell asleep at the wheel,” Dahan said. “They should never have allowed all these companies to roll into one. It destroyed competition.”
Butler said it should be clear from EssilorLuxottica’s practices that the company has too much market power. “If that’s not a monopoly,” he said, “I don’t know what is.”
I couldn’t agree more. Regulators are currently wringing their hands over further consolidation in the wireless industry, with a proposed merger between Sprint and T-Mobile raising the prospect of just three major carriers.
The eyewear market is in considerably worse shape.
HackerNewsBot debug: Calculated post rank: 175 - Loop: 128 - Rank min: 100 - Author rank: 70
Don't do all the talking let love speak up itself signage
Location: Sheffield, Great Britain
Full image: Link
#photography #CC0 #Unsplash #APIRandom #Dont #do #all #the #talking #let #love #speak #up #itself #signage #Sheffield #GreatBritain
Volvo's boss says "it’s worth doing if we can even save one life."
Article word count: 265
HN Discussion: https://news.ycombinator.com/item?id=19302678
Posted by BerislavLopac (karma: 8580)
Post stats: Points: 72 - Comments: 183 - 2019-03-04T16:54:18Z
#HackerNews #112mph #all #cars #introducing #its #limiter #new #speed #volvo
Outside of Germany, thereʼs nowhere you can legally drive this car at its top speed anyway.
Enlarge / Outside of Germany, thereʼs nowhere you can legally drive this car at its top speed anyway.
Few automakers have staked the reputation of their brands on safety quite the way Volvo has. Several years ago, Volvoʼs President Håkan Samuelsson announced that the company was enacting a plan called Vision 2020—building cars so safe that by 2020 no one is killed or seriously injured in a new Volvo. On Monday, the company revealed the latest part of this plan. From next year, all new Volvos (beginning with the 2021 model year) will be limited to 112mph (180km/h).
"Because of our research we know where the problem areas are when it comes to ending serious injuries and fatalities in our cars. And while a speed limitation is not a cure-all, it’s worth doing if we can even save one life," Samuelsson said in a press release. "We want to start a conversation about whether car makers have the right or maybe even an obligation to install technology in cars that changes their driverʼs behaviour, to tackle things like speeding, intoxication or distraction. We don’t have a firm answer to this question, but believe we should take leadership in the discussion and be a pioneer."
Itʼs certainly a bold move—and the antithesis of the perennial horsepower war that rages between German luxury carmakers, or even the recent move by Tesla to increase the speed of the Model 3 Performance to 162mph via a software update. But itʼs also not unheard of; in fact, most Japanese OEMs have restricted their domestic market vehicles to 112mph for decades.
HackerNewsBot debug: Calculated post rank: 109 - Loop: 236 - Rank min: 100 - Author rank: 37
Also habe ich mal bei meiner aktuellen openSUSE Tumbleweed daran gemacht, dem System ein vernünftiges sudo-Konzept beizubringen und dieses dann auch für YaST anzuwenden. Das war etwas fieselig herauszufinden, hat am Ende aber gut funktioniert.
Standardmäßig fragt sudo nach dem Root-Passwort. Das ist ziemlich unsinnig, also ändern wir es!- Im ersten Teil arbeiten wir noch als normaler Benutzer. Die Zeilenangaben können abweichen, je nach Alter der Datei/Systemversion und vorherigen Änderungen daran.
- Die Parameter in Zeile 43 beginnend mit env_keep = “LANG… ergänzt du am Ende innerhalb der Anführungszeichen mit:
- Die Zeilen 68 und 69 kommentierst du komplett aus, damit nicht mehr das Passwort des “Zielusers” abgefragt wird:
#ALL ALL = (ALL) ALL
- Zusätzlich kommentierst du Zeile 81 ein, löschst also das Kommentarzeichen # weg:
%wheel ALL=(ALL) ALL
- Speichern, schließen und dann deine(n) Benutzer entweder über YaST oder direkt im Terminal der Gruppe “wheel” hinzufügen:
gpasswd -a wheel
Durch Aus- und wieder Einloggen wird die Änderung dann auch übernommen und sudo möchte ab sofort im Terminal immer dein Benutzerpasswort haben.
Für die grafische Version von YaST wird PolicyKit zur Authentifizierung genutzt, hier ist noch etwas mehr Arbeit nötig. Ab hier arbeitest du als root, wechsle also mit su – den Account.- Erstelle eine PolicyKit Action für YaST
- Folgenden XML-Block fügst du in die Datei ein. Achte dabei bitte auf Zeilenumbrüche beim Kopieren/Einfügen.
Authentication is required to run YaST2
Speichern, schließen – der Erfolg lässt sich als regulärer Benutzer mit pkexec /usr/sbin/yast2 überprüfen.
- Die vorgegebene Rechte-Konfiguration sicherst du und ersetzt sie durch die System-Konfiguration. Unsere Datei wird bei einem Upgrade übrigens nicht überschrieben.
mv /etc/polkit-default-privs.local /etc/polkit-default-privs.local.bkup
cp /etc/polkit-default-privs.standard /etc/polkit-default-privs.local
Die nötige Anpassung ist überall auth_admin durch auth_self zu ersetzen. Du kannst das auch von Hand machen, mit sed geht das aber bequemer und schneller:
sed -i 's/auth_admin/auth_self/g' /etc/polkit-default-privs.local
- Damit die Authentifizierung über PolicyKit auch funktioniert, erstellst du ein kurzes Shellscript das künftig als Umweg aus dem Menü aufgerufen wird:
- Das Script sieht wie folgt aus, einfach in die Datei yast2_polkit einfügen:
if [ $(which pkexec) ]; then
pkexec --disable-internal-agent "/usr/sbin/yast2" "$@"
- Speichern und schließen. Abschließend machst du das Script noch ausführbar:chmod +x /usr/local/sbin/yast2_polkit
- Als letztes erstellst du eine .desktop Datei. Damit erscheint der modifizierte YaST-Starter direkt im Hauptmenü und das systemweit für alle Benutzer. Beispielsweise wird er bei Xfce unter “Einstellungen” gelistet. Andere Desktops habe ich nicht getestet, gehe aber davon aus dass der Starter an einer sinnvollen Stelle landet da er ja nur eine angepasste Kopie des Originals ist.
Natürlich könntest du auch die originale Datei für YaST (YaST.desktop) bearbeiten aber die wird bei einem Upgrade überschrieben. Und eine Kopie in /usr/local/share/applications ignorieren sowohl das Anwendungs- als auch das Whiskermenü.
- Einfügen und speichern:
Comment=Manage system-wide settings
Comment[DE]=Systemweite administrative Einstellungen
Das ist alles. Damit ist ein Login als Root nicht mehr nötig bzw. kann bequem über sudo su – mit deinem Benutzerpasswort erfolgen. Ob das Konzept von openSUSE jetzt schlechter oder besser ist, mag ich nicht entscheiden. Das ist Geschmackssache, denke ich.
Was mir auf jeden Fall gut gefallen hat, ist die klare Einhaltung von Standards. Das macht die Suche nach Lösungen deutlich leichter und schneller. Ich konnte dank guter Dokumentation und hilfreichen Forenbeiträgen alles innerhalb von rund einer Stunde fertigstellen – und das große Kenntnisse von PolicyKit!
The streaming platform is disabling comments on videos of children after paedophiles left predatory comments.
Article word count: 613
HN Discussion: https://news.ycombinator.com/item?id=19274406
Posted by _wmd (karma: 5384)
Post stats: Points: 147 - Comments: 148 - 2019-02-28T19:45:20Z
#HackerNews #all #bans #children #comments #videos #youtube
By Chris Fox Technology reporter
YouTube logo Image copyright Getty Images
YouTube says it will switch off comments on almost all videos featuring under-18s, in an attempt to "better protect children and families".
Several brands stopped advertising on YouTube after discovering that paedophiles were leaving predatory comments on videos of children.
YouTube had originally disabled comments on videos that were attracting predatory and obscene comments.
But it will now disable comments on almost all videos of minors by default.
It said the change would take effect over several months.
The BBC first reported that paedophiles were leaving explicit comments on YouTube videos back in 2017.
As well as leaving obscene or sexual comments, they were also using the comments section to signal content of interest to other paedophiles.
At the time, YouTube said it was "working urgently" to clean up the site.
However, in February this year advertisers including AT&T, Nestle and Hasbro suspended their ads after more predatory activity was found.
What has YouTube announced?
In a blog post, YouTube said its new policy meant videos of very young children would automatically have the comments section disabled.
The move is likely to include videos of toddlers uploaded by parents, as well as short films featuring children by established YouTube stars.
Videos of older children and teenagers will typically not have the comments disabled, unless a specific video is likely to attract predatory attention. That could include, for example, a video of a teenager doing gymnastics.
YouTube told the BBC it would use algorithms to detect which videos contained children.
Millions of hours of footage are uploaded to YouTube every day.
When will comments be permitted?
A small number of YouTube content creators will be allowed to enable comments on videos featuring children.
These channels will be trusted partners such as family video-bloggers or known YouTube stars.
However, they will be required to actively moderate their comments and demonstrate that their videos carry a low risk of attracting predatory comments.
YouTube said it had developed a system that was better at detecting predatory comments and removing them.
Previously, it had said it would stop video-makers earning ad revenue if paedophiles left explicit comments on their videos, but this will no longer be necessary.
What further action is being taken?
In addition to updating its comments policy, YouTube said it had terminated several channels that were "endangering" children.
The ban included several channels that were adding shocking content in the middle of childrenʼs cartoons.
It named FilthyFrankClips as one of the banned channels. It had released a video instructing children how to cut themselves.
"Nothing is more important to us than ensuring the safety of young people on the platform," said YouTube chief executive Susan Wojcicki on Twitter.
YouTubeʼs app for children - YouTube Kids - has been criticised for using algorithms to curate content. Inappropriate videos have repeatedly been discovered on the service.
How have creators responded?
The comments left by fans on YouTube videos help the platformʼs algorithms decide which videos to serve up and recommend to viewers.
Creators have expressed concern that being forced to disable comments on their videos will affect the growth of their channels.
Despite the wide-ranging new policy, comments will remain part of the recommendation algorithm.
"We understand that comments are an important way creators build and connect with their audiences," YouTube said in a statement. "We also know that this is the right thing to do to protect the YouTube community."
Andy Burrows from the child protection charity NSPCC said the announcement was an "important step".
"We know that offenders are twisting YouTube videos for their own sexual gratification, using them to contact other predators and using the comments section as shop window to child abuse image sites," he said.
However, he called for an "independent statutory regulator" that could "force social networks to follow the rules or face tough consequences".
HackerNewsBot debug: Calculated post rank: 147 - Loop: 96 - Rank min: 100 - Author rank: 73
Discover what locals eat all around the world
Article word count: 6
HN Discussion: https://news.ycombinator.com/item?id=19261888
Posted by sandoche (karma: 117)
Post stats: Points: 55 - Comments: 72 - 2019-02-27T08:40:54Z
#HackerNews #all #around #discover #eat #locals #show #the #what #world
By Paschalis Tsolakidis and Sofia Charalampidou
By Andrei Nevar and Elena Malets
By Unmesh Joshi, Roshan Bharath Das and Koustubha Bhat
By Carmenza Narváez and Cristian Camilo Narváez
HackerNewsBot debug: Calculated post rank: 60 - Loop: 233 - Rank min: 60 - Author rank: 35
#demons fuck off
Fast Blast Feb 24 2019 Supporting #DavidIcke
David Icke's ban from OZ land is Unacceptable. This is a shout out to support David Icke's, team and a blatant warning to those who have banned him that its time they left town, before the Sheriff takes them out. The destruction free speech and the free flow of information to the general public
LOS ANGELES – 21 February 2019 – The Internet Corporation for Assigned Names and Numbers (ICANN) believes that there is an ongoing and significant risk to key parts of the Domain Name System (DNS)…
HN Discussion: https://news.ycombinator.com/item?id=19239940
Posted by teddyh (karma: 7241)
Post stats: Points: 146 - Comments: 82 - 2019-02-24T18:50:45Z
#HackerNews #all #attempts #calls #dnssec #domain #domains #following #for #hijacking #icann
LOS ANGELES – 21 February 2019 – The Internet Corporation for Assigned Names and Numbers (ICANN) believes that there is an ongoing and significant risk to key parts of the Domain Name System (DNS) infrastructure.
In the context of increasing reports of malicious activity targeting the DNS infrastructure, ICANN is calling for full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. The organization also reaffirms its commitment to engage in collaborative efforts to ensure the security, stability and resiliency of the Internet’s global identifier systems.
As one of many entities engaged in the decentralized management of the Internet, ICANN is specifically responsible for coordinating the top-most level of the DNS to ensure its stable and secure operation and universal resolvability.
On 15 February 2019, in response to reports of attacks against key parts of the DNS infrastructure, ICANN offered a checklist of recommended security precautions for members of the domain name industry, registries, registrars, resellers, and related others, to proactively take to protect their systems, their customers’ systems and information reachable via the DNS.
Public reports indicate that there is a pattern of multifaceted attacks utilizing different methodologies. Some of the attacks target the DNS, in which unauthorized changes to the delegation structure of domain names are made, replacing the addresses of intended servers with addresses of machines controlled by the attackers. This particular type of attack, which targets the DNS, only works when DNSSEC is not in use. DNSSEC is a technology developed to protect against such changes by digitally ʼsigningʼ data to assure its validity. Although DNSSEC cannot solve all forms of attack against the DNS, when it is used, unauthorized modification to DNS information can be detected, and users are blocked from being misdirected.
ICANN has long recognized the importance of DNSSEC and is calling for full deployment of the technology across all domains. Although this will not solve the security problems of the Internet, it aims to assure that Internet users reach their desired online destination by helping to prevent so-called “man in the middle” attacks where a user is unknowingly re-directed to a potentially malicious site. DNSSEC complements other technologies, such as Transport Layer Security (most typically used in HTTPS) that protect the end user/domain communication.
As the coordinator of the top-most level of the DNS, ICANN is in the position to help mitigate and detect DNS-related risks, and to facilitate key discussions together with its partners. The organization believes that all members of the domain name system ecosystem must work together to produce better tools and policies to secure the DNS and other critical operations of the Internet. To facilitate these efforts, ICANN is planning an event for the Internet community to address DNS protection: The first is an open session during the upcoming ICANN64 public meeting on 9-14 March 2019, in Kobe, Japan.
As we learn more information, updates may be provided. For information about ICANN64, visit https://meetings.icann.org/kobe64.
ICANNʼs mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.
HackerNewsBot debug: Calculated post rank: 124 - Loop: 132 - Rank min: 100 - Author rank: 27
A list of awesome lite websites without all the bloat - mdibaiee/awesome-lite-websites
Article word count: 43
HN Discussion: https://news.ycombinator.com/item?id=19239615
Posted by pmarin (karma: 4469)
Post stats: Points: 144 - Comments: 63 - 2019-02-24T17:52:20Z
#HackerNews #all #bloat #lightweight #the #versions #websites #without
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.
HackerNewsBot debug: Calculated post rank: 117 - Loop: 140 - Rank min: 100 - Author rank: 81